Analysis Overview
SHA256
e6a7cd09db490104366798d6ea71a3f1f8df01d59394e36ef6e1a8ecb8facf1d
Threat Level: Known bad
The file hel.txt was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Disables Task Manager via registry modification
Downloads MZ/PE file
Uses the VBS compiler for execution
Obfuscated with Agile.Net obfuscator
Drops startup file
Executes dropped EXE
Loads dropped DLL
Modifies WinLogon
Enumerates connected drives
Legitimate hosting services abused for malware hosting/C2
Adds Run key to start application
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Drops file in Windows directory
Subvert Trust Controls: Mark-of-the-Web Bypass
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Opens file in notepad (likely ransom note)
Suspicious behavior: EnumeratesProcesses
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of AdjustPrivilegeToken
NTFS ADS
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Kills process with taskkill
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious behavior: GetForegroundWindowSpam
System policy modification
Checks processor information in registry
Modifies Control Panel
Suspicious behavior: MapViewOfSection
Suspicious behavior: AddClipboardFormatListener
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-09-25 14:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-09-25 14:14
Reported
2024-09-25 14:23
Platform
win10-20240404-en
Max time kernel
487s
Max time network
508s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Disables Task Manager via registry modification
Downloads MZ/PE file
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rTErod.url | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rTErod.url | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rTErod.url | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Mabezat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\Mabezat.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\LoveYou.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\IconDance.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6247.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\MrsMajor3.0(1).exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8D9D.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\000(3).exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\6247.tmp\eulascr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\8D9D.tmp\eulascr.exe | N/A |
Obfuscated with Agile.Net obfuscator
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Uses the VBS compiler for execution
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\J: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\N: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\O: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\T: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\W: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\X: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\I: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\G: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\H: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\L: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\M: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\S: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\U: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\B: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\E: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\Q: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\Y: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\A: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\P: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\R: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\V: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\Z: | C:\Users\Admin\Downloads\000(3).exe | N/A |
| File opened (read-only) | \??\K: | C:\Users\Admin\Downloads\000(3).exe | N/A |
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
| N/A | raw.githubusercontent.com | N/A | N/A |
Modifies WinLogon
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoRestartShell = "0" | C:\Users\Admin\Downloads\000(3).exe | N/A |
Sets desktop wallpaper using registry
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Desktop\Wallpaper | C:\Users\Admin\Downloads\000(3).exe | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4056 set thread context of 1368 | N/A | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
| PID 3520 set thread context of 4072 | N/A | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
| PID 5516 set thread context of 5680 | N/A | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Subvert Trust Controls: Mark-of-the-Web Bypass
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\LoveYou.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Mabezat.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\ColorBug.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000(2).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000(3).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\IconDance.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\LoveYou.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\IconDance.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\000(3).exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Mabezat.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\taskkill.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\Wbem\WMIC.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Kills process with taskkill
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\taskkill.exe | N/A |
Modifies Control Panel
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\WindowFrame = "205 222 160" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\TitleText = "17 103 16" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Scrollbar = "122 212 155" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\AppWorkspace = "212 191 35" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonFace = "45 21 101" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Scrollbar = "38 165 82" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\TitleText = "137 217 121" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Hilight = "182 149 72" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\MenuText = "63 162 243" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveBorder = "233 101 98" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Hilight = "201 66 172" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveTitle = "145 251 15" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\MenuText = "158 11 122" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Hilight = "179 68 220" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ActiveBorder = "177 231 61" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ActiveTitle = "127 148 109" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveTitle = "149 199 3" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ActiveBorder = "179 156 215" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ActiveTitle = "39 249 78" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Window = "173 228 100" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\GrayText = "230 250 54" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\TitleText = "63 25 116" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonFace = "255 177 108" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Window = "223 250 131" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\WindowFrame = "38 226 4" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\HilightText = "19 168 167" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonShadow = "198 187 198" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Background = "183 48 22" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\WindowText = "34 47 89" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonShadow = "98 94 89" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\WindowFrame = "167 136 185" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\MenuText = "223 9 120" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveTitleText = "178 23 156" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\MenuText = "136 164 149" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Background = "95 48 13" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveBorder = "101 140 130" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonText = "82 2 65" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonShadow = "35 242 125" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Menu = "236 63 120" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Scrollbar = "121 137 59" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Menu = "98 69 211" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ActiveBorder = "23 133 43" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveTitleText = "16 168 27" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Background = "245 98 116" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Menu = "54 200 51" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\AppWorkspace = "238 37 58" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ActiveTitle = "138 134 164" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\GrayText = "176 241 50" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveBorder = "219 88 206" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\AppWorkspace = "53 16 154" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Window = "183 114 67" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Menu = "149 112 179" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\WindowText = "148 150 172" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\AppWorkspace = "16 220 224" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\GrayText = "128 23 152" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\HilightText = "122 219 30" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonShadow = "46 240 243" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\Hilight = "21 14 217" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\InactiveTitleText = "233 173 55" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\Colors\ButtonText = "220 234 150" | C:\Users\Admin\Downloads\ColorBug.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\txtfile\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\icon.ico" | C:\Users\Admin\Downloads\000(3).exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b957efec550fdb01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 992e08ed550fdb01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{15894823-F081-4B4D-A98B-E768A0C343DB} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 056ce2ec550fdb01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\Downloads\Ransomware.Rex.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000(2).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000(3).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Mabezat.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\IconDance.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Ransomware.Locky.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\MrsMajor3.0.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\000(1).exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Ransomware.Vipasana.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\Ransomware.Unnamed_0.zip:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\ColorBug.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| File created | C:\Users\Admin\Downloads\LoveYou.exe:Zone.Identifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Opens file in notepad (likely ransom note)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\NOTEPAD.EXE | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\OpenWith.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\VideoLAN\VLC\vlc.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | C:\Windows\system32\wscript.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Windows\system32\wscript.exe | N/A |
Uses Task Scheduler COM API
Processes
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\hel.txt
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.0.1808139295\1331247991" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98dccd61-4c3a-492f-8dcb-540cb3e5989d} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 1764 1bdec282858 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.1.1234221948\928381580" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f5a58b6-bc7c-42ea-ac2d-e5c7b0416e5e} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 2120 1bdeac3c858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.2.1010205302\605552336" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2908 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a41fa00-3575-4828-bd73-b0c7b8c43507} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 2884 1bdef397e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.3.556907743\526650223" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3392 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9055c1e-99de-4437-9e9f-d59b51b3d533} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 3424 1bded867b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.4.1097376904\610790540" -childID 3 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2fcddda-2506-44af-a31f-67364bf46e97} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 4236 1bdf10ba658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.5.1513251466\1045295914" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4896 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e938a05-e59d-4908-80a3-28574e781105} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 4884 1bdf1812a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.6.2084794574\1818868147" -childID 5 -isForBrowser -prefsHandle 4852 -prefMapHandle 4848 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {166f963e-6641-45a5-a423-c805bbabd692} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 4860 1bdf1e44258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.7.2071932064\320052859" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {444b9cb1-aadc-45f3-909d-cf3433ecfd49} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 5216 1bdf1e45d58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.8.1193077842\386342268" -childID 7 -isForBrowser -prefsHandle 5600 -prefMapHandle 5744 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08f6a782-bb9f-46b5-b120-4da17183eb3a} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 5756 1bdf2f7e558 tab
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Desktop\Locky"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Desktop\Locky
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.9.1876803711\923716231" -childID 8 -isForBrowser -prefsHandle 5656 -prefMapHandle 5604 -prefsLen 26808 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {824202b0-7124-4af4-9fb1-a059198b3ab2} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 4584 1bdf1687858 tab
C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe
"C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\a0vtjxzp\a0vtjxzp.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES2CB3.tmp" "c:\Users\Admin\AppData\Local\Temp\a0vtjxzp\CSC46A25D285E6C408199F5F814FD1168CF.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\notepad.exe
"C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"
C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe
"C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\nnz4w4rg\nnz4w4rg.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES54EC.tmp" "c:\Users\Admin\AppData\Local\Temp\nnz4w4rg\CSC71CCFC2293344A01B6C965FE5CC24046.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\notepad.exe
"C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"
C:\Program Files\Microsoft Office\root\Client\AppVLP.exe
"C:\Program Files\Microsoft Office\root\Client\AppVLP.exe" "C:\Program Files (x86)\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE
"C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\DATABASECOMPARE.EXE"
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 5284 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\mavinject32.exe" 5284 "C:\Program Files\Microsoft Office\root\Client\AppVIsvSubsystems32.dll" 1
C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe
"C:\Users\Admin\Desktop\Ransomware.Unnamed_0.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\ocwz4hsv\ocwz4hsv.cmdline"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8E5B.tmp" "c:\Users\Admin\AppData\Local\Temp\ocwz4hsv\CSCB25914F9833F46E68BF6811562C1980.TMP"
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
C:\Windows\notepad.exe
"C:\Windows\notepad.exe" -c "C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg"
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.10.904348234\1811439643" -childID 9 -isForBrowser -prefsHandle 6420 -prefMapHandle 4204 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a47eb468-61dc-4d7e-ae44-3662bf25c0ca} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 6428 1bdf2f80c58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.11.922136868\973846663" -childID 10 -isForBrowser -prefsHandle 6808 -prefMapHandle 5384 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {102f5201-dfa4-451d-b6c4-6e067f69c288} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 6820 1bdf25f1358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3656.12.664585188\96505803" -childID 11 -isForBrowser -prefsHandle 5432 -prefMapHandle 5376 -prefsLen 26817 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b819086b-8def-45d7-882e-945dbacb6a68} 3656 "\\.\pipe\gecko-crash-server-pipe.3656" 5468 1bdf6a04158 tab
C:\Users\Admin\Downloads\Mabezat.exe
"C:\Users\Admin\Downloads\Mabezat.exe"
C:\Users\Admin\Downloads\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug.exe"
C:\Users\Admin\Downloads\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug.exe"
C:\Users\Admin\Downloads\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug.exe"
C:\Users\Admin\Downloads\Mabezat.exe
"C:\Users\Admin\Downloads\Mabezat.exe"
C:\Users\Admin\Downloads\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Users\Admin\Downloads\LoveYou.exe
"C:\Users\Admin\Downloads\LoveYou.exe"
C:\Users\Admin\Downloads\IconDance.exe
"C:\Users\Admin\Downloads\IconDance.exe"
C:\Users\Admin\Downloads\MrsMajor3.0.exe
"C:\Users\Admin\Downloads\MrsMajor3.0.exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\6247.tmp\6248.tmp\6249.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\6247.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\6247.tmp\eulascr.exe"
C:\Users\Admin\Downloads\MrsMajor3.0(1).exe
"C:\Users\Admin\Downloads\MrsMajor3.0(1).exe"
C:\Windows\system32\wscript.exe
"C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\8D9D.tmp\8D9E.tmp\8D9F.vbs //Nologo
C:\Users\Admin\AppData\Local\Temp\8D9D.tmp\eulascr.exe
"C:\Users\Admin\AppData\Local\Temp\8D9D.tmp\eulascr.exe"
C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\SearchExport.mpv2"
C:\Users\Admin\Downloads\000(3).exe
"C:\Users\Admin\Downloads\000(3).exe"
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\windl.bat""
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im explorer.exe
C:\Windows\SysWOW64\taskkill.exe
taskkill /f /im taskmgr.exe
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' set FullName='UR NEXT'
C:\Windows\SysWOW64\Wbem\WMIC.exe
wmic useraccount where name='Admin' rename 'UR NEXT'
C:\Windows\SysWOW64\shutdown.exe
shutdown /f /r /t 0
C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3a85055 /state1:0x41c64e6d
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 20.231.121.79:80 | tcp | |
| N/A | 127.0.0.1:49756 | tcp | |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 86.161.69.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| N/A | 127.0.0.1:49764 | tcp | |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 8.8.8.8:53 | 215.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.111.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 185.199.110.133:443 | raw.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | raw.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 133.110.199.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 140.82.114.21:443 | collector.github.com | tcp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 185.199.111.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | 21.114.82.140.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.156.26.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.111.199.185.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| GB | 92.123.128.134:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.123.128.134:443 | e86303.dscx.akamaiedge.net | udp |
| GB | 92.123.128.134:443 | e86303.dscx.akamaiedge.net | tcp |
| GB | 92.123.128.134:443 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 134.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 92.123.128.138:443 | r.bing.com | tcp |
| GB | 92.123.128.138:443 | r.bing.com | tcp |
| GB | 92.123.128.138:443 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| GB | 92.123.128.176:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | 138.128.123.92.in-addr.arpa | udp |
| GB | 92.123.128.176:443 | th.bing.com | udp |
| US | 8.8.8.8:53 | 176.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 40.126.32.68:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | services.bingapis.com | udp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 13.107.5.80:443 | services.bingapis.com | tcp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | e-0001.e-msedge.net | udp |
| US | 8.8.8.8:53 | 80.5.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | ax-0001.ax-msedge.net | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | dual-a-0001.a-msedge.net | udp |
| US | 8.8.8.8:53 | 200.21.107.13.in-addr.arpa | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.111.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | api.github.com | udp |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 8.8.8.8:53 | api.github.com | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | collector.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 8.8.8.8:53 | glb-db52c2cf8be544.github.com | udp |
| US | 185.199.110.133:443 | avatars.githubusercontent.com | tcp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\8c30cee8-b8c0-46e9-a2ce-c4a60665fc12
| MD5 | 33aadc9c89d7a1e139c4942fd9933e81 |
| SHA1 | 1766421a16df592a80be31115f0ea0de196c079d |
| SHA256 | 35043311fe17fcb6ed54cbc05d12c042c9c442481d73fc4c9ee924d94bd414e0 |
| SHA512 | 72206a57240f36c10a6c644b8b487c11e67b4ba8ac2191cbae464ea5d426df53c765da1be37fff0aa0daa1299226d6e655b494452e58b28099b09b88c594df27 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\84a688ae-e913-4817-8418-c33b79d362a0
| MD5 | 76302a731f41a3e29ce9eef1d18d44bc |
| SHA1 | 7f42f810366f604390406bd7b62f97d3d4d757a2 |
| SHA256 | 2c4f6879b464062553939d8054c3ad87b086e97d8813c37ecc0193d445ee6005 |
| SHA512 | 9106a545c1b2771418348be71f9ed1767324d014b1858fe9bf8f7d09bb3e3f4d2d7897937bdaad739fbfcb78390211990940e5131ed0271fccf224e30d23fe95 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | 820f680cfad41de3d9ea588fcb734a1f |
| SHA1 | 20a81efa1c9bc82e7401c6f4b7e64f70aaf19efd |
| SHA256 | 29eea48513b2980f974942735574b07d8750ab82e6fb24f131d1c0cac92379eb |
| SHA512 | 73008aecf964624521d53507086249308599f57f26d13218d6a2d058030352cffdc2a7c81ffca7ee84297b3a371241e10d8203257f8fc93a6261e3fcc777cfb6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 731c0e733fe1e3123d366af7c8e578ae |
| SHA1 | 9756304ea773dd9cd96e5996dc79de2ed6a9ae9c |
| SHA256 | 8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359 |
| SHA512 | d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | 909263193957915b126d447a4747a54a |
| SHA1 | 47504b96095543ad72e7586bf38c998582a8b894 |
| SHA256 | 7035b2da0acec30da504e82c6aacf039bd87e21c94d6a9f4d3e10324a9b1208c |
| SHA512 | f41acc3ba846e5fe97219f10756004ef0cbc364e55013eea2166307b144f7ec1ad277eb5e9e465b12ca549fc3fc019f20f954b063002cd6408212eabfda40ea0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\2139
| MD5 | 24ea9fe28b463088779634238de2a2f3 |
| SHA1 | 9828f8d99dfdc19183ff791fa58d9f5516321903 |
| SHA256 | 8dcfac1989c67265b89283d64caaf887264d5c0827a0c0706b64734fb163c47c |
| SHA512 | 152fb95578efb3bac31fe97ac50f9d74122341251e67ffcfbbc9085b43205b0a27301c8dad67dfa4701ddd17c3eb157524635f0edc763adc5d9c60bf3d73a011 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 2182844c1c13b37302a153539d49b776 |
| SHA1 | 5d3f3011378b00efaddfa4c27f1825b965c7410e |
| SHA256 | 82d4e8df1ff38d4c2cdb6acbda3f73c1342fd1613ce2b54c424d4effd831aaa4 |
| SHA512 | 441169bb13428b4f4489eb3d0789d90af85961f7de250df6de32c1f795a530e9fcbbda651a030964896185433d93fba1f4d975e8397a4d528cdde9b3652c8a99 |
C:\Users\Admin\Downloads\LxTajpNw.zip.part
| MD5 | b265305541dce2a140da7802442fbac4 |
| SHA1 | 63d0b780954a2bc96b3a77d9a2b3369d865bf1fd |
| SHA256 | 0537fa38b88755f39df1cd774b907ec759dacab2388dc0109f4db9f0e9d191a0 |
| SHA512 | af65384f814633fe1cde8bf4a3a1a8f083c7f5f0b7f105d47f3324cd2a8c9184ccf13cb3e43b47473d52f39f4151e7a9da1e9a16868da50abb74fcbc47724282 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 28b69a6e1624fdb0ee1d216712b34224 |
| SHA1 | 0a3d24050b0533de73a144d5d003498c708eeabc |
| SHA256 | 28613cf309ed122c0c0e9b4496a64129d1014c589fdc06032fd55ee47ee5ea2b |
| SHA512 | d2764a02c5687b6888beee51b1eff9f3c69aa601caa31352456ce77775a63e6e818e30319df4c203498c77b596a5b78caf66f56f39277b5091f0258b7b9dac88 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | f59e3f765d87c47ec05ecaead425e703 |
| SHA1 | 43a681e30dbcad8b1c38de311d7ad95c41f1184d |
| SHA256 | 6b2e69dc231debc319646a269d65d31a26f478c4a178e1222b52a15921d680ac |
| SHA512 | 51814aa4384e1dd8379bfaa31d9a313f523e40dc37aaf0f6ef24cd237887ce0e31e653a6951a4f301d8a7cf765c91498936dc2a639c01d9423d279f31d55531c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8ba6a06a425b347807814f0e5ba65b5e |
| SHA1 | f4494a392fd56613c777623d166b55f90110f842 |
| SHA256 | 9930cdd714dd0025ae322e391b60219905064f063269427df71dacfe5c9081c7 |
| SHA512 | bdf136b0a2c461ca39f2723c4890f7f7e6c21b6068807d0e2a777e2e582a03a28648b466ac07541b3849598882051f21775c5c3cb036a5d4235f0be1362297a7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\2356
| MD5 | 24736ec1fd123f1067e44b78c8cc8f60 |
| SHA1 | d2f89460aa5c8048b752e58ae883c26b0de5e5c1 |
| SHA256 | 85f27015de938e07a35aee46f6441dba9b2f5ee0d65f04f1a70f142d36699f72 |
| SHA512 | a68851140ff230da926bddb4721db54ce56482c31b44e3eafdb05edfacbbbf489416d691ad2bbd9bd0b0b5cde9e660a9155c0172e556588ab2e55e1955adea07 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\11479
| MD5 | 9253f847f462c06c132cde1bbdb967a0 |
| SHA1 | 7db6384dddcf1db3bd3a4d0cf13d730c49b580f3 |
| SHA256 | caf80c7db0f5337ad2f75daf8f071a5bdda023aea17311e477e4750de4e8a28d |
| SHA512 | 1c61e3224645705404d5bf4be719ddc4c605b5557435d4bf49601e8ee5d117ad279f089d066533bc6fba4725db4721c3c0dfe11660013837ad0f9e0c9368e608 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\24205
| MD5 | 4cad2d89bacb6d4c97ce8510cce89a3f |
| SHA1 | 7b11a5dd56a93c3b65494adbf53f5ec427ae343d |
| SHA256 | 90912cee14fd0e805eb771005174b76b0cd7b9f646fcbc0ce5a9f0a898213191 |
| SHA512 | 30d768fbd70a653441a68dcba201bd75a1c29d59d2cb907406b3d9eee5f471e576756fb2ceda3a18f4549fbb4eb01d7c28ec012dcda967c01f33923ae161044e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\F1DD23AEBAACEC3C0BCE9D576D6904F3233FD8CE
| MD5 | 5a85694e8abc6e686efe776de00e0e7f |
| SHA1 | ce963e2723f792c5f3cc9512d202248debe1d4ee |
| SHA256 | 9027389df5f65fd8992d64cc8a028e0fd0a6db060522a13e788e0362781dc6f2 |
| SHA512 | 0eecabce4b4556c78e960b7702a467738a4fd68aa69e4e36817985cf896ac4be9353c1e205df2f86da1420140e08b36da8b874d794302b0a20af58ed990daad3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC
| MD5 | 52d3d59fb47b654fbad078200bc946f4 |
| SHA1 | df3f4ef2de317744ea056d85831615bd08ef73a8 |
| SHA256 | 0b722bc61cc9cbb5cb890ed757f0158ce1ed996fc06d13b531addefface3953d |
| SHA512 | d27533a3ae635fc74b1166250f09b3a360f1eef214513e778079f3f95d1b8b8df5c628fceb3979e785b053515c7c999eef4c1fd3ed51d25ef0add5b513d26b29 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\966A0DA48F5B8311964BBDCAF442DFEFDEEB76BE
| MD5 | 33b847952f1729537f41a21b189faade |
| SHA1 | ff313702c17fef4fa396ce98e9de474a3cf0896f |
| SHA256 | cad76818b8e562965983da3e56231276e07eeaaa5395f2adb8163fef6afbf7e6 |
| SHA512 | fca1ad845a6393e0cd08addd535f223b358cdfb8d63713f4d41bb2145e056eb2d172ca7f74378d15e2e9eb3fee1f35381a74fd4722caa1acda0949449b964698 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | bed5b89068a83c4385759a5697fd02d1 |
| SHA1 | a0ae708861ecb1b8db69b593bd5838e128c88d93 |
| SHA256 | 8a2c8ac1d963a2ef9e207e9985ded8ad704d0e4aa9dd7c81f7b59ee0ae33c0ef |
| SHA512 | a04dfe525de0fc0bd8d16193b53abe2a01b7a752f28231e54ea1c43d09eb0700190d0149b7fa72385836aba3af4c14a44e79661512146eb5925ee62dde9c09b1 |
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41
| MD5 | 50188823168525455c273c07d8457b87 |
| SHA1 | 0d549631690ea297c25b2a4e133cacb8a87b97c6 |
| SHA256 | 32856e998ff1a8b89e30c9658721595d403ff0eece70dc803a36d1939e429f8d |
| SHA512 | b1a58ebcc48142fa4f79c600ea70921f883f2f23185a3a60059cb2238ed1a06049e701ccdab6e4ea0662d2d98a73f477f791aa1eec1e046b74dc1ce0a9680f70 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D16479E925AF122292501EFEF9D2A14A47D3245A
| MD5 | 25e54a3f3c1fd7e349fbd95adb9b3b9f |
| SHA1 | 4b827c03f8709f0efe115f929c99006da0fd655a |
| SHA256 | 895012896c35f848769f39e686baa48dc8e2c036df3b9f59a4a5fc6d7d90f959 |
| SHA512 | 09af678f3fe8990a8c969f7b3dd03161814322525c1a4dccd05f5417be3c34dec132d81ab4cfab4f26abac67955cb0a3db0d409fb9589c7258d1d395c0eaa7cb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\4686DB80E616EA6E21005148EB9C309F02D66895
| MD5 | 113a3f3128044caea63150e6e73a30fd |
| SHA1 | 5b822781960c7ed7238ebdca345e2a23f389a541 |
| SHA256 | 1e432ebebdf4f4b78de594c6ad2fb3857edfd0e7ce4efaf9508c165e51a29160 |
| SHA512 | a3807c810e62c1c1fd644e87b4493558090a74d8643ec9eef99504f4e36a8a12deb8c270ea6fc2cc4f52842642f093071e4c76fb2e2aa2940093e131be3f6fa0 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\920AC39E296723B718EF4658CE4D27B77449EAF4
| MD5 | ad73b9ea3e43a3feca5098e11475de16 |
| SHA1 | 14bdd4adbdd9d5c34a8c562ae705d59a3ef96c92 |
| SHA256 | a0a3dd69a8f5ab6253a762308c5f3d3c85bf0970030fdc40bd0bbd4d4edeed18 |
| SHA512 | 92e71cfd490d10a89dfbfcdb6e5295a876ee73ae6980b2618bccbfa4730468e4373b3bbc88abac0657364bb3ed06eb79be2f304c0348ca2996e4d217017442fa |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\58D9C8D20AC64380008A7BD763F507B049E5338D
| MD5 | b8b5955bc9d4b7015ba3bfe0d9b09af1 |
| SHA1 | 23e90c45e0ee707776d582ab067ed86de1095393 |
| SHA256 | 6f97689ba3b49b1bd9f7e8d1b7312210c9abc72429604f3b2d32eb81f28c8387 |
| SHA512 | af89114a749d37c24fd8c7cecba490b0a5da95e8ec00aa05e88d813da944563eabfb42cfc6f459a60f0a2f1bf199d46f5086ce846f1eda21779734a46ca4f88b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\FA3992A2602013AB45FD90493DD6F037011CEC3E
| MD5 | 3ca126d2729d9ff5f354de80018f3027 |
| SHA1 | a872235b2fb6eb63d8ab57a73361bee0d7414cbc |
| SHA256 | 211b3e431fad9eba1c1ae3fc4ca556cf3676bc8b0908f9bb538aa18cdd428bc0 |
| SHA512 | 1cb102cc8badf113466bdb4bf22d377b4710ae9664d567a35eaa52ca7301ccc9068c52c5dd4fcaaeb136b9f4e8cea4e280b470185299e17c3a0c5beccc97a437 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\8744
| MD5 | 73262c248ff888d6948e8e38c5d78a18 |
| SHA1 | 5384b273a35b3a0abbc51cb157470120122ca685 |
| SHA256 | 33acd49b6cda778f6aa0985af8062c15ed5e6f8176b0b82f7bb551270a416fe4 |
| SHA512 | b15f1095c9e65e352c5f80a01c010976101e14fed828627384eac66997eba5246b6a1042c769e4cceac7b3b2af9683d71592b86e43c5e0978586922fbc720b71 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\11673
| MD5 | 52d1eff0d5d01f3a4d05bbf74bee1eb8 |
| SHA1 | cb89fec0f7e681ccebd5f90bd7e2b48a4f652cb3 |
| SHA256 | ff8ef002c065b267f4b86bb6aa25dbfb91ac3c00b104c50adcf5f6be6c892825 |
| SHA512 | 1b5e94ba8193ac2a18b065c99c8fa69be4eec90714033325b4d95d6959929859a07163f4289a67807c9a8b5e017be8aba395a835905e0bb4e8c05de5505e7ad6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 829a9a4a8c1b9cabf160d321f584a3a8 |
| SHA1 | 0eca5fce5ca80785d8f0866f500d24c92ea42230 |
| SHA256 | 0dc0c712355632aca5888c6e2f4ae29f42941f28aee2e92a6750d35d1a376994 |
| SHA512 | 3a1b1bc2bef0adbe9a4be4fb15b814d1e57b0db2ed28687149e6336f7ca92908121f2860f3861772edba7722f8118a8f7749546923515c6747841fa7afecdb45 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\4412D919A32B54AB53754B2E68861EB10099D124
| MD5 | c52295c3f9f13f49110038a2d7a1808e |
| SHA1 | 650afe294e5f8130c3b91fe62ad1bd655a3e56f8 |
| SHA256 | b400045957df91737a328e8bcc35230ff4d09f73883e9fea30d1ea8ab870252c |
| SHA512 | 8744192d14442f917d63e7558c07b9a4fdf27f2ddd2b0c85979f2eba70c6f17b8a5d066a7b169deaa36c112de0056511b49b80d3afcd20a62d404701aefab887 |
C:\Users\Admin\Downloads\M6QVED7j.zip.part
| MD5 | 8d2c4c192772985776bacfd77f7bc4d9 |
| SHA1 | 3b923b911d443e321e551f26c9588b16a994d52e |
| SHA256 | 1733b199a7063443c167e3caeae7dda2315f590341ea2152a9b132e1ad8e94a8 |
| SHA512 | 6c24f2fe498cf38e3f3d66b62915e6fbc8c2746a1d4c3c3de270f994b02e1369b9540099c12d150712574ececbe63c8c9f28877d8aa4557fbbb7890d5a0de6c1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\851540802DCF1E2CD3F49794131C039431DBC489
| MD5 | 6d01326b7608fe31852d490c380c05d5 |
| SHA1 | 213cbc79ca60dbfb9406aaee9a5dee393d9f69d3 |
| SHA256 | af3d2835f0b475810ee13e9587091e0e2f5b93eaa8029b1ebe3e95c72eb4bedb |
| SHA512 | 8a3be196273332ef1b69e027ab4d44ec82e020cb4b7ce0f47e410e80ec6a4e9c53c55e3e6c67e5a03e96f3e034a2aafb9b3c5a9508bbd6f56ae741b64bb6ceae |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\A5D107697D4860D4E45EC4244FA58968FB2A23F7
| MD5 | 23ce7599929079bdda0371561bc568e7 |
| SHA1 | 82651237c0c7c3f1bbd16ade043d534ad725418c |
| SHA256 | cf7c53341b8f4ee982390918827caf21a6dc522f6eb419b163bf10e3eda97373 |
| SHA512 | 68c111d16ef8cdb37a49641b9f0383f043fe3cb01e8cd677fd57cc33c5971c197a745f421aec003e25ee670a190abf121cf28d177e07d17cd152d0baa9498fda |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CAADCDAC80B542AFFFAC671000EB25784EC2DB2A
| MD5 | 0169bd7347405e22466d430d918714de |
| SHA1 | f2da6ec3515145cbffea1b8fc4a8585b90d14fe2 |
| SHA256 | ba882b8cb88bab574c67043a507344ba6cb89fbd5090e82aad08c68a4fef4687 |
| SHA512 | 295eedd91693d55cf523ca983e7b7ac4c384619601a2e1fdae18e52f853aade8cbafef4efce00c82994c29390330bc0ff4a3a1bbb39dc5b8d68b0eae742e31ad |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\6CEE2727CF2F7831FFE7912B9B073F4BA25A9DE5
| MD5 | 400df368690526cf82bbd37c35a59d84 |
| SHA1 | 1ad75598673d5062856eeb338b2f1bc9cc1a943c |
| SHA256 | f8618081d65f7d47e137694e347517581663ec62baf946fcc061218f4a30a883 |
| SHA512 | 46a77cadd917db2fecdde6b410a7c7363b26a7f87d9943cde5a79c93b3a50bc32abce27925f5c3bcc3d0b2027d6ca5ded2474166e4188f3dc7bb05669df35efa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b5c3e0e7d0fd02e0deef59d2ce2ae370 |
| SHA1 | b9de77336cb6f0a051865674cb72d4473817dfdb |
| SHA256 | 919060f1080de3ca1a29d647c2e8b18cec5ce6ef179600e426f812d132a84895 |
| SHA512 | fe4f619a7df9eae6b17ec159e185ba9af57fbd52dcda7e4b78ce5a0ab48efbe73f693aaf0b65233d12276fbc5450a9343bfd14a9d62015c3c6cc7dbee85b9df5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\5193
| MD5 | cb18cb7f670987fd0ded210fb4fdf082 |
| SHA1 | 0a56151258c3cf12238747d835b2be5ae2fffdfa |
| SHA256 | 176ec737aeac9be8d3d1c23b6bb1682aabdf8890174cbcf572b147cad7505cbe |
| SHA512 | 68942d5017e519a5d27177a21ec46bc449ada364a82eb55e013d989a34e5535b960be25776a15bd73506450a054c8be97a5ff698a5bcc4a1d9393891e261553c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\5C2A2B940E0EC346270C250EBD62F95402CF3D0B
| MD5 | 150ea3491a2d3df33b36871267a914d2 |
| SHA1 | 01ff7839291583667960542db9754274c7577eac |
| SHA256 | 5acfd6a1794b8bf525326cbc4dc020a4dcacab395295ae5188c04c594ba59c66 |
| SHA512 | 4e40f0cbca58ff856544455c032bf1a0c2f4ea628c3930f0005e47a7af47ad045c07ee3f8080dee592d572a7c04c44d30447162f2a2456f27c60eab66cc6462e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\D28BD3D2AD841735B092E987962FE62DA2CD29E4
| MD5 | 51590fe24f89d64f529bb367e3f3a8a4 |
| SHA1 | a31b75068cb0475ae5fcd69178dfa4e030af0556 |
| SHA256 | ef3ccd0033f78b87200a56946e18fb2c4372142479fe7b047e21a9b0c0301a6e |
| SHA512 | 01857939e05c358903565da06fcbc940e358ab6fff84b8821e68aaaa644b6b6bce386f46f872f94b8c96e0573044d89487c4f7d3a9c4bd1bfdc6fdae08ec8bfb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++github.com\ls\usage
| MD5 | a0724df43b7d8f5f08db3179c6ef1352 |
| SHA1 | c249517bdffeecfdbce50c92663bec4004207d1a |
| SHA256 | fb8125881b2e30b18f90dedf681af9431e23d990c03a86059457bb86d68d6414 |
| SHA512 | 63a43f8463994a2c9fccd4ec0010f386e423a5194681262b7c4f71c346be9041d1aed159a0f53ad00a53b464c5918038f528377f564b5a79b0b783cbf0026677 |
C:\Users\Admin\Downloads\WGR2Fn5p.zip.part
| MD5 | abc651b27b067fb13cb11e00d33e5226 |
| SHA1 | 1869459025fcf845b90912236af43a5d8d0f14dd |
| SHA256 | 690339e6d19da0b5c63406d68484a4984736f6c7159235afd9eeb2ae00cafc36 |
| SHA512 | 4b85ae9001b9d1f11d57b6b2565ab0d468c3b8be469cad231e1203c4f6858af98d8e739b03fb849c2f3ec7b493781e88d32e7b7567c4b61cc1189daeea285bbf |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5650b5a8f617b0a820648e898df397df |
| SHA1 | 2d1eb9491c3771318833667db736587ae80216d8 |
| SHA256 | 0ed4103574793e5eca9711cc1ec760d97b027c771b3f50e2209e4bdb565d596d |
| SHA512 | c35e1ab9022ff8e79db2d6da2ea908116e1da95cf8116fdd6612eb20ed537a2562fa86ed79573643d74cbd4377050f0690ee0632a473403410dda32e32dffb3e |
memory/4056-726-0x00000000000F0000-0x00000000001D8000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\a0vtjxzp\a0vtjxzp.cmdline
| MD5 | 83abadcd8a6faf2f8da3c4c3ded0b53b |
| SHA1 | 3358c2a0691275a5876f82436d76d315607dca68 |
| SHA256 | 1dac8fcbbbf72b75b03db1e80cf534ab2c73dc2e7f4e2a93c4ff6d96a844da8c |
| SHA512 | 99bc645b9d265ed0a76ca2cfec61bd742686d30c3d0b0424c0e1ef283c59c04b7159eeb4637f80d682955b7eb68b71d914cc56136100327476ef97b5c509b222 |
\??\c:\Users\Admin\AppData\Local\Temp\a0vtjxzp\a0vtjxzp.0.cs
| MD5 | be0c48fc5057a467514eec58f1b1264b |
| SHA1 | 6d656174c6c9ab1e4c3d75cc9270a2aa4079183b |
| SHA256 | 8685fc1ef0ff239f59289b26d9aa7134998f4cc4a15b22c9a8922c071bb32639 |
| SHA512 | 157df2d4ef94906418ea32be5feedc28aac61787033e7473f0eab8e22d32a2a83ddbb5c43c16b0d5f83c8c27f167e1fcf2967df35bdbafca75327dc35ed443f1 |
\??\c:\Users\Admin\AppData\Local\Temp\a0vtjxzp\CSC46A25D285E6C408199F5F814FD1168CF.TMP
| MD5 | b18238457e3b85c53bc6f4d128b7d156 |
| SHA1 | 2160099d8a93d05f8eabf36f6a99fd40f3ed4e9f |
| SHA256 | 19743595f2a0a992e5f913729e5253e25a9e6a314a04ab37f2ee05ff50acff19 |
| SHA512 | 187d177fa7ef0b89934088de8e5217bc7f2f366aadafa150dced7b230eb6ff65c7d47aec51387c234600f65d2e9f556fd9cdcfc52a203f7109b7026fb6029f2a |
C:\Users\Admin\AppData\Local\Temp\RES2CB3.tmp
| MD5 | 307bd9d7e417edd5e8312aada929bd92 |
| SHA1 | ce41388652e29fc2b59d6086b5b99e128d198968 |
| SHA256 | a05778f5edb6a36232367da021e4118a56c9e6ebf89882268587f7b70e184de0 |
| SHA512 | b287f6601e1124c42aae6bcbeaa80c46969082aee5c2c68aabd244bcd9ede80a29baaa5dc62b9249fae1fba0b14bc4ecdee0ec5e8fd1f23293ef2f6af75d0f77 |
C:\Users\Admin\AppData\Local\Temp\a0vtjxzp\a0vtjxzp.pdb
| MD5 | 04a242b7def92171d66458477e613693 |
| SHA1 | e3ad1a9e7cd96db70ec910975407a2f577d60c55 |
| SHA256 | f57126d811467675727a62e5957e69455f8ba89d5ffecd6d5047d3892465cb64 |
| SHA512 | a26a0b2c5e15779fd412196ce5044c93583da4da4a34421b309a1ce6a209e5e58ba06ca483afe23e9b67729ca40ce42a816ffe8ca8bf595f2f108f8c8464fe25 |
C:\Users\Admin\AppData\Local\Temp\a0vtjxzp\a0vtjxzp.dll
| MD5 | 4adee72db1c56fdf04ba0033cacb5d05 |
| SHA1 | 9b3cb3b84a2af400f6ff93e81a399d24ef36d3a8 |
| SHA256 | 48c0510d372dc306079427c0ed304f43e53c1045cf48fcb199cedf5637e4731e |
| SHA512 | 2c585fe314bf018d7da2c63f1ebbdd9075919104e5a98c445be21391153e40062b439ecc6e735f7512bd8e87255491ff42f1d36e3d7c5f8b0d776008cb01bcad |
memory/4056-741-0x0000000004940000-0x000000000494A000-memory.dmp
memory/4056-743-0x0000000004A00000-0x0000000004A92000-memory.dmp
memory/4056-744-0x0000000004F20000-0x0000000004FF6000-memory.dmp
memory/4056-745-0x0000000004FF0000-0x0000000004FFC000-memory.dmp
memory/4056-748-0x0000000004C70000-0x0000000004D39000-memory.dmp
memory/4056-749-0x0000000005110000-0x00000000051AC000-memory.dmp
memory/1368-750-0x0000000000400000-0x00000000004C9000-memory.dmp
memory/1368-752-0x0000000000400000-0x00000000004C9000-memory.dmp
memory/1368-755-0x0000000000400000-0x00000000004C9000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8b9771f8e28eacc5a164fe1d69c0522f |
| SHA1 | 97058cb32313b5f004fb9184f4b055da737581d8 |
| SHA256 | 06a2a8637f73cee13902092a3ab0c8c8fd64084f382b32a059bcb904d7b4462b |
| SHA512 | 93cb8fb962727d48d8cc8a10b9fe7c0fa1226eca62ad4719bd5ce722d4c41548e64c0759e89f5fe5f73a004db6374402d84055e58b30b720d1c93b18ac0f18a6 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Ransomware.Unnamed_0.exe.log
| MD5 | 490705bcedf5640060c84ef04ce8571f |
| SHA1 | d754f63c4d4cab1d5a3125785ae22f83ede4ade7 |
| SHA256 | 0f9fb39b915e7d09766243da0a7fb51fd5903d046b558bfd06f17523cbc51cb8 |
| SHA512 | e8308d44432ce336b18b41dd10067845c7dc4c6abb1a97a8b36620ac45eca62d2735900e3c7dcced919e9b7449535d6a12d3a963909ac7f669d91ffdf08592e1 |
\??\c:\Users\Admin\AppData\Local\Temp\nnz4w4rg\nnz4w4rg.cmdline
| MD5 | 98efa6b8f8a529ef070573a83eb9e820 |
| SHA1 | 270a4850fd4d6efd7f4bb82baa75a318c7e8a52e |
| SHA256 | baf9874e9cd44fff550de22645f5765fa3b09ad35d1d56d6f4595aff1efb771c |
| SHA512 | 746aa3a04c8d84bbebeb200632756610de78e8180cfb9db34061c20778833ef696966bc2070ee21a4ca7832f26ca7973f647b11b4bf61e5ad9711e44de48a6bf |
\??\c:\Users\Admin\AppData\Local\Temp\nnz4w4rg\CSC71CCFC2293344A01B6C965FE5CC24046.TMP
| MD5 | d9557a4e309726849b6885b0c5cec232 |
| SHA1 | 3ac8d44e34c28a87e223b1430d71667c1d6e6f00 |
| SHA256 | f09d7030dbe0eb4cb8cac49b7b68989dc7b75a2208bcfb5d37cce8ebaec265d0 |
| SHA512 | 89dc360cd1a5bd77391dff7851f7a17e81f3c359c97c3eed019e6ac041df73fa2c74dc7a2e2512d4234d30a8680aee1f349f8c234c86c96a569cc4c12b5ca1f2 |
C:\Users\Admin\AppData\Local\Temp\RES54EC.tmp
| MD5 | 4fe32fa3435ecc8104fe302c7009a877 |
| SHA1 | 1783f964943afd6dbe04fa1fb75c7030c0f83a2c |
| SHA256 | c88c1b1ca11811db0830de243479547f6b65a6649f9acf9d2a88441c19c40a55 |
| SHA512 | e7ee9ad893ea3c4d854bc619a08355030ac4632eb7321c80b4fbc595f522132acccdf94b19fc2b0558ed12b66fc6a4899d94b4cb54a4a9a59e811363530d0d75 |
C:\Users\Admin\AppData\Local\Temp\nnz4w4rg\nnz4w4rg.pdb
| MD5 | b129511ff38cea50cae8400d5389ae7b |
| SHA1 | ebab550a94ee2753f7fa4c4e3d76f6654dfef3c7 |
| SHA256 | 5bab55a427af3bf95a42658bece54f98c93648e9a201f072f39b9b3bbae089e7 |
| SHA512 | 47100adda99a6e486957339cb5dafa2747ad87ffda065e45c01f68e0a75573ab39f79a37c5e2b84105ffe285e825c8fdfe05363766f04c8c23ce3a25bedd94c4 |
memory/3520-780-0x0000000001260000-0x000000000126A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\nnz4w4rg\nnz4w4rg.dll
| MD5 | 1afc90f195c2621f9239da55958678d8 |
| SHA1 | 9369244cae6d73d73be0e4702b7dea1f48ad3ff7 |
| SHA256 | 6cda6a8f5b1fd8c3271672663e97eb5ddd3bb5c2b950f37f58330e0ea3a13a82 |
| SHA512 | fc8f36188a7ea503bd9de1607a6d7a679f69944d00b6e49e5d5d2ae73bbe60b9cad42534eb6f13baf317cd71038aa7184dcf70e781a466356d73813ce87639c5 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rTErod.url
| MD5 | 9603b6e118964288bcb3dfe2c5609dde |
| SHA1 | 204f614dc5fbd692b55ec8056cd4d063d96f38ae |
| SHA256 | 11bbb92e7c2aff55aa4d1a6cff600fd1fd3d8ee4219b689a4f7c24de75a70f01 |
| SHA512 | fd1b6d4995c99831d7a90954c0593788c073fd5490adf86d0f13edb4fa9cfb6bc4aa425f37aa7d59e93c2b3de655887af098fc70d7b4387f7548e77d5467ee2b |
C:\Users\Admin\AppData\Local\JesYXqkYNx\cfg
| MD5 | 560e63ad721ff461b61a43cfc54ef909 |
| SHA1 | 9829fdeea6877667280bbcc9f9a8252d6338fddb |
| SHA256 | 0c5fc323873fbe693c1ff860282f035ad447050f8ec37ff2e662d087a949dfc9 |
| SHA512 | d2bfd22ec8c2ec9e69d0954ba241999e8e58e3be2abc5601e630593462c31c1a3cb628c45b0fe480ab97e0e06b4572980a7ea979c33d56a5ce1c176842cb7fb6 |
memory/4072-790-0x0000000000400000-0x00000000004C9000-memory.dmp
C:\Users\Admin\AppData\Local\JesYXqkYNx\cfgi
| MD5 | e00a3c7526b6953ebd8aae3a22d9a6f8 |
| SHA1 | 61252c6ab7b0b5580538f3999a650c07db6581d0 |
| SHA256 | ec7e7fbb31e509612cdc456346c7e02ae07b8a5018c0f6309b494b05437ce1ff |
| SHA512 | 8afdd52415d94e1249ff2639eec240a87c29bef08a9ae93e71503315060ae46ed3f4c2ab8598d1dac0b54d7b103b52d3ad361913e99d9945ea04b977f0d290f7 |
memory/4072-785-0x0000000000400000-0x00000000004C9000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\jumpListCache\mzp5WKIhjSljr2N1l92zCQ==.ico
| MD5 | 6b120367fa9e50d6f91f30601ee58bb3 |
| SHA1 | 9a32726e2496f78ef54f91954836b31b9a0faa50 |
| SHA256 | 92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0 |
| SHA512 | c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f |
memory/5244-806-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5244-805-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5244-804-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5244-803-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5244-810-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5244-809-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5244-808-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5244-807-0x00007FFE01F20000-0x00007FFE01F30000-memory.dmp
memory/5284-811-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
memory/5284-812-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
memory/5284-814-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
memory/5284-813-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
memory/5284-815-0x0000000000680000-0x00000000006B0000-memory.dmp
memory/5284-816-0x00000000053A0000-0x000000000589E000-memory.dmp
memory/5284-817-0x0000000002870000-0x000000000287A000-memory.dmp
memory/5284-823-0x0000000007A40000-0x0000000007BB1000-memory.dmp
memory/5284-822-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
memory/5284-821-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
memory/5284-820-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
memory/5284-819-0x000000006F7A0000-0x000000006F7B0000-memory.dmp
\??\c:\Users\Admin\AppData\Local\Temp\ocwz4hsv\ocwz4hsv.cmdline
| MD5 | 17e0707debad6c202730a5cdece7712b |
| SHA1 | 03fc3038ba76c639415fa344a39938c37fd0dd13 |
| SHA256 | 8e96effaeb91d35e6563096143f39a43f4f58a4613e193fa8718de43886f5a08 |
| SHA512 | 551cffce586bcf7e2f2d3abd1b5ca9cde13a094074ab9844bc5e142321f62a98d9ebab3c2be74267bbd1fb3ccb493079c258830b508212e6ca16de2c9004d864 |
\??\c:\Users\Admin\AppData\Local\Temp\ocwz4hsv\CSCB25914F9833F46E68BF6811562C1980.TMP
| MD5 | 7ad08892232af68d86ee88719cf2acbb |
| SHA1 | b24d02c4b3fa11b0f4906b1d171da0633c7be1b8 |
| SHA256 | 49c1ccc80efebdf39a90efc5467177fc421ea32caacec9a6b287d99d5f10e385 |
| SHA512 | 6d4b4007f87f1ec97aa9b163a5e5344047194c08b6088cc2a35015fd55fdfdf124617426f61d377c8121019069e5116fa9c4b6406514b7ebe62ec54fef5741f5 |
C:\Users\Admin\AppData\Local\Temp\RES8E5B.tmp
| MD5 | d3aebd5edf3e61683301724c2bb07d90 |
| SHA1 | 70cb19c8f98349b9169826dbad56b2beae9d686f |
| SHA256 | 0883780d90f9cfe2a1a52674319bcc5ed80b9f1406248f8fc3668dd9a22cf133 |
| SHA512 | 39a8c8a7a96a5dae6b7d3cec9106f84c31a088e05a3de6fc07c1b6db7c8f4adbb35f3c7949a7f98f921050aa09e4d3e1ee4f366c007cbe7ac0aae08a44fa3d1c |
C:\Users\Admin\AppData\Local\Temp\ocwz4hsv\ocwz4hsv.pdb
| MD5 | f8ed1fc77dc8ba947594edd078aa7841 |
| SHA1 | 8993f01b8684f661f30b860fcc5c9312bc3e7b1d |
| SHA256 | 711434fc463d6fd10579440c9bdca5918f397b1a8ea195c54217e1fd602a621d |
| SHA512 | e50c7780c005b53510c8b626a3775335b869add918fde2bb757a6e7e09c999524784ffef1234ff267718dd9ea2bde039d18bb2a7ea92e6984118365fd04b8eff |
memory/5516-838-0x00000000010D0000-0x00000000010DA000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\ocwz4hsv\ocwz4hsv.dll
| MD5 | 14de988197ca9a2ab88feb9faa6a5c3e |
| SHA1 | 5429032a7c1b8c83d79d4fa2e2b92a887f7192eb |
| SHA256 | 9da6509306bcf96e453ba3b697ba7561411bc2c479dacf0f020d3ed98ddb6329 |
| SHA512 | 95b130109c974b5329cfd3da6c63aa2ffce35db1bad47a7172f1ca9f502daba048081ab728e49ca417a0dca05b3e074be856bfca622239e1c9a7d765ff8425ef |
memory/5680-848-0x0000000000400000-0x00000000004C9000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\DBB1D200AAA5C0E8FECF3BF2C49AAADAD31FFE96
| MD5 | 2f1dd343299fa76b837e298548688ba3 |
| SHA1 | 3fce40b6191cea14f69054d862132f99e944e0d8 |
| SHA256 | 1ebe8925b194be5989a005b2e876f3e663ce80e3277ea4f71eb0b71cceb91204 |
| SHA512 | 24f4bd84ac7cefa2de709c2121c0a2f97676a871bb2e60240e2dd0b84455a9975e3a53f11729ebc82226827dc99ede7864817fd49deac6d21502d6ded7abdd8c |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0
| MD5 | 82b50a0fe2f0aaeb8312ad944b8cf3c1 |
| SHA1 | 147f5eb354bc4ba68ea80a5569344913cc47e527 |
| SHA256 | 1ae55a458fa57e81d3fa1eab496d06499288719e4fa6bb0c385c64823261f3bb |
| SHA512 | 660a2e31b7efa2ccde0b3822ba76b69e4622d8e91d8990d06e4d0afaf6715dc15289defc2ab4a8ccf3ff1c88dd7ef0c9499ef3aff1077da70e358747d0cbb798 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55
| MD5 | b71328fdfad50f11b3103e45f45c3d1d |
| SHA1 | 643006c3d0a67bc1c6ffae1a6c116e0abe4dbcf3 |
| SHA256 | 0c3c109a6d130b093fbae605e9f746cdf8f1c67241e991a818f3e6ba41842157 |
| SHA512 | 09aff982666c23aa12e3e638c5c7c2903447a04fd250675e494bbfa30ffc810d9793b8102e2ad7a36fecfbfe1a4cce8ff6730481cc2e8f41728a528d33e42093 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\3E7E9068A2591650CBF7FC97D887AE5BC841BA21
| MD5 | 195ed866a499c60232550f13a8bc3979 |
| SHA1 | 847a3bb979eeb169b1487c120ec713809c790919 |
| SHA256 | 3bc50e59d2d0489abcbf13063aa5bdd93b503e1f4356f25df797c9575f7fcbfb |
| SHA512 | c6cca5833e9265e63b95ddf90c4ea150336a3c52397802a78665ba61dc4f4356b1fbb36686933fcb8e9edcedfa4ad9eebc2b81c316783b9e092f6492feedf1c3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\23076
| MD5 | fe01d76ab91d005277d077a8f5256952 |
| SHA1 | eef9d0cf1b95bcb4e6e50b663220425f17b38eef |
| SHA256 | 44ff35f856fd6bdb2858d3ee07270d4b2c1773a45142bbbc7c47304e27661868 |
| SHA512 | 77a75cb16dfd3a6e65922884862a705962c34f1e0288abaddeebf3e753a6a157a1dbcfca941bef1db35a07d3c57bcc217f0aa54455466459d855e9c23212e2ce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | c3625ec97f5df939d929acae7aebdc05 |
| SHA1 | 7554e128a25be1fb23aa36aa0da9817c09f45cd8 |
| SHA256 | 38d0b69b98e02d54756220880783a581f2df41ee22e96faf8db6fe9dfc171300 |
| SHA512 | 040ac8187e0439f3c407db9fad7bef2b4c2e6df1153984c611f9533278a3d5ceb30ba93200e49be3eb86b499cc0f70572676ad0ec1759b641965ac073a00b5cb |
C:\Users\Admin\Downloads\aX2M8h4O.zip.part
| MD5 | 3ad6374a3558149d09d74e6af72344e3 |
| SHA1 | e7be9f22578027fc0b6ddb94c09b245ee8ce1620 |
| SHA256 | 86a391fe7a237f4f17846c53d71e45820411d1a9a6e0c16f22a11ebc491ff9ff |
| SHA512 | 21c21b36be200a195bfa648e228c64e52262b06d19d294446b8a544ff1d81f81eb2af74ddbdebc59915168db5dba76d0f0585e83471801d9ee37e59af0620720 |
C:\Users\Admin\Downloads\Ransomware.Jigsaw.zip:Zone.Identifier
| MD5 | dce5191790621b5e424478ca69c47f55 |
| SHA1 | ae356a67d337afa5933e3e679e84854deeace048 |
| SHA256 | 86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8 |
| SHA512 | a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a825fd69b8b339a40c768f79a7ba69ed |
| SHA1 | f56a3fbabe1c96ab448c2ab05c911ebb09832083 |
| SHA256 | 03b456aecf60fe8a6af576bbe1e473196ecffb8263d94e7b58c9a05232566726 |
| SHA512 | 7383a11c63cca892190a5d79b0ce7ab18c533b0bce48c19d4f5c0be5f511ea5c8a7f01276700b50534e99ef50c1dee970035cdcd4e547c28ebb891b48c2259d4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d52659e6f9a64e88fd75b56b16c13829 |
| SHA1 | 9d48f38ef617f14ea335d41f55ea12df9936ddd7 |
| SHA256 | 956209275717e4a810e76164a01f9a0d94c3bd063741d1edde6276457fa0c4c4 |
| SHA512 | ccbcef6ef96bdf47ff1c0a69c3bb435483f5b22d22e7e04b35d57b6d9fc2944b5e08d1c313d395a70e0c4d73ba60eed2552cf66c4550c58c766e289bc8af4175 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\41EC50669FDC2584229785DF61A01D6345DCF71D
| MD5 | d349b5f9fd222ff314d2fbb52d24cb8f |
| SHA1 | ef655965cf1a8d0bd895298f43473236be574022 |
| SHA256 | faefcbfe787f763b4cc6b38caf595d291b224d6cdba49a29f6760c0ec9bd9088 |
| SHA512 | ba798c151c75211ec0d847b01c07633423b9adfa22d1c04b69522ba1f5bdcde5f7e4e8a9ce0fdf6a0f9e2f5021b383d27275a7824b79ee94c072b9b10369f900 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\AF53CFF42FEF0E7B1D062270D59DF12108CAF066
| MD5 | 1416225c819133a5e92a73f44eeb5ad6 |
| SHA1 | 8a56c6e8d79ef328eb4ddebc7cf463dc8c3cfbcb |
| SHA256 | 0b01a9dce1c70aa474d93d8498628c597dc2d42cb42012da4008e165b3202b50 |
| SHA512 | 9ea58edea84e2b3f47aca9f0d0fc6b91ac8e5d87ad2bd4b5465405be5e285988c2467c553a05e9935e4af7d8741895d319bafc8d5f38b208e860031115975978 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\EA726DCDA5B8B23EC1701AEA8E27C4CDBC1142CD
| MD5 | 3dbd06a5f78b6c806f834421f92cb106 |
| SHA1 | 6d1ea447aa321b5ea3482e1dc13b5fa22aa7ee4b |
| SHA256 | 21e75ee1457b092293a92183f73e9638c29e78540f688d55186f08a8b8066fba |
| SHA512 | 6832c6bab9e3a88866b6525d92c649bb4ac7668f6783f6e380fc38cb4e3f05c57b2271aa3b027ab52af87acf0174d2c017df2d44aa5bea5ad9cef07da127da79 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 0525055122dce6bc32d40e1cef20a238 |
| SHA1 | eeabc0e0ee58f9a29445979e82ca726ead154399 |
| SHA256 | bc7e07452c35d6641178da44f4dea47058f15a6806ad63768b6d61e8e7f15d6f |
| SHA512 | 0016aef03f87c5488cdc367b5dbfd7ee5e5578035ae21041f98721b6381d066ac90663c94f02869b5c8ffc74d6e0be47175c9644e9841b99c0ea6a81386128f8 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\38FC69FFB85075959FA78D7D99B2EEE5C0CCE72E
| MD5 | 02003e399c53d92399698d533fe1db1b |
| SHA1 | 11e0c4ad466a58d0bcdb84a49c7698419714634f |
| SHA256 | c8833f2346eed4100338ac8a947c8978cb6dc680bc519a67a96d46c929bdffc6 |
| SHA512 | d165a7a09f126dd23968fa627defd4ef363fcd5aaa4e8c9c9fb397485d1aebcb4ec8617f24b29b0c97acfe0cd5f4b140ea4b01d65224e46b4f8c14bc83868dfb |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\9AE10A08F52D1E85DABBD45B3126CFDD00D06804
| MD5 | 40605ec6a69b012ebea9ffb0e6f3aa75 |
| SHA1 | 87f7569a91ede978d66979ac0130f7e72da45013 |
| SHA256 | 7c13cbfd2261f4ebfefea8ba953ac14c37d3f30dbf9395afde6b07ae31a9ec21 |
| SHA512 | ee63044b275662d204a62dee9d68dd5ba88b8b494a5b1a841c1421b12dafbf289f78d90e24bbe4bd2d501f492a3ae466baaef5ec31359b5de70ecb901abec385 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\EADD8AD0D19BD56212728537973592A5A83C9F56
| MD5 | 0e35e0fecd7b17228b75aaa2ee1037d3 |
| SHA1 | dee4913aa5014dfdecd421e159c687c7c7503411 |
| SHA256 | 77075a476b7aa985b21abcc4870c8e0f6ba08c7fca5911c226c70a29b332f9a0 |
| SHA512 | 3ed4e992531703573a85e670d4bf5763affe82176c1959f9d3b582c6218f7f314c0ff8db921dba6faf1cf9be392122febd7662891578d767f89b9a8f5805ced6 |
C:\Users\Admin\Downloads\Mabezat.exe
| MD5 | de8d08a3018dfe8fd04ed525d30bb612 |
| SHA1 | a65d97c20e777d04fb4f3c465b82e8c456edba24 |
| SHA256 | 2ae0c4a5f1fedf964e2f8a486bf0ee5d1816aac30c889458a9ac113d13b50ceb |
| SHA512 | cc4bbf71024732addda3a30a511ce33ce41cbed2d507dfc7391e8367ddf9a5c4906a57bf8310e3f6535646f6d365835c7e49b95584d1114faf2738dcb1eb451a |
memory/664-1570-0x0000000001000000-0x0000000001026000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6e3d9d94bd94b29473dc134e533a3527 |
| SHA1 | 18168fca3547326a3f4e100377ec93cbc4fb5d95 |
| SHA256 | ebdf6e1127174879b55500c3e2ee1ebbb99b2b40c30f6248716b3e1d53c6a167 |
| SHA512 | befd7d20eed1d212b07d677ce12a77c32908a004b256d9688fc9a64dedd06b42240bf81f69e6c90962058f1032d5affb43dde2a7a08da410fce111222dc6ce2a |
memory/664-1582-0x0000000001000000-0x0000000001026000-memory.dmp
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\1432
| MD5 | 027b484442b27cbf343fdb8101687b72 |
| SHA1 | ae8cfed99710a7b0c51267efc7f6105ea8641bf4 |
| SHA256 | 22b3b471ee5f750c7c1e5ac02c0bc34ec366d1f7b64cfe0979ca832690766830 |
| SHA512 | 76777c5fe4deba96469cde948ac841c095ed9a354d607ac02b595757db83cc68263c016b52ded98325bea4439eb99bea6d3384346d2f20f611c4b2b9d414b3ed |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | 0f057cc7b1bc01334951fc83b4fae99a |
| SHA1 | f7f7bf0eda1854946400c2378475a5b1f90ec26e |
| SHA256 | aa528d23533c9d6da88bd4d056b4e3f5ba2068df4b51cffe372203db29266d82 |
| SHA512 | 122171171c3c1f539dc60a2f42d30420a0ad232513b9b4113e546fae4dd4935d769d3cdaf9a5025ff498edd99da5404f363cd20ccd56626d5a87483a462c88c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1deb4e0f8f05222d137e71187765b80f |
| SHA1 | c8eb99ee5d7b2964d78b64898173c11acab80ecb |
| SHA256 | f08155fc6987c31718eeed29c28a567331dbe45f1ce2cb9d2e3d00203b21d166 |
| SHA512 | 4b0eea0b95d7ba85866c7b6fba598313c87a3dc4bf71ad542fb957983d5b5cde96b3e7fe6cd8e07f1d6f42360be8bd40de32304d23188175ff82185d62c072c9 |
C:\Users\Admin\Downloads\ColorBug.exe
| MD5 | 6536b10e5a713803d034c607d2de19e3 |
| SHA1 | a6000c05f565a36d2250bdab2ce78f505ca624b7 |
| SHA256 | 775ba68597507cf3c24663f5016d257446abeb66627f20f8f832c0860cad84de |
| SHA512 | 61727cf0b150aad6965b4f118f33fd43600fb23dde5f0a3e780cc9998dfcc038b7542bfae9043ce28fb08d613c2a91ff9166f28a2a449d0e3253adc2cb110018 |
memory/2960-1706-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5552-1716-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5672-1718-0x0000000000400000-0x0000000000414000-memory.dmp
memory/5796-1720-0x0000000001000000-0x0000000001026000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6fb55599a3d98ae766f7d7b346837e9b |
| SHA1 | 7f2bb79b85c4f5d976fe31eebba3074103c6f762 |
| SHA256 | b6829a14cf55a9227de001fea503586d82e5a753ab2cd3c047b19c57ebd19466 |
| SHA512 | 6be1305108199a3fe7c7713099245e95388ceda1fa203c07477bd98094c55ef1cb5a26df32c37a8e664a0fdbf84fba06d457d264f9f1323f46275e500ab2b381 |
memory/5816-1730-0x0000000000400000-0x0000000000414000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\98860fb2-edae-47a4-9cdb-5c16a3c70779
| MD5 | 51a6242993ae5614827c0524c291d41b |
| SHA1 | 3d2791507c0b9d815da353f7c5964ef5e7a1bbf3 |
| SHA256 | 42b8f79bacf643142958c382f4b8320e99a4d611584d50a57e2120b5bacf233a |
| SHA512 | b9812676263233556aa096348a6895fa1317eec3b5edf49115ff9852a515e0bee218c89255f21dad52b67e01b3e7afb2cfa15932dba92ea0eaa8b71a2fa885f9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\77fc68f5-bf0d-4bff-acf0-a8dd6eab4bcd
| MD5 | 06e3bd8b281ae12ad03472b3d7676016 |
| SHA1 | 0bb7f6a25aa7cef5281a8bdd63968cc2a22341cc |
| SHA256 | 6bbbebadb557c384b522635bebcbb28bc8842e566cb0a05a645d21709c55ddab |
| SHA512 | d81aecb442136f608050e1fa21c0d4140e1cc6eece9d7dd8ddce090aabc9d280239253ca3521592463554f11a78eab20703b7fe35e92017772f1fa023d8394c0 |
memory/6104-1752-0x000002271DC20000-0x000002271DC30000-memory.dmp
memory/6104-1768-0x000002271DD20000-0x000002271DD30000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF73CF4BCCF5AE4211.TMP
| MD5 | 2ed6988530c52e757222b9f26b003aa6 |
| SHA1 | 7c7b97b0601ea749c09a027c8f1d2189d92be65a |
| SHA256 | c09f9ebc1c2ccd3de13d866ca9802834993729303331bee0dd9586dae9f6d2fd |
| SHA512 | ce1f47de580edd1672eca44b51f0a5f81e3aa17fe9cda158a9eab527522269f33589869a095832a73fe828e50e97a88eed563f483982a4265b61a3d073acb375 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\11518
| MD5 | e59b6cd344ff74a75b7e9a610eee1b58 |
| SHA1 | cf52cb97984f4f611bc12c0ba1f5dcf8a1302c62 |
| SHA256 | 9327a90354deac384c47a370d288e409b3b38e317a7153f45cca2305e6611bf9 |
| SHA512 | 6b3728e9080e5d4701d0db83b7011fd5efd8f0b201bfbf5882f8ed20cfe16ff37a3f4cd684ec7c52599b972292f27ae794febfd3e92bc57f332d164dff73e3f6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\C6C531D84EAE96E728D75C90CB88801441C3392E
| MD5 | d248bfd79a68183a4ce6811b9ffdc312 |
| SHA1 | 16a81665b5c1387a45e99fc9548499a9db4f0f40 |
| SHA256 | 83dc3d19b6b87cbf39af8988f106fcd7d4f4e57aad4e16378f56b4f86e35caf1 |
| SHA512 | bee3a8c90b067863c97cb468954be5ee093919d9fcbfbc0fa15117f6525267ced15757b9a12a788ee6915ca032aa2456e3b953564562660f1a4f2db74e015ef7 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\8051
| MD5 | 1934fa56664825541881ff2771d38c61 |
| SHA1 | 621833a8c4323b082bc19c92e481bbfb5476b42a |
| SHA256 | 19d78a2a6e4002ebd5e165ea400206a1e98aa661b6ba4eebf92a58de1e806b8f |
| SHA512 | a71c8dff9722a3f3846cee0068cb5e9beaa30c2960ac47cdd70c007c2622fc4d544e4473d358e3a70b25aa6de4d47a850e0ef089cf2a84b81ecfe4c3f02e4137 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\17175
| MD5 | f70848b73976a8578d98a75d2ae2da46 |
| SHA1 | accba916f469a6f9ab1d38915df3099aff6e9988 |
| SHA256 | 1bef44016c9d336ab1ffb9b606becf214dd3573c0e6f33ea24c8ff125f5ebeac |
| SHA512 | c30d2f96184e3d63cb691780f1fa6b01d9acc8a91fbf38d53ccf1c73733a36b65a85a51783614657d8c60155dce4903b916b32a5c6924862cadd6df68581ed0e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\5710
| MD5 | 45721ac355f3be5bbcc5dd54a032a974 |
| SHA1 | 088b4f76b58b5c8493f757fcc2ad524a20ead4d3 |
| SHA256 | cf680a43d8c802a4b2bc014e456809efc6f823bf9cc3f5bea67a8b2b92d59b6d |
| SHA512 | c157348e03c933e2448936ff296a046e7bb72dfc4b5b4faf467fc0f244d9e85e5c43095ee126682f6b7373cfe2f78e2618246c4b13b7be39adf818d79266f134 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++github.com\ls\usage
| MD5 | f0dafd231a17dbcbb19539c4d67882f4 |
| SHA1 | 7cbff7bcef4d57dc3eed1ac9cc26be031bdf6ba4 |
| SHA256 | 04286146e2cb17384ca58e0d5f08c912bbc239d854c5d15159693e11b4f5be35 |
| SHA512 | abff056d31052be689d0c4b794b998cfca5f2ae9f401293b0db1c734d1b9c94ef9d2972a88eea5d4190809e739a0c858de740dd76a56ef776f2e012329dbe730 |
C:\Users\Admin\Downloads\LoveYou.exe
| MD5 | 31420227141ade98a5a5228bf8e6a97d |
| SHA1 | 19329845635ebbc5c4026e111650d3ef42ab05ac |
| SHA256 | 1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71 |
| SHA512 | cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 5e143cd82e86d31056f2cbf1f2748ed8 |
| SHA1 | f51899198034a9948268294bb4b3484d9f961524 |
| SHA256 | a2ec11545cff41bcf5566bcaf8bf232256ded23b678314d06c5b83b61eecd4b7 |
| SHA512 | 8dad321f1691bca611319fd6da418a543f145b0fb0e8e5c1504ce6c163fe64444fb61097cb0bf10ef6c43c97f132c96f628e62996ddb7a0b4b3c12d5bc54473b |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\30787
| MD5 | 9e95ef33eb6f9a9543fa1ec5b16d9ea5 |
| SHA1 | 29ba9557a6a92fecc9c5cacc319f75024a6d9fc7 |
| SHA256 | a8b33e18633654a6604ccc0873e729832ebc9969e946abfad07236c4aca8448e |
| SHA512 | 225fe28b6ad97005cfe7d0d37402e35ce630283a65713e68283cff53a46fb71729fc6669e6a0df5c959e3dc9f26024ddf81f1c4f24e59571922f412a054c6036 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 8a0005dc2a1a495668e803d31bfe0a9d |
| SHA1 | 5599b69ee837c44908be0726d4035839a6c6e6bf |
| SHA256 | ef07a362f913c9f0993820ce6a4a3d9493da77f3ec31eaf99be9cd684360a6a1 |
| SHA512 | 54b55a1c6dd2d9b90b7b833ab249de09d82df6565a40621114a0b84457863642371d2e20c4036ae88fc00404234de20f6f018a17da5f6424c8d9f77602b1e9b6 |
C:\Users\Admin\Downloads\IconDance.exe
| MD5 | 7ad8c84dea7bd1e9cbb888734db28961 |
| SHA1 | 58e047c7abecdd31d4e3c937b0ee89c98ab06c6a |
| SHA256 | a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095 |
| SHA512 | d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 092de603b9513a2830c98df919b028c5 |
| SHA1 | 8e2294eab5fcdc190fcb3b7e0661bfda616651f8 |
| SHA256 | e2b259f088a1135e983f6a3033aceba4c5f73cd6d640cf65d2a07b0eaa056634 |
| SHA512 | 3cb271ea3a9c9380f18361e38919c9c4846fda05f326aa55f0bfefcfde00fe23194fcabebe334588fcee1f42aa0f36e59dd956a74f7562f45e7dad871ddb6378 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\22714
| MD5 | e2a4d67b7f07872a22a3eab01470ea1d |
| SHA1 | 0abbab842b6fc7c8cf0e99c23722dbdc06f89dd1 |
| SHA256 | 2b44230ce26745855ae7434698984b2d0a9b3f7dab2d0fdb1a723c8fba92d0e1 |
| SHA512 | c0fefe9360f1faacb1b3f095660be9bad2d845a4bdec3492638b4b71f23fb93a93d351031f283050748b8bc86e77b9cabcb993f5a94a42ca4882daf7b8540499 |
C:\Users\Admin\Downloads\MrsMajor3.0.exe
| MD5 | 35a27d088cd5be278629fae37d464182 |
| SHA1 | d5a291fadead1f2a0cf35082012fe6f4bf22a3ab |
| SHA256 | 4a75f2db1dbd3c1218bb9994b7e1c690c4edd4e0c1a675de8d2a127611173e69 |
| SHA512 | eb0be3026321864bd5bcf53b88dc951711d8c0b4bcbd46800b90ca5116a56dba22452530e29f3ccbbcc43d943bdefc8ed8ca2d31ba2e7e5f0e594f74adba4ab5 |
C:\Users\Admin\AppData\Local\Temp\6247.tmp\6248.tmp\6249.vbs
| MD5 | 3b8696ecbb737aad2a763c4eaf62c247 |
| SHA1 | 4a2d7a2d61d3f4c414b4e5d2933cd404b8f126e5 |
| SHA256 | ce95f7eea8b303bc23cfd6e41748ad4e7b5e0f0f1d3bdf390eadb1e354915569 |
| SHA512 | 713d9697b892b9dd892537e8a01eab8d0265ebf64867c8beecf7a744321257c2a5c11d4de18fcb486bb69f199422ce3cab8b6afdbe880481c47b06ba8f335beb |
C:\Users\Admin\AppData\Local\Temp\6247.tmp\eulascr.exe
| MD5 | 8b1c352450e480d9320fce5e6f2c8713 |
| SHA1 | d6bd88bf33de7c5d4e68b233c37cc1540c97bd3a |
| SHA256 | 2c343174231b55e463ca044d19d47bd5842793c15954583eb340bfd95628516e |
| SHA512 | 2d8e43b1021da08ed1bf5aff110159e6bc10478102c024371302ccfce595e77fd76794658617b5b52f9a50190db250c1ba486d247d9cd69e4732a768edbb4cbc |
memory/5856-2395-0x0000000000010000-0x000000000003A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\5a530dfd-bc51-4992-a05d-f09d41a331d4\AgileDotNetRT64.dll
| MD5 | 42b2c266e49a3acd346b91e3b0e638c0 |
| SHA1 | 2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1 |
| SHA256 | adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29 |
| SHA512 | 770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81 |
memory/5856-2403-0x000000001D170000-0x000000001D332000-memory.dmp
memory/5856-2404-0x000000001D870000-0x000000001DD96000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3f116d276684493932a21b342549389d |
| SHA1 | 57749e2232e89ea5c75d0169276752771beafc61 |
| SHA256 | acbb749c1d46f5418c034857ed1b9fef3ea5b29a51318bc094751566ae9c1a4d |
| SHA512 | fcdccde30a6ce56debb11aebb7fd1ad6a9f3303245e1b6f4b91b8a121c9328e89e09585f1a36e43915b5093671a860bb896f37f949b38f7c067d0c87f48ceccf |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\eulascr.exe.log
| MD5 | 0d24376e070853aeb373fb4efcd9c886 |
| SHA1 | 5ed08b221c85e2cfcb883f06d9c7151ff81621b9 |
| SHA256 | 582035d3b58f4c14d8951b45ee83a8843b93bb41c8a77fbc5a092ca116366fc7 |
| SHA512 | 8d02310103958963d2e9a08b39e31048731fc385c0a66598ae4b35cc3131124092443601473e0632361eb3dcf8aa260c5e4a5b8ffc08a112970dc4619506cede |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a939961507a41cf77ff735af0d166a0a |
| SHA1 | 88c54bd9dd00e7969d6fac72a7f8aafa4f9de588 |
| SHA256 | 5e0c54a1648e48ea49c3ed35829aed84a40cc621917157c2fc599004b1e49e69 |
| SHA512 | 06ad7d3ee1ff52acdef5db09162c1bcc770a927862c8961600f7407c0cc65da7778921022d69b2523189904d56f32af0129df126c89c3b0b8cbfa3a847bc5f64 |
C:\Users\Admin\Downloads\000.exe
| MD5 | f2b7074e1543720a9a98fda660e02688 |
| SHA1 | 1029492c1a12789d8af78d54adcb921e24b9e5ca |
| SHA256 | 4ea1f2ecf7eb12896f2cbf8683dae8546d2b8dc43cf7710d68ce99e127c0a966 |
| SHA512 | 73f9548633bc38bab64b1dd5a01401ef7f5b139163bdf291cc475dbd2613510c4c5e4d7702ecdfa74b49f3c9eaed37ed23b9d8f0064c66123eb0769c8671c6ff |
memory/6536-2602-0x0000000000D70000-0x000000000141E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\windl.bat
| MD5 | a9401e260d9856d1134692759d636e92 |
| SHA1 | 4141d3c60173741e14f36dfe41588bb2716d2867 |
| SHA256 | b551fba71dfd526d4916ae277d8686d83fff36d22fcf6f18457924a070b30ef7 |
| SHA512 | 5cbe38cdab0283b87d9a9875f7ba6fa4e8a7673d933ca05deddddbcf6cf793bd1bf34ac0add798b4ed59ab483e49f433ce4012f571a658bc0add28dd987a57b6 |
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
| MD5 | 7050d5ae8acfbe560fa11073fef8185d |
| SHA1 | 5bc38e77ff06785fe0aec5a345c4ccd15752560e |
| SHA256 | cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b |
| SHA512 | a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b |
memory/6536-2620-0x000000000CD00000-0x000000000CD38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\rniw.exe
| MD5 | 9232120b6ff11d48a90069b25aa30abc |
| SHA1 | 97bb45f4076083fca037eee15d001fd284e53e47 |
| SHA256 | 70faa0e1498461731f873d3594f20cbf2beaa6f123a06b66f9df59a9cdf862be |
| SHA512 | b06688a9fc0b853d2895f11e812c48d5871f2793183fda5e9638ded22fc5dc1e813f174baedc980a1f0b6a7b0a65cd61f29bb16acc6dd45da62988eb012d6877 |
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
| MD5 | 5fb18cba7537c4e9a17e069b58d28b7a |
| SHA1 | f21aac48e3da59d0e97b42a0713f5808fdd7c75b |
| SHA256 | 85211244422447b152a89f3048f9de7d76a7a2be592185083b002a9c51a5f9a5 |
| SHA512 | c946e071a2bc4d81651af0374cc21e6ae7145a0a19add0dd6029d0bc319f04129df1d2aef9fc603d0db326e5c7059e4aeafc9cd4a5d8bac2a3dbff70d5c4fee7 |
C:\Users\Admin\AppData\Local\Temp\text.txt
| MD5 | 9037ebf0a18a1c17537832bc73739109 |
| SHA1 | 1d951dedfa4c172a1aa1aae096cfb576c1fb1d60 |
| SHA256 | 38c889b5d7bdcb79bbcb55554c520a9ce74b5bfc29c19d1e4cb1419176c99f48 |
| SHA512 | 4fb5c06089524c6dcd48b6d165cedb488e9efe2d27613289ef8834dbb6c010632d2bd5e3ac75f83b1d8024477ebdf05b9e0809602bbe1780528947c36e4de32f |
C:\Users\Admin\AppData\Local\Temp\one.rtf
| MD5 | 6fbd6ce25307749d6e0a66ebbc0264e7 |
| SHA1 | faee71e2eac4c03b96aabecde91336a6510fff60 |
| SHA256 | e152b106733d9263d3cf175f0b6197880d70acb753f8bde8035a3e4865b31690 |
| SHA512 | 35a0d6d91178ec10619cf4d2fd44d3e57aa0266e1779e15b1eef6e9c359c77c384e0ffe4edb2cde980a6847e53f47733e6eacb72d46762066b3541dee3d29064 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json.tmp
| MD5 | c8dc58eff0c029d381a67f5dca34a913 |
| SHA1 | 3576807e793473bcbd3cf7d664b83948e3ec8f2d |
| SHA256 | 4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17 |
| SHA512 | b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4
| MD5 | 55f2715ad844c0fb72df9a7d26b719ee |
| SHA1 | c79be787714b3447040316fd338cd4f33741629a |
| SHA256 | ec8e9de18fb37a73dbcfd5950e689f78b8ed48c0e361e8c757f977c06048087b |
| SHA512 | 7724f9ec58bee22dc95394ff3d5dbf6227824c9996308600c93b5a97ad214cc99387b2ed20878b2fa598b110b3d9721312cc503c2881c99aa16a590265cc406b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs.js
| MD5 | 8aa5cc0023fd7a6a4be4caff87123370 |
| SHA1 | b82a858d45b22d68c3be483b1cb117d795e8756f |
| SHA256 | 5d8299fb8d2ba68173b3a1f6e7928aa9ec939b39a27cdb60672d9131f027c321 |
| SHA512 | fce5a48e7c474d08b427c3ab7c15c2944370b6772cfb7052a3587770ad46791f2f9df2429dffa57cd85bf63594ee588f461ada88f54c119d376e58a0006b6655 |