ffb44b8d...1aa0

Remarks

Max Extracted Files Number Reached (0x200001d): The maximum number of extracted files was exceeded. Some files may be missing in the report.

Max File Reputation Requests Reached (0x200001b): The maximum number of file reputation requests per analysis (20) was exceeded.

Filters:

Filename	Category	Type	Severity	Actions

C:\Users\FD1HVy\Desktop\m.exe

Sample File

Binary

Blacklisted

Also Known As	C:\Users\FD1HVy\Desktop\NWqZQdpD.exe (Dropped File)
Mime Type	application/vnd.microsoft.portable-executable
File Size	1.16 MB
MD5	291bfa021dc98473954d089bdc1fad35
SHA1	baa51f3c50a8301b75a8f4c8cb6536bef1c61806
SHA256	ffb44b8de928bd2c1b885e1c35bff3311631a83af9a18253aaf0d9fa7a901aa0
SSDeep	24576:exsxl/OOeI7RC4CJR5ez+IlnRJE5AxBK9jCdAsr+N:tfjREqyx9
ImpHash	ca3b1af31abe1beced65a635aa0c47a3
Parser Error Remark	Static analyzer was unable to completely parse the analyzed file

File Reputation Information

Severity	Blacklisted
First Seen	2019-04-17 09:47 (UTC+2)
Last Seen	2019-04-17 12:37 (UTC+2)
Names	Win32.Trojan.Matrix
Families	Matrix
Classification	Trojan

PE Information

Image Base	0x400000
Entry Point	0x4dca54
Size Of Code	0xdfa00
Size Of Initialized Data	0x48c00
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2019-03-21 22:09:01+00:00

Sections (10)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0xdaaa4	0xdac00	0x400	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	6.38
.itext	0x4dc000	0x4cc4	0x4e00	0xdb000	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ	5.72
.data	0x4e1000	0x5b08	0x5c00	0xdfe00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	6.19
.bss	0x4e7000	0x6444	0x0	0x0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.idata	0x4ee000	0x1236	0x1400	0xe5a00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.8
.didata	0x4f0000	0xfa	0x200	0xe6e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	1.88
.edata	0x4f1000	0x6c	0x200	0xe7000	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	1.31
.tls	0x4f2000	0x14	0x0	0x0	IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
.rdata	0x4f3000	0x18	0x200	0xe7200	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	0.21
.rsrc	0x4f4000	0x41600	0x41600	0xe7400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ	7.96

Imports (8)

oleaut32.dll (12)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SysFreeString	0x0	0x4ee36c	0xee0b4	0xe5ab4	0x0
SysReAllocStringLen	0x0	0x4ee370	0xee0b8	0xe5ab8	0x0
SysAllocStringLen	0x0	0x4ee374	0xee0bc	0xe5abc	0x0
SafeArrayPtrOfIndex	0x0	0x4ee378	0xee0c0	0xe5ac0	0x0
SafeArrayGetUBound	0x0	0x4ee37c	0xee0c4	0xe5ac4	0x0
SafeArrayGetLBound	0x0	0x4ee380	0xee0c8	0xe5ac8	0x0
SafeArrayCreate	0x0	0x4ee384	0xee0cc	0xe5acc	0x0
VariantChangeType	0x0	0x4ee388	0xee0d0	0xe5ad0	0x0
VariantCopy	0x0	0x4ee38c	0xee0d4	0xe5ad4	0x0
VariantClear	0x0	0x4ee390	0xee0d8	0xe5ad8	0x0
VariantInit	0x0	0x4ee394	0xee0dc	0xe5adc	0x0
GetErrorInfo	0x0	0x4ee398	0xee0e0	0xe5ae0	0x0

advapi32.dll (15)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegQueryValueExW	0x0	0x4ee3a0	0xee0e8	0xe5ae8	0x0
RegOpenKeyExW	0x0	0x4ee3a4	0xee0ec	0xe5aec	0x0
RegCloseKey	0x0	0x4ee3a8	0xee0f0	0xe5af0	0x0
OpenThreadToken	0x0	0x4ee3ac	0xee0f4	0xe5af4	0x0
OpenProcessToken	0x0	0x4ee3b0	0xee0f8	0xe5af8	0x0
GetUserNameA	0x0	0x4ee3b4	0xee0fc	0xe5afc	0x0
GetTokenInformation	0x0	0x4ee3b8	0xee100	0xe5b00	0x0
GetSidSubAuthorityCount	0x0	0x4ee3bc	0xee104	0xe5b04	0x0
GetSidSubAuthority	0x0	0x4ee3c0	0xee108	0xe5b08	0x0
FreeSid	0x0	0x4ee3c4	0xee10c	0xe5b0c	0x0
EqualSid	0x0	0x4ee3c8	0xee110	0xe5b10	0x0
AllocateAndInitializeSid	0x0	0x4ee3cc	0xee114	0xe5b14	0x0
CryptGenRandom	0x0	0x4ee3d0	0xee118	0xe5b18	0x0
CryptReleaseContext	0x0	0x4ee3d4	0xee11c	0xe5b1c	0x0
CryptAcquireContextW	0x0	0x4ee3d8	0xee120	0xe5b20	0x0

user32.dll (10)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
MessageBoxA	0x0	0x4ee3e0	0xee128	0xe5b28	0x0
CharNextW	0x0	0x4ee3e4	0xee12c	0xe5b2c	0x0
LoadStringW	0x0	0x4ee3e8	0xee130	0xe5b30	0x0
PeekMessageW	0x0	0x4ee3ec	0xee134	0xe5b34	0x0
MsgWaitForMultipleObjects	0x0	0x4ee3f0	0xee138	0xe5b38	0x0
MessageBoxW	0x0	0x4ee3f4	0xee13c	0xe5b3c	0x0
GetSystemMetrics	0x0	0x4ee3f8	0xee140	0xe5b40	0x0
CharUpperBuffW	0x0	0x4ee3fc	0xee144	0xe5b44	0x0
CharUpperW	0x0	0x4ee400	0xee148	0xe5b48	0x0
CharLowerBuffW	0x0	0x4ee404	0xee14c	0xe5b4c	0x0

kernel32.dll (119)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
Sleep	0x0	0x4ee40c	0xee154	0xe5b54	0x0
VirtualFree	0x0	0x4ee410	0xee158	0xe5b58	0x0
VirtualAlloc	0x0	0x4ee414	0xee15c	0xe5b5c	0x0
lstrlenW	0x0	0x4ee418	0xee160	0xe5b60	0x0
VirtualQuery	0x0	0x4ee41c	0xee164	0xe5b64	0x0
GetTickCount	0x0	0x4ee420	0xee168	0xe5b68	0x0
GetSystemInfo	0x0	0x4ee424	0xee16c	0xe5b6c	0x0
GetVersion	0x0	0x4ee428	0xee170	0xe5b70	0x0
CompareStringW	0x0	0x4ee42c	0xee174	0xe5b74	0x0
IsDBCSLeadByteEx	0x0	0x4ee430	0xee178	0xe5b78	0x0
IsValidLocale	0x0	0x4ee434	0xee17c	0xe5b7c	0x0
SetThreadLocale	0x0	0x4ee438	0xee180	0xe5b80	0x0
GetSystemDefaultUILanguage	0x0	0x4ee43c	0xee184	0xe5b84	0x0
GetUserDefaultUILanguage	0x0	0x4ee440	0xee188	0xe5b88	0x0
GetLocaleInfoW	0x0	0x4ee444	0xee18c	0xe5b8c	0x0
WideCharToMultiByte	0x0	0x4ee448	0xee190	0xe5b90	0x0
MultiByteToWideChar	0x0	0x4ee44c	0xee194	0xe5b94	0x0
GetConsoleOutputCP	0x0	0x4ee450	0xee198	0xe5b98	0x0
GetConsoleCP	0x0	0x4ee454	0xee19c	0xe5b9c	0x0
GetACP	0x0	0x4ee458	0xee1a0	0xe5ba0	0x0
LoadLibraryExW	0x0	0x4ee45c	0xee1a4	0xe5ba4	0x0
GetStartupInfoW	0x0	0x4ee460	0xee1a8	0xe5ba8	0x0
GetProcAddress	0x0	0x4ee464	0xee1ac	0xe5bac	0x0
GetModuleHandleW	0x0	0x4ee468	0xee1b0	0xe5bb0	0x0
GetModuleFileNameW	0x0	0x4ee46c	0xee1b4	0xe5bb4	0x0
GetCommandLineW	0x0	0x4ee470	0xee1b8	0xe5bb8	0x0
FreeLibrary	0x0	0x4ee474	0xee1bc	0xe5bbc	0x0
GetLastError	0x0	0x4ee478	0xee1c0	0xe5bc0	0x0
UnhandledExceptionFilter	0x0	0x4ee47c	0xee1c4	0xe5bc4	0x0
RtlUnwind	0x0	0x4ee480	0xee1c8	0xe5bc8	0x0
RaiseException	0x0	0x4ee484	0xee1cc	0xe5bcc	0x0
ExitProcess	0x0	0x4ee488	0xee1d0	0xe5bd0	0x0
ExitThread	0x0	0x4ee48c	0xee1d4	0xe5bd4	0x0
SwitchToThread	0x0	0x4ee490	0xee1d8	0xe5bd8	0x0
GetCurrentThreadId	0x0	0x4ee494	0xee1dc	0xe5bdc	0x0
CreateThread	0x0	0x4ee498	0xee1e0	0xe5be0	0x0
DeleteCriticalSection	0x0	0x4ee49c	0xee1e4	0xe5be4	0x0
LeaveCriticalSection	0x0	0x4ee4a0	0xee1e8	0xe5be8	0x0
EnterCriticalSection	0x0	0x4ee4a4	0xee1ec	0xe5bec	0x0
InitializeCriticalSection	0x0	0x4ee4a8	0xee1f0	0xe5bf0	0x0
FindFirstFileW	0x0	0x4ee4ac	0xee1f4	0xe5bf4	0x0
FindClose	0x0	0x4ee4b0	0xee1f8	0xe5bf8	0x0
WriteFile	0x0	0x4ee4b4	0xee1fc	0xe5bfc	0x0
SetFilePointer	0x0	0x4ee4b8	0xee200	0xe5c00	0x0
SetEndOfFile	0x0	0x4ee4bc	0xee204	0xe5c04	0x0
ReadFile	0x0	0x4ee4c0	0xee208	0xe5c08	0x0
GetFileType	0x0	0x4ee4c4	0xee20c	0xe5c0c	0x0
GetFileSize	0x0	0x4ee4c8	0xee210	0xe5c10	0x0
CreateFileW	0x0	0x4ee4cc	0xee214	0xe5c14	0x0
GetStdHandle	0x0	0x4ee4d0	0xee218	0xe5c18	0x0
CloseHandle	0x0	0x4ee4d4	0xee21c	0xe5c1c	0x0
LoadLibraryA	0x0	0x4ee4d8	0xee220	0xe5c20	0x0
TlsSetValue	0x0	0x4ee4dc	0xee224	0xe5c24	0x0
TlsGetValue	0x0	0x4ee4e0	0xee228	0xe5c28	0x0
LocalFree	0x0	0x4ee4e4	0xee22c	0xe5c2c	0x0
LocalAlloc	0x0	0x4ee4e8	0xee230	0xe5c30	0x0
WaitForSingleObject	0x0	0x4ee4ec	0xee234	0xe5c34	0x0
WaitForMultipleObjects	0x0	0x4ee4f0	0xee238	0xe5c38	0x0
VirtualQueryEx	0x0	0x4ee4f4	0xee23c	0xe5c3c	0x0
VirtualProtect	0x0	0x4ee4f8	0xee240	0xe5c40	0x0
VerSetConditionMask	0x0	0x4ee4fc	0xee244	0xe5c44	0x0
VerifyVersionInfoW	0x0	0x4ee500	0xee248	0xe5c48	0x0
SuspendThread	0x0	0x4ee504	0xee24c	0xe5c4c	0x0
SizeofResource	0x0	0x4ee508	0xee250	0xe5c50	0x0
SetThreadPriority	0x0	0x4ee50c	0xee254	0xe5c54	0x0
SetLastError	0x0	0x4ee510	0xee258	0xe5c58	0x0
SetFileAttributesW	0x0	0x4ee514	0xee25c	0xe5c5c	0x0
SetEvent	0x0	0x4ee518	0xee260	0xe5c60	0x0
SetErrorMode	0x0	0x4ee51c	0xee264	0xe5c64	0x0
ResumeThread	0x0	0x4ee520	0xee268	0xe5c68	0x0
ResetEvent	0x0	0x4ee524	0xee26c	0xe5c6c	0x0
ReleaseMutex	0x0	0x4ee528	0xee270	0xe5c70	0x0
QueryPerformanceFrequency	0x0	0x4ee52c	0xee274	0xe5c74	0x0
QueryPerformanceCounter	0x0	0x4ee530	0xee278	0xe5c78	0x0
OpenMutexW	0x0	0x4ee534	0xee27c	0xe5c7c	0x0
MoveFileExW	0x0	0x4ee538	0xee280	0xe5c80	0x0
LockResource	0x0	0x4ee53c	0xee284	0xe5c84	0x0
LoadResource	0x0	0x4ee540	0xee288	0xe5c88	0x0
LoadLibraryW	0x0	0x4ee544	0xee28c	0xe5c8c	0x0
HeapFree	0x0	0x4ee548	0xee290	0xe5c90	0x0
HeapDestroy	0x0	0x4ee54c	0xee294	0xe5c94	0x0
HeapCreate	0x0	0x4ee550	0xee298	0xe5c98	0x0
HeapAlloc	0x0	0x4ee554	0xee29c	0xe5c9c	0x0
GetVolumeInformationW	0x0	0x4ee558	0xee2a0	0xe5ca0	0x0
GetVersionExW	0x0	0x4ee55c	0xee2a4	0xe5ca4	0x0
GetUserDefaultLangID	0x0	0x4ee560	0xee2a8	0xe5ca8	0x0
GetUserDefaultLCID	0x0	0x4ee564	0xee2ac	0xe5cac	0x0
GetThreadTimes	0x0	0x4ee568	0xee2b0	0xe5cb0	0x0
GetThreadPriority	0x0	0x4ee56c	0xee2b4	0xe5cb4	0x0
GetThreadLocale	0x0	0x4ee570	0xee2b8	0xe5cb8	0x0
GetSystemTimes	0x0	0x4ee574	0xee2bc	0xe5cbc	0x0
GetSystemDefaultLangID	0x0	0x4ee578	0xee2c0	0xe5cc0	0x0
GetSystemDefaultLCID	0x0	0x4ee57c	0xee2c4	0xe5cc4	0x0
GetProcessTimes	0x0	0x4ee580	0xee2c8	0xe5cc8	0x0
GetLocalTime	0x0	0x4ee584	0xee2cc	0xe5ccc	0x0
GetFullPathNameW	0x0	0x4ee588	0xee2d0	0xe5cd0	0x0
GetFileAttributesW	0x0	0x4ee58c	0xee2d4	0xe5cd4	0x0
GetExitCodeThread	0x0	0x4ee590	0xee2d8	0xe5cd8	0x0
GetDriveTypeW	0x0	0x4ee594	0xee2dc	0xe5cdc	0x0
GetDiskFreeSpaceW	0x0	0x4ee598	0xee2e0	0xe5ce0	0x0
GetDateFormatW	0x0	0x4ee59c	0xee2e4	0xe5ce4	0x0
GetCurrentThread	0x0	0x4ee5a0	0xee2e8	0xe5ce8	0x0
GetCurrentProcessId	0x0	0x4ee5a4	0xee2ec	0xe5cec	0x0
GetCurrentProcess	0x0	0x4ee5a8	0xee2f0	0xe5cf0	0x0
GetComputerNameA	0x0	0x4ee5ac	0xee2f4	0xe5cf4	0x0
GetCPInfoExW	0x0	0x4ee5b0	0xee2f8	0xe5cf8	0x0
GetCPInfo	0x0	0x4ee5b4	0xee2fc	0xe5cfc	0x0
FreeResource	0x0	0x4ee5b8	0xee300	0xe5d00	0x0
InterlockedCompareExchange	0x0	0x4ee5bc	0xee304	0xe5d04	0x0
FormatMessageW	0x0	0x4ee5c0	0xee308	0xe5d08	0x0
FindResourceW	0x0	0x4ee5c4	0xee30c	0xe5d0c	0x0
FindNextFileW	0x0	0x4ee5c8	0xee310	0xe5d10	0x0
ExpandEnvironmentStringsW	0x0	0x4ee5cc	0xee314	0xe5d14	0x0
EnumSystemLocalesW	0x0	0x4ee5d0	0xee318	0xe5d18	0x0
EnumCalendarInfoW	0x0	0x4ee5d4	0xee31c	0xe5d1c	0x0
DeleteFileW	0x0	0x4ee5d8	0xee320	0xe5d20	0x0
CreateProcessW	0x0	0x4ee5dc	0xee324	0xe5d24	0x0
CreateMutexW	0x0	0x4ee5e0	0xee328	0xe5d28	0x0
CreateEventW	0x0	0x4ee5e4	0xee32c	0xe5d2c	0x0

ole32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
CoUninitialize	0x0	0x4ee5ec	0xee334	0xe5d34	0x0
CoInitialize	0x0	0x4ee5f0	0xee338	0xe5d38	0x0

shell32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
SHGetSpecialFolderPathW	0x0	0x4ee5f8	0xee340	0xe5d40	0x0

wsock32.dll (5)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
WSACleanup	0x0	0x4ee600	0xee348	0xe5d48	0x0
WSAStartup	0x0	0x4ee604	0xee34c	0xe5d4c	0x0
gethostname	0x0	0x4ee608	0xee350	0xe5d50	0x0
gethostbyname	0x0	0x4ee60c	0xee354	0xe5d54	0x0
inet_ntoa	0x0	0x4ee610	0xee358	0xe5d58	0x0

netapi32.dll (2)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
NetShareEnum	0x0	0x4ee618	0xee360	0xe5d60	0x0
NetApiBufferFree	0x0	0x4ee61c	0xee364	0xe5d64	0x0

Exports (1)

Api name	EAT Address	Ordinal
TMethodImplementationIntercept	0x509b8	0x1

Local AV Matches (1)

Threat Name	Severity
Generic.Ransom.Matrix.CDD86710	Malicious

C:\Users\FD1HVy\Desktop\mxkeFu6a.exe

Dropped File

Binary

Blacklisted

Mime Type	application/vnd.microsoft.portable-executable
File Size	181.13 KB
MD5	2f5b509929165fc13ceab9393c3b911d
SHA1	b016316132a6a277c5d8a4d7f3d6e2c769984052
SHA256	0cfdbfb9c4a2a80794462f06cf0da43c5977aa61bd3bbe834002703fe44ef0b4
SSDeep	3072:hnQr0ryqPlGGyPAPNIfG+QWx5sOjw9i8yxulNpsl/DXHcd6Gu9XQBYWW7tpT6azN:hnf71rClQWjNw9i+psR3g6G4SLILT6aR
ImpHash	5d6889a7abcff395c3e35a021207cf6d

File Reputation Information

Severity	Blacklisted
First Seen	2018-04-08 16:54 (UTC+2)
Last Seen	2019-03-19 05:55 (UTC+1)
Names	Win32.Trojan.Cryptinject
Families	Cryptinject
Classification	Trojan

PE Information

Image Base	0x400000
Entry Point	0x475810
Size Of Code	0x29000
Size Of Initialized Data	0x1000
Size Of Uninitialized Data	0x4c000
File Type	FileType.executable
Subsystem	Subsystem.windows_cui
Machine Type	MachineType.i386
Compile Timestamp	2017-12-10 21:18:46+00:00

Version Information (8)

CompanyName	Sysinternals - www.sysinternals.com
FileDescription	Handle viewer
FileVersion	4.11
InternalName	Nthandle
LegalCopyright	Copyright (C) 1997-2017 Mark Russinovich
OriginalFilename	Nthandle.exe
ProductName	Sysinternals Handle
ProductVersion	4.11

Sections (3)

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
UPX0	0x401000	0x4c000	0x0	0x400	IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	0.0
UPX1	0x44d000	0x29000	0x28a00	0x400	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	7.93
.rsrc	0x476000	0x1000	0x800	0x28e00	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE	4.04

Imports (6)

ADVAPI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
RegOpenKeyW	0x0	0x47666c	0x7666c	0x2946c	0x0

COMDLG32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
PrintDlgW	0x0	0x476674	0x76674	0x29474	0x0

GDI32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EndDoc	0x0	0x47667c	0x7667c	0x2947c	0x0

KERNEL32.DLL (4)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
LoadLibraryA	0x0	0x476684	0x76684	0x29484	0x0
ExitProcess	0x0	0x476688	0x76688	0x29488	0x0
GetProcAddress	0x0	0x47668c	0x7668c	0x2948c	0x0
VirtualProtect	0x0	0x476690	0x76690	0x29490	0x0

USER32.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
EndDialog	0x0	0x476698	0x76698	0x29498	0x0

VERSION.dll (1)

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset	Hint
VerQueryValueW	0x0	0x4766a0	0x766a0	0x294a0	0x0

Memory Dumps (143)

Name	Process ID	Start VA	End VA	Dump Reason	PE Rebuilds	Bitness	Entry Points	Actions
mxkefu6a.exe	28	0x00400000	0x00476FFF	Marked Writable	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040F93F, 0x00407336	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00406078	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00406078	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Marked Writable	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040F93F, 0x00407336	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040608C	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	35	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	27	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00406078	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040608C	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	40	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	41	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	28	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00406078	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040608C	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	126	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040608C	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	132	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	121	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00406078	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	173	0x00400000	0x00476FFF	Process Termination	-	32-bit	-	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004080C0	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040AE73	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040579A	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040B435	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00409AC9	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00406078	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040DEC6	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00410AB1	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00412434	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x00416A09, 0x00415F2F, ...	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004048D4	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x0040C3C0, 0x004112CE	... Memory Dump Actions Download Dump Go to process
mxkefu6a.exe	198	0x00400000	0x00476FFF	Content Changed	-	32-bit	0x004020F0	... Memory Dump Actions Download Dump Go to process

Local AV Matches (1)

Threat Name	Severity
Trojan.GenericKD.40672878	Malicious

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\storage\permanent\chrome\idb\[SmartDen@protonmail.com].3pXdQcOs-NtRlGDXw.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	49.38 KB
MD5	f9e8a5ff6f6cf2b848c274503c048d2d
SHA1	70dfc010a4a8cbf69b634af7f5c475bed1a5f151
SHA256	0b6f43ea28d2adbb8199ca465a4a6686a465c2928bb3328181bdd460a71c9874
SSDeep	768:yACOu557owUCYJ0q3eJws53SwQAOLpcu2WsO:5jCS0iIws5C8ezKO

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\webappsstore.sqlite

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].Oh5RMS8D-LGHAzhUJ.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	97.38 KB
MD5	e494e464ddeb0c4c64b195b4a330ef71
SHA1	5fe9e093566bbee763a99d02258d6a2c2e842bdb
SHA256	9d281221d10edb1fa06ffb02300fb9ad0703b3e2fd592767d27ea5dba10c7821
SSDeep	768:ICscSG9XeXvfppnc+IasjYm2PTdVENCscSLzO:ICscxtUppc+1T2CscgzO

C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\43GhgeoJ1r.jpg

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\[SmartDen@protonmail.com].rGIwne1B-tzk28j9U.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	94.71 KB
MD5	f984df591db376d288327cf96378469a
SHA1	727661334b1ebd8342102f187bba12801541e321
SHA256	a90c22b749443d744071482a0798f20df41819b6a992121fbba0d5927e3c0a13
SSDeep	1536:1eIDCHuD6A+ILzfw3e7pCvz4eC2IsfIZ6FuRrLtAc0tIU2V0pSO:kIDCHc6SHfw3egr4EICFuRHtt0If

C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\[SmartDen@protonmail.com].X2clptlS-9lnwegin.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	6245ff4faa0e9e4f92b9666e05543732
SHA1	6f1a03056e6796bcd91a1ddc20c67a45b0725c8e
SHA256	2760ba9a4cffe3ba32589b5f35dae6a0ebc8fb4021a99dfbfc5da1b3939a061a
SSDeep	768:xNUsyX7pYPPprPdb9xvNLqDKflXQNUsyX78O:xNNWyPRrVb9tBqGf5QNNW8O

C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx

Modified File

Stream

Unknown

Also Known As	C:\Logs\[SmartDen@protonmail.com].n1LpM30f-n1tbuuCN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	1d13fdff14bd1289ceeb2bd7fafa3a1f
SHA1	74e275529d68ffcba453127d2f2d784ab8acba51
SHA256	7c8156efc35a8463dffef1ee717d7e7a2aca19b7ca087eee6256e1783daeaf9f
SSDeep	768:3YRQPR1lP9CCZyTWRJ6E2RTjTwfkYRQwO:3YRu1Z4kYBYRJO

C:\Program Files\Java\jre1.8.0_144\bin\rmiregistry.exe

Modified File

Stream

Unknown

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].XKjGPAPo-xSF9U63b.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.45 KB
MD5	79895fccafaa92105753cc13d822808f
SHA1	e836423bb13be8d0b9eb89546e9f5c697b2f501a
SHA256	e49f9c1e3eb12111f0d9912582ee4ea0999f694b717c62848b20668727683ffd
SSDeep	384:yrJujKNZZee03nYPvtx98mT0R74YiCfHu:yvbAeih7UYdO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\optimize_poster.jpg

Modified File

Stream

Unknown

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].AlTjri5C-5MKuA1N0.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	24.84 KB
MD5	d11d6a7b972213573795ce7e1d05c4d5
SHA1	7e0952515b245422664d2008cb65f1709c6474f9
SHA256	ff2bd9afef2b657c3731487145fad9dd89b29fb7cb4566326f5f6aabf8c548e9
SSDeep	768:6KIaLa8pnSpdO9CRBlXiT4zrFF+cqJlPO:68La8JSTkqjY4zxF+cqPO

C:\Program Files\Java\jre1.8.0_144\bin\javacpl.cpl

Modified File

Stream

Unknown

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].uHgg4DPc-u5wR7Ly1.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	184.38 KB
MD5	f37fc03f49090c0fdf0d5d79a6a57f8f
SHA1	a2bcaed401d1040ed4fa8504da58183f15c39bb4
SHA256	d1f9ebd4d2e147aa2df1d71d48502ed0f34e38fe55c2efe00cf9f41bfa7c5172
SSDeep	3072:5F6j1FjPzRf7V0h7wsoh/TLdiNMYIsuorYU20jDjZqMi5:6jnjrZGwLh/TLdiNMYInezjJc5

C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\Installer\chrome.7z

Modified File

Binary

Unknown

Also Known As	C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\Installer\[SmartDen@protonmail.com].r03CLOO9-dDuAIuwS.SDEN (Dropped File)
Mime Type	application/x-dosexec
File Size	174.48 MB
MD5	63dff95884fe78d4f2c3cc03d1f7d87d
SHA1	cb9d98a47daf17d5a3b4bcbcab67e40fab6b39da
SHA256	f82b1c524c74f85e70d348557e36024b111fdf426e99c75e122e490d081c8d07
SSDeep	196608:MJ/gk1G+B5tHnR23n8irAxBEtulKXxTubo40d7xfn41LOcAZq:MNTBHzKAH0ffeyHZq

C:\Users\FD1HVy\Documents\ZOJs8SfeUiV.docx

Modified File

Stream

Unknown

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].IobyZVvE-UKi081j9.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	74.76 KB
MD5	e407860ae59691d989e7de3f453edbd9
SHA1	54e98ec8a150aa971c5d9d5aedf385b995ad3566
SHA256	bd270fc5f9e487c35aa326e3025176035efcc3fa4e3bc4c6fcb2562caf719156
SSDeep	1536:f1/tT7tyCDzbhFJj7fGcYCL62wLbL+xTByxac3mWCHgbn/k7mPw3O:xV7vX17pCLbL+SEczCHgzUF

C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterRegular.ttf

Modified File

Stream

Unknown

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\fonts\[SmartDen@protonmail.com].4FZ419Ec-X95nTyu6.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	238.39 KB
MD5	e43a2068228c09b871094a6c5efe955d
SHA1	84a3b28cee7d0cde104c0a4a6ec85e83a1228d6a
SHA256	5ea58122964be2871a25046a87822a10c5bb8654446f0e1384b973084bb835c0
SSDeep	3072:S+G7Cllg+UGFDUnrrHqMyBtlc3+fzx5R1zeqZdDgfSkecUfEDpEXzSyPMR9XogRo:Selm46Ak+naqaucYEDpEX3gZo+o

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\DefaultID.pdf

Modified File

Stream

Unknown

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\[SmartDen@protonmail.com].JDHaPOxG-TR15J5dw.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	80.14 KB
MD5	1da5c11be43a19137d3f2155f7d80bea
SHA1	cd3b4e3e55ebfd385809b879bdfafa7a83238194
SHA256	cc9045dd09a858160535c6eeeaaeb47ee37f13dbe47a310b7137c95af45a344e
SSDeep	1536:8vIXszEpKs0yMGY+70umYYBN9ELwracFbpE86GD+XDKAFoL/oslFD1u+LO:8vEUL/GS0P80XXoLzFD19L

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\edit_pdf_poster.jpg

Modified File

Stream

Unknown

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].kJiZDyq7-0EXHYmV3.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	30.29 KB
MD5	c784557152756a83a75852a79f1a289f
SHA1	1d529e47a45f7261baafe69e02135f40ba0e4f7f
SHA256	e4c7cae5b7fe19c1ba9a39cb007d0f8f76ca4703263a6b5d1528ad01dba7d2eb
SSDeep	768:HhweNPpxaYapqDoCuVu/+++++++++hjF86eBjJYbIls9xiBUlO:B7hxasMF81VYb0cxMOO

C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf

Modified File

Stream

Unknown

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\cmm\[SmartDen@protonmail.com].xKM7Wfs0-jG3QnoRb.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	269.42 KB
MD5	27ba3139bbe0b1bdc6b6f39f02c319d2
SHA1	e8b3ac5d5f4adc7b530278fea032479a9326c81c
SHA256	df3c7addbc219549baff9cd5907faf2a9c63492eea4781e113eeab3aa7a7009c
SSDeep	6144:hjNRNRyAnAqNaADEJHeeeeevoAuaiqwV6sg0pUjRVgYgY:fRNRpN0j3qhjRC9Y

C:\Program Files\Java\jre1.8.0_144\bin\pack200.exe

Modified File

Stream

Unknown

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].wrPC15P9-Ws3mQCKn.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.45 KB
MD5	a0c4c066a4c08f5eccfc570cbd94b3bc
SHA1	3686986d89108de9b986913ca405ee87cc769e60
SHA256	a2e94e4ba399a6f052fdea8a04085ce9b14080ec7df951fadff6b5f11be6f8b2
SSDeep	384:WyuAGeGz4zV4G6IS4wtOKNN/eeHrnYP7WfuSjQ8p5jCfHu:HLhzVb6MwtbvWeLZfuSjQpO

C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties

Modified File

Stream

Unknown

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].dKku5ERY-7d2YnTj7.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	6.80 KB
MD5	b40392559f69cf207f06ed193cbcb1ec
SHA1	c72e6bb788a3cbc206fdbdba7b5b85844c097211
SHA256	fbaf2a161e5b23c7340a9df66b2487a6ad5c4e7025effe0bfaeb4b4fee7e8cb5
SSDeep	192:DopAxqT0gyNZN6eacz8NsHl2z3tL2fHu:a50tN76b/NsMzdCfHu

C:\Users\FD1HVy\AppData\Roaming\eapzhiWZ.vbs

Dropped File

Text

Unknown

Mime Type	text/plain
File Size	0.25 KB
MD5	a03321a103373fe3df5dfff32f9aed63
SHA1	cda210581de9bac0376aa4fb75055b233eadf9c8
SHA256	776e6ef8cf05aa4bedfb495f69c2e5f9619ccc2ad0a9ac84ddf9adf17b19bc78
SSDeep	6:LBiPCQLBB4FaKEjoNxiaZ5GAY7QsryviNLBB4OwMVR:LwPCQL34FaKaovNHp7sryviNL34OxVR

C:\588bce7c90097ed212\!SDEN_INFO!.rtf

Dropped File

Text

Unknown

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Roaming\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Documents\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Documents\MDvWkEoF\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\ZBNeq\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Documents\Outlook Files\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\PWEP9ZZOb dHlAYjsy\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\deploy\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Local\Mozilla\Firefox\Profiles\w7cr0hor.default\OfflineCache\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Roaming\Microsoft\Access\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\storage\permanent\chrome\idb\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\storage\permanent\moz-safe-about+home\idb\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\!SDEN_INFO!.rtf (Dropped File) C:\Logs\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\resources\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Pictures\!SDEN_INFO!.rtf (Dropped File) C:\$GetCurrent\SafeOS\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\!SDEN_INFO!.rtf (Dropped File) C:\Users\FD1HVy\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\bin\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\ext\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\Installer\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\fonts\!SDEN_INFO!.rtf (Dropped File) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\cmm\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\management\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\jfr\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Java\jre1.8.0_144\lib\security\!SDEN_INFO!.rtf (Dropped File) C:\Program Files\Microsoft Office 15\ClientX64\!SDEN_INFO!.rtf (Dropped File)
Mime Type	text/rtf
File Size	2.78 KB
MD5	e08b85666d4abb7b2ef9f00a160eaa95
SHA1	144b560a8bdcec18db30c67ebd4b4a5f0fb144dc
SHA256	661ee5947c010908d25789b07b6195d091480166fab8e010308d360ad5651fcd
SSDeep	48:5GapRUMyKJXD6l6O5VIg+ChV0AGr88Ue9ik1THWvrJoFjE27x8Dby:5VUVKJ6lL56gHvGr88gk1zWvFYw27oby

RTF Information

Document Content Snippet

HOW TO RECOVER YOUR FILES? WE HAVE TO INFORM YOU THAT ALL YOUR FILES WERE ENCRYPTED! PLEASE BE SURE THAT YOUR FILES ARE NOT BROKEN! Your files were encrypted with AES-128+RSA-2048 crypto algorithms. * Please note that there is no way to decrypt your files without unique decryption key and special software. Your unique decryption key is securely stored on our server. * Please note that all the attempts to recover your files by yourself or using third party tools will result only in irrevocable loss of your data! * Please note that you can recover files only with your unique decryption key, which stored on our server. HOW TO RECOVER FILES? Please write us to the e-mail, we will send you instruction how to recover your data. Our main e-mail: SmartDen@protonmail.com Our secondary e-mail: b SmartDen@tutanota.com Our secondary e-mail: b SmartDen@india.com Please write to our main e-mail. If you will not receive answer in 24 hours, please write to our secondary e-mails ...

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\content-prefs.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].ARjNZbc3-GGbNn6zv.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	225.38 KB
MD5	8620867202ff29a2c92a8d7230aedf07
SHA1	2da8a1b39291f224ba6fb4c8a3e1f188ec07c83e
SHA256	f6c0ca7ecd2ebf338c53f4d096d0e1881c590873b6d925dbb7b39978a647fa92
SSDeep	768:poQLvzX7V8sQZeIidWrtmrOoB2ZtGVQilBEEtnkXCbSAuPLxQLvzX7VhO:b7XisQZ5id+0B23oQilBLnZ1uy7XPO

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cookies.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].nimdT47p-Yg4RLd31.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	513.38 KB
MD5	507ab01197015a702f9c3f023e0d6ea4
SHA1	793c5fb8f5ddaf280edddee988ecef8af539ff66
SHA256	2d45a20c85fbb7c4d51a8bf9060040d018f1e9615b39a238f85c9ebb0b48e43c
SSDeep	768:v9gdOYHyNGIJsIKFX828Z2ojoqe9dQtGlcq2EI2oWZ6+39gHO:v9gRHyAndFX58siWYt4cH92lU+39gHO

C:\Users\FD1HVy\Documents\Outlook Files\kkcie@kdj.kd.pst

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\Outlook Files\[SmartDen@protonmail.com].nRbBGIdF-9rFA0ZSj.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	266.38 KB
MD5	10ab7d8e08ff0e7c03283d4fa12ccfa5
SHA1	944080c88ac7b29a68ca8d6dcb29696c4bd6c472
SHA256	4a0c739259fce468cec9b2fd36031f9883614ec6599bb8530aafa0b3b6bb1325
SSDeep	1536:jQo7zlGsOVhG4HpIFbpg0NbVzEEGmjq6GI8plYWi/QoNO:jQkqG+pIMQpUmjWiQ4

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\ZBNeq\HRt9zX--uxTxj7rs8.xls

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\ZBNeq\[SmartDen@protonmail.com].RxgzwjxI-uCw2GBhW.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	50.70 KB
MD5	c7be74e91d7f5713ef02f0946de49403
SHA1	e65daf07b456014b40251add06bd0ffb69427529
SHA256	b427cbb9747be4820948e19681b340701392efe812ab9aa477434bd474c37304
SSDeep	768:HyorIAr1ZJH6SkaI8NC9ZHseyQisMKDxTnRZgsk1e0RhnQukV6vc/U3O:HPrIABP6PaJk3fyMhgs10R9Quj0WO

C:\Users\FD1HVy\Documents\Vw9 cNao_kB.doc

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].uofoCdKb-DaVNm0Ac.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	77.55 KB
MD5	eae52f0cdab42af500d4804b2738ea52
SHA1	bddaba00bb7f997f7f754c5f1394244e2bcce69e
SHA256	90ab0742580e93b5cbb239b0c6ae77a5b945718f52db8540a72fd8019f374a25
SSDeep	1536:o8+bXP58oHMdkHU1LgSUZe07/nVAcRoumXRRbX6iN1yOvLhZmoNRdbMjzSNaO:o8+7BfHKkHUvUM4NLRKXzbX6qyOjhZmP

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\PDFSigQFormalRep.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\[SmartDen@protonmail.com].jcbjwgst-tPMpo3l3.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	458.62 KB
MD5	675a7a6301cc25575ed25ee6a1ded6f5
SHA1	772d3ec8ed44758c4cca5004cbfd7b34efd83a59
SHA256	172a8cd8a79c5fabf91acaa86c3cafa94c69d0d6d96d9050b75dd82e1236e290
SSDeep	12288:4OfNvEbwosc3h+N8hcBk5/732yYLmAQktFgn/AURkOZo8KYCqt6YSAaEM+ZS3VOt:4OfNkYnHN+/3

C:\Users\FD1HVy\AppData\Roaming\ivYTDOP.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].vt70hHPA-8Fh1dkrM.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	9.54 KB
MD5	69cd46880640015086e569ca387b5177
SHA1	aab3a78430b850470312d3fb10e83fc9370fb87a
SHA256	f394b086126d4e2b91a1ff9347b757fba0805aabb6502555eeb812d42446a86c
SSDeep	192:/CS/tZoG466K7CYEWC9Y9Llr1bW4uX6FQLeuIngdJz7L2fHu:/BrDz7LHLlxObI0fCfHu

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\edit_pdf_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].IekHW64z-Aic92eL7.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	73.73 KB
MD5	5adbfd04abc15ee0c6ffaf38632a0d4d
SHA1	a9d1110f00361fb1408a086c2d01d8521d654f86
SHA256	87fd6df013e8de4c3e8be326d8dd5ada2f4d5b6617ec45452f1ac2b3a3941ef1
SSDeep	1536:u27oOZL6TAubwvFqbvxiwIzSXJpTihqMz2VthjU3UjO:u4DL6TAmwkzP+4tzhdVj

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\scan_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].lKlVCyVz-o0WD8aAr.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	31.02 KB
MD5	5f5efd862c11bdfbb8065bce41351cb3
SHA1	b64293fe8af33a0aad5e551881551473bf436c94
SHA256	49c9788261e3e89f58e54bc86e7df978de8e694bd0e6054038874337ae421228
SSDeep	768:Pp8LZ5eaVdIsOl1uiiuZa+LZiVfkCNbJTn8VYAPKj7HcDChWHQIVfO:Pp8LLVesOl1kcjZSlJThsHQIVfO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\organize_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].91BkO9Ug-VCjwxSZR.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	26.42 KB
MD5	3783331a25e7a0f7afd3a4b08210919e
SHA1	9495518cf9f9ffaa8c2f4553f68b3ad4f289dc80
SHA256	b95e75f0f44ed1faa17313c269da875a01ec9b7e113528d7d5d2ddbe69cb1bd5
SSDeep	384:znM2eJ33crP+a6/yZ9LT4VR8sLML6xtNnvQhQ1CIvgnLPyNtZvCfHu:42xr/6/c9LOR8g6+1CIvmWKO

C:\Users\FD1HVy\AppData\Roaming\q1N9.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].JQlNqn5S-QRcfGh7C.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	10.36 KB
MD5	2292764af3ff2de63852132d0fa630c1
SHA1	b4a92f3df62d9e53899a06caf205f5ab626a0736
SHA256	f95430e8edbbfacd5feb1141b87b70fe5fa6a2c487380bfa9802a94127c717c4
SSDeep	192:LLr/mZl2G/y5Oq/RcYJ4zoaYckNWm3/lRwhvJIm/vqTtNUSb2KS/FFcV4L2fHu:LLr/i1O4MaYmm3/Hwh3i3USbI/F6V4C2

C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\previews_opt_out.db

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Local\Google\Chrome\User Data\Default\[SmartDen@protonmail.com].Oac3gwWu-8TPUfdDz.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.38 KB
MD5	4ef8b9fe9787e45af06154845db1fd40
SHA1	41e617d3ecf5786a3bc84bc1bb6d701df4bffac3
SHA256	44570c1608f62c61581f7b317eacd04cd622ee1c79666da223a61fc8fc945208
SSDeep	192:VkDTGUosQ03ByVjbkDTGUosQ036IEKL2fHuL:VkHGUo0SkHGUoPIFCfHuL

C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\PWEP9ZZOb dHlAYjsy\Kw9XQh.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\PWEP9ZZOb dHlAYjsy\[SmartDen@protonmail.com].P1qInScJ-lqid8DYJ.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	34.53 KB
MD5	302cee3e51516a7f12a7b52f6a211c93
SHA1	80fb824892fab136618d72c08ea195664e53f01a
SHA256	de11464e1667732d95d5870774279829854f751a858bc08b0df98eb932a2d3b9
SSDeep	768:FGWGZa8Sbrgtx4wDvk37DfVQL+x1wbVWbzyr2QqbDvnC2eIABquN/+O:oPa8SYtLDMrDfVQKTwbEvyrYbDhGouNT

C:\588bce7c90097ed212\netfx_Core_x64.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].N8mHC7nN-WAm6z3Xu.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.81 MB
MD5	03b9f70a9c4074f81e94f6401967d166
SHA1	4b4d7ccfc103c27becab2a93924ec25a2376777f
SHA256	835595d96b827125d17df1e7f6b9162c3a81bec78d48e2d36d611cd5b4e41aa2
SSDeep	24576:2rYZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw:2rs6tuQpcxisfQf2M6FGoML

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\cert8.db

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].JwLc3hbG-YymU2jWD.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	65.38 KB
MD5	d5d473d842c119ee19ab2a8d6e5df3dc
SHA1	037fafc79be59e9a3c3f9ad77c915c6a0e3df055
SHA256	2f8523c4e4a7692ecfae23502cd16a79e8c8e7949d8f3563e86c1ea53cc54667
SSDeep	768:a1Wwx+KybgePSVnIqGLpQKYBfGFMZuQZ7DO:a1WwYK2gePSVnI9QnBO/mPO

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\permissions.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].IO6lkAGR-vhVtaX5g.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	97.38 KB
MD5	8e0cb1fa07b7bc05f838144021c74b4b
SHA1	e6121473d85cd630d80545e11f8f0a0243cf53c4
SHA256	06d09283bfb5e2b22210f963760087b4ea4a6c920d35823198f6cc934b06eeee
SSDeep	384:tm+tJKB/yi//a3C+v+PwzWNp5o42abQkT1JhKG3j4p7M+tJKBXCfHu:EwkB6z3kHpy47rb3U4wkBcO

C:\Users\FD1HVy\Documents\6HQBe1Id.xlsx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].AEK3BNwj-BJBB20Zg.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	46.87 KB
MD5	c46a6ca978317e712a26d5d415dbc629
SHA1	e4746210c0f5f9dc5f3d68bb6974aa4133c4acd8
SHA256	0c4c1353636e2190a59d12b8191e759a195692b9a33803aa62e65febbbe1e7d6
SSDeep	768:IdhgJl+ovf1sj+jQXCsWJQPIhg6/zlsjOXoCKGIxYboxT4X6rth19JO:IEvzpeCPQPIW6bGaRKGyeATG6J9JO

C:\Users\FD1HVy\AppData\Roaming\wx1gKcZ ARkXbsEtQ26.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].xryt88Dp-uc6ann23.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	86.16 KB
MD5	becb1495ab9952c2418dd1d4a1804ff6
SHA1	23e1e64b49e5f0ce900bd07784f5047156d2d402
SHA256	1ca22b3d90941c5f54c275dc8c37d15d349b32764d2aa67d8e42654736cc7673
SSDeep	1536:l6pBVjMS26whtv/MtPD+TsD8eHIVsupsO/DRlLGWr3cUa57QjH7JT8P4IU04O:kpBltWxMt7sDUuZRHsUa2fSX34

C:\Users\FD1HVy\Documents\MDvWkEoF\JXIUqqf 3E1.odt

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\[SmartDen@protonmail.com].Zd5aRLaO-XeVulSzN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	22.23 KB
MD5	5a3f75f50fa10bf53f0a1a7c2ee92e60
SHA1	0aedfcfd8656131d1cb874dca42233994cf8a308
SHA256	286d983962e4d76e5781c4d8f8148a28572b774c1213948908eaadf527f9379c
SSDeep	384:QwIXBoiA9tQMZXozhy9CbJraTJkt0v9NjhRKLQOGx+nxNZScibaxxxPb5YtCfHu+:pYCtQM8Q2o6tK9Nj3elGxCZSc3xtYyO+

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\key3.db

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].hRGfoawo-BWJxkV8y.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.38 KB
MD5	f48439d12f1585fe81f7b1db177dbc47
SHA1	6b5ba23331b1fa0c905d8176ceebc0d8af11df75
SHA256	5a6193fb2bf70cfecaddc412c78948b2f13099f0aa0d182ec37aa55ad8b71dff
SSDeep	192:joklxfwGPHnaXhjtmTMCkMX48hBpNJkGyTbNdmMvr5U+lgCitxL2fHu:jokzR/naXOTEKp/aTBQY5UPxCfHu

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Adobe Sign White Paper.pdf

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	275.91 KB
MD5	65bfbe9321927fdac5e5f68ace1d7f9c
SHA1	765720901e2431a869d9a0fb8d2dd20153300ddc
SHA256	703c3d4bf95578f43c29b96187f7b702cea37a1cd84fa0e881263e4122df101e
SSDeep	6144:J8gXjji8ZT2PaFxWajWqoKOcYjeHYbPtdKMS0HeY:J8OjjNT2yPLj6o8ddN

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\secmod.db

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].E1QApuoi-kYHYmOxg.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.38 KB
MD5	7c2f0d02508a04460c4dfc70e48ed423
SHA1	6a76ce5ebc14c2c5d96bdae01e98e348dad584d1
SHA256	8b9ac25012437b9a5c8a59d2f8dc6ceeee9b1f6e65e9ba0015985352e5288700
SSDeep	192:jm2I/U1G9EIHUOrycCebzvviHE/s05xvmI2z/itIovOwcL2fHu:jmB/S+tUOecCebzvigsGmI2zlAcCfHu

C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].Xg7oJ1j3-sCv0FEVL.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.96 MB
MD5	ebccc7542f3bbf4fb12439226234c51e
SHA1	a3096cd761b0cf015fe0be0d5881ff9afce42bab
SHA256	ff26a708671e1a8915f84b920845d0b733af3eaa40ab4ae21be420b25731da7f
SSDeep	98304:K71KAuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhl:KhKk3ZBkOK2Knq45mY4H5OMKkKzl

C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\MediaDb.v1.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\[SmartDen@protonmail.com].G743yGT4-NzbP8NGx.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	5.38 KB
MD5	47c7c7f64e1b85c543637e809b30d23d
SHA1	29a00db4b8eecd6703b793aaf3e4c164b5d8e821
SHA256	56466e5364b13b6b2599590f1ff247e2eb8c566467d8d8f7fe0fdf89d6b42706
SSDeep	96:8Rz7cjqk6vNkza5W3ZldCLfIrTQUySBSLFJr3Z5ibdILvTVvS1XmL/ufRNumUa:AV9NYa5W37dtHQUyUsFJLZ/LvTVa12L9

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\SignHere.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\[SmartDen@protonmail.com].ILV1Y75Z-ofgB7bLG.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	41.15 KB
MD5	1fcf8df32b330c4308a88d118a1613f6
SHA1	34f9b6005f19fb37ca473738cb650d25eeb13dd6
SHA256	944082512c291bbe5bb7420e2537af2a1e3ef71164661b4c4db1ef2dad75ded2
SSDeep	768:20XUCp323Tl5LqXSpp31tPiMBn9gznvy0BUn4tuNCO7:9UAOTXPRzgLi4YkO

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\zZn5.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\[SmartDen@protonmail.com].isH41cGz-WqlDoxL9.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	98.17 KB
MD5	05362bf5cf5adb1c59b39683772fe8ba
SHA1	27d0cbafa536e31f187aec64c0bcf1a9bce4a07d
SHA256	08d0e2ac1328092c4999c4d16f58241bc850c242bec0ce81460b2cbc44fb4a02
SSDeep	3072:PE556K2H8RATPl0lw5ZAwJ60X/7AZH89g5Ft:KH2H/a2bJ60X/uc9U

C:\Users\FD1HVy\AppData\Local\Mozilla\Firefox\Profiles\w7cr0hor.default\OfflineCache\index.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Local\Mozilla\Firefox\Profiles\w7cr0hor.default\OfflineCache\[SmartDen@protonmail.com].vDC03qmh-rhP2LRSn.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	257.38 KB
MD5	c86b4ad9f63122b1e57aac4610c2434a
SHA1	1a4813035a3a3c3a8e34d16b5f75ba879adea2fe
SHA256	f8e7fc56f3856017c0e35affa533670656bf7944b480a93e017d510d8553b2e6
SSDeep	768:ChLYgaqFr4MXngsxXuczWqpeqLDMW43jgXgu5IguBhLXO:3NquMX6czWeMWe8wwIguLO

C:\Users\FD1HVy\AppData\Roaming\Microsoft\Access\AccessCache.accdb

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Microsoft\Access\[SmartDen@protonmail.com].ZFyiTnIS-aOsneXoN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	197.38 KB
MD5	a60ce24e3059ac3cf145a8736cf86858
SHA1	54268a62cc6b494302e7692cb0ed15512123a60d
SHA256	11837743f849d45b8988ec959fbeba4fdf86e93f8fcd94ba381799f4fa0adcb7
SSDeep	768:ajhWEebni+OldKRQLWKyw/mOnJiE2Vi/fh6YRO:1EeLKdKaLfyw5QEjfh6AO

C:\Users\FD1HVy\Documents\Database1.accdb

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].oZypVQ8a-hfWhekc8.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	341.38 KB
MD5	345905edd415f4747a28179f448c74d5
SHA1	5442259c11dc9c9994f657f3f219756b5efa3c34
SHA256	0d75bce653d23554283127a1209bcec26e226cfdad665ecfb0ad9fd28845582e
SSDeep	1536:A3u9lxp6JN/ACa7SDvsqVavdFZxNVnCvSs6Y6Vk/uFMIesyA2kKYjz7ZdGMdGyfC:O+vCIZuDvZUFnxNV3GOG+wF/i

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\optimize_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].NXE3Q3VL-AKSapyzv.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	66.71 KB
MD5	46053b1827809ce9f3d42a74431b213a
SHA1	aa528e0e9483df7b3cf09124cb96c17fa6312a5e
SHA256	86ea7333e078b880531209d268718406816f628683558e34dd50da1817b602da
SSDeep	1536:cwDk3NL5zE0YaHvO8l/jstnJ577CvNtj5RSLGCJzlynUQ/PtwO:VDioaHvvgV78BRSLxG/Ptw

C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].sipl8xcc-C96fK1rw.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	15.21 KB
MD5	0bd509cf3e508b5a1970f3d94d292a13
SHA1	c1cd87a140ba6856406d193071890b9666ea64a5
SHA256	ea60b5a905d79052b3c969b5b9f808eeb5b77a41202a09ad2ff74dcf6ae7b7db
SSDeep	192:X+SD4695ppUSyNQ3uP8RbZKtFm/uo8mINRYjIjxdhCYGGjL2fHu:/d95ALNQNzAGuojIPYjyxuGjCfHu

C:\Users\FD1HVy\Documents\HV67.xlsx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].EmrIDhBT-Qhbcfd9z.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	93.28 KB
MD5	a135332c394fda83916f8628b3fdb996
SHA1	80a4c8d599df38e57729867253455d7688a726ad
SHA256	e1a5018a2b53ae674d7c23a19de6a520e4aa4914def8ef8f750d8a8e638cd829
SSDeep	1536:4bUX0tLndIxnIgT6sCMY/OKg3fbzjjdSvkBUIsJpCECV8PnRgrXpfSHsGmDvO:+Q01nOIGRYWKgPbz3Ba7w8PO5fWjmz

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\xjYLW_hfZv1k8ab.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\[SmartDen@protonmail.com].0BiQJntx-SgM1I26z.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	57.51 KB
MD5	9747d6274986fe318929380492b36dc6
SHA1	6ac1a3fba21af54af7e3c14a7fb29834e8c32798
SHA256	996f25a8783035d8cd1b09119cf35c409ba90c7e65ccec8c3417b143473c952b
SSDeep	1536:nRYeF9OX11Z6eH4Zm8A1ONbemVVv+7wjY2gzhv301KuO:RFFoBHwmp8Y0RkJE5

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\qIJWv_cl3Fl.odt

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\[SmartDen@protonmail.com].FpikgoFo-gyhMc9Dd.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	87.63 KB
MD5	c37df355dacc50e733539f8048ad7763
SHA1	29666182666406cfa0a0a52e6bbffebb4d287322
SHA256	48127b6ea411648547076fa1227accf87a7a8e6af887613eb4b8b654ec890aba
SSDeep	1536:dLb+Pc0UQd1Rr948xFEmAHYrYtuRF0JQRxIymr1GOnB8j4ZGAJFojJqCv0ObPzIO:N+U0UkPJ41fYs4RvxIymr1LnSj4Zv/og

C:\Users\FD1HVy\Documents\YFbehrau7-I.xlsx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].KLDol5xU-307Qb1o6.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	43.92 KB
MD5	a4f84bbea31718be74078c0f3724fedf
SHA1	23babdd54e4bd63478fb91f2e21b37689118e525
SHA256	ff18b46f801f80a9014bedfa2db46393e294dc4275943bfc8f5cf5e9ae4112b3
SSDeep	768:WIGFi89h4xD6kxagc/fKWhN5kLuQcsASonWAjv7F2UmXNrWWf+3L3O:WBE89h4xtc/SW/JQxoReXHf+3DO

C:\Users\FD1HVy\Documents\Xp8i-yDNo1to.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].vRQ15d57-LBPkc0ag.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	23.04 KB
MD5	0798d5e318b68cf880f2ad883413b6b4
SHA1	214bae15aa6cb119ef69a60ac4fe13429f4aa90a
SHA256	b012c55bf06d36655b649152f52f97554cc99164d54dee0aaacd926ccb897aec
SSDeep	384:ooSzyAldp2kMWTylKEYoruboUvul/+gHsbNBSDAZoIDV/AvlCfHu:ooSzyewlW+tYorWWl/ah6yDVYSO

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\storage.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].vmisbKVh-fSSORhCn.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.88 KB
MD5	7ecd8ada04ef68e38ee04c77899b37fe
SHA1	7fb06c800c0c40aa168514648c14940eea75757e
SHA256	135b90c98c79df8e2559b8ba9bcd5df0f736ddbdf636ebacf91844aa4f6d22a5
SSDeep	48:NX1gzx9bH1clA7FZ/NmLaPcuB4i+gNiZvuUbHeR:h1gzx9O8mL/ufRNumUa

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\lO-5UKEm.xlsx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\[SmartDen@protonmail.com].hHsgUiKs-PzQlDHUf.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	15.63 KB
MD5	0463ac97b3212a45355a6c3d4f7dc570
SHA1	ef9aeaf9bc94e4ace80aecc6951a37e73881dc03
SHA256	607f75e2c372adc6ce35a2859ec6bc219cade0b39a537881a77d0ab90bb43633
SSDeep	384:IsWJ5FN9Y3aSkHmXE3q6zL1gawZezMoQOmZPwACCCfHu:u5zjmXE6W1gxeooQORAC9O

C:\Users\FD1HVy\Documents\N8Jr-vH1xH.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].FuKNWd1d-QdzRH5uP.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	2.72 KB
MD5	20df64584ce89a8ca0fc01c5f1ec7da0
SHA1	dd00abbcb41b93e26d5c500954feeca7526e1c56
SHA256	ad7326df51388650e121f8b862a48f65515667a7097bd18deeb968d3d68e10e5
SSDeep	48:VenHWpPxpDj0lINiiY/VUtrJRkpHtdgbmb5NmLaPcuB4i+gNiZvuUbHe:snH2PDsuNiZ/VUJJRkpNpmL/ufRNumUa

C:\Users\FD1HVy\AppData\Roaming\dJ1D8WWJKN0vwRrX.xls

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].cSAWMB7e-XojLjpnY.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	45.61 KB
MD5	d9beda13a2ae8e2e8f4cc10872bb6032
SHA1	1f90e010f315486c681eec25401782bc151590f7
SHA256	2a53ef51b03a370269611bd81f091a4215ea1fdf3500beba8b67fa2aa3ea2f68
SSDeep	768:ZaVtv6YdKOG/dh7FK3BDLaOMQZ2+/5ZRZFX+U2sA1iJj5mN4e8fpbTJ/wZvqwQlJ:ZKRnedGIOMT45ZRZV+sVj5Kd89mZvqKO

C:\Users\FD1HVy\Documents\yTvQERL.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].zspjGCB1-9TBuUobP.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	95.95 KB
MD5	681e5959dfe406118095f6fa987e0468
SHA1	c30a66ee19021623e5396ea6f7f2e4825ef09f03
SHA256	7c8717a86be444deba6701517921a92b1891f154b04fd25634d07b4fcbbd1eb0
SSDeep	1536:tyIAhrlqy1SjFavcQ+nmU5zuAyEeia716Ge8qqQ4+GJoOj773OR5wgyi+eYMO:MIAhcjUamU5yXp95vXJoOfDORWpeV

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\storage\permanent\moz-safe-about+home\idb\818200132aebmoouht.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\storage\permanent\moz-safe-about+home\idb\[SmartDen@protonmail.com].eYrW8237-5swaPtXf.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	121.38 KB
MD5	9739c44be43b620ac68d121da806d90d
SHA1	c38aff8e81c9b7a6bc7cfb183d84d0cbda4a3130
SHA256	b998bc7bee2d37371398a241d5f3ec6d4641b7a67300970026c1a91de5df3ddc
SSDeep	1536:Qu+rj6bPdUIwfDwUEJOm/WqkySmQ4i5135I9EphVBXAPURYF0YG5ifka0O:tuOFUhLwFXn+3XpxQjrsa0

C:\Users\FD1HVy\Documents\lH729p9NvtlORqAu.xlsx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].N6L8UhuG-s9jfXYI1.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	86.33 KB
MD5	a7fe12739b4c588cac27d3dd5fcb2799
SHA1	3a3437cea52333f5afa4043da4bc8e7d455c1f8e
SHA256	bca0b5241433e86b149c1bc1c7ccbca529c449cc7b5c576af67219c752e0d2ca
SSDeep	1536:GJtRtzpJX6b6r4dF1LdYueStp50ylfiOkUidNv7wSrYxFwf/TUqDPPhO:GnVJX67/+St3rfBc/v7wtFaRZ

C:\Users\FD1HVy\Documents\MDvWkEoF\V4v0at7yeL46Y_CL.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\[SmartDen@protonmail.com].LAuDYDBh-uhJ7KvPZ.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	79.01 KB
MD5	80ac1a480fad559d0bb01f7f559d3eb6
SHA1	cfac905d6679f040f1fd337c6ba34470d50ed0a4
SHA256	8edb60f0a3e381dc68a786f9dcd6f40bfe64cde9ca454b389237b167b042735d
SSDeep	1536:Bo0qDEEwM6rVJnyRby5wE0vsvIAH0cS4/UQHdtUAOBmnQYO+wIMHR95jfcO:B1qDEW6znyFyaE+slz7UqdtUAOBmHO+j

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\2-sCYYlXE1eIT.ods

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\[SmartDen@protonmail.com].VesKr6XK-7cnx3WFu.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	32.68 KB
MD5	8babbc05de6eaa9348443e9e6c2cc37a
SHA1	c15a80a14aa5c7e1623139cef9347e81f5b558f1
SHA256	23bea7bd39d0ddb5879a8ee462b5139575fa12158df6b5d47bdc11f20bf929bb
SSDeep	768:MUJQf7zXPtwYn1YfQPZueck4tFQb6Ld8JGtsNO:3J87zfaYn+ehB6OJasNO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\AdobeID.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\ENU\[SmartDen@protonmail.com].PRMVN3N9-GTIudzvl.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	81.53 KB
MD5	37c72dffc32a087e448a38daeacc7a5e
SHA1	2a1eb7f1db42fa392023ce4e5917fdfcc90fee81
SHA256	c0dbd4cbba629662b8ce776c3d4e85acf491b9f4a3bb4cb371e631b5afae56de
SSDeep	1536:m66nDwDumhfxY+70umYYBN9ELwracFbpE86GD+XDKAFoL/oslXQO:GnkD4GS0P80XXoLzXQ

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\Words.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\[SmartDen@protonmail.com].PcMH4lSc-3RzPcoy9.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	111.24 KB
MD5	f56ccd7003db346fe89731ee79b9dba8
SHA1	364eed101ad0a14462e3ac99e6d28e34605b0b10
SHA256	7e89ab0c5d958c1dcf0b7c614ba9b6fb9411779a091045006a7321951f7571a4
SSDeep	3072:TQ4dvr3iaUnDw9JZ8idFejlyAMv30UbLYlsTXEqOvvL:84djSk9H8E7htv7qvvL

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\1494870C-9912-C184-4CC9-B401-A53F4D8DE290.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\[SmartDen@protonmail.com].pNAGpJg7-Vajs0Ufe.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	183.84 KB
MD5	26e98333be5b9eb9c37c843e1940e4b4
SHA1	da458d436269f38942d8ab9d2fbe467f177d088e
SHA256	9b579ef134e14ada791101285f2865b9b93db368047cb645cb3286376683e005
SSDeep	3072:FC27o6N6gT0xwZODn/TJTHuX2T/5/dGc4uka2AtSyNLMDTJ5MtvVmbvAd:cP6IgT0zbJTuXa5McZd2At7mJ5Muzk

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Click on 'Change' to select default PDF handler.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\[SmartDen@protonmail.com].tNIg7Goc-mYRfB8CC.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	183.84 KB
MD5	1ecb60784fcb21c38dbc2732f70b26b2
SHA1	12fb0e22739f8a27791347a72cff68a6b62926a5
SHA256	b3deda2912bbc54ca44c1dacb969d04322c6e94d0dc74cbe96ffd802a452dae4
SSDeep	3072:8Eq7N4E+47x0xwZODn/TJTHuX2T/5/dGc4uka2AtSyNLMDTJ5MtvVmbvk:8Eq7OE70zbJTuXa5McZd2At7mJ5Muzk

C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].9r5GQUCr-lk1WySBA.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	962637fe048fb4957b7d6f6f0510dc7e
SHA1	5ab7dd82090bb9ab139ba69e1de4acc3178dc364
SHA256	8290b2a37f6ba0cd3f250c7217edd570143e48b0d65bbb20343411c5e93e0979
SSDeep	3072:AP7NWvGzClAPL/XoUKtLLnOpMTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rumj:nQaAzwqpI5G5

C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\resources\Picture2_80.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\UNP\CampaignManager\Campaigns\{91be532c-f9f1-406a-9858-43697c6f437a}\Content1\resources\[SmartDen@protonmail.com].CcKr9Aru-R5IYhWr4.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	143.31 KB
MD5	6d001cdf964eca805ca72aab8de3b6d1
SHA1	d6f3dd59fd6fe3858eede156ea11ae34ca227817
SHA256	e5c86cbea73fbc8a5925752ba6986cb3418f84912681a00d39bdc8b85e9d65e9
SSDeep	3072:oWlEV7fydxGKrDtguu2UokHvWzupURkDe0XETfD0dctVcl:oWe7OHPyuu2Uo039XCKUg

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\combine_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].xHcUprd0-L3prmFYM.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	20.72 KB
MD5	f1f5002cf61ba0646f6ec8769c3edff9
SHA1	4af84048a8870c5d0d6b98fd2c98cc5be59edfb2
SHA256	1f3483fe14e04f8e2da138e9d496d7bd093dcbe35d0f207d0ded4bcb9f9e5b0b
SSDeep	384:HuvvRJlllllllgkw4LKK6HIKpWExEZHTpKmppP3a1/JBrJgeZek2tpAmCfHu:OXSKus+EZzAIpP3paekeAZO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\combine_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].O5Z6pOWo-PzW6ooYG.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	20.72 KB
MD5	6daa9c9c5098a9f185cbce98355e6ac8
SHA1	ff2ece7b3a46e5e2e9914b44c09ea29507a51363
SHA256	88680842ca2db4397ed5e33522d40111f4c6bcd8942dc72a3a1688d9d4761ebd
SSDeep	384:IFu5zbNZpRy7KdL9xAVq0lFlllllllgkw4LKK6HIKpWExEZHTpKmppP3QFxCzSs3:IFgbNZDy7u4bGKus+EZzAIpP3Qj4xLpR

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Welcome.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\[SmartDen@protonmail.com].IPELx94O-lEmLa3pe.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	77.06 KB
MD5	a4a103971c60e4a0cbc8df91a879333e
SHA1	d608cdcfdde06e56782c804dbbf57bcb3b07a4be
SHA256	3fa378e940b0e8a09a2027ece931ca412acd0505b7d59d04e4cd24c71053761c
SSDeep	1536:j+bqvHvHBDGkGIGK7cvQ0VPp/8jsATzV8nrxO:jAaH5Z5/7Ap/D6zKnrx

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Document Cloud for Government.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\[SmartDen@protonmail.com].l0MSXXeW-ERbk3ymX.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	112.15 KB
MD5	6caec18923c9fa50d8a7a39cb9106106
SHA1	77ed2c2e0d1bced9283269b64447b8ae78f8d728
SHA256	4e055b94b6d2ffa42cee7c79cb78502d7da8696a6c4d17d75c008b8912a9c8a8
SSDeep	3072:qSA+Ude/FwtHM8eZDxF58hQwiLurTUrt3fNs:qSA+r/Fwtit382RurYu

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\combine_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].kM1Gr20K-4hG9fiev.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	48.48 KB
MD5	44da10dd85191d5750ef197bda4ffbcc
SHA1	7abde0a6d51b9addf3f6e3b7e72b6b8cbb670b45
SHA256	0444b940c8fd0dc778112b244c16c52d6d58c16ce9966a3e91f3f559b024e3f4
SSDeep	768:JKfo7Gov/XupAGeG5r2fcgO6QFi74C2nYYfoIf8g5syHdB47J+HLOc5xKNRCmeqd:GoteTe1cgOljmYgI7SyHdAwOc5vmq9O

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\protect_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].rT7comiL-hSWXNmtM.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	24.18 KB
MD5	95e3a04bd58528f99b4008f916c04f68
SHA1	320134c82fa657eba481be26ce88979dd9ffa0f1
SHA256	87363e184f5bcf2a033e4105ce11df131bcc9b3a722f034e6e4f1574221e5221
SSDeep	384:HNeQmjLl4xhz/gzyv9oigUgrulKpCRqWgso58n3CoBvzao34bL+sfULQm3CfHu:tN4B4xhjgzg9oP4K0Rxgsp3CAyCQ5O

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\Travelocity.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\sample-files\assets\Sample Files\[SmartDen@protonmail.com].M3nluuKv-fgAXpkWo.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	79.10 KB
MD5	0d708af56afc4a2659caa471854835d3
SHA1	a4fb129baf5216a40be79e72b5ce0ff4b6d0b5b1
SHA256	8ca31aa39ff13679a3fabe2935835613403e81bff764e2a8dbc8b756264a2bd3
SSDeep	1536:MvwcF7iOf0JqzIRMVUMbaclH7GcIsfXd3K3aJLei7MHehuYtXGsUjt1/RcLEYPJO:awAf8q7GM5bG4N6q5edaRg5jjqNPJrg8

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster2x-dark.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].CwFstxNb-zjWfoojI.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	68.97 KB
MD5	dfacd98e12f2071d7f4491cd3d76fc75
SHA1	1ec052b55ed7d327ac7af0654d9b0a216ae41fba
SHA256	c7b7b06f30b3a368bb4e8e67441f52b9d8bd9e72052204aefee24d493d510c75
SSDeep	1536:WkU8FhUDHKPYObRHEdH7Cc58pHy5rHynNaHvXa4v3RYmb444444444444444444F:WkU8FhOKPBedL7DyNmXBvnX2Wd5twwJY

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].dgaJqJML-Ktq7Pbgk.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	28.02 KB
MD5	f91fca35acce765e19e0c0f998da284f
SHA1	6de6d0a753dbfaa51491b8aa7a8b64768755da7a
SHA256	963aa43de1ea3f3c40cedb063329ed8b6968a4da9a6745a84bbb6fd965c280ae
SSDeep	768:5PqJzbzkvr7x5hDM6kQfS53adFrQ8pGhO:JqdbgdjDMW1dYhO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\compare_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].DT3uRw5l-f9GPP0Mo.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	28.02 KB
MD5	ea645f4d3164e3276ca4533fbdf6fadb
SHA1	004c594578e37f51fe6f50cfdd984e3d0423b8d8
SHA256	7674687c6f6939854549b6786b11a630d5f84b02ab28eb3d15944eae2293e8f2
SSDeep	768:3NScBr7x5hDM6kQfS53adFrQ8iVVXzQGvO:9SqdjDMW1dq/3vO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].5WU4kSCK-yPz1R640.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	68.97 KB
MD5	a0c7bdbdab64953283a5f65681305503
SHA1	f58d982d13ae3e60d8e3b87a16f3d67a0760903f
SHA256	3f2c22dbac3128e4d16773e117bfb456d81bffbfc371e1598fd41c6fd3843d27
SSDeep	1536:m6Wfhpql4xLo2aHEdH7Cc58pHy5rHynNaHvXa4v3RYmb4444444444444444444+:8ZQMdL7DyNmXBvnX2Wd5twwJUN

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\compare_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].LFyw4q5K-i54QSDw4.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	80.17 KB
MD5	09363e1d9a8a0a232feff40237850373
SHA1	c5cc3a14e8dc29dbb7acdba758546b2dfd72446d
SHA256	f8dbbe0ac7d885510ed42c3961030b4bd63e0358422d7b3d67e75bd53d26cdba
SSDeep	1536:/BKQv+t8ht6WFQ/DxJyYgQ0D++8hhuM5TA1UaPP24ZZIA6VjOrY200hmO:/c0+t8OWFQ/F8C0D++b40Ua2dA6VOY2K

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\protect_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].aQ4ri2Wf-2XzuRVcN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	24.18 KB
MD5	9a6448166bba911885d674a960464564
SHA1	05fcecf06efa72cec84b23e71282cd30f8b71424
SHA256	7b5157a209d41d07fe0e943dfa9aeaaa8c1f4f923718d6b7dc49a307a6d727fd
SSDeep	384:0B2s8+VNL+fDHPyv9oigUgrulKpCRqWgso58n3C+FYwryfy2CfHu:xoKLPg9oP4K0Rxgsp3CGYwryfyJO

C:\Users\FD1HVy\Pictures\6ZaKO22zBTdl.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\[SmartDen@protonmail.com].XlnQzpzu-2dx8EuLF.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	101.21 KB
MD5	0598872dfda1e580135c0c8279379928
SHA1	d6651d0cd2889dded94cd5f98ea00ca76a3c56e7
SHA256	17ad4b2166503f3478c733e4a8af0da533ba18482106b547ba3993bf5febd134
SSDeep	1536:WPHSygAjVt/heTAmklU+N1L8UFzle3i2DyObn7/YxyC4bMabo7QVzpAnTwc9guyT:7m/gK3NzlVWpbcE5V+MzpAn33mP+

C:\Users\FD1HVy\Pictures\pmrx0XMNlqLx.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\[SmartDen@protonmail.com].8kjUUBlT-ak24SUWe.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	10.26 KB
MD5	ffe8c603732184f1eae38be76034f127
SHA1	225dd8315b413e63503c45abde5ab4f082ec88e4
SHA256	1a8e375095cd1c6ff9e394f5e8a257432d6443c7295470c3d07a55ad8611df7e
SSDeep	192:RZ25EwA4RgYVZGUNHoNCf0ljwGtP0H0E+oJNoFHZdgrtiaro2nzPL2fHux:f25M4aEZGCwCfveP0HphKDdsm2nzPCfa

C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].uDa3mLej-GaneZC0z.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	9fff2e7bfaa7181d1cb94d88056d88e8
SHA1	b434772436c2a00af2ba35b31a0903c318d89caa
SHA256	bb92d888628027d5bff37b4d783102c8897f9df952e52427441ce9602e0b7f90
SSDeep	384:kxrRLGzVYsXu5jyVrlgvnVr+AugeaPJ3GOlu6ICb1xrRLGzVYsbCfHu:k3GzVLNV6Vrxu7a5GObIm3GzVkO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].D8bYLVMu-ve4htQe5.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	28.82 KB
MD5	66fc3dd303941cfec20e0b91ed73822d
SHA1	5b3fa10cef9c046b966c265ec7f8ab87d92813b4
SHA256	e80cb55fda96c087d9cab476640607c5ee95318e76ce2733be0068d568f33652
SSDeep	384:AGvgn4GijoYISAVgBwqnUWsPNzpjblkzGWAOUVdQ7m0HEl+TBuQbdnAtCzqpEArj:AGIn+zYVgijbuzB1Url+TBBbtW3+O

C:\Users\FD1HVy\Pictures\GrlY8zmzECSobnYyDGDm.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\[SmartDen@protonmail.com].qtJAhxFG-2p22NsKr.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	43.94 KB
MD5	b17d9809097e6734fdaed43ba4dad379
SHA1	371343265afdf4fa7cf2bf7f113fb522ac23c901
SHA256	8174eb49169a0baa4fbc711c6e3ef7ba08746f907b877458773937bfd777fee8
SSDeep	768:K/F1yWMDKSHMuuMrCdcMwJ/bSkaPs/lhY3G1mHIEolkvHu9MUC7oIHO:K/FwWSKSHqdYJ/bSq9GPxCkPSMUCDHO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].v5161Rt4-3vFm1D9J.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	30.29 KB
MD5	dd07f841bd22cf63e13f98035440207e
SHA1	0b52368410b39dff9fa3dbbb6bd62db00a2c4e82
SHA256	927e608c1344a0fdc3de6c7389f9db522e44bb7649a28ed984a35c81da6c70d5
SSDeep	768:Lk1h1IAYapqDoCuVu/+++++++++hjF86eBjJYd5LVWz7M3/O:LCYAsMF81VYdvQM3/O

C:\$GetCurrent\SafeOS\GetCurrentRollback.ini

Modified File

Stream

Not Queried

Also Known As	C:\$GetCurrent\SafeOS\[SmartDen@protonmail.com].uj3TFPin-1GKbwdNA.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.54 KB
MD5	0824aa7fa9efbe23b51d4b801491b3d5
SHA1	5232edcd4ff44825a6b47b2d4f0539d0ec72fbdc
SHA256	343e5168e5eb77c094f3977f1536b84f6fa0c2359f202b12ef05b25bd1032c7b
SSDeep	24:DwaQUy8OAljNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHjiF:UaeNA9NmLaPcuB4i+gNiZvuUbHe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\redact_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].4bkBjhIv-ARYU39Fr.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	28.82 KB
MD5	267b381662ccaa85b71d5fd05027c6bf
SHA1	e62e9ead9482ccede412de2a238d9d8abe7d2a9b
SHA256	4c006943841f238e7841f4ad3e833aaf4d4a2e8d365bb889d6d0cfee1ff95c9d
SSDeep	768:iobc/FVgijbuzB1Url+TBBbtW0xaRVfNnKFO:iva1AUs0xabfgO

C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].tqfH4yZI-dwA2kooN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	5084930110b0dce441115f6ff67a5fc6
SHA1	3576592923813dd572a4fe5766dbe71f1ea18e0b
SHA256	6876f31093b93c68d5146dee116ae25587ae5d71f3d8f8462c33243402e2b037
SSDeep	384:DiEBsiRSHSi8ZMfIR2lJu0KLuIQ53GjnP7c+2AziEBsiRSbCfHu:GEBsiYaZ1I06xInP7c+n2EBsiYoO

C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].xRWBwzpF-nIB4sfEe.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	a0bf0932b4012f6994fa5d3de7b07103
SHA1	0c381cd89f7278a894170ecd62b9dba082a50fc0
SHA256	bd20e6a94d461e6429710864938c5fb388e400751c22d5cfd3550bc98135d327
SSDeep	768:Xw9epBLOCLDoNwUVVmzqGlY6NIHw9epBLOiO:XoeptOZwUriqGlMoeptOiO

C:\Logs\Microsoft-Windows-MUI%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].7mZoolJW-J2V9Brsr.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	e10953f9f52bb2c2fa32b72b43e96212
SHA1	b7a60244787fa231cc1ceac44b4ee7aa1f0f3bb7
SHA256	260b25b1c760fe3a29beb73f24f03665597a11a8beb64335aae9202de337f9b0
SSDeep	768:hiYXG2z5vWKuJs27KOHryU59fjnBMTbLiYXG2z5mO:gYWabuJskLDfLB0yYWJO

C:\588bce7c90097ed212\netfx_Extended_x86.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].ZPWdvOMu-Ibmxf9LA.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	485.38 KB
MD5	947f7bf04b412af1264d79133c8a5a27
SHA1	349a5f4908436adfb77825db6fe83377f8d4da31
SHA256	5a067899c0b2af04a6f0f7d6063ef119cd745b1d2c9ba6679e92317e10c27f56
SSDeep	6144:/Zzv76RHfepsrxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0sj:NIHfepsrx1GX6sEsNz7QXcFxZ+VhjEy

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\compare_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].HdhEjxZ3-5k22ROZd.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	80.17 KB
MD5	19b0f7efc9e8c310a3ff6e509253195f
SHA1	52526af3dd1a8dac33c01994e412d21a955863a2
SHA256	b0b77c01ee05e281dd4f56c183747287f41f069c756175e3051803895289e531
SSDeep	1536:LNxnNcWAQ/DxJyYgQ0D++8hhuM5TA1UaPP24ZZIA6VjOrY200JEO:LNxnNRf/F8C0D++b40Ua2dA6VOY207

C:\Logs\Application.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].itho1r4J-TaQiDUhn.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	a209ed3f7377a10d491daa30e416663d
SHA1	4aec5be9b7906ce0f1f6b1c13b5884ba382dbb1b
SHA256	93a545b68d9547c887e3d408811619214b2b6ebbc200b6a28e915d5c6e72712b
SSDeep	768:N4/HA9GYB+55pig60qFsMS79qbIkq6cqiqdqCIXIuqCLIHNI3RP4/HVO:mvc+55px6zSCcouRgvVO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\protect_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].qwO9p50L-1IKj3WUS.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	59.05 KB
MD5	da56103490b2f115eb8f3ee9f6988a3d
SHA1	de64c7aa81f97eefd5174b3731daa52b0ca82d15
SHA256	1ddb5daba776487a66f4a3cf34a54d2da8b273436e8ed9307f1e0a2eed9c3556
SSDeep	1536:+i/aa2rVxfdKzqbl4TFuSW4vI67V/qN05cSoO:hYVxAGbiTFumvX5nS

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].tUjTvN66-EVZ1KKIa.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	31.02 KB
MD5	c5cb8ee88a967537e1ae7730d998cf32
SHA1	1878b8e3bcfbb1de49242bf6c7499d23159cfc73
SHA256	112a3c0a0a1ed32fa1870aca49ddf18cfbd558ab2c0b61dc51b8dffbf8b79df1
SSDeep	768:+C/vboKeaVdIsOl1uiiuZa+LZiVfkCNbJTn8VYAPKjnDHKa8QU10VO:PEKLVesOl1kcjZSlJT3T8B+VO

C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\9YZdyXI1.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\[SmartDen@protonmail.com].Fk114Aza-mnj7Lwyu.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	22.33 KB
MD5	b03371a6b05f8dd6cd03e123be1cf5d8
SHA1	3c9b0e28ee406501caf442f038ae1b6d744252bf
SHA256	f39b6e17d506560c830be11e6e2116e705739047e9ca4f38b635013d1a15b05f
SSDeep	384:5ArjTq5Nhb5w/uRH4jUCUo+nERuYFZjZpnCBZ1WJVxAehrcoonCfHu:5wjTcbK/IYju2RfFZCB7WJAeJV7O

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].PlE4KCU7-jMbyrNTL.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	24.84 KB
MD5	695efad3a566d41f529a2ce8766c62f1
SHA1	ebb3e9e52f12f3095d9750d6f4efaa4354be7b9c
SHA256	868f79db850cb3976ea3690d8bf7ed152811f1764d836b701010aebfc0ddae98
SSDeep	768:HPV087pnSpdO9CRBlXiT4zrFF+2XkAOhO:Ht087JSTkqjY4zxF+2XkAOhO

C:\$GetCurrent\SafeOS\preoobe.cmd

Modified File

Stream

Not Queried

Also Known As	C:\$GetCurrent\SafeOS\[SmartDen@protonmail.com].eejhdCdV-gwZaOMUY.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.46 KB
MD5	e5d040b850a2833431c6cb4ae10515eb
SHA1	eeebf629acec7f170364cd03e7da991db47fd1b7
SHA256	c791a1aa05f84e79b6f2c6e0c7d1fe1c29612979c2ec07cca27ee9b39be10c69
SSDeep	24:8a28OjNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHji:8mQNmLaPcuB4i+gNiZvuUbHe

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\redact_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].pbkueZh5-6BT6R9n3.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.85 KB
MD5	40f639d81083bc156db885acc088fd09
SHA1	3e8f7ef81954a6ecd3e2891fb4ab3bcbacb481e1
SHA256	66606996a4e812aa35a493aee96801b505727eaffd5ed4d80591a8ce9b1faa0c
SSDeep	1536:893oQYQDmjud8sopQcU7HhE8rpwfoCIIIDIII2cQsi9V4+M9vz+fzO:89JYamUoScUT1NCoCIIIDIIIENnAvz+b

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\favicons.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].m3To8Mcj-b7rFzOOP.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	5.00 MB
MD5	e1eb0c8bab1af242d17e65582b0910a1
SHA1	76776c21c97c6cae21b083226f88aecd9783a508
SHA256	943a4f343e4dd7b186cf24792c82fee862cfd0e0a69d8ea4ac7e371c32278d69
SSDeep	3072:j6FPfhKXzemUdJDvvXcBk/REO0lAaue4c92yD36FPfO:jdX2dBB/REOe9ueWyD3R

C:\Users\FD1HVy\AppData\Roaming\kRUtWme.xlsx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].XcNb8Bbc-vf5yM3b5.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	61.79 KB
MD5	6d5f9ddf9fdd27968a3f2a6560958210
SHA1	c05cdc7fb5506477a116c0b4044cecee9e6dbe3f
SHA256	7648ab64072be98c1d6ac9a5ba84dd0580db32fdd7d4ed407369c266c06c0672
SSDeep	1536:WvebXWh0607JiLTJ0E2tLvsmSRqAgVr6/PupLQpDP1Kq9UH+WO:+ebXWhH/LQtzsmscVr4uypDi+W

C:\Users\FD1HVy\AppData\Roaming\7 IWCWCLCExR.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].szGEvw15-CKMPivqT.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	73.96 KB
MD5	444192f71f2a4563caaea7e510192947
SHA1	f7bbeef3b61177d2ab4466cae23cbdc14d7eda8d
SHA256	823d07f7f5dbd29e0162b226026ff2bae91fbcde2b056011e38a61cc31fccee6
SSDeep	1536:wohS9PIxPeUNEHrG6Rvtn5CANNtLbYp/bF9+fQO:XhS9dHrG6R9Zux9T

C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].cRcR5qIl-dUuN2jKo.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	9049612c6b8c45e2602d6ce2f5bb4ab3
SHA1	0ee9768f667d8097ac0af87d1883e0bd1177b068
SHA256	fecd24f8818d5ece82f3c31dab795a84c0357193e3b3b7c19a51403d647777b5
SSDeep	384:+olfpGnf+4rXKZJa+mnQmz6bMCKbJSqHtOLV6/bX/VMGolfpGnf+ZCfHu:/uf+uXKunz6kJSPU/bX/VMHuf+2O

C:\$GetCurrent\SafeOS\PartnerSetupComplete.cmd

Modified File

Stream

Not Queried

Also Known As	C:\$GetCurrent\SafeOS\[SmartDen@protonmail.com].VjPMy8Ri-YLsttuSE.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.95 KB
MD5	aaadd1c3cfc1f9bb2c05059edf550b23
SHA1	2b3409bc53b6a6f40b26d677ca481d9956e4b361
SHA256	67e7fd003593535f16a4b50be306e3fb2d1002b33a1fc52db5f2c460dd5f752f
SSDeep	48:AD+QEP9p4o3FNQSXNmLaPcuB4i+gNiZvuUbHe:0+f0o3XQImL/ufRNumUa

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\edit_pdf_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].8h0PABNE-QvmvRuYD.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	73.73 KB
MD5	e15ad30c4e76e56faab78f31fb4da6e8
SHA1	c9a7e4ddcf8db048926b0c0f8a1a7b3b2057579d
SHA256	5e2e0fb00c98236f5411d9fccd65ffd5f8f64757805f4ca692fdae8ebe134e5a
SSDeep	1536:xhF53M42gvFqbvxiwIzSXJpTihqMz2VthjUVr71cO:xh5kzP+4tzhdKK

C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].NRuWYDbC-Be0lmM3s.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	7dc353a39920ab227ed30c02b4d1225a
SHA1	6ab49cae721f892caf9a2d374eb3b7c98260ea41
SHA256	554af54f16e3574fc8706b3a2b1db481482789535f70617c55d9511bc0eaa5a7
SSDeep	768:F0guXRYqXyUXrxxMsp3E3YwNM5i63e0guXR/O:FbuhYsHN6sxia0buh/O

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\adobe-old-logo.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\images\email\dummy\[SmartDen@protonmail.com].O9S6IJOv-RbxOzF3c.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	36.34 KB
MD5	3541c6695a4ef71e2ab3a38ff7d1ea9c
SHA1	bb0a497f6fe7171a21c77f36bbbe3017cc4857d9
SHA256	0fe9f669ff5986a185ac9f4c0c1ff879185d19ce47dfe322eda3ebff501baf27
SSDeep	768:oxotatwJtsOQOzBHmtiSUhAkt7NRcv6IVpCthoyfue5O:1at6QOzBmtiSUhAk+iRtCyfBO

C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\p4 5z.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\[SmartDen@protonmail.com].FNgBQJ1U-N2GTSYpx.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	99.71 KB
MD5	f87d63f42d853b8c2423bd9730c60ab7
SHA1	dc810163de2af5f5ec384ca73ae9cb5453fd0c55
SHA256	4fba2a9a4604f6b9461fc839270366933f809420262b98fb91c159f7ff3216c6
SSDeep	3072:F/PATeDCYz9y9lQF0KnJXdqKojXAI05YsOMFkR+:F/P3y9lk0GJXdgTApP++

C:\588bce7c90097ed212\RGB9Rast_x86.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].g2jpRlh6-ohJFJaU8.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	93.88 KB
MD5	01782743b22d076503c92c86a8651be2
SHA1	43743b1d999ed30abc04bc1fcbc122c93e22196f
SHA256	b23a0cc6720cf2f89d810a660e56560e1966ffd325967ef01d9f9880ad27d7d1
SSDeep	1536:udHGHyKKZJAM41picgCjX3QAoHwDHL0fWi0lrmsIjyG9heHApNR3YHaeAKMoG8nP:aHGH8JAZbdgC73Q5H0Un0li+G9AsxaML

C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].IVPPgvr6-Wz9zFFHb.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	40980ebb91b52a422585180f3e079c28
SHA1	34a577f16fa07bd156670263c7358ffc8b34555d
SHA256	a658a5602cf80fdf84617c9712b8dbc24afc38e33b9176d0d9863e789da73328
SSDeep	384:NLSYiHd+OfW0LgxLRoWBJNuEnU7/UfM9wz5+0aReLSYiH9CfHu:RRiHd5fWPRo4JgLzUf4wNayRiHiO

C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].0l5nNaD1-J6pSWUSj.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	7d0ca87f7952ad60413f57ca75cee2af
SHA1	a2bd85d58732984ce164955ce1615a2c0d444785
SHA256	bc37b3ef341af9a17e07ca2c2501a375a2e29861fda6aa1fee14447884e3abf2
SSDeep	384:amOH0neL5t6e5cufWqZp6strQsm3MjaoIimmOH0neL5t6eACfHu:aEcY06+1kMjXIlEWO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\scan_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].umnEeAg5-XsXlRaFR.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	83.86 KB
MD5	e7069cc410f996730501b7dec49c12ac
SHA1	4a9036d2cfca3f6b77d7ec11f8a1cc30356afad2
SHA256	0fd493a5dab167d2e785bf1b14e9a421cf4aa745d8c32aa36719832664903213
SSDeep	1536:M8wMIbg9f5Q7nE4IVRppppudICBTOnQLfV5ZhEwDsR4444W8Rxu+Amj8QSVO:MNg9f5Q7sIxOufV7hB8RxukSV

C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\ftH86.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\[SmartDen@protonmail.com].ABRxu2eP-ysVAgEme.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	85.60 KB
MD5	2d45017ce62f73e993df698df3e06610
SHA1	33be411f074948c80e4bf502cbf840ee94ba924a
SHA256	e9e921cc0d93a50faf407eb1d64dcfa28597fbf7f4ca00214a914e45bd44ef8a
SSDeep	1536:+sOVQEJeDHspNtTvmAHGrHLxMKw6pAzwpHbkydi0M16IUKrRBlFACcY2XZO:+sOVTj7ZvmAmrrlxOwpHbkYi0E/UwRBU

C:\588bce7c90097ed212\RGB9RAST_x64.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].BVE6TkV2-3aKUGX1I.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	181.88 KB
MD5	9e0607cd0130e0c34581f54aeb10bbc8
SHA1	3de834a9286e8b9a740b60d2a179b4ba969b4055
SHA256	7ab36e8a8e6dd5cad6ccdada49e1276fe2dca6a188633cb89edd9fe0eed1ad75
SSDeep	3072:UkPyDJ/UQ5H0Un0li+G9A7Kve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXpWf:taDJ/U8l1A7Km3Hg5CzizuE99gVEqiBb

C:\588bce7c90097ed212\DHtmlHeader.html

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].T7KZu8PH-J5dIjDM2.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.12 KB
MD5	f5af0765f421fa2ecf95cbfe4b129ab5
SHA1	489d58e3f7bbc1f399bf894e4e90e5f5bd4e070c
SHA256	0c0a15e7ab9227860fb9a58f53cf02df693d2add14a369f533bb820c245974a4
SSDeep	384:75TAfdUTfP253qFUFJFEWUxFzMG5zai9D3zPjRDSvgvCfHuc:754WfP2QFUFJFEWUxFzH5z33PoxOc

C:\$GetCurrent\SafeOS\SetupComplete.cmd

Modified File

Stream

Not Queried

Also Known As	C:\$GetCurrent\SafeOS\[SmartDen@protonmail.com].4VhI1i3s-G78vowY1.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.68 KB
MD5	5d83c5f93c8f7f47af65bb2da5de6706
SHA1	a171bdc150e5d47e47f4aa2ad4f078fc89779fc5
SHA256	97f7ebf92ae0afd8b89f4cca5b32d9b4c9a620b15d46cf4361d523e087cd2f92
SSDeep	24:Z7k7MTRH4IgK6g8ijNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5J:ZgwN2K6g8ENmLaPcuB4i+gNiZvuUbHe

C:\Logs\Internet Explorer.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].CkSOVTJZ-4HXpl7rA.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	20aaa26970f903bfc8e49787596fe449
SHA1	9b1ab9bdd62c5e67770f2609bf29cd8330a1e439
SHA256	b6086d07920cf0ce29ffd338f37c070b5844c2638fe754a8c97442f7c71e7729
SSDeep	768:IAqyvpSKP7cIUDbjiydzNlXz+mAqyvpIO:IAbvp37cI2CydZJAbvpIO

C:\Logs\System.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].ptMs1nsw-dN7yvQex.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.07 MB
MD5	68170fe48b02afe0eb6480f18d98b006
SHA1	d4a92eb1eeb9875a7e6da7d495f6948cb4959e58
SHA256	2884cd4cb3483d288352199adbf700a91a746214bed55d6e3759116b86fe0283
SSDeep	1536:hLPGp+qZfP/aIXo5NajuNK/FoBvq/hg160XpuHsj1Jye8aisiVbyLPEO:hLEaIY7WBFoR6g16S8sJy1UrLc

C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].bjeixIUG-utEYNO24.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	2e3eedbc3936a2a2f8215552271482f2
SHA1	673af96620338ae0ec2fa29f5939b71028554495
SHA256	a3c73a8618049afcee981ffcf89ce35c623e1dfe9eb05f7f4ffde0e2e4dec67c
SSDeep	768:IdgEC+8O9dGQ1ewjAixP6eI/IFjRdgEC+8OeUO:6RKQ1ewEixS9YRFO

C:\Logs\HardwareEvents.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].DQiocqyk-gJdbalI9.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	67723d2334145bb324499babb075b6e1
SHA1	f5b33912ec3b37058eef97c2efffe459aebc64a3
SHA256	2dd4e168ae0318138a36df59bd866c2da0be0a0ab5ddc2f44da37c156045da2a
SSDeep	384:GJfcFkWyWOM/u3LlFfqTb9ldDubz9Pgjqyz5QY8jhuQfcpHDBCJfcFklCfHu:SfcFkWZG3xFfqvdsX05QXc2fcFkKO

C:\588bce7c90097ed212\SetupUi.xsd

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].agMeH8tF-fqZaB0mb.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	30.80 KB
MD5	0fdc72e80b2d5ae28a7b97317842d00c
SHA1	fb6f4b3b71fd2c9902961630d00b4384d9dabda6
SHA256	747aaed0f54537c712f100d49b845a1b6c85630782f404fcf0c125fee4171bb1
SSDeep	384:3r9Ytm1VzVvIe3CpJoXXETy26hKaQUwPh7u7l7P7A70mW717u7WiW4WmPH88G2+4:7UKVzGe/ET/chT+cxcW8G2PMlHvyrSO

C:\Users\FD1HVy\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\Built-In Building Blocks.dotx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Microsoft\Document Building Blocks\1033\16\[SmartDen@protonmail.com].WXUWZwfs-WaC9ryob.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	3.54 MB
MD5	e5de45f79d60e472e65ffa8a72d0b08b
SHA1	ac6f324c2596c37e618b208e0c6e4b017fb10ea0
SHA256	70b35a7e30215c03432800004359bb167f8f9862308a8c6fada20f1f4139c071
SSDeep	98304:29UR9Na7kNEeEukdHe3mBQlqZ7kNEeEukdHe3mBQlqgNsf8P854annqjGaGahP:2iK7kHbkdHe3p+7kHbkdHe3pDsEPuDnI

C:\588bce7c90097ed212\Setup.exe

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].3IGhLaeE-jxR9pjhi.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	77.70 KB
MD5	5067631271e37938c8ab9ef8f3587cd9
SHA1	a08f504704e36bf90ef6510b5f132a3a47e28e8e
SHA256	25a277ffd7e36e64071445f021864b42bc73383ae3ce80b15316640f09abf76e
SSDeep	1536:IA+bPxqeEQWiiESc0exWZnqxMQP8ZOs0JdO:cbPAeEQWTZctc/gBz

C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].WzZBA6Qr-L5bvkM4J.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	b80a36d20fce824fd40d2dfc705fa050
SHA1	900fde4f3f4abb1188ba634ae6ee4d889374de8b
SHA256	f2bca8ffc46356befc79843fb3811c9daabbaaf40a9dd8e8659f21ad4f2e36e3
SSDeep	768:bvgWoYdI6US5mxmru43f1tqbUXCn5evgWoYdI6USXO:wV6US5mUrB1tqbkaV6USXO

C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].W3cVW1qk-LGzS7qKv.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	04a488a2ad3af0be88bd74a9264760c7
SHA1	8b89f1fa2ce32fbf934eaee68928524d75ea4c48
SHA256	210e4b6034fcbd9181c9b85ab2e7a18be07fe21634ed8a2e053d87d5e3627f16
SSDeep	384:mkVVO3uqJvKQdpq2tspMa2aWiHZXEGbYQUW4SLaDaRFHpVSueADUlKXzP2kVVO3p:mkVVWXzi7/XxbfFaciEH+kVVWXziTO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\Dynamic.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\[SmartDen@protonmail.com].6k2yJkr1-rd3nWzHT.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	57.26 KB
MD5	c9b66295084efcbf782a52a512c3eb4b
SHA1	a2794c45fb667b2fbd01af12094db8465f1d088a
SHA256	952b3458a4dbdb2b8ed2f7e36ba421245ea2f74d5dbc1b499291bb0d0c378955
SSDeep	1536:TImAAyNpHevPvAnK3Vvl8RwyoSTx092EvYO:TIB9enInK78ey

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\GRAD8.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\[SmartDen@protonmail.com].un6XoLPF-spnMCKHq.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	62.90 KB
MD5	589754aa0fff2fce5e4238c9a419ef22
SHA1	496720351fe382ec02a3c8658073c16948cad5a5
SHA256	40eb5d52f2784caab7723030f97e21718dea9115495c00bb77cd3574538a5fa0
SSDeep	1536:3Ruk0YXXQETk5j4u4E3d5FrUrk0jcoZPX9DMxDgO:rgWkmu4QdcRcQXdMa

C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].bQN395iy-PZTifiQW.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	dbf6b0b7e08578e56ac25069e3db4e72
SHA1	c5eb37cf13e998fbd919f4eabc34e176d7830eff
SHA256	a3660de2c5ea102294eee431bb556c68c24a18a4f790c8fbcfb422bb705443ae
SSDeep	768:PL2wN3Sa/of6XZj+sOSr0nE8tHt8kATKyKHL2wN3SanO:PL2w1gQ1+sOSonpYkATKyKHL2w1nO

C:\Program Files\Java\jre1.8.0_144\bin\jjs.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].WSFY370N-yvjRnSCo.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	16.95 KB
MD5	0ec3ae40b59e3b4ebeedebe46e6fd4b1
SHA1	9aed1b63f9e74e687bef8d9252f85deb85e82df0
SHA256	400041467d34caafa572fcab0bdbc2e3fdb9c6e8f257881eadf30cafe0b0310e
SSDeep	384:M09esqzWGmXaVwDgKN2zeex6nYPFGj9PJCfHu:bDBkye42iRGO

C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].jHBDIGPn-dlxMsbBU.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	c6cc70d5f48e548270d45358dfcb3c93
SHA1	2245bb42bfc03151b5f8b21b62c3a6c0ec905958
SHA256	07eeb4ddce701acb4886aedaf7476f4a29936d629977f9b8723c39f5d0ce1a22
SSDeep	768:+XuGJRLW9f01HEqVZ5O+yWl5J6xkl5aAyarJXuGJRLW9f01HEBO:+eCOkYBAJ6ybaAyKeCOkOO

C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].oZijw1c1-plaaVYbk.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	8a0285298c2474f1da97d25a8c19b511
SHA1	1dc223f1b1cad564dda8a58e9ef256b9af1b12e6
SHA256	eb24cc8fcf6f22d9acd598a431a43827112ae10e982372e1152fa520b6673c2a
SSDeep	384:EjHis2ZvoL5tS37PZSwJuloFmB4dKqnfQH/rfbgNZIjHilCfHu:EGTQL5UDZSdB4HfQH/zbgNZIGKO

C:\Logs\Key Management Service.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].iUKDZj8w-t1pPMfO8.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	61a2f6897d93ef7a7fec0d0d258b3963
SHA1	15fb7237c393dfee7618bb19d968f0e0fe0a1c1f
SHA256	c692fa5edea5837de2eea9f032c5611b8067b3d68a4bb5d46588285a4bd50d61
SSDeep	768:5/pjJyyyBfvpJKNKpE7uLc1GRAefNNI793AyTwqpjJyyyBfvnO:5h9yNXpJWIL0Grw93AyTw49yNXnO

C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].0Z9a13k5-ZBUHZnIA.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	81bdf5b4746457ad2592dd33bfd80b88
SHA1	c15d48e21fbd616d5b04d8da4ea75fec35b1fd29
SHA256	f3aabff165a1d3b4615d9f01213725a3da5c8922b97bc3e7d5f661714799af88
SSDeep	384:oO66Yc18IEFaw+uaejoa5hGINNuptiAWMUTKVc/O66Yc181CfHu:3zYc18L1+cjNTGOcpQ6ZzYc186O

C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].ZxJ9YrH7-UvmIfOGN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	66286a9e097ab33e82175e51f8a28c6d
SHA1	498df27f0cdb81f00c0049b9b2dacdcc5b39dd01
SHA256	2d17c377e76d6eab268b54684b08bb283eff6ad68478540c076a08191e23c9a1
SSDeep	384:Oo20kCTJ4i1Y/0uhfbl3WCXBHWKwEXNF85cc6u6YhTG6So20kCTJ4i1FCfHuh:OowCug1EfZGCX5ewPc6xYBoowCugqOh

C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].shbL9kqW-PNiq0ThY.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	60ec8d43657adea9a5c01ed636985583
SHA1	447987dcc6ffa689d1d2300c1cc51c580dbc9f85
SHA256	165abde3da443cc5ac7e47e8aa80479f51ab229b92dc82abc5ce24cafc2de915
SSDeep	768:OtzwsCXCtSMNuhrIK2TZjqDjLsA4MVDtEO:Czw1S0hrB2TsxEO

C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].nKRRLJ4O-ehYRnVvV.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.07 MB
MD5	dddf3f2e429f0a8488c93cb64344fb9c
SHA1	3c68bcceb8202d9b8ff9a113c8534cc55318ce72
SHA256	1f7f815d4700b387e1d1c5f8c4c0c8dad8ae211a8bed54e727e921782d67c065
SSDeep	3072:J81fRORZFH31ZBlSC4cJpYBxvUa0yivBDSf/zHmC81R:J81f6dEC1gfvU5ezHmC81R

C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].FJ9lDP3g-mQp5L9wu.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	0c90bf087da6f38db12ff255c4c88f98
SHA1	91995627b17e5655b70879deed8fefda66561b9b
SHA256	82967d36389a42ab50f8e38ab5bc00ab031a0d2c1f477bfcd01922d44603ea1b
SSDeep	768:nMr0B6+bbYs5n+IeXYOMDcT4r0B6+bbhO:nMYxYe+IeXfMDO4YxhO

C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].rwBW2PEc-HDBnMiM3.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	fec7dda1437589b3f6d2a4df8e3230f1
SHA1	adcb9baf082ebdfc59ea27c8f8ea026260b3d615
SHA256	57651f95e37d56ed6c6fefd96077200fca1003f4cfd7a519c0cef5093cd5d043
SSDeep	768:3y/oNW/YEQfygZYLkRydrDhP43/y/oNWbO:rcYtfymSd943zuO

C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].OUc1BSg1-PFLhvjyv.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	2.73 KB
MD5	829f29353566b95f18fe339879ab3227
SHA1	338cba0873009cd2e24e9599d3d3e25490869db3
SHA256	da3408b3fa08c5c4d12eb82002e39ee16f535161aa9b685d633db7f9a7b43696
SSDeep	48:tP/3jQDCda2nlRPaEqQmS7Vx3iVoOCdhRXNnoVA9NmLaPcuB4i+gNiZvuUbHe2:VvjQDCd1lRPaEqQmS33AiNxmL/ufRNuS

C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].xf8ZNlVy-I0Htft5Z.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	33c6be40598023636f306dffb8e66e74
SHA1	4e85caedc722e5023d53560c26533d7be5eff98d
SHA256	d81dd5150f5d7e89747818e817495e26e4226e5ee566fd68bd120382488c83fc
SSDeep	384:ft0/jk5XaceudL0P1KpxUM32DyYiF0CK9z5P8KHW/55U0/jk5XacekCfHu:ft0/o5XMudLvpqxuK7EKHsU0/o5XMfO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\scan_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].dwLeTKpe-AOrwRaR2.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	83.86 KB
MD5	9057d7120d335d14ae8aed0255dee3aa
SHA1	68f227fe8b5520e375e279709cb297d2b5f898c3
SHA256	ab8e1a912075e1eab370e25e63312ec360e16fd4270fb61ee15e073767bdef1e
SSDeep	1536:QJQ7JGjxOv1+4IVRppppudICBTOnQLfV5ZhEwDsR4444W8Rxu+Amj8QA2tkHO:Q2WU1KIxOufV7hB8RxukAuy

C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].oaHKSHXo-n2BoOuBL.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	4d9d2fa332ad3ac796a0168898cbf8aa
SHA1	67da0ad85ab91ecfa01615cb3b4c7ee70a654dca
SHA256	81f748c221bf0095aa5723831b6d3cc2725855c6f4b0e0d54ec8ca7609a1b200
SSDeep	384:VDTv/nUIJScJPzRJv6kQAuNXCBWRyDT6CfHu:VDzvUQJvpNuNoDZO

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].hg6Il1TV-xq3msfA4.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.18 KB
MD5	60f75e5a27b15db9bc29f6355d6a9bb8
SHA1	81d260c09f63d7592ca07de896359aaee5a55f02
SHA256	0536065b4302da7cb7b90250a2fbff56a3a203af99845228731f672b60126715
SSDeep	96:WPl/uctnke6L0BRPRc6EbHEF3WN0B7RvpmL/ufRNumUa:EuRjLEpzEbHEF/7xQL2fHu

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].Oh6BRdGk-cGyYRkRb.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	5.05 KB
MD5	a467b9e2dbcdf0d2d2966f3a7bbab3de
SHA1	b624326343be78779c247b728d20f412a2fdb6ef
SHA256	ce45524cb14246b2ff5cd3700eaf9f8cf2360b76fec163200b74708da5a1e3f1
SSDeep	96:2LKdaOTvxNsaLVVbmL4y6mxT70+z16L6ewelhmL/ufRNumUaq:24aODxNsCVVQFrh0+YLtVYL2fHu

C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].3wTT2NDK-8B4aQtW2.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	b6983df0d4b7e6c5c87340652b4eea07
SHA1	aaca5c80533422c0277297173235dc2d25a9691f
SHA256	dcc9d23684a4e40fdf65cc3cd1b3dff01393fb43e8c204b3a78de2ed0fff4202
SSDeep	384:fe/tE2rqAQIf8NTwsxjwAW/Td0xfB88vodmM5kYIBe/tE2rqAQI8CfHu:fYtRX8Nxx0/50j5Q5QBYtRvO

C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].uQ2f8nBT-Bum1Bnxv.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	df0d6c0f5a8ea6fee23b6cef9b4efe65
SHA1	bcd4c764263637032f9495549b43c06187d88fa4
SHA256	d00deef68bc21e0058b0c5181f6a14517ebe8adb3da575548ab15fb7a70019cc
SSDeep	384:V+1a1Cs3A9M8RbKqmjFoIwJ8lfqRwlWyEI4exPFNsoytLKBcfy+1a1Cs3A9+CfHn:ELWO2q+LThJNMLuWLHOm

C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].ppXDlNEs-mJlupcCw.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	161135891787935395726f577a666100
SHA1	4fceff381f33221fbe150c5def32b12476759695
SHA256	653c367d053ca4fb9b8d77d0a779d6bb639cbe261ad0f9eb7ff2fb53d249e07c
SSDeep	384:+0OrI/T6BJbW/h50oXyS67UcpvVh+uHFb90beWAezNCJ1Xv0OrI/T6GCfHu:8XAFTOUcVVEYFb9ueJr5O

C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].2jVtjlzQ-uhzO17uv.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	a2d0d54087355a24905256e4e9e324b7
SHA1	3f791166a929edd91f19e1fc7158e8be25880912
SHA256	5959463cf924bd0418bf0555430942e0e6c36e419be48056a15f07d7455c754f
SSDeep	384:LzYG/2WEgwZdXDz4CS1C9z1xWkiU+3zeKMWPHEqzYG/2WEgwZdXlCfHu:YGAgOJ0C7xBiU+3SKgGAgOQO

C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\[SmartDen@protonmail.com].uFa0gP1X-fY9K8lOB.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	44.86 KB
MD5	fc6b3dabf35076e8b2baeecfbe81505a
SHA1	5b80b678e624ae5837bbf68656e1ef72206a3037
SHA256	8662ce74b5d21a2d0cd529edf057261fc1d772a4e60719f9f9557b2614860ba2
SSDeep	768:hrxO3x8LvVqPVGXpVfZHHSqs/rLA5tkZQnWn109Rqd4jVzIO:hrxO32VJTtvsfAMQnWn10PqCVMO

C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].AnYogu60-Jz3Ho91A.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	754966d0b72927ac6825f458d9a7f58a
SHA1	acbaf40912a2b5c276f147a20e9e8b3c16df1eb2
SHA256	93b12ddf665e1887d2ed2cbe4b119cf97e659dff6791ecb09a0389b701464785
SSDeep	1536:pLKqnioD8gH71NPQtoj4X5wNC7/62X7QP8oufRVzxBnhu+/hGLxLiv8LKKO:pLKqni+qNpwNCj62cczbcHLKK

C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].pR1Uw03N-OiiTyIFL.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	ef78e2dcf4a34dadb940c2ad2a228a97
SHA1	6c3ea75da49ab283870061566b7aea23dfbb6517
SHA256	afd738e16ffebd6a724794ed256cfd7c0ad2c4ce30ee6fd85d620027f8c7ee32
SSDeep	384:iogWwZVFsLSl/UjqdIYGuUTUwPzvDCjo4BOmMyQ/jz4Q4EdxWBogWwZVFsLSqCfO:i/PQEUj/YtUxbbsowMFn4ZhB/PQUO

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\organize_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].M5QBiThP-V9lPDy4s.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	68.97 KB
MD5	8985830a926dd9d04736b4c375ad9a8d
SHA1	ab161722b15aa5948889ccc7632ce0a240a4c76d
SHA256	ae6b73afe9bcbcebcae3df5fc846a2be4e3ac0aeb1e1184ec01cd92209c61cac
SSDeep	1536:IvNnDE1HLyWiyHEdH7Cc58pHy5rHynNaHvXa4v3RYmb44444444444444444444+:anO+xdL7DyNmXBvnX2Wd5twwJUYzz

C:\Users\FD1HVy\AppData\Roaming\YP-X.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].3pQlIEi3-X9BSB7HB.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	43.04 KB
MD5	88f93e45ec134d06aaae4416dbc42f4a
SHA1	e207b4b28242a1714a15b1106f790f2fddec2bd9
SHA256	383725b20667e266378d4a68c0ea1840f9bd52cafdb649606cf8ea1260b2b181
SSDeep	768:keqPw0yaP3wKcWb6rSrJWrTj+9jlDs6rbmyUK0gai4tsHoyoltwnG8IuHpO:KI0yaPbHb62MPjyxw63mxE4tbnl4G8Il

C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\PWEP9ZZOb dHlAYjsy\p2O0.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\PWEP9ZZOb dHlAYjsy\[SmartDen@protonmail.com].brN0BkK9-qVg9kUpX.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	44.89 KB
MD5	98fa09f2b71eccd1b41d2310753b2e3d
SHA1	b6446d5ead27653487c88dc7912a6435e3ac6e54
SHA256	c195ef56ae40a5ddd5bea555d095afb80d6c22eb8904ae32be2795acdfd524a8
SSDeep	768:dpOfdZ3iyEQ8KdoSdBaBvMtEyKqoo5ghfUZUAi4WKFvtlCY3KDuTMONnF3zzm3RO:dpQb3iF+do4t16fUZZWKFzlxM0zzOR4Z

C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].P4P21pPX-qI8HjfxN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	01d8772b5bbb1c1c895a88bf692eda9d
SHA1	6449c36af467d597c987fb86cb1c4f2da48a541d
SHA256	35e4322ae908eaac9c9d64390890d3c9f4387ea1cac450cde83740257b98d02f
SSDeep	768:2DwnSJTsch947PYbrhxuDisFijwnSJTsch9DO:nsF98UvmnsF9DO

C:\Logs\Microsoft-Windows-International%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].MnuBL0gS-apTXyrFR.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	1ea6b30e75e4c8fab1e007556815277e
SHA1	4e35e92b9c484443ca6dbb441ecc8d1298a56e94
SHA256	2ff26b8a108d966c23cd99ac564e83d13faecf7303c5751c99ed09a7e4c28fb8
SSDeep	768:N0mvYw/xnO7PmUPCaVe5CdNf0mvYw/LO:Nf/s7PPJe5Cff/LO

C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].S7KTlDgU-OPPYxOpN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	534d35a5978e687fc0715ad9051976fa
SHA1	8618fa0d9927ba5a683805110dfb270bd6bc0dfe
SHA256	bccb9291cd359bf37184e77a433a58bd02e8fce5339d3b80283ddeb000ad7f35
SSDeep	384:xXQOd+tFzeSDLhFrO714CtIH5yEVhWXGmMCOmJeMTXQOd+tFzeSD9CfHuS:xXJ+tICNFi714CiH5ykNsTXJ+tICiO

C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].MqrIOwvv-E2HDwuvC.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	e038126234aa008474c485a97a8b0f7e
SHA1	79af6d82f8a46a7728b5f0dbfe350603f1fc3f37
SHA256	18a851660a7d2d594ebcd672a97a16cdacb0128646ed5fbb866dfd19e8b97ecf
SSDeep	384:QmFrqbeMCiH200WMa0Nxl8FiGLMWdQFz1+yF4mFrqbnCfHu:QmFS6TKiXWogc4mFTO

C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].9ZXCaKcH-dc4MQbQ7.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	5.22 KB
MD5	762b7533da186ea92f00422a7f30f17a
SHA1	e73d6475ffb4817cfe0ea64d577c874fb9e9df63
SHA256	7558be64b644058350f7d3ad8e2797fe324472408941f1864a4986448e4fd247
SSDeep	96:s7psZiJonS8rCnbYDIkV/LkHmBeF7rDr3l2FS+pYOKLDpmL/ufRNumUa:OkkoS8rybYbkHm8ZPoLYTcL2fHu

C:\Logs\Microsoft-Windows-Known Folders API Service.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].bG7bkZXK-AwuqxogC.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	79ea495c2f0de6c9c3a4b2dd4b726441
SHA1	d1784f17e7d605679a8b9d9ee77d4fadec3228a5
SHA256	a7baebd438cfbdd4ba2f6fb0c380b6ebd2a0f356479e7eacd8d81c4690ea70dc
SSDeep	768:tugcfqNBbnXcQ38PyX5f4TI2aEpugcf+O:tRcfqNBbXcQMP2kIGRcf+O

C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].5lYLDUVC-NDk65IH2.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	95d4edf0b031345d06a35c4c53cd7469
SHA1	e5bf83a6b529d9c4446b380bfc0a7082c892137f
SHA256	e64381462ed5470f691995c8dc0668af5bc1215ddc3a663f0f4e7648fb880a6f
SSDeep	768:NzJkHoB0F/0Sux79KEv3Nwk0RYSzJkHoB0FeO:Nzr9n9VfSzrfO

C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].wRl1cbdj-ixPBBXWC.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	05c71ac2f28bbd4975b0f82b1accc30d
SHA1	0108f0a0ece6599de2551e5d5a607f6a2fdf9f22
SHA256	4cca073d93a5898796715330789765de72e0fa02243c9d8ab39a61aa3ba61b3c
SSDeep	3072:RddcCwss5jipbJLsnlRlgJlXhpSlSpBLaB2qdd:RICjSGpFgmkd

C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].GnYRPmPz-p2ZWIe1I.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	103e6e8a03d58679fa02fcab70c8907b
SHA1	4916829a30ad2151bc5581dd7eab890e1ecd1281
SHA256	a8d8cd7407b5caacb1a401d5a9a047ea36036a8e8d4bedc50645f633ee57f7bb
SSDeep	384:WDHfN6RjvnZ1eGpj6fiaImrBVT7aFbWcahnMZa5Ka5ba5Da59a5ua5gJa56a5kaI:M/8v7eGpGqaB1VTmbW5QRk/8rO

C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].7KKTE7ji-T1db20yG.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	079087a6123d4730961827763865b2aa
SHA1	e4a3556c726abb49c2b12c6e78dee1824253b9b2
SHA256	15853668e1c114d4b865e4b801b3f9058fdfce012216f7bb7836d049fbe4d020
SSDeep	384:3FFAnmxwH7Y373n22cKavgi2kK5KiQ1WcAi9W7NfOEqFFAnmxwH7XCfHu:3F++wb67m2cJ4iRBiQcH2yyF++wbcO

C:\Program Files\Java\jre1.8.0_144\bin\orbd.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].Rc00jNLu-OVNfYoeo.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.45 KB
MD5	7a26a2992f5d1499d4e4bce5b54a0f5d
SHA1	61aa7955fe1e68b839e0889845f6e94bedaf9bca
SHA256	e5f30e4a9ff65d52f3f2c9f24c793cbb84f7b07161ff167149e0bf59b3064ce2
SSDeep	384:yV7ygRGOuhsfU7cDKKNUheeKinYP3N+FUykWqNQ547CfHu:yxuVr0n6IeRY8Uyxq2pO

C:\Program Files\Java\jre1.8.0_144\bin\java-rmi.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].l3cx8zGi-mDNlUzkN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	16.95 KB
MD5	a13625759ce689175ef3597ec1efd6b5
SHA1	74cf47bacd77d2e7fb1d990fc30afd749eaac2de
SHA256	a18450e0f94cb7cc89c4da065a622a020a2759b033624d6ad5e1e9d265e957c1
SSDeep	384:WCyns0wIKNJ1zeeEenYPXR/77b/gpjy/fqCfHu:Wps0s31yeL2R/7nt/tO

C:\Program Files\Java\jre1.8.0_144\bin\klist.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].VlVMO5cE-oEiKmh9u.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.45 KB
MD5	058ad54998898321bbf4aa910f153d14
SHA1	1966ada8ce492d8645e81d7b7e23c3ffa8f1b7eb
SHA256	e1e29053935b28fa85e341b5ab17a3c3256c0177d7ebdb5c2363195d1148f770
SSDeep	384:j79Mge9m2Y9KNV1eeVVnYP6GMBdg7Vsy1XnCfHu:jmpXEeHddCVT1cO

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\tmPhlv28.xls

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\irP-_lJVXPj FWZ6iyYJ\Z_PSSxHcDpT\[SmartDen@protonmail.com].TmAraU5b-L9dVPBJg.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	11.90 KB
MD5	786d171f5be136bded3ca2d93bb0b125
SHA1	156dc2cb5394c7b93b83dc5df44cd6387f693519
SHA256	e29625b94a67de371479d92b855715c0223a3dcc26001af22def1ab99b0d8ee9
SSDeep	192:VoIFEZx5+PZSJmgB22vLibCY1TiNIV1I8ZRDEYn7khIwrpyvKg9jL2fHu:2IFIIPomw1vLSCY59RDEYnYhIKovRjC2

C:\588bce7c90097ed212\netfx_Core_x86.msi

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].LUUyCtHB-9dsN3xuK.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.11 MB
MD5	641598c676acec513aa9449c3f2901d8
SHA1	d2bc6145944f007b0c82cf9e4b1f68042dc6f962
SHA256	9616402468310b24ce8c7ddc87b92d0c4907d8513fda41157ae6cdf1485cb375
SSDeep	24576:BUE16szx1u6dsNbQXcUwabPx9bswH/fd6px:DhzxI6d+QXcWDsK1

C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].7xJarNFy-Ovu1LwL6.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	c8d559beb4f74b9d7fbb7ff18f4b0493
SHA1	3773a54638035da621e1f376136267ec299a53a8
SHA256	2285db43ccbed65b23e8d6e2819af14e9df69866c901b46a11841298c1aef1e7
SSDeep	384:9LXELlOfa8i44xOWD14aLQwC1Jm3j8uL8Hs1QLq3XELlOfa8i4kCfHu:Nc0faU4x/4a0wLz8uL8HeQQc0faUfO

C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].SQwoFiwL-vutG2jx4.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	2f12bb30a9ed6b23481b446366d470f3
SHA1	8054285a070f408cfda57780852d3ec4859a5bb2
SHA256	75485160e825be706e834e534dc443052822421c14d63ca199dd1c1787c279f8
SSDeep	384:lWGpm7ng5l+fHFATx4IPoAb2NGtKDzpVbeN29MWGpm7ng5l+8CfHu:IG6ngO/gx4IQ6xKvpheNAG6ngO3O

C:\Program Files\Java\jre1.8.0_144\bin\unpack200.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].pwRHnOkx-x92qt7x7.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	193.95 KB
MD5	280f6dae09813103ca689af30a9a1e25
SHA1	25da8882cb9d8506a85155b54fb95ef32154f74e
SHA256	df738b4557ad06aea66a9bfeba70819776759387be3d05f3557d5b100a7d73d4
SSDeep	6144:4gfsZLEP63cZHP4oKy1TBcfy/NTwphml:4OsZLES318T+fy/NTwpol

C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].hmgmIRmh-r0EDAz4h.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.44 KB
MD5	127e9bb840aeb77edc8e64852aa4d461
SHA1	ff4f9607951143953303aa06dbeed45cb48773ee
SHA256	9ce895ef058bf3929f23bafe1f570954b9129934b176c47453f10190eaa26367
SSDeep	24:Ee6BmcjNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHji:qBm6NmLaPcuB4i+gNiZvuUbHe

C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.access

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\management\[SmartDen@protonmail.com].mqjzjKYI-mnf4YfvU.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	5.29 KB
MD5	c81217bf8ab97284435e2c734f07fdf7
SHA1	69bc989deb005c432cc727f9c64204eeb7b80d2d
SHA256	33a7dc54534d0da44ade71efde7bb5dbde21e3f31508412c9caa58a8f124d258
SSDeep	96:hDN3TfvgXc3HlS2O2yLZSfxi8JSmjAPj+mL/ufRNumUal:h9AglS2L6c3UP/L2fHu

C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].VmxOySpU-caWWSOSg.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	b9350baae18cb8cedbb7fedc18f09173
SHA1	a79edbb603d4ae702d5f790ff0439e158ca38331
SHA256	e1ca5efe96cc4130e98327c32e989e36caf659eb57e1dc4f0a987971ee2baa8d
SSDeep	1536:RpVvVqXAcRJGdjGJh14L+FSTyJsQNpgO:trdahi6FPJsZ

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\ENUtxt.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\[SmartDen@protonmail.com].sgXv0uf2-yxZfvYQf.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	8.79 KB
MD5	e7a7c65cad881d96fa23e079201a3123
SHA1	cbc6920f15e131d4a0d8ac1616c700bce4f7517a
SHA256	01d171c59e80ccfe77970b5bb8ca5c3e7eb6d62fd58a14da64a7b6308dba2316
SSDeep	192:4V+wtr+2m0eb67N9GRWzuFlVXMUBkUXgJ8PCLV6L2fHua:4UwtKhAcWaFnMshg8kV6CfHu

C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx

Modified File

Compressed

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].tzjZ2Gc4-yf0podTb.SDEN (Dropped File)
Mime Type	application/zlib
File Size	69.38 KB
MD5	73a99f20fb1890e7801e1596a586b9a6
SHA1	457ef561e9d69431eee2d56aa65ab8f6c3fae16b
SHA256	56de63f008044a4efcec7c86f5dca08b36d240654d4782367207c7d26fa19880
SSDeep	384:4JrkCjmoegp09Ynric4M4/SSdDJnQrQjResd9wVWluSrkCjmoegp09vCfHu:4JwRg+9YnZ45JlQUjdwVSuSwRg+9UO

C:\Program Files\Java\jre1.8.0_144\bin\ssvagent.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].wZti7iuj-8pUKLcxL.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.95 KB
MD5	4810bd84d1619e080e2f390f3837b7c0
SHA1	37f018cbb849cc1a1ee55ab1dfeda8190f7d2579
SHA256	5bd24431e918c464df40b2743f13fa6fc57ae57e01f6687fa42fe38c4f71c02c
SSDeep	1536:V2TYKK0tsyaq7jaNSK7gHGNnzOw82tICJlYO:ATDFJKNSKEmdzOwVtRlY

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].fCcLgVcO-YBGVKAKh.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	6.96 KB
MD5	b7da068de0463c75ee6d946f16e818c2
SHA1	1d1adf58d069d69bf128c81c078cd7bb719dbd70
SHA256	44d441a5c9b10380a74c3dc92b705e28427a405ab1af2aa4c88595129d1f1044
SSDeep	192:Imr9xdujhSnQr5FvlOwwEVDbm4n1L2fHu:ImrnYYiTvlHTWy1CfHu

C:\Program Files\Java\jre1.8.0_144\bin\java.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].bloDMRiW-B2nXJkWV.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	203.45 KB
MD5	4410e74db67a27b9db741a15c53a0a91
SHA1	44579e7284dd07cbe01f6585e74f113c78327e5e
SHA256	7d7b0bde34dd5bb5e3701d818a1e2c4a46a91f74926b95ff56b4d9399911314b
SSDeep	6144:JKcHqiCHvOdT7duCKbi6ozowTBkRYvKI:Ex2OwT+RYvKI

C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\cmm\[SmartDen@protonmail.com].HolYJYsb-teiGdc8u.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	2.00 KB
MD5	4c8dab5e7c24e027eb5453f5139a295a
SHA1	805b9cced1ff2c80b4351e61a9b88c1e503cb261
SHA256	e16be5e97543f7d262dd993bd577b146c62b5bc9648857653580fa08a961d129
SSDeep	48:PZYzsEirh2T53WZyXNmLaPcuB4i+gNiZvuUbHe:uzsEYS9mL/ufRNumUa

C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].M72ZrrRz-0AN1ugqL.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	1953c634df1891d621a01d74dcf7f4bb
SHA1	bc477deca29a49c2164a23bdc87d3a62c3b6de36
SHA256	124cf8ad4a92b2d4b10aa4d8bb92b7ea60f25943e3c4b842525e68f539ffa770
SSDeep	384:GdMGI6R80xbwbRieorzVXfJyrnH/7ersR5cMlPF+LZaJJMGI6RyCfHu:Gq6R8mb5rzGbfCrQQeu6RNO

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].5QNyLWQT-wG1jMrrx.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.53 KB
MD5	23d7d5abfa0df94658a669476f941728
SHA1	9171d0d09a07a8d1e139e711f1ffa14b22a1820a
SHA256	3924b62aee4f3f8a41d2dbdf98ed6de3c7adb7122bc82e0d1b62e5b9a80ba884
SSDeep	96:mVYDyOQm4mRHzsg0WbqWJlN08OCmL/ufRNumUag:mVYDyCYaHlN0RL2fHuX

C:\Program Files\Java\jre1.8.0_144\bin\ktab.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].Lv0shV5B-wcnV61Dt.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.45 KB
MD5	342a060e8e687b9108871ea98536c8d3
SHA1	2e3ad3ba6fb90461eb3ebbc57fdf8612a37815ff
SHA256	c2426a61f8e86a3ab32fe6ab8440543d499b5def5ceb9d00a3cb76c4a7ded571
SSDeep	384:hCNsfExZuFuf7KNp1ee2FnYPblWRP1vK74CfHu:hCNduFLTEeWrPxsO

C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].pheRFO8j-wP2uLqHk.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	9.00 KB
MD5	e497f7d4fc0b3ed83ca64b70cf853054
SHA1	62530ae48cce3316ec73293f106ea19c0a754c63
SHA256	114544f80d23d058efb966d4a44fcdeedfbe18b35c09cc63056e988d4786fa65
SSDeep	192:BAstld7zB/td5sAdiVaVIcDiCXiibYnh9IB6Onr0fw6ajL2fHun:BAs97ztxUVaKE3bYhTA8w6+CfHun

C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	548.83 KB
MD5	7761fd10ff5b92f8c4268b3326e884a6
SHA1	dbc9c62cbeab1c93c52156914c1a3048d17df927
SHA256	72a719f299b7bdb10b394ad4aef6d16bf69a5a4a52821cce13cdc9f8e6b45186
SSDeep	12288:r8bww5l+qU67FYWg+YWgYWeoXqgYSq8eh2f/m5NwaHkSIJHvWQ6Q7ooMcgH5lY7Z:Abww5l+qU67FYWg+YWgYWeoXqgYSq8ef

C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	33.32 KB
MD5	afdb055574ee1fc171a0d7bdf909370a
SHA1	2b2df4fd0073587b9e5872b6f49f8fecce28e254
SHA256	e655c67a75ea8b7829eddca1e0cff909a49dca539df452e697b335f0690085f8
SSDeep	768:exc0jNVmOTuDQJD/RpAczsikFfg0y+7aBTS73dyPoXvvKv2PtvHuGJkzaO:exc0jNVmOCADZpVsiUf3yua5S7tXXvv0

C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	3.68 MB
MD5	e97839214251e72c92aa31024a17f238
SHA1	593bc2960a86f19e90f270d29146ccd6bdbb3f13
SHA256	f5d0c0c06fb37191df87a87f4b2d1f767d79e86dea12162514b6e6f3f56733ff
SSDeep	98304:Ab/PnY3pAHqZdJgR5Vw78nmF5N8VdE+A44VGZXYJ0+l8:o/PYAkd0278mifXz1Ye+C

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\redact_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].y9293Rgu-VrP0pAnK.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.85 KB
MD5	04338001f103f909810546722ee46850
SHA1	95e8f1e5b26670a5503badad7271f8ff52d47245
SHA256	15dd8c8ad5362c790b6a85c8450917196a86e235b048accccb7d2c02c2e99bf9
SSDeep	1536:i4z309sygpQcU7HhE8rpwfoCIIIDIII2cQsi9V4+M9vzqatpLTO:r3vScUT1NCoCIIIDIIIENnAvz9LT

C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu

Modified File

Stream

Not Queried

Also Known As	C:\588bce7c90097ed212\[SmartDen@protonmail.com].fpGit5g8-1i9BJf7E.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	2.09 MB
MD5	921da9f1439834f92f2abb8a7960035f
SHA1	dae1c3d961a4d60a58afe6ad7fad43838cc07f73
SHA256	239fb590170b45a7907c4cf95159a4429bc0aece18981e72c1d772cefd737d0f
SSDeep	49152:R/S7W7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0e0:NS7gV4YakTo1PAdXZzKUYxs3pKZnKxfe

C:\Program Files\Java\jre1.8.0_144\bin\tnameserv.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].6hEOZ2vg-hTjdOOHU.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.45 KB
MD5	f3b58fea09b5034111be587f6123503e
SHA1	3c51786637c62762bfab042741eb53478b01c26b
SHA256	2b7777d66cff351e51233b107df9bcf98442418db8cc2763ad4608c42f102476
SSDeep	384:z1idjI5leKNqnzeefonYPH+TYmn9U8UcCfHu:zDlLIyeACMYmnnUXO

C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].n7aKKAIQ-EZntx40E.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	472239e4bcdd1cd3604b4aed127d19e6
SHA1	dd75d910567a3e1d31ae99801808d9aaab1a5fec
SHA256	1169dd852fd3b47c401e77e70954fdbc744a961171afd8e5c4a4a7d8394eda0b
SSDeep	768:IqXwLC3RHsnDIBlb3NUyj1hcMeDoFPNVy0XwLC3RHsRO:bXnBHsDylbTNe8Ri0XnBHsRO

C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].rmYFoa4o-Cyl2TOzk.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	c7b33cae799a73d947d562b12ef9d9cb
SHA1	b4b161899e6ed79895f505557fa906bb38da35c5
SHA256	c7c03090c359cd694f36b7550f263436c12f970bf40f1c2dea617505831b81aa
SSDeep	384:XMlKN9qtO+Jz4/mEjkPHMRwnj/UpSVGa5CuxMdMvkJ4esFMlKN9qtO+JJCfHu:EKN9zsemvsRwf5X2kc4e5KN9zsGO

C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].pFOBRdsx-rdrTm5st.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.81 MB
MD5	71b6790fa36383f2668415a349c6484d
SHA1	58f7e7998d78f76a2b31a26149dc7d604d617233
SHA256	bcd1382d61377699bdf9087ef77897e945098ba0657b6536a492391e38f7002d
SSDeep	49152:098l7PV40nw37H88ieZmpGkaBI3+s2cuC25xi9pipDsVQ54:00WS2P3iDipwA4

C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\cmm\[SmartDen@protonmail.com].mMhVZ8mB-zYZImYWp.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	2.40 KB
MD5	397ee722c8bec771396c6658cd436b71
SHA1	0d046733659ae88daa1b7f850ebac46ff15ac566
SHA256	ab22d8ebb608b5ed6223f34025a3e59f42b4f3f601854abdb964ca5b8f4f7931
SSDeep	48:zUvtmBpa6KZY8dhASix9p+0DSnuB5SaNmLaPcuB4i+gNiZvuUbHe:zUFipabY8cPpdzbmL/ufRNumUa

C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].LRyM8C52-TBFKrKBV.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	a899daef939d23e0507b44571ba9f649
SHA1	eea69af73f718a5e1ddf029c7bc51d68657bbfcc
SHA256	8d096a02fe6bd248091ff756d02e303d1e9bef72a401b1daddc8dc65dcae019d
SSDeep	768:0yp11ZMifpVvF5DEk6uhOTi2gyp11ZDO:0y/1ZMiR5rdZhOTky/1ZDO

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].jxR6xrhw-U5f1NCIj.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	7.58 KB
MD5	9579bef1907c39f765b353dbc94d13aa
SHA1	fc4f6fd8056dca201c8ca10c4d07f1dcbb82ca67
SHA256	f46299784eb04c3eab4b90d226def2c24e0af2ac4595c67c5f083e0afc78470a
SSDeep	192:oC+QAOGz5N1GkW28O+4I5rwIEs9XUFL2fHu:l+POo5N428O+N5rwI59gCfHu

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\optimize_poster2x.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\themes\dark\[SmartDen@protonmail.com].RToUtRcG-ZWHlunxO.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	66.71 KB
MD5	a7dda6f1736941841d91a86834b4dae2
SHA1	1741c0e572c2cf10e491a50a4fe473cafa1c1ea0
SHA256	a207f8db67af90d0413759ff9f44bb00fb79ac6521a937879135d64d2e625fe5
SSDeep	1536:0Iy4OczbB5l/jstnJ577CvNtj5RSLGCJzlynUQ/DMcO:0fGBLgV78BRSLxG/N

C:\Users\FD1HVy\AppData\Roaming\4nSkn.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\[SmartDen@protonmail.com].1uEyT37K-XRxkUARs.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	61.30 KB
MD5	7d88d103feb4aebff1f8e0f537bb88c0
SHA1	fb826e085dfefbb16addde59ba7eee427f50174a
SHA256	cc9e7b96900c655e83d97f4cd307e2dc02bfbe28341f11fdd3949fec72382bae
SSDeep	1536:6MNJJ7dS6sb3AoEBoz/j42QhgN2VlY+7zQQNgMmGE28NJukwiCkvO:NJJ5SzNzb4JhgNCZZy/Lwir

C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\PWEP9ZZOb dHlAYjsy\h5VAwW1b0gH3jYX9oE4.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Pictures\K1x_a5kN_6Xhy9ntGym\PWEP9ZZOb dHlAYjsy\[SmartDen@protonmail.com].7hEhQpkW-fykgl8XS.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	87.26 KB
MD5	43a4f40f8f5d84389b88a933d98c04e6
SHA1	39310ff30eca3267db69419d5ca388d959dbbe75
SHA256	748d41b9213adbe1ef85161bd89820567210631016a2e6649a70b233d7ec3cfd
SSDeep	1536:5rOHTdObiXEywA4ft4SDIXc3FU/BLXa/tHyF9syIhVnOzrdSaokLO:5rVb2aA4ocupjalHIFI/nOzrsax

C:\Program Files\Java\jre1.8.0_144\lib\ext\sunjce_provider.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\[SmartDen@protonmail.com].jryEzzsH-q5oZQE47.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	274.98 KB
MD5	48a7fe7a875330324d4aef481cee3235
SHA1	d7a206d820e9b37e616b66f048739572e6690c73
SHA256	442d1f5f887ad75cae750047da35e0fe4ddcfb3ddb407a912bbf393085daf1d9
SSDeep	3072:juEQjsSpfxDOQras5Ynoc9YZi1uXJzlt9jnEpeAa8bQkr16/mfGrcux2mjBETpWi:jysSpRQoFBl3bue98skp0mfwc8dET1

C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].nFvmosaA-PhcglJKk.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	13.35 KB
MD5	3a54dd7be8de57a40e489164ad599d1f
SHA1	049b1d62c34f6d669186439777fbe3e1b3754439
SHA256	6ced3706898dda451fce5f2833933d0cd680d245373bc78f02731640b579db06
SSDeep	384:OlNAYUg4VGbkpTaYe1dc3KR3qHuTNAnUCfHu:OlhX4VGbkpTwdc43KbvO

C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].8TjhwNv1-u0F4Idu0.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	439058239d1d6b6042f9189c0527476c
SHA1	62825d946a8a1118b4d2e2d91ccd60a002f1d47f
SHA256	46c04df0138628587a19c54b60e2c189ba2bc1d7d51fa7b05a1e3aac04671aea
SSDeep	768:3T/sf0bLEM65sH28SA54jXlxy/f7rXbb/bn/sf0bLEMpO:DkM65J8SA54jVxy/f7rXbb/b/kMpO

C:\Program Files\Java\jre1.8.0_144\lib\ext\nashorn.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\[SmartDen@protonmail.com].oi0xepOc-F5j8SGBE.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.93 MB
MD5	b154075da4c9fdf5beaaec55923ef678
SHA1	2c0baf67c55c0b4e14914aea2fbcdd1677fba0af
SHA256	b3043a92e0c0b54a6c0cecbff1071c8cb6b7248dd8dbee796ec6a2bc2b4b62e4
SSDeep	49152:IlpzKdUhuh8QVk0ixy+1UCWHhrdCxq4vRGkzcYjof+:IlpzKdU8VVcj1UCWHBQxhRRcY3

C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].xU6BOuYa-wtewj9x2.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	28d59e9fa64703632769e0e0eea5bd3b
SHA1	05614175abeee135dcab81581bea8f4429db1571
SHA256	ba66ea27e15742df472b97c1688e146635bea11923b0f719a22de6d445f997a1
SSDeep	1536:ERr7TrD5bu3J0T0sG2IKuUdfBIemk9z5F0NFBO/hWrQrIRH9cscDO:q3rdu3JoZGmAemkR30ZxruIhcD

C:\Logs\Security.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].fGNWujvl-jP5hle2G.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.07 MB
MD5	c33161a359cbe6811e4e60d89f9aef1e
SHA1	3c9142cb51817380426e2c01a59c3210eb0bde4a
SHA256	e69d892192684888086536209fd5dd68f1623a430ed45598a6a3ba60f60a9bbe
SSDeep	3072:/9lYaSy78mQVPXNHcO6bfQalqvj+fAnsxfZ1mpc3Q5E9K:1lY9yY15Es2K

C:\Program Files\Java\jre1.8.0_144\lib\resources.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].OK0tp1HJ-nRlgaByR.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	3.33 MB
MD5	c1b2dd4fa179d2c73743d541ad1e4f6b
SHA1	626129db34aba3fedfa838c6264853447999decf
SHA256	cea93c4a6ffa654f79620efb05762ccb13633b2a1358c740e7fb75a14f4dd229
SSDeep	49152:fdhNdVapkZb7ZU/+7CwBkI1JxrIWgE4ZSjwYwaLnQHqpsUvCXxma4zOIt56WTjiJ:fjN3

C:\Program Files\Java\jre1.8.0_144\bin\javaw.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].4kP0u6m4-X18yPF6u.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	203.45 KB
MD5	3dd9a4d4f8129047020e0e8c1ded7f6a
SHA1	36ba4a445f7afe63e9da44967c0c635dc03912f6
SHA256	093624fcd11e0da3c87d4b65b5df592f81ede732e8e34277725441a0b73501fb
SSDeep	6144:uZ4poLdyU6I8tRluTLdmGIebIsciijTBdz5v1mc:CkU6IYwEjTDz5v1mc

C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightRegular.ttf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\fonts\[SmartDen@protonmail.com].G7dTvjQ7-wXqzGKUP.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	338.21 KB
MD5	734b13afcc35214f6c9b180eddb17e2f
SHA1	be0d35a7e68e9be58eabd392681b50883ffb3b63
SHA256	a063289c68454c03432fb64239d02c4c602e18908f9900fa8f70cdb3d3334d2c
SSDeep	6144:moWvkJGUG2CCTufrmOufymM8hvFHp277tS9iZFYSATxNv:mXvU/vCCTcaFNJw7tSgYS8/

C:\Program Files\Java\jre1.8.0_144\lib\sound.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].ek3Bq1eY-qaZbyUFe.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	2.56 KB
MD5	b1eadfe08f8428a25b26acd983b07605
SHA1	b9c5e3098fef560ac01cb65ea4fdf59b35a20bf9
SHA256	1576f3d553cab67c0c24f9e5d5942d723feaed78cdadb6fcdde61fafabe9dafb
SSDeep	48:cQqP5kfvFDPxg1F/mYq0hANmLaPcuB4i+gNiZvuUbHenA:au1DZe1mYamL/ufRNumUa

C:\Program Files\Java\jre1.8.0_144\lib\ext\sunec.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\[SmartDen@protonmail.com].Fah7LqHB-FROgzPqE.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	42.58 KB
MD5	54f3cb1ff360343ef5ddba9a5fd2d252
SHA1	5c9201527b562f9968b7634aab5fba73fda03278
SHA256	fdcb7aea3c6ad78a5774a5580be1ef0329daaebd32454ce622b30b3d5fac8a01
SSDeep	768:3a6IoiOdyXkImJWvDMRXDg6RDan3fgNbjIV2uZW14SlKrw6pMuGFCsouG0Ri28ER:3aYDC4JW2XBRDavgNbruqNWw6pMuGFC8

C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\[SmartDen@protonmail.com].OVJgG65y-LR9WwRF2.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.55 KB
MD5	b52fd7221e3c193c9f41378f899f8959
SHA1	9d7a0e68bc8a58afbc862dda63cca9203ab7eba9
SHA256	e74e935798a78665f0a5d5b6cfd4e91516e4a2945b83f17dd98b66e63a4c4348
SSDeep	24:kAwnx03jNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHji:kAwxuNmLaPcuB4i+gNiZvuUbHe

C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].xJtSoabz-jxTvSREo.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	34.52 KB
MD5	8d2c3c1d21f1cb55e5802c13b2e762ff
SHA1	bd18a67e68874a75618c9fc20a3b49d9c185d625
SHA256	d0c968b818cc7dbd8d5a4b27be383beae012f47b49d1e38f01d843e072aad75e
SSDeep	768:8k0CoIptPMWY4117RF03FN9kqizWGGojLxyCVSHMeO:V0Co6UWYC1MVNIzBrjLxbreO

C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

Modified File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	9.01 KB
MD5	52f458f6277064fafa492df50b062f3e
SHA1	89c2cbaf433e1bbe963be6aa7553b498af58f71a
SHA256	b82aa5c231765a9593e2f92f13984e7d3d53dd0832672ae159a9e8fc765ce927
SSDeep	192:uLy7jVsYRy1qefFlSMc2YsiR48PgFtCiMfXIL2fHu:uLy3jRy1rfPSoYsiR48CQiMfXICfHu

C:\Program Files\Java\jre1.8.0_144\bin\javacpl.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].gGXaiWXd-7W4uq0Er.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	79.95 KB
MD5	40cb371b2fd72763f69d5b85cf6c69db
SHA1	2832c6e996c1e691032ea22b1bd1a11b89d39552
SHA256	36131a160dca5fa04ed8dcf7c40586351fd3bbd7edbe817930ea4615601afa00
SSDeep	1536:BxpI9Ljzjc6ccxz1uyewzL9vOpIVK7qjh3rmKPNtwZnO:BxS9LjzjpckuyL9vOp0tjZqMNtwZn

C:\Program Files\Java\jre1.8.0_144\bin\policytool.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\bin\[SmartDen@protonmail.com].qBDglP1g-rfA10cKz.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	17.45 KB
MD5	64f3af787828be628dfb7088e05759f8
SHA1	213c643c3a37e50f9d834d1cdd11b0bdb705a9ad
SHA256	1727c46ebbf8a53046c09d7f7f70a6a7d3031d7c71bca73bb446519cac01cbc7
SSDeep	384:WCc+/7r6jBDzEGWicTiIrKN45eegXnYPKMN1AmQM5bCfHu:iGf6jBDQiceCgeeXUZQMOO

C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiItalic.ttf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\fonts\[SmartDen@protonmail.com].ZIGGkXpW-T2JBLbHq.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	74.75 KB
MD5	2420e9151486cb668e6066d350a99cff
SHA1	10505a6e27fc2bb7e58bf3610a740a71bf725574
SHA256	c889399d11aa4f56d1d6ec99d6e4137a4fb1345f3ee74d809cf9d15240d71118
SSDeep	1536:pu+b1bPtdZhjqHi/sbA06PoNORsr5sOnD0OyuusGa7oJAmO:PpPjZ1qHA9cOR05FD0Oyup7Mn

C:\Program Files\Java\jre1.8.0_144\lib\net.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].SLZdbaoc-trMAwTA8.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	5.74 KB
MD5	c80daf854764e2eee593cc6a1fee214d
SHA1	30eb624fbdfe135a127364d5243a0075b83ffc94
SHA256	04d912ba7b31e0e1153afeec85c1f0d9cebfe6e29e06080b2d6a1753e04ae508
SSDeep	96:ratjXyQjEybXDyGNdG5ONJYL2QAaGM+6wNvT6QQ7p94SrFm2qdvJ4GmL/ufRNumP:rOjiQjEybz76b21w+P76QMplrFmfBCL9

C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Microsoft Office 15\ClientX64\[SmartDen@protonmail.com].9DH6KGGg-DsPGlDcq.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.04 MB
MD5	c9dace11aaabfeef205959a36ec91c75
SHA1	c0b9201787b492d3c52b4cc079c957e1eeced454
SHA256	eb82954eaa2c6004e113fde25a5e99d0ab4d70733b587588f2436471d462588e
SSDeep	12288:+iRQ78l/q62klTf4quXJlG3+gAvDh5EUeDSR4/RY+u:VO4lCqlTyBDh5EU8S

C:\Program Files\Java\jre1.8.0_144\lib\security\java.security

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\security\[SmartDen@protonmail.com].vjVp34Rq-w69JnwZ7.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	37.05 KB
MD5	925bbe4a687d05762478c89c74579997
SHA1	f62ff04297b3fb3b2bb9bac8e744ca09c4139ff4
SHA256	256c1bc12c6c02d523993d33c12956cef2717b9d23496d3ba16473073ebe74c2
SSDeep	768:RNcJg/DpO13LI10uNUApPwv7vcWTABp+Z5IcCU5fO:vcJg/JR7YvTcWTABpm2aO

C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\[SmartDen@protonmail.com].6wLYKC5T-aL5eXhKV.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.54 KB
MD5	9d3b0bbe56776cffd358ed03a0847f9f
SHA1	62aae7dee3eab7731cb139f857c2a6a4ae212530
SHA256	d52d7b246991a8435665fa929f74d5da9c26ce95e66ec00ea5919de41b7ca2be
SSDeep	24:m4tNG0+jNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHji:m4W0gNmLaPcuB4i+gNiZvuUbHe

C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].2z36ZacV-JAvFSpcg.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.53 KB
MD5	d3ece49676bf1ab85f70b00aad8d17ed
SHA1	3f08f0bbb413c7582f6d2e0f66803d89056d3dfb
SHA256	04ecb6b23033162252c7163376a2237bb5fdd0342de3ab6e82ac0011a1d6cc7d
SSDeep	24:7jEKAHWdjNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHjijC:7jEfWlNmLaPcuB4i+gNiZvuUbHe2

C:\Program Files\Java\jre1.8.0_144\lib\jfr\profile.jfc

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\jfr\[SmartDen@protonmail.com].v75xFsb4-estc2QFK.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	20.98 KB
MD5	010acd08973422c44fe06311c81e7300
SHA1	125aaf004814e1262a38d98024667d8d59923245
SHA256	4570c8acd873e49a0d8a565b72580c6e45c59303fcc22b260ada8ac7394dee8e
SSDeep	384:O1MJUXslICTMxCamd79Mbh3dLeWqFDW+mCfHu:oDEIColyFDjO

C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightItalic.ttf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\fonts\[SmartDen@protonmail.com].DwvWPCeq-rXHjz0Ek.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	80.34 KB
MD5	94ff89e87eeaf3c26cc29ff4073263b5
SHA1	599ac25612b5633a6efe77276d03dcfdd1c1f2e5
SHA256	0c7c88900951fe727378a8ae74547bea59bc010b212f575f65cbeb6e677594d9
SSDeep	1536:r+mWjOE1ODhueBM6Yvb0OoWj1V7zbPUoOPjp85rFqXpLboVklDNTcdJ//spO:ZKgDhub6YvhoWPTU7l85rFYpLbodJX6

C:\Program Files\Java\jre1.8.0_144\COPYRIGHT

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\[SmartDen@protonmail.com].9MZy2Hl4-7eDWyj1W.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.55 KB
MD5	a2f06051f987d8166c89898dcc16369b
SHA1	76aa0c62da71445bc129cccd5533f479248c1d57
SHA256	313c36f5e0f753d32e46df9689f366029a7569829ad4aa1c5e07cf79eaf2020e
SSDeep	96:lpQbu4VN9dPTS60m3fJgyJV1YhYMzNVaEYOmL/ufRNumUa:l8N9dO60aRJVnMzNVaEcL2fHu

C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].XGu41Wzw-SdCCHbtI.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	69.38 KB
MD5	289d5adfb22912128e7b59f3a28961c2
SHA1	7c95787f05b09b5ae6ad017b7f49d96b5751c684
SHA256	1496d3099d3e0be402f59f0935e90159e40badc9e8056d78eb8dd5935d957bbb
SSDeep	384:vFO+b9PwjIZQJmDvgRCRczUA+d1v682encWFc5HcuDmAUJKgUFO+b9PpCfHu:vE+bBwj8uJupiA8HcamAUAE+bBmO

C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\places.sqlite

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\[SmartDen@protonmail.com].7UBd1vBV-gSmzi2Nf.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	5.00 MB
MD5	57dc0d53b2c3deb0279e05494680f26e
SHA1	3ebc59b0c4d04e1f8cf5c8a0263e54afe0a57726
SHA256	07f85ba52c65fefd0b51e6ebc039814ac83c546d812dae37ed400f08991963d0
SSDeep	3072:aJxzhmWKituSFuAQtiZGudqEDOasFY1rizE:glmUuJAQEZGsRSa4Yn

C:\Users\FD1HVy\Documents\hR6CmyF41D7GurnQ7sOc.xlsx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].lA4QTwAa-Jv8INPg3.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	24.47 KB
MD5	9de0b9d7b1005aa1b52091790ef0fe48
SHA1	e69498f3e396152597249bd860290506d273332f
SHA256	587e4603cbf882e635c190262f1dabbe7752e6bf1c98bcda88a2e43120b98f49
SSDeep	768:bry4cnuPoyH40LBiUkgwTAGbEfgAksrq0mT6/oO:brRu0BiUeclgAzq0mT6/oO

C:\Users\FD1HVy\Documents\GlzMlE4S.docx

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\[SmartDen@protonmail.com].QEUHLmvJ-NZaVpfc8.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	58.97 KB
MD5	341351055fca3739bd35bffa9366a7cc
SHA1	9e12af1f183c71471dabc0214e86e724d95eef46
SHA256	7cd85cd1ce2b65711e9fe69d9aa3ecb047460537adc6d8e27060ff24c817f859
SSDeep	1536:Ljw67HmSq27t0OEUvZ7qWiNYZ/TFJYW73XKiW6i9O:LjTCF2MUvZ+WeYlFuWLXKi7i9

C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\iSUyvv2-pWLpyw9zJXDb.odt

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\nelwiEjV5ko739u\[SmartDen@protonmail.com].ZwtDPvAv-obrRd9uP.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	47.81 KB
MD5	c8810ad94b55b7bb3f336ce6bea4981c
SHA1	d8e90760d0c86d4e3953400a2f54cdd03421397a
SHA256	84d53da2595c39bc176343a583adac2e3877f415b9a4ba71fd56f489911d7d5a
SSDeep	768:PZf183cCc6nVHMD81jBEnep6XWBzZ4zzYBqMybhwo4DTWmBAQN6mKDejqtsoYHGl:Z18jLVsaFEmuzzYBZp+mBdN6p4quHSEo

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].sQDln0ll-AmLArCrk.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.71 KB
MD5	0d0cd91280d0523a7ddea83d2c3fca92
SHA1	eaaf113a8b8bac0e0cd8f72bcac54313981dcb8a
SHA256	021407ca170392f92a659b378ecb0cfca2646d5eff940624314eaae8a82fd7cc
SSDeep	96:aBv27g4JkRvnrt9EBq/Xsxi1MtW6bn2vMzOz66CmL/ufRNumUa:aBWg42pnrtPvsM16b2EzO26vL2fHu

C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\cmm\[SmartDen@protonmail.com].iztxWPLK-4JZ18XNk.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.45 KB
MD5	0fbfb13f6ab54f7389d3563c7c4ea4fd
SHA1	6c4384c8ac76f51b1e4169775d57096891556d72
SHA256	b47fc53d9e8bd87b90c22f33e7fb3972bfa9364c1bb79b5de28309f41cb6e3e5
SSDeep	96:TH/CD9o4Yn9bXjziQx88Xla2gmL/ufRNumUa:TH6D64Y9bXjziQx/XlnL2fHu

C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\[SmartDen@protonmail.com].qQ3q4ByV-UwUkdclN.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.75 KB
MD5	ee387188a2de10d02cadb95ab1f9d767
SHA1	6c012c6effb58cd0c3b1d3ac88ef3c44ad98eb15
SHA256	7d1a0677b6d36b4eaff026d61609ab4c862713df0aa7962fca43814e3da963ce
SSDeep	48:HgCmIuHeU/bNmLaPcuB4i+gNiZvuUbHe:HgCmIXemL/ufRNumUa

C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\[SmartDen@protonmail.com].Abww5Z6W-ZQs6sApr.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.53 KB
MD5	d5b2e483bf036bd28c05483c49d18792
SHA1	546b659eadf71522940b9bb49c43d35a404501bf
SHA256	fd1b6a6a9d36977925086e0bd0f51c6273e6ee6f8ec7f36c9584148fa0ba8549
SSDeep	24:wGiJwlDk0jjNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHjiq:vk0vNmLaPcuB4i+gNiZvuUbHeq

C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\[SmartDen@protonmail.com].jVSXBPnZ-GsnEKwk6.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	63.82 KB
MD5	05f0b23fd2b2839e481bc054d65f1723
SHA1	c914e4e6df867d53582f7cb4ef1f1eabda137f48
SHA256	9de251ec04f5e1b413b590e15f07440c707dd913e5df1b14644f4eb09c196d4a
SSDeep	1536:KTOjsjLiIddLsn19Zs6CSTmLNvkuiYLZO:puA1P/yZ8xQZ

C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\deploy\[SmartDen@protonmail.com].JPgi38S2-r8w8YLtf.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.59 KB
MD5	28cf7f079ffb04d95353f64eedce94db
SHA1	75ca3d87456bcd22ada3d70ff38e38c93a222d95
SHA256	871c6237591c1acc7b54f58903cd288a3629d9a46baa377c32dae271dea1787c
SSDeep	96:Z1+9Styon3Rt4WJ6moZT+XGQ+E0ndU2Z5n7HK8TmL/ufRNumUaqg:2EDht4WgmW+XGku5n7H+L2fHu

C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Mozilla Firefox\browser\features\[SmartDen@protonmail.com].tnLD0Ums-dw53kw0c.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	7.11 KB
MD5	c4f2a7cdc09d20d9fd02f74b2a68e82a
SHA1	f18e67b1db7ca26f236300e30ab7786f140b9c76
SHA256	453659694af1c47ec84aff3a04bd5856dbbfb95ed603a8c4a7a37019b0a61b6d
SSDeep	192:nyduLscYy/FPVpryumG9UGg5IYAbSNitBrDdeXL2fHu:nyd0scYIVpr3m83gGYiIXCfHu

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\StandardBusiness.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\Annotations\Stamps\ENU\[SmartDen@protonmail.com].BmpmYWc4-lRx6IBAJ.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	107.60 KB
MD5	ef4fcbbb2b16d170daece5d702b1dbf2
SHA1	8b0efcaf0d5ba7f7cc19ac46260fa620c6827720
SHA256	f426b6d21ad197200422e31f0ca564fdc3f4d554831b364d0fec5f9d6975639a
SSDeep	1536:r0IfNJRm/lJ8SZyHlZ0ZzQWVAShISqTVjiXPy1c2CVTO:r5f7E/lJ8S8HlM0WViSVR

C:\Users\FD1HVy\Documents\MDvWkEoF\qR4asBdhoH30jOJbDKW.pdf

Modified File

Stream

Not Queried

Also Known As	C:\Users\FD1HVy\Documents\MDvWkEoF\[SmartDen@protonmail.com].LaNYGj7l-519Glpwr.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	43.66 KB
MD5	76ca53412d68178861b1d14b1613de5f
SHA1	0ddc92c8692cd324cc6b2f020a6e65b8fc30aa63
SHA256	563dd5c2e3227c7359cdb7d488c1fab2baa3cb08274c9246d40a101dd5731878
SSDeep	768:BaBNCY/Ktzxxu0+0vr8sxloFNqSmwwCDDHzTgNh81BHFsp5q0ayJSgTNO:BmsY6xxK4gC+FN2oHzU0Bo5lxXO

C:\Program Files\Mozilla Firefox\browser\features\screenshots@mozilla.org.xpi

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Mozilla Firefox\browser\features\[SmartDen@protonmail.com].uoTDTwi8-bplCSj2O.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	718.03 KB
MD5	150c7eced41a589c4a976e4ab9411e8e
SHA1	c6b7b283a8e052164c81b68e94699c2057ea4bbc
SHA256	1676d512fe0ce8a3bfd19b359d2b135ba1036e03d499e8df062c82bd1882f298
SSDeep	12288:QuHsffXGM7s2A7cdByJhmcDoYZB+mW5pDaayA1bRmnd2fLWh7uAhVsBFO7cRfcRj:c1bRmALWhlsG7cRfcRc

C:\Program Files\Mozilla Firefox\dictionaries\en-US.aff

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Mozilla Firefox\dictionaries\[SmartDen@protonmail.com].ALHMhbUP-cA6lwcFV.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	4.38 KB
MD5	dbad4fbf29d62a9db6ae068c3fec3f38
SHA1	455f6052f72ffc684ff93baf5cb82eb2b09ab5c0
SHA256	03a65e5ba1eb153a1844f46f6ffd8473161a2e20b1c36df40c0d51cd3a4ba52e
SSDeep	96:KPY8Olx8DcKWySkwFIW6WJuf2hGmL/ufRNumUa:R3KWylw8OTL2fHu

C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx

Modified File

Stream

Not Queried

Also Known As	C:\Logs\[SmartDen@protonmail.com].Wn66Uqdy-vZg37riD.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.01 MB
MD5	04bd4eba108026d5bca1d147ccdadeca
SHA1	f3e6fe79866d7d96a9714e2674dea3af5c45d942
SHA256	0ae9fe2987a2c194d2a08f4062e6ff3d5303b6836d0f7a099dfee4a40038cd2f
SSDeep	1536:dwKDIQgeipfEyhFajGyEuH6eQIjuovTJrEyLpZpVwKDIIO:dZDJghmEYvBv1ACp9ZDv

C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\security\[SmartDen@protonmail.com].UWkpNL04-72wUkfcg.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	113.61 KB
MD5	083931d8da28474347d9ca1b2c9ffd0b
SHA1	cd24ed44ef5412d6afac43644ff2f075741f050a
SHA256	3a547e34efe0464f5c58d69eac3740aa0d2326fa4fdf2c0aff924140cbe4128b
SSDeep	1536:+/RJSXTciYLUXlkT1ze0WuQHoeCHtVcwnIhEObD+lyCpjvaoUU5Z0nO:aJSXTuI0Wuybot+wnINbylyCpLm

C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\lib\ext\[SmartDen@protonmail.com].Gge0fiPK-LqcXEyZu.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	185.00 KB
MD5	a9c5aee93f6a86a1af439bac334252c9
SHA1	7cabf304f9c8fadb1522c2adfdaa8dd9bcaeaca7
SHA256	16eb9d0e459cc8dbbc90007395d2a3fd202611c9c3d92aaa36d9a84b1529eeb7
SSDeep	3072:d+NlOPCQfPI+aYXcd9q8vLEpzmJIHBH0e8koupc/mFwLehRV2f1cPWZXpU:dgOaQfQ+LcjvLczmyHNN2upc+FWt1CWw

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\organize_poster.jpg

Modified File

Stream

Not Queried

Also Known As	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\ob-preview\images\[SmartDen@protonmail.com].cqwBQVhg-YQ0NekCM.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	68.97 KB
MD5	71d6a6efe0ecc384f2a8bde834d0573c
SHA1	d758f25d73f8b2c7d236c8b3888611998413ae74
SHA256	8d6c6a1b3f6520274f1937c584736c582bc8f5c4ab6a4c38e4e1b2bf0c52be93
SSDeep	1536:L4ORfbOA+kr05HEdH7Cc58pHy5rHynNaHvXa4v3RYmb44444444444444444444F:3BiwTdL7DyNmXBvnX2Wd5twwJU4NM

C:\Program Files\Mozilla Firefox\crashreporter.exe

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Mozilla Firefox\[SmartDen@protonmail.com].ovZbR8nH-Pg0LSe1V.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	188.84 KB
MD5	6ee4580ee0106b3a5f305260d600e66d
SHA1	c919e4f84308d576b428da443f2b2122d5f0d96f
SHA256	a400e55c4022482f4e988336bbb098dbb5de2085a21beca42081188457a00994
SSDeep	3072:Y3KR+EKjQXIQDUY5L8d0PWrjaUJyny0v5JjRW+U6+jPPehiy0ZhuW+jUV:MULDgY5Lq9aUJavk+o28Tuw

C:\Program Files\Java\jre1.8.0_144\README.txt

Modified File

Stream

Not Queried

Also Known As	C:\Program Files\Java\jre1.8.0_144\[SmartDen@protonmail.com].ro8nW4l3-cDM2KK2w.SDEN (Dropped File)
Mime Type	application/octet-stream
File Size	1.43 KB
MD5	7b77cc75949ae595a69cea37b30ea461
SHA1	cf556fc55167f2df3dd4dcae7b5863ac7fa4fff9
SHA256	c20b5e8fe9bb39db82cbdd12f7577418ae18a0b01a6d9e1fa6a367842124506f
SSDeep	24:3NNjNm1Zau30Xx7lIyHUuBmBVi+giEitjAr/LrIX135kXPlQR5pHjit:d1NmLaPcuB4i+gNiZvuUbHet

C:\Users\FD1HVy\Desktop\ALL_dmp.fldp

Dropped File

Stream

Not Queried

Mime Type	application/octet-stream
File Size	600.76 KB
MD5	060b206280f4428e6d2cbe873324fe45
SHA1	f9f76bd59f303fb2751b3ec5abbf15574d9dccde
SHA256	4b554f5fcb57b8e8a7280384556ab1112b199684dd94ac5fa6b84fc83a3ae7ce
SSDeep	12288:p/nXJWQMw9LA9YyWk0h1mLsN3syXt/6jEXFXWMbLemhhVqAD:NnXJWB0U9AfDAs3F6IVmMGmhhoAD

C:\Users\FD1HVy\Desktop\log.txt

Dropped File

Text

Not Queried

Mime Type	text/plain
File Size	0.07 KB
MD5	08f3adfac51182c8f85d01defac3e1a2
SHA1	2701af5565fe8b6d87de3a6b8ba99e1367bf4129
SHA256	9da3fb5e2704a6fc4ba6914e02c4aca49545422694ad54753e8fe7127487c874
SSDeep	3:JM3cOlpIgWQpVf2DV0t1b6MwFB5UZ:JM3cMOgWQiDW36MZ

C:\Users\FD1HVy\AppData\Roaming\GJhtEkh2.bmp

Dropped File

Image

Not Queried

Mime Type	image/jpeg
File Size	58.88 KB
MD5	86186183a27aca3accb7fd82e159ad45
SHA1	76d07667d53a2a69ca3ba6cab9060e9a84e1a5bd
SHA256	ef601e2e0eddc23a7b9539ca0804c50acfe8d51a1b7f2dccf64a289476f987cd
SSDeep	1536:N0HChXGSkflmxvTuPdp6vnTktIeqrfTNIbL/qyJ0mIk6pk:yChXjkfExuP8TyCrfTg/5JIkUk

C:\Users\FD1HVy\AppData\Roaming\V1nQ8f0P.bat

Dropped File

Text

Not Queried

Mime Type	text/plain
File Size	0.26 KB
MD5	19dc7d307edfb5f15d543162a49fdf11
SHA1	23b1741c3ae1859a65e70629797457027ab87bdb
SHA256	c4e5676f8b11b86077b369646d2039627ddfd8ddf6fe6d7d15b73360d6056b86
SSDeep	6:joN/vIoGbgp/w0XHKtwkwPsxiaZ5JPgouafwvPqTwbWn:wnO/OHBv6NHB0P67n

C:\Users\FD1HVy\Desktop\c7356Qly.bat

Dropped File

Text

Not Queried

Mime Type	text/plain
File Size	0.22 KB
MD5	761f8832dd3a2c27981ee9af91b4b9d0
SHA1	ebfe5fa99462670b91fe2b3e03d788c1218af9a4
SHA256	560974b7dd2bc971c273e02bbdf27c4e796e910295ac09deefe932df53467f7c
SSDeep	6:fC2Cv352Xu1mRTFHxOfSXY2VYLZaQC2VDFcVBn:XCf52XumTXOf69VYLoQXVD6Bn

C:\Users\FD1HVy\Desktop\bad_6088DED4F047F45E.txt

Dropped File

Text

Not Queried

Mime Type	text/plain
File Size	0.07 KB
MD5	fa27a13eea114400d8c602317319bf96
SHA1	3296e0521b93385530cc6ebb3fa163086bad4e51
SHA256	fefdcaacaaf89fac8f02ac5460fcd02926043ed29a060ec68de5f631d1fb48e0
SSDeep	3:nB1EoZDIDzfr0JO5cS9KE2X5kXLg:nDNIDzD0JOCEfMkbg

C:\Users\FD1HVy\Desktop\bad_6088DED4F047F45E.txt

Dropped File

Text

Not Queried

Mime Type	text/plain
File Size	0.15 KB
MD5	964f757650263b57ed72b04baf735d04
SHA1	b7ca55ccdc428a77097bb40c5458448a36efb0a6
SHA256	1d3ea0f78b9cef049df3e3230772c694ee0048eef7d792c3957b3ba8c0622716
SSDeep	3:nB1EoZDIDzfr0JO5cS9KE2X5kXLhO1EoZDIDzf2IW3V22HrscGwpn:nDNIDzD0JOCEfMkbhaNIDzXOHlp

39ac1a828602e9dbc4dbf0ba68a4a570d85e9bf6b5ed1f3ed4a5370778a7ca7d

Downloaded File

Stream

Not Queried

Parent File	analysis.pcap
Mime Type	application/octet-stream
File Size	1.47 KB
MD5	5fbed1b24c448641ea020e400fc02df8
SHA1	09490f18ddf74c78d38a8ab2d426c3cbb06e75bb
SHA256	39ac1a828602e9dbc4dbf0ba68a4a570d85e9bf6b5ed1f3ed4a5370778a7ca7d
SSDeep	24:WG/mS+sORBsN8+DPtxnsDuUCG7yQj01oAho/0p6ruXfxBcxtBehU:WG/rSR0Z7/nsaUDj0No/0IujQP

bf6c66a68ea83b7a54e7fa4654426830417b3573c7feaaa9489dff71565b7bed

Downloaded File

Text

Not Queried

Parent File	analysis.pcap
Mime Type	text/plain
File Size	0.01 KB
MD5	1e657fa30be9a3bdbc7bf7d765c13cbc
SHA1	3e2ebe2060496d02a9560b1b03b6fed5b16dc2ab
SHA256	bf6c66a68ea83b7a54e7fa4654426830417b3573c7feaaa9489dff71565b7bed
SSDeep	3:86:f

ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d

Downloaded File

Unknown

Not Queried

Parent File	analysis.pcap
Mime Type	application/vnd.ms-cab-compressed
File Size	7.61 KB
MD5	fb60e1afe48764e6bf78719c07813d32
SHA1	a1dc74ef8495c9a1489dd937659b5c2875027e16
SHA256	ebf3e7290b8fd1e5509caa69335251f22b61baf3f9ff87b4e8544f3c1fea279d
SSDeep	192:CPTIWKvNnUBBBL05O/b0evl2G6AXK+KMlYX82:CbevNUBDLlz0eN2dAXlKH

Remarks (1/1)

Remarks

There are no files for this filter

There are no files in this analysis

WHOIS Domain Information

Before

After