Malware Analysis Report

2024-09-22 12:34

Sample ID 240731-j37wpazdjb
Target Wallpaper.zip
SHA256 19a087166b899e4f6c63c76e3a8978a2429ed4e3f2479299c4b2a3f8872f6e3d
Tags
troldesh bootkit discovery persistence privilege_escalation ransomware trojan upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

19a087166b899e4f6c63c76e3a8978a2429ed4e3f2479299c4b2a3f8872f6e3d

Threat Level: Known bad

The file Wallpaper.zip was found to be: Known bad.

Malicious Activity Summary

troldesh bootkit discovery persistence privilege_escalation ransomware trojan upx

Process spawned unexpected child process

Troldesh, Shade, Encoder.858

Boot or Logon Autostart Execution: Active Setup

Event Triggered Execution: Component Object Model Hijacking

Executes dropped EXE

UPX packed file

Drops desktop.ini file(s)

Writes to the Master Boot Record (MBR)

Legitimate hosting services abused for malware hosting/C2

Adds Run key to start application

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Office loads VBA resources, possible macro or embedded object present

Suspicious behavior: EnumeratesProcesses

Uses Task Scheduler COM API

Checks processor information in registry

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

Suspicious behavior: AddClipboardFormatListener

Modifies Internet Explorer settings

Modifies registry class

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

NTFS ADS

Enumerates system info in registry

Suspicious behavior: GetForegroundWindowSpam

MITRE ATT&CK Matrix V13

Analysis: static1

Detonation Overview

Reported

2024-07-31 08:12

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-31 08:12

Reported

2024-07-31 08:30

Platform

win7-20240708-en

Max time kernel

1050s

Max time network

1047s

Command Line

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Wallpaper.jpg

Signatures

Process spawned unexpected child process

Description Indicator Process Target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process N/A C:\Program Files\Internet Explorer\iexplore.exe

Troldesh, Shade, Encoder.858

ransomware trojan troldesh

Boot or Logon Autostart Execution: Active Setup

persistence
Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\ACTIVE SETUP\INSTALLED COMPONENTS\{8A69D345-D564-463C-AFF1-A69D9E530F96} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A

Event Triggered Execution: Component Object Model Hijacking

persistence privilege_escalation

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\"" C:\Users\Admin\Desktop\[email protected] N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A
N/A camo.githubusercontent.com N/A N/A

Writes to the Master Boot Record (MBR)

bootkit persistence
Description Indicator Process Target
File opened for modification \??\PhysicalDrive0 C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\system32\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A
File opened for modification C:\Windows\Debug\WIA\wiatrace.log C:\Windows\SysWOW64\mspaint.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Desktop\[email protected] N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\notepad.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\mspaint.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\DllHost.exe N/A

Office loads VBA resources, possible macro or embedded object present

Checks processor information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature C:\Program Files\Mozilla Firefox\firefox.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "64" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "422" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D16675C5-4F16-11EF-B4E2-F64010A3169C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "64" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "422" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "64" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = dc9f859823e3da01 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A6C23CD-4F17-11EF-B4E2-F64010A3169C} = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" C:\Program Files\Internet Explorer\iexplore.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "103" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "0" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (int) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "103" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
Set value (data) \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000008460f463e04568e64ea0bb41b7784c68230a5f4d9a7ab93257fe3b42b76befde000000000e8000000002000020000000fd6bb3e916be0628057e74a8024dfbfba472a519a89d1e0f584580d16d0dfd3190000000f291263083bc857264c2da0004031e45953026f05a00205a5395636d78cd5e89eb9633937932fbce954a8bbcea6aa8ae3d01d84561dbd2f8ca2bf6f388593e063aeace7cbff8b5d8ae9550b865484643aa6b86f81fb19a39b7cdd85224e4f5b9e37e44e38727aa392e9ece602121cfa5a2f4a63c6cef542c6349810045a8b887182b5ab1c3e8634eabddae5c0546aa104000000084a1c5f38fc5032f7ec3dfb5a4388ef0583d7ccd06fc967933611410aa85f03007c3b246f304eb1d248219e370800d591c5f911b6604cf53c7c994dc6e070934 C:\Program Files\Internet Explorer\iexplore.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup C:\Program Files\Internet Explorer\iexplore.exe N/A

Modifies registry class

Description Indicator Process Target
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{708860E0-F641-4611-8895-7D867DD3675B} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0 C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0 C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LOCALSERVER32 C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\APPLICATION C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\WIN32 C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\COMMAND C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings C:\Program Files\Mozilla Firefox\firefox.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings C:\Windows\System32\rundll32.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8} C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\DEFAULTICON C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\PROXYSTUBCLSID32 C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TYPELIB C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\WIN64 C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A

NTFS ADS

Description Indicator Process Target
File created C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A
File created C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeBackupPrivilege N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Token: SeRestorePrivilege N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: 33 N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeIncBasePriorityPrivilege N/A C:\Windows\system32\AUDIODG.EXE N/A
Token: SeRestorePrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: 35 N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeSecurityPrivilege N/A C:\Program Files\7-Zip\7zG.exe N/A
Token: SeDebugPrivilege N/A C:\Windows\system32\taskmgr.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
Token: SeDebugPrivilege N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Windows\System32\rundll32.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Mozilla Firefox\firefox.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Windows\SysWOW64\mspaint.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
N/A N/A C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files\Internet Explorer\iexplore.exe N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Windows\system32\mspaint.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected] N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A
N/A N/A C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe N/A

Suspicious use of UnmapMainImage

Description Indicator Process Target
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A
N/A N/A C:\Users\Admin\Desktop\[email protected] N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1396 wrote to memory of 880 N/A C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
PID 1396 wrote to memory of 880 N/A C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
PID 1396 wrote to memory of 880 N/A C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
PID 1396 wrote to memory of 880 N/A C:\Windows\SysWOW64\DllHost.exe C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
PID 880 wrote to memory of 1008 N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
PID 880 wrote to memory of 1008 N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
PID 880 wrote to memory of 1008 N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
PID 880 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 880 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 880 wrote to memory of 2288 N/A C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2036 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2052 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 108 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 2288 wrote to memory of 2592 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Processes

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Wallpaper.jpg

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --uninstall --system-level

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fae7688,0x13fae7698,0x13fae76a8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --uninstall

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef52b9758,0x7fef52b9768,0x7fef52b9778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1360,i,14170031135487615185,14716712840329883212,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1360,i,14170031135487615185,14716712840329883212,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1660 --field-trial-handle=1360,i,14170031135487615185,14716712840329883212,131072 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" https://support.google.com/chrome?p=chrome_uninstall_survey&crversion=106.0.5249.119&os=6.1.7601

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.0.162181355\999515044" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 20769 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cae2e82-5352-4227-8962-0379efcf2c3b} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 1276 103d9158 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.1.345094887\764094662" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 20850 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dda513bb-e0f3-45cb-b048-c3a22b93462d} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 1480 e70a58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.2.1413167915\1914270760" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20888 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de37e1d-6ab6-41b4-bd1d-0489d707a3c0} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2092 1a294f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.3.309326295\1101648565" -childID 2 -isForBrowser -prefsHandle 1636 -prefMapHandle 1632 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f13cda8-3c62-4d2c-9766-071335064baa} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2444 e71358 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.4.1793086110\1496818316" -childID 3 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cdaff4a-e6d5-46a6-b52a-7adae5e74e5b} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2752 e61f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.5.2005413176\273871919" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3840 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8157668a-200b-4b7d-be62-7a357b73c9a9} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3824 1e3ae658 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.6.2126851802\502376484" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aa1fc91-da59-47d3-94d0-bdb2177b5973} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3944 1e57c558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.7.917798799\2026896262" -childID 6 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5482b050-cc08-411a-8da0-a126a0fb7efb} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4136 1e57bf58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.8.470632834\569150672" -childID 7 -isForBrowser -prefsHandle 4460 -prefMapHandle 4456 -prefsLen 26356 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a677bfa7-0096-4c15-a662-122e85cff1dd} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4472 fb44f58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.9.692844649\1260845306" -childID 8 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 27585 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {deefcab5-0a64-49d0-9d2f-3f2a7579b6a2} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3888 2252e858 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.10.9249180\1952879793" -childID 9 -isForBrowser -prefsHandle 2024 -prefMapHandle 3924 -prefsLen 27585 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2598738a-4e41-4692-b3a9-d244b7229c3e} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2804 1847e858 tab

C:\Windows\system32\AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE 0x4f8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\NoMoreRansom\" -spe -an -ai#7zMap26546:82:7zEvent16592

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Users\Admin\Desktop\[email protected]

"C:\Users\Admin\Desktop\[email protected]"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.0.1306149216\1621098792" -parentBuildID 20221007134813 -prefsHandle 1132 -prefMapHandle 1124 -prefsLen 21749 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5d08a59-1214-4eb8-807f-61743fbb431f} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 1196 40e5358 gpu

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.1.1695721582\810219072" -parentBuildID 20221007134813 -prefsHandle 1352 -prefMapHandle 1348 -prefsLen 21794 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08febb44-db8a-40da-959c-322ab67f2ede} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 1364 de3e58 socket

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.2.1659740786\216535454" -childID 1 -isForBrowser -prefsHandle 1996 -prefMapHandle 1992 -prefsLen 22255 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e80d818-b319-4d27-b7e3-0efedcf4f80f} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2008 19e96558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.3.1691155894\1630835827" -childID 2 -isForBrowser -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77a79cfa-0f4b-4897-9a4d-ea4ab88af1e9} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2440 d62558 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.4.1086780180\25515272" -childID 3 -isForBrowser -prefsHandle 2660 -prefMapHandle 2652 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f527fa9b-59a7-46d2-a224-cba75e7b6d6d} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2672 13d52958 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.5.1049725366\452893924" -childID 4 -isForBrowser -prefsHandle 1580 -prefMapHandle 3376 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f2ba80f-fa4e-4498-8689-80a28eff604e} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3388 1e8e1e58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.6.518832768\1646415130" -childID 5 -isForBrowser -prefsHandle 3496 -prefMapHandle 3500 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92699a44-aca0-454e-aa41-179b2dec404a} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3484 1e8e2458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.7.1107824157\1517533227" -childID 6 -isForBrowser -prefsHandle 3672 -prefMapHandle 3676 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {246d4efd-15c9-4e82-827e-2207b9d1a834} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3660 1e8e2a58 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.8.984385668\1671899169" -childID 7 -isForBrowser -prefsHandle 2740 -prefMapHandle 2724 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6830f29-8e71-4eec-9fe4-662409aedf3a} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2956 1c1c2458 tab

C:\Program Files\Mozilla Firefox\firefox.exe

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.9.423893713\468317907" -childID 8 -isForBrowser -prefsHandle 4344 -prefMapHandle 4336 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38031a12-5ea8-42b7-868e-c3933f25531f} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 4268 22194758 tab

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]

"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main

C:\Windows\SysWOW64\notepad.exe

"C:\Windows\System32\notepad.exe" \note.txt

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=montage+parody+making+program+2016

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2

C:\Windows\explorer.exe

"C:\Windows\explorer.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+create+your+own+ransomware

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2

C:\Windows\SysWOW64\taskmgr.exe

"C:\Windows\System32\taskmgr.exe"

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3712 CREDAT:275457 /prefetch:2

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=the+memz+are+real

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2

C:\Windows\system32\mspaint.exe

"C:\Windows\system32\mspaint.exe"

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe

"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"

C:\Windows\splwow64.exe

C:\Windows\splwow64.exe 12288

C:\Windows\SysWOW64\mspaint.exe

"C:\Windows\System32\mspaint.exe"

C:\Program Files\Internet Explorer\iexplore.exe

"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=virus+builder+legit+free+download

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 support.google.com udp
FR 142.250.179.78:443 support.google.com tcp
FR 142.250.179.78:443 support.google.com tcp
US 8.8.8.8:53 c.pki.goog udp
US 8.8.8.8:53 c.pki.goog udp
FR 216.58.214.67:80 c.pki.goog tcp
FR 216.58.214.67:80 c.pki.goog tcp
US 8.8.8.8:53 o.pki.goog udp
US 8.8.8.8:53 o.pki.goog udp
FR 216.58.214.67:80 o.pki.goog tcp
FR 216.58.214.67:80 o.pki.goog tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 216.58.214.67:80 www.gstatic.com tcp
FR 216.58.214.67:80 www.gstatic.com tcp
FR 216.58.214.67:80 www.gstatic.com tcp
FR 216.58.214.67:80 www.gstatic.com tcp
US 8.8.8.8:53 apis.google.com udp
FR 142.250.179.78:443 apis.google.com tcp
FR 142.250.179.78:443 apis.google.com tcp
US 8.8.8.8:53 crl.microsoft.com udp
GB 173.222.211.58:80 crl.microsoft.com tcp
N/A 127.0.0.1:49409 tcp
N/A 127.0.0.1:49415 tcp
US 8.8.8.8:53 getpocket.cdn.mozilla.net udp
US 8.8.8.8:53 spocs.getpocket.com udp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 34.120.5.221:443 getpocket.cdn.mozilla.net tcp
US 8.8.8.8:53 prod.ads.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.content-signature-chains.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 prod.pocket.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 autopush.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 shavar.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 8.8.8.8:53 tracking-protection.prod.mozaws.net udp
US 34.120.158.37:443 tracking-protection.prod.mozaws.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 34.120.158.37:443 tracking-protection.cdn.mozilla.net tcp
US 8.8.8.8:53 tracking-protection.cdn.mozilla.net udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 ciscobinary.openh264.org udp
GB 88.221.134.209:80 ciscobinary.openh264.org tcp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 a19.dscg10.akamai.net udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 216.58.214.174:443 redirector.gvt1.com tcp
US 8.8.8.8:53 redirector.gvt1.com udp
US 8.8.8.8:53 redirector.gvt1.com udp
FR 216.58.214.174:443 redirector.gvt1.com udp
US 8.8.8.8:53 r2---sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2---sn-aigzrnse.gvt1.com tcp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 r2.sn-aigzrnse.gvt1.com udp
GB 74.125.168.199:443 r2.sn-aigzrnse.gvt1.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 prod.remote-settings.prod.webservices.mozgcp.net udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:443 www.google.com udp
FR 172.217.20.196:443 www.google.com tcp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 www.google.com udp
US 8.8.8.8:53 prod.balrog.prod.cloudops.mozgcp.net udp
US 8.8.8.8:53 ac.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 github.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 185.199.110.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.21:443 collector.github.com tcp
US 140.82.113.21:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.109.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 208.83.223.34:80 tcp
N/A 127.0.0.1:50691 tcp
N/A 127.0.0.1:50704 tcp
SG 76.73.17.194:9090 tcp
N/A 127.0.0.1:50722 tcp
US 128.31.0.39:9101 tcp
N/A 127.0.0.1:50728 tcp
US 208.83.223.34:80 tcp
N/A 127.0.0.1:50741 tcp
US 8.8.8.8:53 duckduckgo.com udp
IE 52.142.124.215:443 duckduckgo.com tcp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 duckduckgo.com udp
US 8.8.8.8:53 links.duckduckgo.com udp
IE 20.223.54.233:443 links.duckduckgo.com tcp
US 8.8.8.8:53 links.duckduckgo.com udp
US 8.8.8.8:53 external-content.duckduckgo.com udp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
IE 52.142.125.222:443 external-content.duckduckgo.com tcp
US 8.8.8.8:53 external-content.duckduckgo.com udp
US 8.8.8.8:53 improving.duckduckgo.com udp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
IE 52.142.124.215:443 improving.duckduckgo.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
GB 20.26.156.215:443 github.com tcp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 collector.github.com udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.22:443 collector.github.com tcp
US 140.82.113.22:443 collector.github.com tcp
US 8.8.8.8:53 glb-db52c2cf8be544.github.com udp
GB 20.26.156.210:443 api.github.com tcp
US 8.8.8.8:53 api.github.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.111.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 185.199.108.133:443 camo.githubusercontent.com tcp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.108.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 8.8.8.8:53 google.co.ck udp
US 8.8.8.8:53 google.co.ck udp
FR 142.250.179.68:80 google.co.ck tcp
FR 142.250.179.68:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 142.250.179.68:80 google.co.ck tcp
US 8.8.8.8:53 www.google.com udp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 142.250.179.68:80 google.co.ck tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:80 www.google.com tcp
FR 172.217.20.196:443 www.google.com tcp

Files

memory/824-0-0x0000000000310000-0x0000000000311000-memory.dmp

C:\Users\Admin\Desktop\AssertExpand.css

MD5 61d5a85fc1761f71c35a9aaa2717fa5b
SHA1 b16b8fa02f9869b26bd2e6fea002dbaa48620df7
SHA256 26280c087382f190ce8ced59b34fab8a6244730227d2506b070bd8c6d6ef33d1
SHA512 df6f8d6a916b85a5a36681e5635f645ab62a7a506864b00bdecf6335bb5b876314b5eebc64c81566d4b778e0a53cafc744efd7c1c0bc9c47e2cc60183e2d3ebf

C:\Users\Admin\Desktop\ClearCheckpoint.cr2

MD5 d40af37cca34b20482e15026fa8833ee
SHA1 a5481e72d0f786cbcf915408cd01086dd0aa2b4c
SHA256 0ed119e648cfedcf1fe7cf297703510b415e6da6360ddbf36b40e79f70f78102
SHA512 7c9dc5d5147057ab35abd261ab6c324702532f781bfef09ddc94ecc16e776f471af069aa10b442f00e329df940eeb7c0b0ba852b421bc51f303b561bee55e81f

C:\Users\Admin\Desktop\ClearRestore.mpeg3

MD5 1641d4e2fb9ce62d0b7c28c66e323d83
SHA1 911a7521031b50648970d3f9b47cd34b0756f806
SHA256 00e5db99413c6050b7f0f9e94c67caad18fa45a72f07f4ff5d6a2715f81057d3
SHA512 99b0f2a51f27e9f6f457a130cb818f88c2408bc05ffd3d806329d8f5f717ea0650f1538a38c6abbd57dc5e12815992b68985087958052008d2991acc6b7551da

C:\Users\Admin\Desktop\CloseMeasure.ADT

MD5 b67bdfe9f20e385f37e990e23a2551ab
SHA1 acd664487103bcafaaaf0ab43516f6edae2c6469
SHA256 8e45f75af3e49641df357e3765778ea055ee507b0ba3d9154298509af0b236c1
SHA512 c6531bd80daef345b1d6a7092a06e8982a61ca9767775784f1bf2c6aef0cb8d7af0f83eafd0d705e0db5cf8f5f036bc305a5c4d0f885cc448a8b6f9bad6b2806

C:\Users\Admin\Desktop\DisableProtect.cab

MD5 a1c704ce4ae1620d2268570cd2e65907
SHA1 12328372930d1147bd73401aa4bf22c96ac99296
SHA256 d6a9ee84aef27ec75c54c775d6844e1939d5762518fedd1b80cf564cb9985962
SHA512 f93e98e96a39d551e332d024a6c954ba689237d231f04e19eeac217a6ac091c8e416feccfd6072365329c154afb720e12ec3a2c9e4843aee450fff67497f7369

C:\Users\Admin\Desktop\DisconnectWait.bmp

MD5 6f8db139572e9d372311460ad61c3398
SHA1 94da837b47c79e8814bca35414c8d33b804a11ac
SHA256 59f04acb4fd1d5267f75ea40e19a74407104891b1c137096d26197fdfda966cc
SHA512 b9f59c5f36bb42466ad039a19d17e3ccf4f611170985abe67b2f7fe6d43b40ed15c6cdbfc278920b9db5db5b3f9377f775e11ff5e2306ae9de87bdfb945cb1dd

C:\Users\Admin\Desktop\ExitGrant.svgz

MD5 2dc9eb23661eb189d734036a0a521edc
SHA1 385f38476a2235caf0c5470b5644cfc003e6bd1c
SHA256 945991bfca4fd6dd089532e3d6482257d1018d1e03ca753ba41fb54e4a690dae
SHA512 8198ac407e877be734950b92dd8bbc694ac823dd77123c5dd02611bd40cbcfb731036d29592aaf718b9f6b15683805f92a260ce6451ed3ca0fb3aa65cd3fca7e

C:\Users\Admin\Desktop\FindRepair.vsdm

MD5 baf873094869e4e5c03a8d9855e35ed5
SHA1 49c1f2eac0b76527e50a0c739b2b33862916797f
SHA256 773522eb0030b0d35b0fbea30ed303296b2548489b08bf4c310c5532885ce334
SHA512 b7fd217afcd340d1172381a31971fc050042679d77f5185b1714a2cbea7ca77e4b10adc327656c630e8d5ec82ba0ca7d38abafb70a22959d903c3d845b2b8c09

C:\Users\Admin\Desktop\InitializeResolve.mhtml

MD5 eadedd557f75222598f46e7b9abfea11
SHA1 447ccf0a8b0a300d369ebeac99be8b7cbe4af66a
SHA256 21dc7820eca33978a1fe719940794463c1edadb3c728da36f711b22ac84948ef
SHA512 e735950b0c15743787d51d6a30898d3140c4819788307b7e1567b6b5828b1cfbc9ef9dd92a644e01a289f012fcb68b7ea8ef6aa94fa75f2ac1b3db6928d8f997

C:\Users\Admin\Desktop\JoinAssert.xlsx

MD5 ec5de1c0cf5906d033487850b735717d
SHA1 55295d19bce4b6b62a6253b05ba4e2920074294d
SHA256 530e1abc808df4004ed7e935fe6b219e3a614c514e8eb40ef218f69d16d58a6d
SHA512 1c4b70c804487995729ced8fd2c521dac599429a38998db4077765771f56a9b993beed5053cafbb3870b356530362fc450009019cedefc749590077a8e61d0fd

C:\Users\Admin\Desktop\JoinRestart.nfo

MD5 3685791df9703b26799aef5f23779199
SHA1 c4c142747bb2e7efa229de2d0b2c17e82c66f9b4
SHA256 28b263be02e87360fca98a9d1a1da74273ac5c6e369f59615f94c799f520f530
SHA512 e279cfaa7b29e13543fdde22480db832a8e02281a8eebf610e115b66cce3ed31104266affdef912ca55f650b045cc9a666d89580284e64622f3bfad0ec7cd2d4

C:\Users\Admin\Desktop\JoinSwitch.xlsx

MD5 8587bd2ac4024ea698a3814203040c62
SHA1 f26ca802b98a48cf730774307ed8903f981da98f
SHA256 a42ac34d274118f7383058b5a5bdc7c8105122b56a37bd0b43ff9207d5e1ce73
SHA512 241aa42e611003a32f09c0280819a8bb34270c1811eaa702f0ad803881943cd87daeedfca0e32b20898bdf46bf94ed8d6f294a1d42f7bcc7271b50f55ce58b03

C:\Users\Admin\Desktop\ShowSync.rle

MD5 8c19913dba580448202b8c01339fd696
SHA1 e4efec8e929bed08cc7098b104245ab9f4e3bc9f
SHA256 91db8cfd9cb6c5196aa282ada0b136599fcfa43bff6823437d214d9fd71994fb
SHA512 4837de83310eb44a0c66949e82defd8bf797c6503d63f38fc747f6193237037390f96253075dbd6cbc29da64ac690f6db0a0b9b671d9165bafad7485846d2e44

C:\Users\Admin\Desktop\RevokeHide.vsx

MD5 d687c03f484077b7f88380be216db512
SHA1 2fa9ee152c28f70538198be804470f207ccc947e
SHA256 6e7d1acc8503e7cd5c160a0159a5fe633041624079060cfbf36a3f56eb27a78f
SHA512 ff439418e00e5d4862afc57f2e6446f2e19aea360b8c4af0d710c1bf3a5537be1df158f7334f45e8a006b0d810b4c765a4dc85f06a9a73888cfea3118bcd817e

C:\Users\Admin\Desktop\RestoreExpand.fon

MD5 2e1f2f7d469d4b3502a66043daf693ed
SHA1 d4b2e61e057c36a741ffa8f0132f4e921c7c35c7
SHA256 9b9e353da6ff9404a7a1f12614da38547be4e657cb8122dbb82746badc23933d
SHA512 b8011c97023a12458dc82b49e219939db12c6c137388b167d24cf9b97edc7cf8e4018be656807bc1740996eba0026ad69694b8f8d7c48005231edb69685e2d84

C:\Users\Admin\Desktop\ResetCopy.mpeg

MD5 0bbf11b7f2e7a6fc679e211add526f2c
SHA1 fd6ab7c6415a3e08fc9de135240f290e84659892
SHA256 e54ea16597e70db8dbc9602bce9593c226222bc96d7d997c53a2f783b825db8a
SHA512 d56653d980217844d5a639a7d5c2d82b32b907bf1c0a58f6fcca4af6b05eabcc77a207a1a6513555d573c61346736a4e4d37c63eddf4fbd8348d71b1c446c3ae

C:\Users\Admin\Desktop\RemoveSet.mp2v

MD5 06d7dad1d41131d194d2ecbc2aa90c4c
SHA1 9eff4fe8f1f7f343d99b483abb8d047974e5f5db
SHA256 f6d1e133efdc716ea91c54bc6734650b4963e78b6d2b818fcb5e2827847f328a
SHA512 d7a0d69fc04e4eb48545692c892bc767af979bf32d384ac751b7f0c275c46d45dfa48f33a4ceacc2b1a91e082d39dcc93942f3accc667b8511ce2ba70ea43d15

C:\Users\Admin\Desktop\StepInvoke.docx

MD5 a9d5ae31a61e45edccc9cf7e888036f4
SHA1 4ee95a66b9220fc6aed33fd5df56005f14736356
SHA256 3f2bd89f72c46ea17c37898e3876511dd7be4171c663de78f5ca7804a06f7044
SHA512 1d1d0f05746a80aeb16aa462691152fc34516cf5b66aed6030aa7a2757e640193b9b84a45de2f655529d607011fa678cbbd31012a31e627534bc521484ddb854

C:\Users\Admin\Desktop\StartRemove.mpeg3

MD5 202dfecfcd363480959ec02d07257a40
SHA1 e634fa593fdf1b94d7d65be74a97830a2d4bdd46
SHA256 4f2580610133f50c429ad0c5d56d53bec0a916da2c77ecff9518d7a40cc69631
SHA512 db1b6ea50c4fdcd1668a2a5fab295e8625914e7ebaa034dd3f54518ca2a86890f8f46c962f51609ba3fab0923dbc908de5cf928ef7bf93649589997a9621fbb5

C:\Users\Admin\Desktop\SubmitRestore.docx

MD5 0fe803d144b728b74287b6e559504613
SHA1 d337b8848765923e0401e873ed3515ea2cbb85cf
SHA256 0d16426bea3b62e7999ea08dc52d79d0f3f3b637ad2175d3b0924a40a0471580
SHA512 646edebe7785d11a7a6d8acf9986caae45ed55b3b52d67c1b9987ba05eee0dd07d98ef771ce5d1685a005943eb096008ddcc3dd7afb82a9178998040dd74680d

C:\Users\Admin\Desktop\UnblockRestore.jtx

MD5 02e04aa99dc07b92a5aa9d38dbe2cab2
SHA1 4dc0ac33a199164fe2cc59d2dc7604b79ee31907
SHA256 f4bf474387f65aae4bb847edf947eafa603c0156622c88dad3fa6ac744716866
SHA512 e5bf45ceda3b23dd1c1783cdc183b7d5a97c7bd1909528878f7e1459a88585692ec1865d62d7fa16042c8b201d7f28193f1d05c993155d6d77fff4ad7a28d9ac

C:\Users\Admin\Desktop\WriteResolve.dib

MD5 a3a1051975bbb2a6b0ff456609740eee
SHA1 bc6bbc00d003f746f548b1c97797e38f76429dc6
SHA256 1f2ec7cbb60b26e568c79df98ca52b71fd9b29b0a718066803a019a8de9fc546
SHA512 666e989250df1a2bff0538e8c7745b0bf978c3f625669f261bb225744a7df2b5b3e810882cee9b018b968742e059c9e3c7a0b49836f9962b95fac0211e457c94

C:\Users\Public\Desktop\VLC media player.lnk

MD5 5d7728add5ea07795a24028b434a40a5
SHA1 47f54c2b8fcf108314dfbd6d41a62cbd52ed1de5
SHA256 d8f87d74f4e3630b909aca5c8ac2c3092bc71bc323c27773f0e1b58ab0ebdd5a
SHA512 d401d23cd4e8097980c72ad5d6240427020fe1d45224fb81b2e2137692ec71d23148c73d14435e88e3a41806a35055c7426ddb6feb1b15f5c49cd7dbada0c415

C:\Users\Admin\Desktop\AddGroup.mp4

MD5 3a8c2885faf01b4520ed58837d7ea250
SHA1 2680bc66358df5c7bf107dd49ff5001d12c15b5d
SHA256 f72c1998b40761b859d0a7c846928597ec83b410f95e5c624104b6d7fa67f232
SHA512 d33dcc5f68c01ebd6980c8610fc57a4eb12c4950aacd52a25dce0978db9a63a3c49d1484f8da17a5712b9d10291d0cb8fa989a53a289bb336f68fe0fb9727e0c

C:\Users\Admin\Desktop\CompleteFormat.mid

MD5 8211d4486b488b69c971862da658d161
SHA1 a3990523821b7b94a53ce733ace7f3aa17195fb2
SHA256 51cf40fc586ad999a5f21933d58713c89252335cb8dc75b7fd6b21179c62e3ac
SHA512 63532d222a0adcbe5dae1d21ea4f55c6a8aa09e6964fad115066ff20274c965b07a48a120b5d0d7da20198b87474e830240f8d096d1a886201c44172565270f7

C:\Users\Admin\Desktop\ConvertFromExport.vssm

MD5 934573634835392a7a63a952fa5d6107
SHA1 eadfc0f4a8de12a767c44414dee59c1e1c221baa
SHA256 6344647ebcb09476a9680cb39ca1d7938e860aaeaedb4e31dc03483d22750b4b
SHA512 cd6fb19c57f30ee784669c18756b3860c416d3c64a6d9cb1d77f4ef56b57754706df4c789319ad0ab089b06212923c953a0e421e3a6b558f2e81ed12e813ebc4

C:\Users\Admin\Desktop\HideClose.cr2

MD5 eca961767cc3f23d14eaf669592d4867
SHA1 0833812926e4b85d725dbc1d3d3d50f035437039
SHA256 0f7cb46cf47fbe8ff03e8484925fe627430fb9063ca1030690464773e533c23b
SHA512 28b1a5917f2849d51dc5e94f96f021f3d648861cede77c62eb28fb453f656d0cd27b1bf319edb401eb61f765c285145d307f9b6bca5024688f94b054dbfdcd57

C:\Users\Admin\Desktop\InitializeAssert.pps

MD5 54acc260cfe77cb3d13e6d90c60a36f5
SHA1 ebf783f076a775dec6d0f0cc4a01be080ddb1c4d
SHA256 fbe8f7161229db26eb0578ad2100f94e21d01d9e7013030a66401dd7ac5040d6
SHA512 7b6d2f9426256363409a992718122fc0ee643e3496fdb512f9735162bf82ee7511f41b1fe25c31d4d5bb334386609f28e00050aabbbb514c219ee6b2e79ca90c

C:\Users\Admin\Desktop\ProtectOpen.jpeg

MD5 9bf35d6e7be14d48ab58788a9b7f261d
SHA1 b7a52d0bf0a4b3e9ea98163150557ab0c75db50a
SHA256 2c87db80f3e64e49d2a29c9622fdd3b2005bb541cebbdf527b5c142d7659ee77
SHA512 76460b5524ac965acc9d75330c9c44413438e81b0f1de1d89daf9b14a8393e7c08cbee7b1d1dc3200c7ac6415260a0d1f249de036caaba7a32f263af3297668d

C:\Users\Admin\Desktop\ReceiveExpand.avi

MD5 95e44a30ae62cc40e713aa23f32e4f5c
SHA1 86c1d19914b5e1fe0a3224bb67fb9bc949d12d45
SHA256 c9bb4de80655a0380c4f7fb34418d40d5c40f2da5c5d7368ee3e683fa47f90f1
SHA512 d6ff6f08449689fc3cf56144d422d38f5ba7068315ce752ea932a1c6ff441d1fffa258760b4cdfc53f0500a4c5f6d5f8f42499830e237c33f0dd0789a532ee7e

C:\Users\Admin\Desktop\TestUndo.ppt

MD5 1ab275615b1995fc7001d6d4771f4bc8
SHA1 65b7a5ecd5f81ccae87dd2444fb9a34e92b6111e
SHA256 38f5937adc7fcf5a402acc97e736bf54b8f37a0ddd568e37f452fc5b4f0810c7
SHA512 209e4aef69f1b0041639c7605d8a5626a1c355b5b72197f5dc2a81fedb4c11f0a7fe81f9096b3730c5e2ac9a3be26de4a67ca5b6f8f81330d3beed7600417444

C:\Users\Admin\Desktop\SyncReset.docx

MD5 fc829c830424c6eb220d13e2ed2c19e2
SHA1 cb6711bf50136600b4ecfef89da8cbdc798aa77c
SHA256 a0695505030679bb62e653a6a9893bbaf0eec68deecc5da4878c7c863fd73cf6
SHA512 642481e00ea7eefab361f3c4384d0fc73598401d01c783b991b0ad0d42c13e3b8824275048c216a465dc81e9b7c7b3799188b72379bd39359ddcfe15decf5826

C:\Users\Admin\Desktop\ShowPush.jpg

MD5 89746445bd04d260903bd8ea4e450da8
SHA1 941044e33a3d5873310ac7e9871b5242c8556289
SHA256 a57a231d0b47b4a274e4bc942797411473923b1321aec89a6a6fc158c1df79ba
SHA512 dd7134bbcc1b27ddab3b196d52ea744f4a59f5607cc47197f745bd25394dc0ccaab830c516490ccb19a72b7340c39c9c5ce70096d1135b5dbecf7d5253f9fb51

C:\Users\Admin\Desktop\SendImport.docx

MD5 75472fc7db472ae4da3252f1215a56b2
SHA1 7d0077a324e01a3cf999100f11348ffadf3ec8fb
SHA256 2680b26df0b5b339a2cb0abf621227549bf98ad0dc04016341cd932ebfb6e579
SHA512 717dfbc719bf43c967484c5022082603ddc6ceacb2656a41886086a3fe29af2019fb02f0fea61307d7218569bd9a1ef4dd2525ed2be519fa9c8451c054fe7481

\??\pipe\crashpad_2288_AXJTITVSMZBSYBMV

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\80f1a5ea-199b-4e8b-ae97-72025b58bc3e.tmp

MD5 41c83316b58fb19706b02fc246210be5
SHA1 682a316889c245b7a6751ed148fba758de01ecef
SHA256 1c95955c63b1d25eb50f6312c15a6597c5a5460a4f220de478dbc0836dd508ed
SHA512 8511eeaf2b370512ced602383c21cdbafc409f6ab2ddd58f2de2ebf4224ed4c8d63e8e0d88595213c65191a567ff4ca1cba6403d9027038ac04c9274424c7696

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 f50f89a0a91564d0b8a211f8921aa7de
SHA1 112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256 b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512 bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

MD5 6440e5b4ea3156744e4a29d42c8a2bd7
SHA1 da7b625fdca100cadf355ded3e112a57f8d25866
SHA256 c06f6986514f9e2a2853949c3809aa06a2d39594470ed4ffc77b5a9552565fb7
SHA512 960de88d405bccc917ad98c1cc04b9a3cb2daddd7a53ab5934e27e3bb2b1638dfa81688239db0910b53af711521a998a788ffabcdcaecf36caa0df2a31582d7a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

MD5 28189638d4142860026eaec3186a0fe1
SHA1 09c00e53d1be733dd16594fe00d2daeb004f0d78
SHA256 c9c0ed19145af18d2c0554e57e77505a31b15ca1a7142c84300ed340c2937748
SHA512 2c913e4963068a2430cc307043d81d24e4f80d033194e204dd40fcd0f0cd323eedc27b76c6ac7e2290c320004b6cec1d775a7d9ded64d0204bceb23c7d220750

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

MD5 e1d5c8ad8085f0d983393a7e43dd0b15
SHA1 c2f4774b521f3e8ff2414dab436f7e2ff9e890a6
SHA256 14039dd70c771e99c5ff805f6fa35ab178997c6ab4ee30150ae0765c6a207734
SHA512 1e00f001f009d1ed7d8a9ae4e56943790ef14309c2a7c8fcfa43cd1e63adbf4e3f14a6205e8d51515c3031ebf0f81cce2e07a701c0ef7e8b7aa0d15dc92d759f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\bcff9bb8-6f2e-44ef-8b79-731559787723

MD5 a19ad9e0cf8c36c81a697248bf4b7dfe
SHA1 d9e2a6f7ea76c5793d3d962a908e30355351fe3a
SHA256 041af68f3d1b8fbf6165d94117bc9c29bfd8eb8b31e3a14cfc78e135940fc57d
SHA512 26bb5435c62ba201e3acbc750d0ffcac8315c5a2526e9b8e3ccf5c1c28a80827b77f2006552776d87236bab4848331d159f81cb2f92dc3a667d8b768ba2d9358

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\a045032b-6b96-47d2-ac61-c64e3c6fa73d

MD5 7d9e45f3c3b206d2e12d6ced69de408d
SHA1 2a717c486a17ff45c894f0e35692f1c780aef8c8
SHA256 4e080ad36123d8c973951c6b43594c97be04ab859ac443bb1f91f5d5fd33ec34
SHA512 48b1a887000428a72122ac2c047c6b8aadeb0a93d307a4c7549430ecc8b0713633ee73fc11bda6e5d15c5284cd4b67663489de9cebb231aa3e40dc4c3d89031d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp

MD5 348428d33b355d63316ec202b12bff2a
SHA1 f5f250443844ab2201295d1e211b6fb3855ef9e7
SHA256 029404f73c64e319dc6219970f8111e4b571640fd84ee67f7d774f24bd89b66d
SHA512 7b876b3e5a83dc20f53a25f50caf4d842b065d1be9f2dcd304c4ec1a49a3ce113b92596966483c0f706cb6249444e49227bb37fb2faff07be2008a2b25daa5cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

MD5 81d7914e05cd2a783242b527293832a2
SHA1 f43f06bae2fdcfa7f05a083e11849ed2d2036b48
SHA256 e9af1cf04846305b9b812a88fa2de8f77f7b16fe795b75b27be4ef2706b23979
SHA512 410d8ac0e323ade8d4c198161c0b8dd054ddb86930d8de0d33b91af494a049687ca6fbeaa5e147cf5d4013abddae2378a84bb1de44189daca29a3047363db960

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

MD5 5f3674e02b635277086f8740f1577441
SHA1 43bdb02049ce2033d40159b6a46f042e4e9d0087
SHA256 0dc8b16ac2e58a0289f1467ba8472cfef1a91266bb814873a6bdd87675ea79aa
SHA512 640ff1c070d7c11b4f2f9cb59aa5a9244ef274a99ab386ee49f4dca0904a86b33449596908533f784fa06f1b25237c92a943faca0e12fba11cd8cc285b2c6eaf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e4b47247343099d408a68b761293fafd
SHA1 6da95db049b7e624cd12c94534838e60bb0601c9
SHA256 6bfffe63c1cff47b04039dd59be40bc30866f995208afdb555617b60accc6080
SHA512 4e5e0a14fe581cedd6e0f21fcd334b2e004d7a47264766984319c08e5d8fbcca5da9a08933baa060eda3f261f9ff8d0370cc5f1d4df18ff34cd560f6ceb9a7ef

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 3538fc336892b377edd5997a53c02d1a
SHA1 6eca554740ed09a8f3559b9eb6de20b41a0bbbb1
SHA256 eef1a3576c2658d17ef16fdd6b74a5622fee030e83c2633341471237e0b90255
SHA512 38ed3221dc83683a0ffb4b94e44e1d4eabb937c341fb1c1d77b69005eaa8afe5ea059f06b874761ce84f02a6ac4ef71baf7edc378fad55cfa130ab3e1d46e27f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

MD5 8f8401d99a5973975f8907b2017f8bdf
SHA1 8fa0d32c9e0af19eb79de84519dbc51de1bba151
SHA256 4bf6728bd938e28ce3ce53214b6486c26aa8426e28c056abea253e6f1a33c39d
SHA512 cc167659360169a0eee9cfb681e66405b0f9c5a1c64b53de659b9badd72f723bcc4ad3f3c659b41e7e1f562ea738cb847da3f779ed7d32d8b0252912b6e90cec

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 e3572dd73967bf0104a696b001e36954
SHA1 77e5dc8bd8db3f1e59b114ad1dcb699111c593c1
SHA256 ba363bfaa6ad9a60b1c537131a4b954606d1ba1419e3fcc9a9075312f43f8ce6
SHA512 635487166ab536f809cda2f342594c10c7b938f2641ee5a04e1efcb7290380c720295e28d13bc9f5affc0baa0a83691e30efa11276d712c57324739ac149b136

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\2468DE793392A31250A51EFA704C70472A3D1A0D

MD5 37ff4cf1248f02d3ff9e0da4929bb8ff
SHA1 1558069676719d056c08659ad2cfe04020d15330
SHA256 b293c7abfc62e30dd274e566868e24b2f2018b2c4103a9c37f3d188716782cf8
SHA512 2d95f95e6fe4cc965755498b823bfdb679a98ccb338acf1c42c0c0b6d5281438d6d97ed5d85bd7eb98b023bbdaf735c690f32aaf19291374bdd4e782ce2f3b60

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 b88a64d855f98aa3c7ab9aa63374bb2c
SHA1 0d5ffe778e7a9f247d3b7a0191a8144bcb75684e
SHA256 1b937c2c91008848139043684f5478a8a4c02540f72d555182ebd21f4e85b8cd
SHA512 8725011e0192990c8b8728700e6c1a08f7851809843af2f5173fa8de364215f0a695b993423ecf8b664ac2fff89c1675bccb323919630107aa88041269f4840c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

MD5 ded4f4649c4ce0c3cdd5863ecf71a009
SHA1 10d23000c0e3db8cc909664dfc42dcc7a6699c1e
SHA256 fdc0c5d7816185797d2c7b7629a92ae2aa405ffa076caebb2abb6dfef862042f
SHA512 f30d2266a37983e14d52d69a726c034771b49967967dbbf0618fdbde9ae2ff475a0c1cb90a41cd14e042ade6d3cc97cbc313616e2a5e5d1761c42f53a95403f5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 2af1c4a8305b395f832863bea699f434
SHA1 760951a278b481e9eb48af4e89190a7e522a1b24
SHA256 a4df757255173c20ee93ceef4aca4b35cf43c849aed728b0d5a6b1de165230bb
SHA512 1f54a15e84c9dd565ce47319cb5a4bcba1a8d09eaa389a6e216bfa6ac7d2069d6dde353a6347296e4881a921aedc694b02947a4735a5539c8838dc51a676b4f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 d44c8af356d884bdc8e615dd7accec80
SHA1 c08aecfa32abccb5988fc9be581c6ee273357935
SHA256 cce6a192ba6d1a321bef33e1dc1e15d6d2ce5378b934c267ca4b46c95be62a2d
SHA512 4b7cd039f485e5d83b6a400d7a2e6f76cf6fc521525d179b1f785d53d411a4420f4faaff8a59dab6d5c9484bb2baf28eac72bbd57db75402c687a40e7bcbab15

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\055BBB905A5045D20CA3FAAD45FCD316C5072EEB

MD5 e37f744712ccf620550dd6901401f096
SHA1 7b58251d00c44d7840a91c8af8bf1fb14826f299
SHA256 131243a7f1ab471e7f9e6efd0ab4f042b67b48036ef52bb775dea72e561eed34
SHA512 4d5a6d3dbbd7e30da780cd821e9c79c4e069e1b0d1fbf8b75ee138bf98e22fd9b602d4a404d0c2e8f796427c16c3f5183d93ff06a58e985aa91184b628ae4a40

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 20c852e5d981d907a29e36b302cae437
SHA1 67054838d557c81db57b6de661a4c497f9eabe2a
SHA256 380fe788490e01fb3b84f87d6782731528ff55ebda114b425fb31f18ce63aac6
SHA512 d2a91784cf90e781d27560f4cd76df1c7361527faef36868993cd6aa835b9af8bff66b9095914fd6884ca5480a7381781188a877d5f279c70f332caa23a8082c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\1996f3dc-fd20-4280-8367-9b2f46f19693

MD5 a71f0a43a3062ab491378318964d2996
SHA1 273965f59f08bb6ed5e05fddceae262e50140e08
SHA256 11008cd3d30fdb062c82844f1ad04a8096c2d8385a6bf4c425515d15bc8a0812
SHA512 4036d6c6e64819559ec56699c16739f0a492b402b8a34c413006ffea05eb3bbb945e4ece511b6f124ab97737077759c1e524322831ef2e8db7c5a7cdbd7fd660

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\de0e0e08-6949-496c-a829-b64e39157cbd

MD5 7edd7113c1d5624e5345f47c0e4bf7ef
SHA1 9824c9cc9e15d7f63d34ca7aabf6601459837fd8
SHA256 ccae95abda9465956999f6c4eef13441ae7f95b70be5fb694aa6d7a76588dcf7
SHA512 06ca045cc2111c5975588887ce336af087298a020920bd8a78079f28eae2f0e12b0d2fd22ffe270252a56c028ec2aa18354a9c94cc0fe2859248c2448cd50700

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

MD5 f1934647df43df1c1b28c9687941d484
SHA1 0d3c1a81abd1e31514b190c93b4ee1091bcb2d45
SHA256 166f8403c393b86ee98c7e42d499db4780f8652f422ae9c43d598484670852dd
SHA512 4e3ec7d33930c1221881dacf190fd1b8bebf78ca654f4899b90d41630cd892f972392ca2b84695a738b2828c22865f841db674138e3a7206d8e62529cc24b9d6

C:\Users\Admin\AppData\Local\Temp\tmpaddon

MD5 85430baed3398695717b0263807cf97c
SHA1 fffbee923cea216f50fce5d54219a188a5100f41
SHA256 a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA512 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

MD5 fe3355639648c417e8307c6d051e3e37
SHA1 f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA256 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA512 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

MD5 3d33cdc0b3d281e67dd52e14435dd04f
SHA1 4db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256 f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512 a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

MD5 23d48ab77c6d302ef7cf6fd4b9ff2212
SHA1 3afae563bd18323160d61d8fa3038a01ba2a118b
SHA256 8127d4705ed9a422af82069b9b415708dda370e5ec3673ff192206ede810c5bc
SHA512 246e57a10c94f3ee20a137f2236b06c049eef4219484f037bb1f05e41487e5c045748966c540b9072d0eab56386ed8d55384bdc7d1a45d72dcc0d381b6733d1a

C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

MD5 a01c5ecd6108350ae23d2cddf0e77c17
SHA1 c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512 b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

MD5 49ddb419d96dceb9069018535fb2e2fc
SHA1 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA256 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA512 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

MD5 8be33af717bb1b67fbd61c3f4b807e9e
SHA1 7cf17656d174d951957ff36810e874a134dd49e0
SHA256 e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA512 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

MD5 33bf7b0439480effb9fb212efce87b13
SHA1 cee50f2745edc6dc291887b6075ca64d716f495a
SHA256 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512 d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

MD5 688bed3676d2104e7f17ae1cd2c59404
SHA1 952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA256 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA512 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

MD5 937326fead5fd401f6cca9118bd9ade9
SHA1 4526a57d4ae14ed29b37632c72aef3c408189d91
SHA256 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512 b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

MD5 cd24a18d93e1405a10d6fef84d90dbea
SHA1 12e549bc54bea3800f0e5b77fd22872a49340115
SHA256 ffd9a96456af7d5c7cc32eef833d99a12a4555dee5bb9c05f8d3165fd8f4236d
SHA512 2336b89e8ed91af5acccde05401f0e1720b91f657a3c27c8b5ceb38208acbcec28bab7c81ae3ae7a4325c2b82d6ea7afe179070f8994813fc4ddbffc369e651a

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

MD5 338488798fb159c43a93f94eadf58816
SHA1 c9cb8ecb5b48dd96b64a5862378ea96e38527f40
SHA256 fc41d755e7a0265f95da248b68309ad7ec7d09784bb2874e2a0cbfacb0350f66
SHA512 82d7229269605eda41131e6d057ccdc6ee29302113f46afd3e496b543138b6b8a96710dc40f28d57762a0779bee2698f3dc8b0da7185c9f81f7ac0ca725b2075

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\doomed\31042

MD5 ccede7f6f5332d4a5328a05a5e557d9a
SHA1 137d9311517b7db019f851437a413fba76e94077
SHA256 0c6f853e92bd9c7638aad606cc5600a8c3210537227cc38cf0e48aafa6bfe745
SHA512 af2eed209cecd5758932c6d8b4906d402e75eef3b0186610e4645aaeda6092d85b5cf565d5479ee9fa228d5c4bcfe1446f34ed8836548940f32e1670a7c6a33b

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

MD5 6622bbd7ad96708c2ca7e2db67911b79
SHA1 8325b8d1b71e3d7695c5e5fb259d3015c1c45b60
SHA256 af7ab66ca2bd803a1547bf4cfdc6c211451c1babded600b862f4dda3cfc68a88
SHA512 0e248a21c5f78b4850007843f8f11f65c7966bfe1f2bb12c019d4106efead20dde8524409f85c6cc93b303befe937869b3a4ad4fa347f14e69abd20509c05177

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 91c9d9c20e33f50328696ef256d83bed
SHA1 16feb718a1c9539725041d18feca07df3122e9b7
SHA256 1ceb1dedfa7110c16ef6decd796c8c063f27182359b769827787874c8984f977
SHA512 bd4da0b2b8a9831ca3a11e83b4d6f6062fd35faab435d7ef3127425317c4b423c9e92aba0bf13c8a54a4642d0ac19f7251785f4109da06baef0b6b63c6bb2dda

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0e8ea670cbc2d18aeaffa740ca728897
SHA1 efb24a66c70971ca08484a9308302ef130968642
SHA256 d265e697ffc6c4ccdc3183d28a59c72b39dbc55852699b516d8507f82498a22c
SHA512 e14a3d928d1bc80826556324e8ed0b48415bbd86d59a371c9cec8dd077f0a555195f9b77e53f57ecd614d339d8db89fd8d8a38c4195d1d7e793d1b46301b2cd5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 6ca3ea9247c612ad55e46db90cc8cdb3
SHA1 dadeca790b75747aad2d71d0c399fba372e653f3
SHA256 bd0c2d637e8ebd04d1e83ac2fbc95446439035836bd1f0d59289dc839a34d074
SHA512 51f1149ebe45497a49bbe007786300edc452c3132c16055e0f7ef4d8d6f07f34d2db483f40fae1e18d5134c36a22751bda0cb011cfd43213edd18181c102b86f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fb3d8033b0e67acc4af1aea59a22d3a4
SHA1 9f8735e48dfa792c7463c1a3eebe4f41bc336cc8
SHA256 f7f7ca87a5fb56d1f8d610f22a999d95d3f80d458ee166a1fd325192af90f105
SHA512 9ec5e7ff29e5de57ac2f09afa7b1eba3cab0e0830d8b8c2aa370357b12475c61690dbdc94c23d6093b52d6e6f22a118e5f758662d5699c76b39b54d048f252eb

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\doomed\9434

MD5 b81a4df776b59cc6d556a26af00285fd
SHA1 226e9aa8842ca10337ebfcb21317c40a28bf8775
SHA256 2544feb2891ce1e2f76547d31f56de5d0e0647b341bf534796ce4535c9f85057
SHA512 9c17be79e2c2a2bac8c635a4418bc4f33a5473dbf298b72789fcf92af199aad104b8fcb6e0e3396f06de984d79be3270191f7b8a5372fa293da09b54993fbd7f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\doomed\6517

MD5 53de56f0b25a7680efc76f230674dc64
SHA1 a1cd7c9bc2b160645e3d46c3bcc883e001936b87
SHA256 d5a765cfb05e3cd4b09dfaea2da5741164583a9efe7b433ae3ea7f1785d1f429
SHA512 42502c2358c792bae11cd7cca8c8d1725a6a0a4434447d7586873355a160002876a21780aeeebd86f32b8f6c8dbf50883034e1e98d1a56df8e3ad145e82fd372

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 98ff6a4103af170825a7b5aeb2279281
SHA1 7b4542e4bfe33485b7ad22062caf54179a2d2fbc
SHA256 dea5e8584be5665a74a822540124a54a353c2faaf00bfacfb1b6b74e91e4a019
SHA512 58acf9b28cda623b5a8759c097d79fbfe74404ac5fea112fc396c5177ccdfefe23a6edb9bd2017d885e10d920fb68f7dec572ef65d85a68bb3454aca104f16ee

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 08939065411e7efc2278a9a348425938
SHA1 633ad8425c22637c79eaced6ae12a500210c41c7
SHA256 5d81dd64e7b5b012b694838dc5c3ffb21ff1416b1cfa4b135eb305b4f31a065b
SHA512 2c8940fcfa45d7a3e623066dcd0edabc8bdef1226004d08820764cdcea96df47df2d49bcf067961931f763820f3ef1f627926e453417fa12b081ad128b805139

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fcfcc3d1ee2743fd9383d92ee6fc93f9
SHA1 33806ab2dc623f44aafc5955b80d1c89d9dcfce1
SHA256 efa6614b156bcd4211db1f7f470fbf28f0de39b96fe6fbe7a104a359e4cbe61b
SHA512 ddadbe2610c5a0fdc5ef48ee4cce6e92b1ba3d55319d2510c66626ba2cb8ceff566f826000ea18a89b1a6d3d4759e967d7d9aa50c931dcc32d05f790569bdc23

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 29ac0ff98d1313c5f6388bf4d8f5ce66
SHA1 9bea783028d3717798790fb4bee243d2833361e4
SHA256 9e3982ec0f48d2e2a514c1baca25fe8a0c36d45ae218de6fdbff50439e56d6bc
SHA512 68cb83dd0fb6f29a66460a95fec51d4f0487a417a828c8054949fef23f37128503faf52520c376b8f29c9ceabaee93d844c7307c9b9bfdf8ddd8c56338cbe729

C:\Users\Admin\Downloads\2rq6_FEn.zip.part

MD5 f315e49d46914e3989a160bbcfc5de85
SHA1 99654bfeaad090d95deef3a2e9d5d021d2dc5f63
SHA256 5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7
SHA512 224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\bcd3dd36-97a5-47fc-b683-76bcd88fdc39

MD5 a4a7a6f754a7c62bd87b7bcfd28d7d33
SHA1 fa2a55b98a3d00ae0fe35630a4b52186fb2f58bf
SHA256 3943577f774a066fbc83a4e3348ab00f61812fc0cc6bb5ee1cca0fead9876cc0
SHA512 a795af8206b896e55ab865078487e02140989a78a40cd48bba8366db19dda60d60257af7f39e21be4390d33ed7ee4144ed8b316a0ff5038daa334bcb14af91cf

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\6ed84d15-ac74-4a94-bbe0-92bdc57cb79f

MD5 dd628d003242cc9f2555a63b509851d0
SHA1 1df83ac34f959dde6bdf7e9e4215cdab84192d09
SHA256 b84f24ec6068ac28f8a2c3b6e83d2b88136399aee88307d8d3cb1b67bf016316
SHA512 1f30197f4a4e062896565c907eab58c06553fae25861a8441428c1c0ba5bf101de745c8ac5102c9fd00212fdce49465b4d249d54d67cbe3e8a2a0c9ffe19ad7f

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 cf1dacddeaa2f57eff704acd2b338971
SHA1 2a6cda8299389e116cb1bcb838c76dde63820dd0
SHA256 118e35ebb194e3d6fe2ce068f49f83e8acbd23da518598ccdbfdca59a729f959
SHA512 6bc78694a2f7eeef2de197e661bb9e8ac23dabf442a853db00a867dcac491b91b693ba06e9fe2ab5ca91d8fad5fcd7855c48164f0f362ee5f87cf2c2da450750

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore.jsonlz4

MD5 9dcb9d055523db62012f6c6820305ba5
SHA1 375c601a141260962bb714d878ac618c994dbd83
SHA256 700f82d1d3d356a19a3d32d81b43afebcb4cf1ca9b6204182102f6ec76c04538
SHA512 fd23f013a64def7e571bdbceb84f3812a01b6bda63efc43f7daadbdb01cb07e91f62b053271f07185a64b54a1b517e02cc24b683ab72628e1921fd16b3ac85ed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

MD5 d581ddd43925c0889bda86f950cadd3d
SHA1 a5b0277302c298a1f6f9fcea21b9040e43c93d4e
SHA256 279241b2d332c9c4d945c1151591acc6e673a4f3c79e4ef89fddfddf8eea32da
SHA512 ac8cd83ac9f7f603f1dde8b3ddc47819b7e2db6ea63879389592f4ec5ed7e6493e2110f2550d84c6c44b7c0c82d78f0f413df51e1d5877327a00377f11947c55

C:\Users\Admin\Desktop\[email protected]

MD5 63210f8f1dde6c40a7f3643ccf0ff313
SHA1 57edd72391d710d71bead504d44389d0462ccec9
SHA256 2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f
SHA512 87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

memory/2576-1390-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2576-1392-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2576-1391-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2576-1395-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3540-1400-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/3540-1401-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2752-1404-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/2752-1407-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3540-1411-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/3540-1410-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/2576-1418-0x0000000000400000-0x00000000005DE000-memory.dmp

memory/3568-1421-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\6893A5~1\state

MD5 0ebb448a11105b713b7899aaeee005fd
SHA1 ada23f0844b49da898802e1363fe26ceaaf69469
SHA256 2e8270a643c0b2d33a9e25c6b01510b4dc1e3c36cca06aaf247b0703a2c6d56f
SHA512 a24064546b54c1544d53be9a109620aa0b3675d4d7546cb40d9684894426ee1b795cf2959137f635b1bcca8f746313cddb12945baeb21ebd5dfb8de6edfe62a5

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\xulstore.json

MD5 c64c353599fd3ad2e43607fcb5b4ebf8
SHA1 d47b687df6f60fab3f0b32dd20d54258b2b645d9
SHA256 c92da016f56b7aa125d9735490a7421c525e839d1e34c130d4f73915b08c8b44
SHA512 c5e25b4206a027d28ac6aae3fd31b9dc020febe33b7036885fb94d39b7378f3bf1d7f6df9902c372de1ea9505e7f4032ffbbf394bafc1cb87ed3b20fabae7b23

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\startupCache\urlCache.bin

MD5 9117bf7422456e9ed365935a005018af
SHA1 a04c67a7f05f579393ea876b8c20bfd00e4f462d
SHA256 f922573ba5fbafa6bda18cd09caa30e3a2bdbd3d04cbc51b210505aec8562fa8
SHA512 83fbb3f6a98185280fcd56ee0f609b2d6d5da30de780bbe0f646d6ff08e559598d0d9931abcbf89ee67df70e316683b66927222e0afef2022768844b7559aeed

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cookies.sqlite

MD5 fa070fb1316d37a9946dfc1359287aae
SHA1 b46ecb409f634ac5b4ecda05749ff8249f9b268c
SHA256 9757c91f7b0067adf21ed3d7ff429f55556dbeca8676436bda5609c0626d5cda
SHA512 f42cd5255b7009e62189581b8c8e8d000ba1d3750b093733b939684c9c700d8ff69258c9d9cb38e0fd67ec7ca136ccde34801304cbcc75ece4b602102eea82d9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\permissions.sqlite

MD5 4265bfcddafb85be48e240fffd135150
SHA1 9d321c77491ea535dcd76f5bc62077436f912cb2
SHA256 6f9a6a39bec6ea0518ba407909d8a4b1a575c75c39b8975f7f71eda1114d8bff
SHA512 65b7b5429147091a7ce39d26871f99ae0a481a5b2af2587d3f5fec53265f8cdbb61cfd9a71451c68132f7ab0b01d2f50e287c61c1ac3279415d4fb06b0f53884

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\index

MD5 78c5c0b6f8b419bbea4df0e59ec0709e
SHA1 6b360ce0ecd3eb9d66d7df81e5624deadecbf811
SHA256 b52db582f2b1b66a5a44afa863c4d60cbb459cfae8b29f9631fbcc6459de31cb
SHA512 0f7a251a9a44e6a5d23b745c564c2c535b29fd303da6ab380496be340db6e040bd38215a01eda660931ed0da27228f7dd6dfbdf0ec74a00a2a4573dc5426806d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\index.log

MD5 dc4b0e6f42d88e314b9021b07072eb62
SHA1 bbcc2168cad6c479e2b5d056792f3ac2d82674f7
SHA256 8ea8d779cf2a0f774fbdf7e853558ce6c1653b32d2117552eee7dc4c5814c462
SHA512 1fac128d63d4c14e59a03d938ff23982dcad3a296b24db073e12745f46040e971ac48228130238ebe19c193e0da52fe94957ae0b68758d7b90f02520b8e8291c

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json

MD5 948a7403e323297c6bb8a5c791b42866
SHA1 88a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA256 2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA512 17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

MD5 ea8b62857dfdbd3d0be7d7e4a954ec9a
SHA1 b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a
SHA256 792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da
SHA512 076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

MD5 c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA1 5942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA256 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA512 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\35f155d6-942f-4f33-9413-0cdcf8fb8c2e

MD5 dd766f67eda4f1d063891f4cc15d7d29
SHA1 050e407d58d115cd9664b4c55de9f9be282195d7
SHA256 3ba64072116c122197c9be150b93d3d1d93f185f18164faf927c2700522daf60
SHA512 18168ecb04a2d5c5c095a87f8dda4800464f17215ec1fa472845ecb411ba16d6821dc787f49fa3835021c1990be59f7ea9f7b21d78079e205d69d7040274bbcc

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\787daa33-30f7-4401-a8e6-71be29d941ab

MD5 f73cf25cd4489e990cacf403cba52b85
SHA1 07432fa93902e06030465a932bf906d2278d6806
SHA256 d862128b7951c62a82b72363a01989106eb3b15b2fb8dc291c8a43760f86e5b8
SHA512 14ef840532b10f987e9505c7fc08b145ee497844ea57f2eed4b811ac256eb62f0ccc418b0e5140ef808714dafdc1635bc1255455d426ffa74f605181c56710e1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

MD5 8e630ebcee297abd9aff0e8f0b56a1d7
SHA1 406bdeef3dd929f57b871535572898574fb1dd2c
SHA256 bf9c597d23d0d53c637d2cad7885c66f9db55ba1096e25b9f5116446571cf065
SHA512 923af331a4e1f4a3bf0f48f06c7661f3ea814afb68d7e574ba92790e3a4fae636cda07963f9cecfc95edd4ec1f38ac2f08deccd0e9bc83cd846f270aaae368e9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 a955af1e261763789835c888bcd1f0c6
SHA1 01ef7417b037fabca23c0312c1cd2dda1b67ea93
SHA256 f04415c9300d0a78bbef927ce7978030d9d4ac1bee1e92d002da6a1056d74891
SHA512 2c73e542cc36ffb6362047f34e8465418eddc36835bdf50bf02c58dfe325e1d4c746e0c5c93db87de252794fd62fc89eee43ee599265c8492af6716cafef1717

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

MD5 be8afaf4274b9973e8842d711e0b433b
SHA1 63d3ddf879c03797410febe90427c01d88743f1b
SHA256 52384d4324f41048d0767ef82239137420de455059b9dc8d2c04ffa7184cde97
SHA512 f492e6f4dde514371ec92aa347afba0433ba0e782b34d74eee971ddab0853875ef8936bb2d8cf0b295a70140ee0843ade35f80b9c4c50c474221af3de6ba6d00

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\169F2F823AEF582DAED7D306EDE98433E6AF81E1

MD5 537eafa94f4f25cd5986839d59149972
SHA1 922ace38c7ed790eaf73325c3683764f3650fd71
SHA256 f95cd1a342740aaf2f83a21a02c23310e3c316311c039e9dcaa426bafab79573
SHA512 cafbe7b6929f35cf4f2f7b420d1627091651f26d0e43f979dbd6d3816fbfa45193175848a584ca757fdfec54e8beb6fb8bdc80fe9cb6ec34e4f7e0f168c58aec

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

MD5 3ff996e0b632051a788d3cd12145e37a
SHA1 b8524dc61a06c07f76487681b111ccc722d5ebf7
SHA256 ee335d56941c0a2de0cb57ecd9247601fc2b98d53785172d6bb08f13a128ef47
SHA512 da2c151c20c3238a179b02313c5eefd3922d21fb3e83f8742d167c1cf476b209f8efa06c3b421529430816d5e35a7418a6472ceac8529496ffe1900faa9dc8bf

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\2587B8254FF29804EA8C313AE41DED8329BBA421

MD5 d1750b39a3a3f81ebcaac972bd6e9deb
SHA1 03985a262f3d8b41787058b15d0926dbb2a012c4
SHA256 10fc15cfaaecd11032aded59729df1832472c8b96724f347bf78774906a5cbdb
SHA512 b2f4dfffb0ba546d403623571c2306af8e63f5644a7988ebf16a0d368f56f192d51719472f235dba9c3ec2567f892499b123948898a8c98264c515a836c88a75

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\A2BD72A3227572715C6CBC7E489B8F9A87263541

MD5 b569cd8dd137167575aeee5206e8f097
SHA1 df865ac41a9b30dcf6297380dd08e82fe62e5782
SHA256 26c72fe5d6c5619e169c53260647ca9bd5baa504e7604a80d8e2225f789cb3ed
SHA512 2d45f52fc7ece10b27125395f57d9d392a627d2bdb13fd41e05afeb85e495bf03a8f79747d6433f4b3ae2bdf20c234f0f47dcb52b7405ae7a44db6a02244fc8d

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\BFEF5B7F3B00F0A81ED1F7E43EA7F8DE07A9D010

MD5 92549fc05034ca280702b9d697a16f73
SHA1 7fb07fd05df0249b547b1d16fc18f7d2a0fb3cb7
SHA256 e23116ddd33dba42b0416f24becf580f1e443879a99eb6cd58e6d0e2a0ca6333
SHA512 25012d83fcedb31a58f459623492f34182c97b16441153a74836f6d5dc0bc31c0101f02d43bfcf94860d74f9880aa2f4c87b08dfcfb6dde2cec36f96671e77ea

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\65EB1ACB13C0748AFEECCCEC3AD1521D0B414AE1

MD5 08132ac2f05cc095fac117e9ed846860
SHA1 d40ccadcf178e6266d3b005a71479867316f5437
SHA256 b47d62a97d8df4959ff7d110eeddbf68409876f855d05281ed986b4b460b63e3
SHA512 5e29196a1a977728e7b9d3d42d3618fadacfe82ad6656fcaf93308f91a08c98a6aa2ebccaf55ecda1c486b536d87933818c4e957aa7ee7da905a944318cb82e8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\A152B6D6C9D895309E8E7194B1E85CE9D7FF9C25

MD5 36ef30c6e5409ecbc6eb48773bf9e4e4
SHA1 f3d6837799decd14ce5d9ec4544365c7f8dbe5e0
SHA256 e281752130d558438c171820406df29f2f13424a7316612f641d3208630fff78
SHA512 e1ba00a6d15754529578ebe45a1c802dc7caf76fabad343c7e2bd83f7b894a9336877df05c427883f8aa9741d8a869498310f0b1f12ba1fc716df2193d9a0696

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\CBFB415A72A631B4C4F5CFAAA213F430321E2A32

MD5 6db346e21893a0bb684134a323d2f741
SHA1 0e62bbfd693db6e13247fbbe8be6dd2fe2497056
SHA256 21cbb7764b3ad3a47e6944484dee229ff8451ea78ad1d0ded986b3672ce616f0
SHA512 f7b1fc3ac764c4d1388d3a9936ad3b136c219c4f211de2f02f9a7915e08a1850d988d08b9b7741f918cf60f19f8311442c824f951dceb32f5d543cbbdf035b81

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\178F9251A8CDAE47679D71C934F806FF3E374711

MD5 5912a37d89dd8257a36e12498f3240cc
SHA1 ad11133b5949cb2da116306401450ff2b1a20752
SHA256 1f1e70638b51fa84c6003ee60c086db76e8ef80e04aa71d2b9b12acef3cb2fb5
SHA512 4745e86801bccc98fef24033adb4e3632d2f1a0dd38f6528b6dac9e15df0fdd9652dfb682c2d30fdb747ff75b6b0544161840dfc5865629c0a0a93f5c0f7c527

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\21816B0DB510050B0FACA059FFBCA789FAFF93A3

MD5 0191dab07bb5d81c3c4051a8a3991f9a
SHA1 62fd1fb6b7ce2e5da762ea31d54a69aaabeff0d8
SHA256 24ca5a0d6a178384f00504fb94b789017cf362a9d49c6337dae71e4e3f2a58f3
SHA512 2af882211515dc488908f987d03ae640cfbf38a3e426cfdd6ac1f6edfa7baa1895fa4c9390ab7a5881ee45c21fe481d814fdb75e13bb11cea8fcf14f50a82a2f

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

MD5 1a1ba6131d03f5ea1c65a9560358414f
SHA1 45b5e222d00e9b17785e6f48b6beeb008bab80d9
SHA256 34e655e9ca53bf97987e5c623543c07c80ff0cd7a8624b44d34a812d4e3c5b20
SHA512 c85a1b1647405c963c12a5a13121cee0b5a62cd2b084cddb2aeb8dc1e3aa112aa296c727d4f30ff7fe2b9fd36b3a05b6ce4cad1944e70df8bd38b8ad6fc2d1e8

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\B47C2290387CA81094036091C984E8DF3E89AE1C

MD5 fe789e37afe1c91319c1b2e8c85a76e0
SHA1 f50836232d33ee5c13316ce3fa239cafc0e2aabc
SHA256 b6a0e938bc73b8328cfeba54fbd84155008912402821233f1dd68d9892bc921e
SHA512 25103d841737aa57ef6e0be637ca533a5d6983275171e0aa434eafe8c4fbb574c2b5d8a7e45d2cad0b6bc32fafca442b7df53e01e9f0ecf07ef1d0a0af2e030c

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\8F2B50ADE38DBEB7F4A4E85B4AEA9EE28AE93B76

MD5 56e96a4e219df8ea70ebfd539df446a8
SHA1 d8c3397f53be75f0fd2cb7666f043e145ff113b9
SHA256 a7e7c8505edbbba0605eb3d4336570b12034c6298df782ef42c88c0dbec0f7fd
SHA512 3321a9ddc0e485bfb3b73ea176db89225caf2cbab86d7d8e1d1fd3a7e2020c44b74eb627960a85aa4b24d5152ed805193908ffce7f95bbf9b7672c93026978be

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

MD5 7a45aeb641cc89c5e1437df788cb06c8
SHA1 476588f957f1cca7579185a78b49fe2e076fc90d
SHA256 04a46f37889866d5d4f228b53e9674fde12f8603e10f3f8379125158fe076433
SHA512 e7fc95a66011770e081d6c83a2a8b4ea43c1c77e3ef4be7f03f17aac05ea1b51d7a8f84628be36e2fe69b13dc7d7fcc6696c9f3f8ad68797dee64e532727ee86

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\4706140295A9E0A210FE3C6BF4C08BBB20839F91

MD5 a668ceaa2680e9dfc58932f9e9fa0830
SHA1 28eab9fd4d2632f35a6f7079f686a63cf66d85fd
SHA256 c5c5b5bb65bff15f926190eac0b55f94bd3fd1cacf897f5deab1e4f3539b16fb
SHA512 7a521edcb0a122f2c61b9c357348f00d2f89ff387da2e5e35723ba1b704a0f8196b1202b4c9da6837cb46b7ed7eb8ba5c00c47ce0ea33ca0c92dcab086a18e50

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\880F429709ECB024C13EA1062E351585B52DB453

MD5 ea4f17863c298e10560ade40fa88cf20
SHA1 0de3f1319881318560320078335b0848d2fa2040
SHA256 2667999f14ac974dc13e1fe161909a96c1d6ac17729a5001e9bbb2b57e5cc665
SHA512 69c6be18fc974f58c0d4b3c74069f059c82e15d9dfa491d5e57a17e7ba4067e8a172f9cc0c2b53188f6bf232d779edbb3df8ee29e80b05f4b5d64d4b10e4d2d1

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 0f03ccc83ebc59107c0aa7160424bd86
SHA1 b33149c4b262464a6339a378267db2fdbb1ebf1c
SHA256 02dbef813c5c6859bb8ddd2732dc1a3ee09898d30e7357891349e772b3acd97e
SHA512 b168f1ab237484253446d596bdf1d140ebab59fd445ad0fc2b59c5f3c6fe22850c920f91c7f5d5e2073f9166f3fc9acaf76a253ce1039b4ea62d47faab5b0b02

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\BEF30B8945DDB23CE855354CA1126602E172FE38

MD5 c02cda3e252edb5958bc54b489ee8d9b
SHA1 2a01ccc6ec569fc9990ea9636a3c87e660f3f5d9
SHA256 8f53acdfaf02977ce8eee7b53a51928f7879441716b10f3875f9034488f8bdad
SHA512 5f94aa17e6240b0cfc81ebfe4bb93d2a832a785238c0bf4915d1332ca73ae216cc6b90f59630d0473d25eee90f4f8daafaf9e73e64416b129be008bc061700fd

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\9BD0BC0C8600F2A8E27D38697E1DE7F3730F995C

MD5 7354427aead4b9fc8692c61464d5b83b
SHA1 b39a48ac191df9cf8c464d28fff9ce52cc185ed0
SHA256 8f1a53cda7c92570effb3953ec535f570fa520a237be965a373b4160c7285cbc
SHA512 f691cd33388ccf50ef62cfb6471148f2a7ae9b028432f7a3b8dd292241d75bd525e0f75d090eabdd822d203dcad684fbb05a323822e08b95da1fd4c4627428d2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

MD5 aee462cf334bf670eddc5b464ee54f98
SHA1 d5496b1923d111aedfc6ec7b324630b8ba070682
SHA256 a40192502da20572bec7027feb72a493c680ffcc595f38e6973a8c4e5c4624f5
SHA512 8b9c4ec5ff56eab1b6f941156b8afe9c6441fa53f33c3ac1168fc58b1d9d89380b78da368bbdbaae2bfa60493337fade0f575c2fd4ff1a4f51b96f88dce397f1

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\845B779E8F6C6245485378122FCF02EA92E7539D

MD5 85bf8b86d97609588359a0e970ccb2cc
SHA1 fcfeb25b9f3b5a0a84cc906a8e88d5d01aed988f
SHA256 c848a23c8f55eb1581ace976a19c7def7002aa5781307f7cfafa7f691df7dbc9
SHA512 5b11a43413fa03f55294baf0935445089b58b44351ef237ce463f8bd89ce7a245a335dc024fc37f81d37e0e3428d00cbe67ea09e429306567c00b580bf58d8b2

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\003B9E0A2EAC56AAFE3116E93CC53920DFB930FE

MD5 b2795b0d71a451b285eebe2c3035b529
SHA1 b66b9c3fc50dd562f195502a7d4f2405e356bea4
SHA256 d90e69decd4ed05cc9dc1f58497b10ff24bbb2833ca099cb4292905f524909ce
SHA512 c0c95c9096d84f90dcba99162391a7709a165b111d80c42277b6269699b0926ee38806e0411149fabf544d1b06467eb7eea3fd4067ec84a35abe86fed51940da

memory/3540-1928-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\Downloads\XAwCMWTa.zip.part

MD5 69977a5d1c648976d47b69ea3aa8fcaa
SHA1 4630cc15000c0d3149350b9ecda6cfc8f402938a
SHA256 61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc
SHA512 ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

MD5 fe29a1a8f4f667652b86340b7e47d790
SHA1 68978be45c0d5899600c48cbad8f074bdd309b20
SHA256 018faccb8cb44df71e0f44995f50212de609a9c77160b9c6a64f252cfce9b06b
SHA512 b918fc757197336d44f6c7c2b9f10932725bcdd6b0ef76903b36ff615bc818c2f2d2b02fb8ef672ebb4e83cc3426b7c603220912f47a4956522ff5c540562d97

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

MD5 99601438ae1349b653fcd00278943f90
SHA1 8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9
SHA256 72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a
SHA512 ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore.jsonlz4

MD5 6beab4c35071c3d28f294b4d839a1be4
SHA1 f4d1a849778bff96595d227f7b03b932d52b8ce9
SHA256 f3bf6ee68ccea7ebae9f6831b298ac04d0a64e19a4a1dd1b5077ba28b646b823
SHA512 ddd7df40f731dba092091fda75db852c74cf783c35ffcb5ee94795a97255994cde7dcdeaf6da8244c9f79e197d41babef61e4dbb56a37dc600c7ce9565e3ddc6

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

MD5 65690c43c42921410ec8043e34f09079
SHA1 362add4dbd0c978ae222a354a4e8d35563da14b4
SHA256 7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d
SHA512 c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\places.sqlite

MD5 15461cfef5eed283f15ffd88fd3517f6
SHA1 14dba934a0922d737ebe62863990f90d1ea012d8
SHA256 7f4661f5060e4861ca4ffc97dd0e4b55b2e204199e492433b214e40d1e3900ba
SHA512 4a877c59f75c31b67cb2a156a1410998ce7e2eb7c115e5cd031ab12dac6811cb79fffabea695ee98c197bc20df7fd077068fae42d4eaacb0a18d2173dddc8a3e

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

MD5 a8bd27b4a7e94975a3cf97603f293c98
SHA1 62fa38f6ed704a484451ec2f0be8c9968d3c3118
SHA256 54d69bcd3efe0e53a0f24d85cbed6605801cdcebbeb950af2a698ad0eac29f6a
SHA512 c08004712cd8faf511af3ef6b7df1d2ba7ac939d1ec5bcff25290b930126c9c211fca467f382a79650bc90c6dab47e5e9a12855d4badfabb53ed28fb07c84705

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\xulstore.json.tmp

MD5 8c8e29dfc7492b92903124e1da454a88
SHA1 09e1ea8b5a53255747809121543598e55e38f9ba
SHA256 08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb
SHA512 bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

memory/3568-2057-0x0000000000400000-0x00000000005DE000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\Cab1BBB.tmp

MD5 49aebf8cbd62d92ac215b2923fb1b9f5
SHA1 1723be06719828dda65ad804298d0431f6aff976
SHA256 b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512 bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\favicon[1].ico

MD5 f3418a443e7d841097c714d69ec4bcb8
SHA1 49263695f6b0cdd72f45cf1b775e660fdc36c606
SHA256 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA512 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\recaptcha__en[1].js

MD5 2ea96f82197c227ad3d999f6a6fcf54d
SHA1 dc1499948a1822d16cab150eaee16f4ab8c028d8
SHA256 e1d667d61bb50e0a815101a7d0d7f379b7219776fee856eedbe965a049db8d44
SHA512 dafee1d415487b796e02ef295073382aac48ac76e90c749028a9241bd44ec04ec2ee34163b8177f94d01e9e9d87577ec34c18d780a9f17b80923106d992749a9

C:\Users\Admin\AppData\Local\Temp\Tar32A7.tmp

MD5 4ea6026cf93ec6338144661bf1202cd1
SHA1 a1dec9044f750ad887935a01430bf49322fbdcb7
SHA256 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA512 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6a11830b702b72c1ff5cb8c90a787e78
SHA1 42d7ac33ccd4a7e03d1dcfcc6cc763e6e4557040
SHA256 911ee4abe23ded9775ad944043a8659aab582d77a253c329bb1515fc48a1bdb4
SHA512 f6c3a21da98888b7340cf8d15e982a09d6e9f89d0fa25bb21b62ea1733d634faf9a9e92cd7d1ee1e78112a6370525eb353df3bce0dbbe05627e6eb3ddac46cdb

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 dad2740e1231a7cbc7ef177aa4ca3237
SHA1 1a49370ae1494fc1c42e774242770dfc39423e7b
SHA256 3c3c1b81ffaf785549e3ab793f2535c875405ea68f67888172e14fd5edca2f63
SHA512 319f736387f1742504c825092e343a03085d9af611b6fbde4500c047b9af883d22100d05a6bc60f6da8903dda4ee439662b58c8c26af1dd4bc6f5782a0ef85ba

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SP3OKTKN\www.google[1].xml

MD5 58bafac1260cd8787af34e552d7224c3
SHA1 7838b4e2e459dacfdc359073d96c47e427eb1a28
SHA256 8b62455ee374f9b15f376779bba93962801d85e6f8a71a47b684fd3e286ef04e
SHA512 b6acc616581c5a13fd375fc4d96066dd13edf8404551fd32033cffb061d7405edbcace716f6742cbd008b780dc4d909117168b94fa13ff07edc51f2412f09d07

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SP3OKTKN\www.google[1].xml

MD5 f49b9dc939619f6b855458d6a984522f
SHA1 ff36d9579d85970beefdf0cae3304bc0f49d5664
SHA256 d3970180a7098dcda6d290cfe87d41f4ec2cf844097e10b2e47fe80d858032ce
SHA512 9bb74b5de72a314b9441a5eacb14f93ee4ea342be4b805784b6c42f8337562c10e70c93897a58c944a30b9655524a89e1d91b902da2a9ec914bb4a0ebdb4fc51

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\styles__ltr[1].css

MD5 4adccf70587477c74e2fcd636e4ec895
SHA1 af63034901c98e2d93faa7737f9c8f52e302d88b
SHA256 0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d
SHA512 d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4303ad7224a04608574b2d1d85fec7d8
SHA1 2dc213b49cb7c08233e1074b067d1d306e8468eb
SHA256 8756d1e9ed74f7c9990236b4dbbf7320d9fdda4c678b12ecfe6149958a4c5509
SHA512 338a0085abcc03c7ac45271aab8c5a3163415b430dd6bc1418499bed7432426c5f65117b9c492652a6e898c8457de8073fd87ea746c8021de309125ff723eab7

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e95264e487285ebe9559ef54e127ad51
SHA1 d07a160d87bb3e92cdc25b771558800f532104a4
SHA256 b0b273a606604b08bb3117f4b47ea8df305791d88e37ff6883c8e1dff52a3795
SHA512 fe7071f575d2ca491b03d26528ef2784c439e6f4b8162b4b7d3238756b3cf54dc7a50aef2ca14c54cfccdff72d4c6e47be78c46fc50edec91b13b05a32695361

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 cc336f738bfdab979686ecd6a32ebe65
SHA1 d241f325ca0b5a8777f546557a3ece0e826d45f6
SHA256 e3627fce81742560bbc8a5d87706694d77d74551b14b44241992f19148ccbc80
SHA512 71e46c54b38aaa9a0c8932a0ce069f5bac9b573dd8f16e47fb461ba99e6c7c03b79129c45e1ed6756c3ab5905f3b3ddd9e31821f0aae9b4fccf5c8e3fe79b786

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 502841f1767c762de688fce77330fe47
SHA1 421ae0954135e7b348316f255ac9c13b7ed6daa2
SHA256 d786478a607f7ba330ee82afe3bfaac06c3a1a539de97ff6399aaf5136dd18b9
SHA512 da07d4bded09810803634f0dfa0881420ea57cbbad84b60ff09cd232c62765d1ad2f7a3e1eefb61d5f0874bdfa26ea192b0ce845fabfb732b5080b1efeb3fad5

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\jemwMo903uERjMApF-n3CSVN64n99SYmycf4Bp0ZSBk[1].js

MD5 bf14f84bce0c1d0e620588eddddf4cf9
SHA1 3dbbc93baa30aa9c1f732535f67c1f1c5ef75665
SHA256 8de9b0328f74dee1118cc02917e9f709254deb89fdf52626c9c7f8069d194819
SHA512 91b7882807c6e1e46f14943d8a56c64af86a7d59dc80156a4aeff28e37fcbb2b4c3f240b8d1f404907745bf9513ff465046dd514612711acc307386327c328ce

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 eb078b1ac170e0555da6bc7ca6d753f8
SHA1 edb28bca3decd1275dce88a4f96b0dcc40e8a840
SHA256 4885ee601a996031b54bab6c4d3fc94cd2385610b1ab64f7a092aec205b6f8b8
SHA512 df60ce9faf3bf0c82ab0f32adc8fe87f88714a2b93c513f34777e196699d6f02aef598b81175a993b4efea365ad41a7810c39427c0914012f33a00560970607f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 e354f88c9b5f5605bfa018fe7628140e
SHA1 2e5ab8f53efe86674db5501d43dae2a2a9f67c90
SHA256 0cdf4cfd6f382fa4d16c389058549b799c59ad058bd8cda95cfbcdda6aca492a
SHA512 549774f4230bc583c6c82331d5a37f73df9785c86efc659fa6c89c46f450c68e61b46ea22a772ea10ebb84c068b1b72919f5a10619a565e307057edce53f5de1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a1c379db98152749147a4fe7c3cdcbea
SHA1 abcd19368afc2620c7e92fba3d47f53bcae6f4de
SHA256 9ae6ab691fe3ee76db5a3c28d54b673733bb172a84731a59d56c80521ac80775
SHA512 d13d15ad8a5a7133f9b70fdf20e0a416237396f63233236610d7783251e0a3ec6b730daae347ec449a4e8f5e0c8306c0ac116d684569b8b791fb6bee2e3fe9a1

C:\Users\Admin\AppData\Local\Temp\~DFFDF2858CCCA9BFF3.TMP

MD5 134effb40340e4333438b1d734a92578
SHA1 bf7c320cbbb108d1e0cec73c67c19bb53d4e2d5d
SHA256 f745a542cdb163876ba4fa1c594850c20a7ba3b2a7ccc9f94947eb533cf37c5c
SHA512 cb7fb0df9cf97cf5babc3e9b619b519232860ee84cb5c9e00ed2e06991f9d73d6a301e5a87a7622255e58e6182af6d684ddd0188746430d70baba260d736f90a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 4f191d21c94055abff2d3fee46e9a29d
SHA1 75fafa692ea110f59ecdb1736dcb4597381c8a3c
SHA256 37edbc3359bf3f106f93ab4e8597a21790d79bcd46082d5c7d07b68f3cf78f96
SHA512 398b1cbfff842868a4d3822d8b1f2f6066421ba892a694a62bf22b5ca2c5502e7adbf78fc59e9bd5a2c8daf63c1e75b9d5879fb6eff1cf425aaf0de5243997d0

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 8bed30d10129feb14a73d9829e04bc80
SHA1 2abf99db10534e112e202b0806ac46b2fe9e81c2
SHA256 254f0991b5a4bc860be36672e28475ef14160d1669bbf09c345f1557ae946360
SHA512 94b1927eb53455eab0a843baaf726dd69558c329818c794d539c6822d8acb33efebac4f29b1e3bb63a38e36124454e6cb03ec1c57fbebfb6a1bdc95242a1613a

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 6767717a20c56ce9c2eff346b0ff0b8b
SHA1 3aff668e92224d675c25f02ae0b38dbbdd1d848e
SHA256 a276fdf31ff07681ebb7aaf862ca08914007d03b496f4d42628c2388d7d4b4e9
SHA512 c05e6d90e6f64d33b5381eb9fe1cc49909dadf97ddab23381f739534282f425561e824717fa8c80b7f9f6efc35ccd12fad0fcb9807ca4f9327cc6152a2e3cb02

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 06bc5c2af14d50a094a0df3bc35bbf14
SHA1 d32fe9f096cf63c3417c93a28f6f69a5299a6097
SHA256 cd7888f33a40eaa3633bc22de74d9a77c53479bf923ff84d0685bb56a9a1e194
SHA512 bc6cd25cb00fdece94b13d8dea1636c75c85c00b0e6cbf63c216177f163b7634c8fb27358322e592b8a13f7659f10180b2a8d23269fd81a8fff112f95c3708f4

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f0abf4c9278db7e9803bcceea8637cc0
SHA1 cc43f61c50cd7588b4137bdfc1b6f51a67e359e0
SHA256 920566559c10ec61697a8f5a518c39ccec36d97cf753895910a7eb83c5d146f6
SHA512 3959a4805188aaaa6475c953efe0a4dc1e4e7da62a058fa0deb6ead3822fc9af44e972d7955a183021d7b54c7fcc048b5d1f43599fcbd2c9967cd682537faf57

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 07f5772f2fd6fed4225ade3d3e6511ed
SHA1 9334529d06f93c237287fe0984ffc266adb97617
SHA256 2b6eab9a7ff12e5080d0df3c40dd59e977d28895dbf0f9350c55470303df70e0
SHA512 13611e49403761ff2940b443925f482ff68dbca479a7b8c2a07082c71bf438d29ff47600b42ae77c0c5036ec3d68689f486e9e375595c75e6c13959e1041c7c9

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 db604b12dfb50f7f38c787a1bfcee816
SHA1 79cb3a3f702d4dc3a98a817dbfb20ff97115eb90
SHA256 29886dbe7d07d8864f89cb8658583ea27ff01560b464f1bc879a38c03ca72041
SHA512 1dfa674cbe3f26b595ef8dd174fc42a85cb7b039952b895dcd0e7aa08ca8722e1948be48a478fc4d8fc2f8afeb14f7b666203a0af24d5f2564603e33e71b8798

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 373ca96571f205090dd93e7f176b972b
SHA1 ae3073c6d9e33a5a6641edc0de597a421012a429
SHA256 e8ae51a57b3a30a9cc5c2d3869a27ecde12b1842c0b8551f32a1225ade2e8887
SHA512 0aa769a1470ce0041b5d0c97c8c39e757c5e3b5c99cc2a3bf58e948bf48e7d10b57dee5c563d2efee6df1ee62b7298e5454e8343e92a72cbf7a9476ddee2173e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 46a457eef264f6b13df2438d9b758735
SHA1 ea16f007c7a1e6ecea625764a46e5856605bb3fa
SHA256 fe69bd5a4b3b5048c18bd568e848a9dfb27fdf7b34629b5ed7771e89c607b79f
SHA512 8507847f1561143c4d46ab0ae1ece6cc4fffa7a0632559bfaf5cfe88779f32ab31fe6d6f79f1d168a3d0af4f67068e3b7aefa5f9b845f282d082a38b1facb5d1

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f3c0205f5a8e2033457cffd5a59404e6
SHA1 73db5ba90f88db673f1d6f6df0b794fc7b95cb5a
SHA256 48a570b8691eea7fb4ed46f215277a0e6531b963a117bc16b7928560384d2ce9
SHA512 9ba902bf8a20a482ea986390e0dd357e8b73dcd75a58738ac3c29b100aa394f08d372f7c3a2afcc3519950ea6e2279983314f306032ee2d8564661f07e6a509f

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 1ffdc9cb896944df2673980e93333648
SHA1 e34aa0354e15498fb42cecd73641c3d1337b8516
SHA256 8c151acd327c38d17a50b02b40cfd558ce09ed5bb9ec7f18b70d2ddbde12fe6a
SHA512 95cf8394f077679f0e602166f8bb3f8c7ca2c4c0da53f00999792b7ee4846acfa357d7dcab379198f7d00a739e3ebc8361f28f8b8e1dc83badf166f0819e068d

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SP3OKTKN\www.google[1].xml

MD5 cf68eddbecf5ef4c3341d3bddea38e21
SHA1 b760f314ef9cf6a8a0ceba0d8a72981e18b8e56b
SHA256 e89312123f461a8e655b394252e305a9263c87eb9d1d6eed5dc07ee43e049bb7
SHA512 7a09a7c5942dff73ba3e341e1bc083393f9cd44ba5219084e3f5a17e7e528fe974bf1f33bdae0bc7db20315015002710b32af5336c172ac5de5587f9e7c82c03

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 f554569d1625aa40e67cfa984ab04d3c
SHA1 a9d80c7fc3a40c9ed901cf8c63c909e113e5ea1c
SHA256 512647d9dc4b54ca2443943a802fcfdfda607f43bcf7e5659d47037719be54ff
SHA512 aa4fc33e26314c4fe43008726210c56a5cb59a572e500d3f57d247b2fa7994c7b568c9ec3843984ba8eec865b263d1e010ebee58454805467c6c28ec09262f32

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 035eea28feafcb9a8ec0af2fab365325
SHA1 2d8201a89d290b9c8fb4c8d40259fcf4455691db
SHA256 6c574fcec2442643a2e7382e6c7ad28874d6af806b8cbb9c8ec247595ccfff47
SHA512 e724add1cc4cb50198c656e7d5485ef48e78ef6ea29924357dea042156ab7c156bd453d657544763add6e6d7b0acf3459ff41222d1d6fff7df87cf6d52297e7e

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 3f4e69cc919f1942e09509005fe358d9
SHA1 db80f9e6e1b2f9801c15072cf73e880a67416d72
SHA256 6bd50876df600c16281d670a44778ba58b77adbb726adf97f0812c9569403e73
SHA512 1cb468d15d3003294349e8667d4b524584d1f41891878c9a2d7a336ac3f006c98799008a255185ee3a2200b04653c2da78b61c8d3c99ca64233e76fd06a3f0cf

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 5a6dd2ffb3815199dcf5bed4cb4a7930
SHA1 21f1355cd50601868950d2fd62ffafd303c237ec
SHA256 7278ab24427aad2a7ed420ac972aa366005f4445b617f8631a590925c331a1c9
SHA512 738e09d410657fe8d8b750b0812578d8c3b3e2dfa5ac44161fd6b972f7893cce44380ea7a5e3dac465df1ec419396a0693d9078d80f7aa305f7a017d12d68c64

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 7329eef0b21849ddfb0ae5239ab82c7d
SHA1 825544aa5746225ec1b36dccf65d7e84affdbb59
SHA256 3efa5fd8d6e0066e42a73135715eaec528296cc95f5b42aa6d44a9c679a8d5a9
SHA512 3415d8051d6547b44f5767689d24dcce85563fb2094578219f125ccbd7b0be75eda3c38af612f4efe7a1bc22fe9abaf6657b50245afc87b1bff4e0b45447f901

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\c-BYr-dvr3RXadZ0LNNpBv61e2-StCdS2EeDw174niU[1].js

MD5 b71fc3fb244b490ed864d9e5a27cc3f7
SHA1 f8fc1f61245b654bfb34821b9f35844515af145d
SHA256 73e058afe76faf745769d6742cd36906feb57b6f92b42752d84783c35ef89e25
SHA512 c0a1b70b79b4919d482411131345682aa081fc3d437b2116a484534d16b084f83a530aeb625208149028427fb7a0c10592606c200ddbfb02b38fa443ec9e9e46

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 b09de2d0885a8525b8b99962237e087c
SHA1 38b4bdc2540872d2ea21ae40aa5008ae0bfa2426
SHA256 492394b8e0778ca85d4b05333b23414e476b62ba73a6350961abe7a6f20d8aba
SHA512 34c7ecb7246da0563066051fcc41b218d3b4f02ab723bce8730da30acc43c839649f3ea9f6642af495bbf627668df5a26d6a0a7d941e53c018947a836a4c93af

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 31d9dadc18cd6a6b026ac53db3533b4f
SHA1 20b2c22badcb893c8bd0880596cfb6121dab20d8
SHA256 bbbdb2b2753b49be34a4caeaff51e31e5bb97ec0d08362c7e05ed8fec82e98a5
SHA512 21738db0831731f7cdb3e18bbe0b8b4f18b0086f4e4ee17c481ca72af397c70f8413718c3d6708c217f64fb02652856102bdbec4e98bfa91e89891e5c1fcd03e

memory/748-3554-0x000000005FFF0000-0x0000000060000000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

MD5 f3b25701fe362ec84616a93a45ce9998
SHA1 d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256 b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA512 98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

memory/3540-3572-0x0000000140000000-0x00000001405E8000-memory.dmp

memory/3540-3610-0x0000000140000000-0x00000001405E8000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

MD5 53ecbf3eb51d420d0e870eea72a1d793
SHA1 ffc7ab77c3e1b59b2bbc8e7b83a7244b96efc29d
SHA256 de15cac532705b31dbee6b78f86da6f80ac4f74f54152e0aad799b8f7bfca44d
SHA512 65fd38eb809c82b37c6460a36f718ffae0ee1cc9afb35ac1d4d592a084c0df03aa503d8605f3b4368e80a6b34f0149a28060e54c7f216a21034cf24579d86dd9

memory/748-3623-0x000000005FFF0000-0x0000000060000000-memory.dmp

memory/1520-3624-0x000007FEF6F80000-0x000007FEF6FCC000-memory.dmp