laplas | hxxps://www[.]youtube[.]com/watch?v=9agrzcQDShI

Analysis

max time kernel
264s
max time network
1802s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-06-2023 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/watch?v=9agrzcQDShI

Score

10^/10

laplas vidar xmrig db94123c97f84f48244aa87eb478e324 clipper discovery evasion miner persistence spyware stealer themida trojan vmprotect

Malware Config

Extracted

Family

vidar

Version

4.1

Botnet

db94123c97f84f48244aa87eb478e324

https://steamcommunity.com/profiles/76561199510444991

https://t.me/task4manager

Attributes

profile_id_v2
db94123c97f84f48244aa87eb478e324
user_agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.34

Extracted

Family

laplas

http://185.209.161.89

Attributes

api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas

Suspicious use of NtCreateUserProcessOtherParentProcess 9 IoCs

description	pid	Process	procid_target
PID 6392 created 3184	6392	98893173357922831763.exe	30
PID 6392 created 3184	6392	98893173357922831763.exe	30
PID 6392 created 3184	6392	98893173357922831763.exe	30
PID 6392 created 3184	6392	98893173357922831763.exe	30
PID 6392 created 3184	6392	98893173357922831763.exe	30
PID 6972 created 3184	6972	updater.exe	30
PID 6972 created 3184	6972	updater.exe	30
PID 6972 created 3184	6972	updater.exe	30
PID 6972 created 3184	6972	updater.exe	30

Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ntlhost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	LauncherPC.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	52533868724443606887.exe

XMRig Miner payload 1 IoCs

miner

resource	yara_rule
behavioral1/memory/6972-8885-0x00007FF71A1F0000-0x00007FF71ABD5000-memory.dmp	xmrig

Downloads MZ/PE file

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\drivers\etc\hosts	98893173357922831763.exe
File created	C:\Windows\System32\drivers\etc\hosts	updater.exe

Stops running service(s) 3 TTPs
evasion

Modify Existing Service
T1031

Impair Defenses
T1562

Service Stop
T1489

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	LauncherPC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	LauncherPC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	52533868724443606887.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	52533868724443606887.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ntlhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ntlhost.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\Control Panel\International\Geo\Nation	LauncherPC.exe

Executes dropped EXE 6 IoCs

pid	Process
3368	LauncherPC.exe
2012	52533868724443606887.exe
6392	98893173357922831763.exe
3064	50726722021639712065.exe
4872	ntlhost.exe
6972	updater.exe

Loads dropped DLL 2 IoCs

pid	Process
3368	LauncherPC.exe
3368	LauncherPC.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Themida packer 12 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x0006000000023559-6498.dat	themida
behavioral1/files/0x0006000000023559-6499.dat	themida
behavioral1/memory/3368-6510-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6526-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6541-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6542-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6548-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6549-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6681-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6775-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6967-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida
behavioral1/memory/3368-6960-0x00000000009C0000-0x0000000001C96000-memory.dmp	themida

VMProtect packed file 12 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/files/0x0006000000023559-6498.dat	vmprotect
behavioral1/files/0x0006000000023559-6499.dat	vmprotect
behavioral1/memory/3368-6510-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6526-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6541-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6542-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6548-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6549-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6681-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6775-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6967-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect
behavioral1/memory/3368-6960-0x00000000009C0000-0x0000000001C96000-memory.dmp	vmprotect

Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe"	52533868724443606887.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	LauncherPC.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	52533868724443606887.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ntlhost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	powershell.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log	powershell.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

pid	Process
3368	LauncherPC.exe
2012	52533868724443606887.exe
4872	ntlhost.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Google\Chrome\updater.exe	98893173357922831763.exe

Launches sc.exe 10 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
2924	sc.exe
6484	sc.exe
3260	sc.exe
2648	sc.exe
1280	sc.exe
1564	sc.exe
6764	sc.exe
4700	sc.exe
1696	sc.exe
6772	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LauncherPC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	LauncherPC.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	1074	Go-http-client/1.1

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2548970870-3691742953-3895070203-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\2O23-F1LES-S0ft.rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
3368	LauncherPC.exe
3368	LauncherPC.exe
3368	LauncherPC.exe
3368	LauncherPC.exe
6392	98893173357922831763.exe
6392	98893173357922831763.exe
1236	powershell.exe
1236	powershell.exe
1236	powershell.exe
6392	98893173357922831763.exe
6392	98893173357922831763.exe
6392	98893173357922831763.exe
6392	98893173357922831763.exe
6392	98893173357922831763.exe
6392	98893173357922831763.exe
1280	sc.exe
1280	sc.exe
1280	sc.exe
6392	98893173357922831763.exe
6392	98893173357922831763.exe
6972	updater.exe
6972	updater.exe
5548	powershell.exe
5548	powershell.exe
5548	powershell.exe
6972	updater.exe
6972	updater.exe
6972	updater.exe
6972	updater.exe
6972	updater.exe
6972	updater.exe
4232	powershell.exe
4232	powershell.exe
4232	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4868	firefox.exe
Token: SeDebugPrivilege	4868	firefox.exe
Token: SeDebugPrivilege	4868	firefox.exe
Token: SeDebugPrivilege	4868	firefox.exe
Token: SeDebugPrivilege	4868	firefox.exe
Token: SeDebugPrivilege	4868	firefox.exe
Token: SeRestorePrivilege	6448	7zG.exe
Token: 35	6448	7zG.exe
Token: SeSecurityPrivilege	6448	7zG.exe
Token: SeSecurityPrivilege	6448	7zG.exe
Token: SeDebugPrivilege	1236	powershell.exe
Token: SeDebugPrivilege	1280	sc.exe
Token: SeShutdownPrivilege	6764	sc.exe
Token: SeCreatePagefilePrivilege	6764	sc.exe
Token: SeShutdownPrivilege	6492	powercfg.exe
Token: SeCreatePagefilePrivilege	6492	powercfg.exe
Token: SeShutdownPrivilege	3008	powercfg.exe
Token: SeCreatePagefilePrivilege	3008	powercfg.exe
Token: SeShutdownPrivilege	1944	powercfg.exe
Token: SeCreatePagefilePrivilege	1944	powercfg.exe
Token: SeIncreaseQuotaPrivilege	1280	sc.exe
Token: SeSecurityPrivilege	1280	sc.exe
Token: SeTakeOwnershipPrivilege	1280	sc.exe
Token: SeLoadDriverPrivilege	1280	sc.exe
Token: SeSystemProfilePrivilege	1280	sc.exe
Token: SeSystemtimePrivilege	1280	sc.exe
Token: SeProfSingleProcessPrivilege	1280	sc.exe
Token: SeIncBasePriorityPrivilege	1280	sc.exe
Token: SeCreatePagefilePrivilege	1280	sc.exe
Token: SeBackupPrivilege	1280	sc.exe
Token: SeRestorePrivilege	1280	sc.exe
Token: SeShutdownPrivilege	1280	sc.exe
Token: SeDebugPrivilege	1280	sc.exe
Token: SeSystemEnvironmentPrivilege	1280	sc.exe
Token: SeRemoteShutdownPrivilege	1280	sc.exe
Token: SeUndockPrivilege	1280	sc.exe
Token: SeManageVolumePrivilege	1280	sc.exe
Token: 33	1280	sc.exe
Token: 34	1280	sc.exe
Token: 35	1280	sc.exe
Token: 36	1280	sc.exe
Token: SeIncreaseQuotaPrivilege	1280	sc.exe
Token: SeSecurityPrivilege	1280	sc.exe
Token: SeTakeOwnershipPrivilege	1280	sc.exe
Token: SeLoadDriverPrivilege	1280	sc.exe
Token: SeSystemProfilePrivilege	1280	sc.exe
Token: SeSystemtimePrivilege	1280	sc.exe
Token: SeProfSingleProcessPrivilege	1280	sc.exe
Token: SeIncBasePriorityPrivilege	1280	sc.exe
Token: SeCreatePagefilePrivilege	1280	sc.exe
Token: SeBackupPrivilege	1280	sc.exe
Token: SeRestorePrivilege	1280	sc.exe
Token: SeShutdownPrivilege	1280	sc.exe
Token: SeDebugPrivilege	1280	sc.exe
Token: SeSystemEnvironmentPrivilege	1280	sc.exe
Token: SeRemoteShutdownPrivilege	1280	sc.exe
Token: SeUndockPrivilege	1280	sc.exe
Token: SeManageVolumePrivilege	1280	sc.exe
Token: 33	1280	sc.exe
Token: 34	1280	sc.exe
Token: 35	1280	sc.exe
Token: 36	1280	sc.exe
Token: SeIncreaseQuotaPrivilege	1280	sc.exe
Token: SeSecurityPrivilege	1280	sc.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
6448	7zG.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe
4868	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 1500 wrote to memory of 4868	1500	firefox.exe	82
PID 4868 wrote to memory of 2596	4868	firefox.exe	83
PID 4868 wrote to memory of 2596	4868	firefox.exe	83
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 3356	4868	firefox.exe	84
PID 4868 wrote to memory of 2660	4868	firefox.exe	85
PID 4868 wrote to memory of 2660	4868	firefox.exe	85
PID 4868 wrote to memory of 2660	4868	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3184
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/watch?v=9agrzcQDShI
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/watch?v=9agrzcQDShI
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.0.1931528312\2120193491" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {420749cd-2e90-48e7-92f6-631e0f540b26} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 1936 141bfadd558 gpu
      4⤵
      PID:2596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.1.164142193\2007876516" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7981cb74-5552-4737-8218-b2ad786368df} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2424 141b2a6fb58 socket
      4⤵
      PID:3356
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.2.416616846\1145404800" -childID 1 -isForBrowser -prefsHandle 3364 -prefMapHandle 3348 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b1ad4f4-efe3-4baf-a95f-6ae474c647d2} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3464 141c36ed458 tab
      4⤵
      PID:2660
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.3.1681048513\1565168540" -childID 2 -isForBrowser -prefsHandle 4148 -prefMapHandle 4144 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {724dc4ee-d395-435a-95e9-eb5a78737426} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 4160 141c4ded258 tab
      4⤵
      PID:3212
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.6.1724986169\1633893902" -childID 5 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37029352-29c0-4b81-8897-38897c247f88} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5248 141c638e258 tab
      4⤵
      PID:3612
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.5.1790941962\1850736989" -childID 4 -isForBrowser -prefsHandle 4864 -prefMapHandle 4868 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {17ed869c-9339-47bb-9de6-4b86718f540d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 4960 141c6390058 tab
      4⤵
      PID:2044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.4.719435001\1709514364" -childID 3 -isForBrowser -prefsHandle 4780 -prefMapHandle 4288 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {665ed152-6a12-419e-ba8f-e6bf9052e8af} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 4788 141c4827058 tab
      4⤵
      PID:2932
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.7.1329682311\146888288" -parentBuildID 20221007134813 -prefsHandle 4896 -prefMapHandle 4868 -prefsLen 26578 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49166964-83cc-4f23-9100-9bf9f9aff3fc} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5428 141c5b3b558 rdd
      4⤵
      PID:4988
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.8.1285490874\1151607023" -childID 6 -isForBrowser -prefsHandle 5788 -prefMapHandle 5752 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be7b914d-034c-45ae-836a-7eb1ae869e75} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 5820 141b2a30258 tab
      4⤵
      PID:5092
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.9.1239453115\440356367" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5880 -prefMapHandle 5988 -prefsLen 26578 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f299ae50-fbe6-4f33-9fc3-0b5500bfaca5} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6084 141c7824e58 utility
      4⤵
      PID:1720
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.10.583730814\929718705" -childID 7 -isForBrowser -prefsHandle 6504 -prefMapHandle 6464 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b2d1642-0c66-4cab-a79e-09004747e12b} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6496 141c56b6358 tab
      4⤵
      PID:4160
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.11.174543800\850418399" -childID 8 -isForBrowser -prefsHandle 4612 -prefMapHandle 5452 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {338eeaff-7c37-4d98-bdef-64df25dbfe0c} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 3176 141b2a66b58 tab
      4⤵
      PID:5256
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.12.1655813852\162371401" -childID 9 -isForBrowser -prefsHandle 10400 -prefMapHandle 10404 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3980298-3f8e-4801-ae20-c57c12b78bd2} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 10392 141c7909f58 tab
      4⤵
      PID:5192
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.13.1217879186\1247318248" -childID 10 -isForBrowser -prefsHandle 4564 -prefMapHandle 5776 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d17cf79a-b155-4eb7-847d-2ea68f4879c8} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2964 141c86ee358 tab
      4⤵
      PID:5840
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.14.1260307152\1247093354" -childID 11 -isForBrowser -prefsHandle 9968 -prefMapHandle 9964 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f14a3197-90f9-445f-980c-725baf3c70d6} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 9980 141c86edd58 tab
      4⤵
      PID:5856
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.15.2132686958\2086494232" -childID 12 -isForBrowser -prefsHandle 9728 -prefMapHandle 9740 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1e77a9-4cf3-4f9a-9cb3-f0f792f51a17} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 9688 141c8a95458 tab
      4⤵
      PID:3440
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.16.1045561934\257199997" -childID 13 -isForBrowser -prefsHandle 9564 -prefMapHandle 9560 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00babacc-dc93-42f1-92fd-b8dd7264ff05} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 9680 141c8a96658 tab
      4⤵
      PID:4452
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.17.272395509\1111151486" -childID 14 -isForBrowser -prefsHandle 9336 -prefMapHandle 9680 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba63eb18-a827-499c-99a2-783f677d9b08} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 9524 141c9812358 tab
      4⤵
      PID:5900
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.20.406993697\522912326" -childID 17 -isForBrowser -prefsHandle 8628 -prefMapHandle 8624 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f63e3164-ddc2-4d59-8528-8f234bb1d835} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8832 141c9d20358 tab
      4⤵
      PID:2044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.19.1067194521\620144665" -childID 16 -isForBrowser -prefsHandle 8864 -prefMapHandle 8948 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb40b85e-3dc0-4c08-be16-57b9b91e0c70} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8812 141c9813e58 tab
      4⤵
      PID:1524
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.18.965564654\105502937" -childID 15 -isForBrowser -prefsHandle 8920 -prefMapHandle 8936 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e651227c-2261-4116-a53e-0e1bf500de2d} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 9024 141c9812f58 tab
      4⤵
      PID:1516
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.21.640068884\348076344" -childID 18 -isForBrowser -prefsHandle 8456 -prefMapHandle 6316 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ab0aa7a-de51-43ea-9bd0-c017f76b27dc} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8924 141c9b5c758 tab
      4⤵
      PID:5592
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.22.312538060\965824152" -childID 19 -isForBrowser -prefsHandle 8624 -prefMapHandle 10256 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97703152-2f7a-4351-9cc3-687ae3de9987} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8576 141c9b5dc58 tab
      4⤵
      PID:4556
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.23.686573148\1000021373" -childID 20 -isForBrowser -prefsHandle 7944 -prefMapHandle 7928 -prefsLen 27035 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0be373d1-d184-4185-80f2-cbf2f87326df} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7920 141ca7dc758 tab
      4⤵
      PID:2372
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.24.1609381395\1802612147" -childID 21 -isForBrowser -prefsHandle 8652 -prefMapHandle 8544 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b6e9c8d-4284-4a30-9dbb-8dd7b6552641} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8812 141c9eb4258 tab
      4⤵
      PID:5116
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.25.1963544741\901384023" -childID 22 -isForBrowser -prefsHandle 7728 -prefMapHandle 7720 -prefsLen 27171 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c7aee84-e51c-4ce1-b50c-0695f57567d5} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 8400 141cbec0058 tab
      4⤵
      PID:5144
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.27.1151441003\1300397201" -childID 24 -isForBrowser -prefsHandle 7200 -prefMapHandle 7196 -prefsLen 27211 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5d3af82-4d4f-47e4-9b62-d02fd8afe150} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 10416 141c4959158 tab
      4⤵
      PID:6164
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.26.1889078662\209900125" -childID 23 -isForBrowser -prefsHandle 6800 -prefMapHandle 4932 -prefsLen 27211 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {582f5955-a77b-421b-bb15-46ec26b8fdf0} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7340 141c4959d58 tab
      4⤵
      PID:632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.28.156166185\1704614185" -childID 25 -isForBrowser -prefsHandle 6412 -prefMapHandle 6408 -prefsLen 27574 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e618e0f9-40d4-408a-9551-9526926b9569} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 10088 141c7ee7558 tab
      4⤵
      PID:6792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.29.2082080048\61550862" -childID 26 -isForBrowser -prefsHandle 7020 -prefMapHandle 7024 -prefsLen 27574 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abaf6235-682c-45e8-95eb-06da3e329629} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 7040 141c7ee7258 tab
      4⤵
      PID:4004
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.31.2099267088\1462716149" -childID 28 -isForBrowser -prefsHandle 10444 -prefMapHandle 10448 -prefsLen 27574 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {585f3d9f-b7e1-40d2-9b1a-3fc8562b6b00} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 6880 141c7fc6058 tab
      4⤵
      PID:948
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4868.30.840270517\1291541498" -childID 27 -isForBrowser -prefsHandle 7188 -prefMapHandle 9264 -prefsLen 27574 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6898a0b8-1fb3-4d78-8612-04acde83bafb} 4868 "\\.\pipe\gecko-crash-server-pipe.4868" 2996 141c7ee8d58 tab
      4⤵
      PID:1004
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2O23-F1LES-S0ft\" -spe -an -ai#7zMap3857:92:7zEvent23106
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:6448
- C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe
  "C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- - C:\ProgramData\52533868724443606887.exe
    "C:\ProgramData\52533868724443606887.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Adds Run key to start application
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:2012
  - - C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Checks whether UAC is enabled
      Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4872
- - C:\ProgramData\98893173357922831763.exe
    "C:\ProgramData\98893173357922831763.exe"
    3⤵
    - Suspicious use of NtCreateUserProcessOtherParentProcess
    - Drops file in Drivers directory
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    PID:6392
- - C:\ProgramData\50726722021639712065.exe
    "C:\ProgramData\50726722021639712065.exe"
    3⤵
    - Executes dropped EXE
    PID:3064
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /C choice /C Y /N /D Y /T 0 &Del C:\ProgramData\50726722021639712065.exe
      4⤵
      PID:6400
    - - C:\Windows\system32\choice.exe
        
        choice /C Y /N /D Y /T 0
        5⤵
        
        PID:6492
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1236
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#enfsgst#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
  2⤵
  PID:1280
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
  2⤵
  PID:7048
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-ac 0
    3⤵
    PID:6764
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-ac 0
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:3008
- - C:\Windows\System32\powercfg.exe
    powercfg /x -hibernate-timeout-dc 0
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:6492
- - C:\Windows\System32\powercfg.exe
    powercfg /x -standby-timeout-dc 0
    3⤵
    PID:1944
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
  2⤵
  PID:6972
- C:\Windows\System32\schtasks.exe
  C:\Windows\System32\schtasks.exe /run /tn "GoogleUpdateTaskMachineQC"
  2⤵
  PID:6420
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramFiles) -Force
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:5548
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe <#enfsgst#> IF([System.Environment]::OSVersion.Version -lt [System.Version]"6.2") { schtasks /create /f /sc onlogon /rl highest /ru 'System' /tn 'GoogleUpdateTaskMachineQC' /tr '''C:\Program Files\Google\Chrome\updater.exe''' } Else { Register-ScheduledTask -Action (New-ScheduledTaskAction -Execute 'C:\Program Files\Google\Chrome\updater.exe') -Trigger (New-ScheduledTaskTrigger -AtStartup) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DisallowHardTerminate -DontStopIfGoingOnBatteries -DontStopOnIdleEnd -ExecutionTimeLimit (New-TimeSpan -Days 1000)) -TaskName 'GoogleUpdateTaskMachineQC' -User 'System' -RunLevel 'Highest' -Force; }
  2⤵
  - Modifies data under HKEY_USERS
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Windows\System32\conhost.exe
  C:\Windows\System32\conhost.exe
  2⤵
  PID:5016
- C:\Windows\System32\conhost.exe
  C:\Windows\System32\conhost.exe
  2⤵
  PID:3392
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c powercfg /x -hibernate-timeout-ac 0 & powercfg /x -hibernate-timeout-dc 0 & powercfg /x -standby-timeout-ac 0 & powercfg /x -standby-timeout-dc 0
  2⤵
  PID:3772
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c sc stop UsoSvc & sc stop WaaSMedicSvc & sc stop wuauserv & sc stop bits & sc stop dosvc
  2⤵
  PID:4536

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5536

C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
1⤵
- Launches sc.exe
PID:6484

C:\Windows\System32\sc.exe
sc stop dosvc
1⤵
- Launches sc.exe
PID:3260

C:\Windows\System32\sc.exe
sc stop bits
1⤵
- Launches sc.exe
- Suspicious use of AdjustPrivilegeToken
PID:6764

C:\Windows\System32\sc.exe
sc stop wuauserv
1⤵
- Launches sc.exe
PID:4700

C:\Windows\System32\sc.exe
sc stop UsoSvc
1⤵
- Launches sc.exe
PID:2648

C:\Program Files\Google\Chrome\updater.exe
"C:\Program Files\Google\Chrome\updater.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Drops file in Drivers directory
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:6972

C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-ac 0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1944

C:\Windows\System32\powercfg.exe
powercfg /x -hibernate-timeout-dc 0
1⤵
PID:4932

C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-ac 0
1⤵
PID:6548

C:\Windows\System32\powercfg.exe
powercfg /x -standby-timeout-dc 0
1⤵
PID:6620

C:\Windows\System32\sc.exe
sc stop dosvc
1⤵
- Launches sc.exe
PID:1696

C:\Windows\System32\sc.exe
sc stop bits
1⤵
- Launches sc.exe
PID:6772

C:\Windows\System32\sc.exe
sc stop wuauserv
1⤵
- Launches sc.exe
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1280

C:\Windows\System32\sc.exe
sc stop WaaSMedicSvc
1⤵
- Launches sc.exe
PID:1564

C:\Windows\System32\sc.exe
sc stop UsoSvc
1⤵
- Launches sc.exe
PID:2924

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Google\Chrome\updater.exe

Filesize
9.9MB

MD5
2e09202e39b8e3b41b4841e75e17f43d

SHA1
37bccb3de760ea9ac2f1e242ee3ffc86b92fa7f7

SHA256
b8eaac8637fdb755b7d8c6688652a63c96ceadbd6bd93c75b327183e9d9eb6bc

SHA512
7d757f6ea6e8c99f572c4e334f86a0bc5fde932363e149b8baf8a9d18af9ce06d18f53fc8cc503175e2d44a16e097a03a5a15cde7ef939d4612d77e32ea37f0a

Download Submit
C:\Program Files\Google\Chrome\updater.exe

Filesize
9.9MB

MD5
2e09202e39b8e3b41b4841e75e17f43d

SHA1
37bccb3de760ea9ac2f1e242ee3ffc86b92fa7f7

SHA256
b8eaac8637fdb755b7d8c6688652a63c96ceadbd6bd93c75b327183e9d9eb6bc

SHA512
7d757f6ea6e8c99f572c4e334f86a0bc5fde932363e149b8baf8a9d18af9ce06d18f53fc8cc503175e2d44a16e097a03a5a15cde7ef939d4612d77e32ea37f0a

Download Submit
C:\ProgramData\50726722021639712065.exe

Filesize
13.9MB

MD5
bb551048467179b793dc9ebf92256b05

SHA1
b4a4cddeb680ba816a3db582e9edc4f3b4d1d3ce

SHA256
c3e1544a6a417a63fe24c8321b43af5c790881ec823d3e6673eb86c967b25e47

SHA512
3a40212a29b8e5b0e0e6935d2ce26f4d338372e0bff78b45d210f50cb932dbdb00ef847f2a76026456606c659d869ad91cf62a6a769b0f4f296b7e54f347201a

Download Submit
C:\ProgramData\50726722021639712065.exe

Filesize
13.9MB

MD5
bb551048467179b793dc9ebf92256b05

SHA1
b4a4cddeb680ba816a3db582e9edc4f3b4d1d3ce

SHA256
c3e1544a6a417a63fe24c8321b43af5c790881ec823d3e6673eb86c967b25e47

SHA512
3a40212a29b8e5b0e0e6935d2ce26f4d338372e0bff78b45d210f50cb932dbdb00ef847f2a76026456606c659d869ad91cf62a6a769b0f4f296b7e54f347201a

Download Submit
C:\ProgramData\50726722021639712065.exe

Filesize
13.9MB

MD5
bb551048467179b793dc9ebf92256b05

SHA1
b4a4cddeb680ba816a3db582e9edc4f3b4d1d3ce

SHA256
c3e1544a6a417a63fe24c8321b43af5c790881ec823d3e6673eb86c967b25e47

SHA512
3a40212a29b8e5b0e0e6935d2ce26f4d338372e0bff78b45d210f50cb932dbdb00ef847f2a76026456606c659d869ad91cf62a6a769b0f4f296b7e54f347201a

Download Submit
C:\ProgramData\52533868724443606887.exe

Filesize
4.1MB

MD5
4742e0688ce362617543f397bf5ed237

SHA1
4ccf29df9bae0f0ab761cc52f2186ec11a172352

SHA256
7de1d4823ee481df27c4ad35cbfee9f68616b05b3e12fa671a67f1f032988fc1

SHA512
f22451e29ea7dd0c35fb7e5149a4ca3c4be25d4fd648643bcc9b77240568e11219309cac443533c76e2b50ea0b5a8118cb6a12df07b3af9ad190ded8ab8db3cb

Download Submit
C:\ProgramData\52533868724443606887.exe

Filesize
4.1MB

MD5
4742e0688ce362617543f397bf5ed237

SHA1
4ccf29df9bae0f0ab761cc52f2186ec11a172352

SHA256
7de1d4823ee481df27c4ad35cbfee9f68616b05b3e12fa671a67f1f032988fc1

SHA512
f22451e29ea7dd0c35fb7e5149a4ca3c4be25d4fd648643bcc9b77240568e11219309cac443533c76e2b50ea0b5a8118cb6a12df07b3af9ad190ded8ab8db3cb

Download Submit
C:\ProgramData\52533868724443606887.exe

Filesize
4.1MB

MD5
4742e0688ce362617543f397bf5ed237

SHA1
4ccf29df9bae0f0ab761cc52f2186ec11a172352

SHA256
7de1d4823ee481df27c4ad35cbfee9f68616b05b3e12fa671a67f1f032988fc1

SHA512
f22451e29ea7dd0c35fb7e5149a4ca3c4be25d4fd648643bcc9b77240568e11219309cac443533c76e2b50ea0b5a8118cb6a12df07b3af9ad190ded8ab8db3cb

Download Submit
C:\ProgramData\98893173357922831763.exe

Filesize
9.9MB

MD5
2e09202e39b8e3b41b4841e75e17f43d

SHA1
37bccb3de760ea9ac2f1e242ee3ffc86b92fa7f7

SHA256
b8eaac8637fdb755b7d8c6688652a63c96ceadbd6bd93c75b327183e9d9eb6bc

SHA512
7d757f6ea6e8c99f572c4e334f86a0bc5fde932363e149b8baf8a9d18af9ce06d18f53fc8cc503175e2d44a16e097a03a5a15cde7ef939d4612d77e32ea37f0a

Download Submit
C:\ProgramData\98893173357922831763.exe

Filesize
9.9MB

MD5
2e09202e39b8e3b41b4841e75e17f43d

SHA1
37bccb3de760ea9ac2f1e242ee3ffc86b92fa7f7

SHA256
b8eaac8637fdb755b7d8c6688652a63c96ceadbd6bd93c75b327183e9d9eb6bc

SHA512
7d757f6ea6e8c99f572c4e334f86a0bc5fde932363e149b8baf8a9d18af9ce06d18f53fc8cc503175e2d44a16e097a03a5a15cde7ef939d4612d77e32ea37f0a

Download Submit
C:\ProgramData\98893173357922831763.exe

Filesize
9.9MB

MD5
2e09202e39b8e3b41b4841e75e17f43d

SHA1
37bccb3de760ea9ac2f1e242ee3ffc86b92fa7f7

SHA256
b8eaac8637fdb755b7d8c6688652a63c96ceadbd6bd93c75b327183e9d9eb6bc

SHA512
7d757f6ea6e8c99f572c4e334f86a0bc5fde932363e149b8baf8a9d18af9ce06d18f53fc8cc503175e2d44a16e097a03a5a15cde7ef939d4612d77e32ea37f0a

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
3a6bad9528f8e23fb5c77fbd81fa28e8

SHA1
f127317c3bc6407f536c0f0600dcbcf1aabfba36

SHA256
986366767de5873f1b170a63f2a33ce05132d1afd90c8f5017afbca8ef1beb05

SHA512
846002154a0ece6f3e9feda6f115d3161dc21b3789525dd62ae1d9188495171293efdbe7be4710666dd8a15e66b557315b5a02918a741ed1d5f3ff0c515b98e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\activity-stream.discovery_stream.json.tmp

Filesize
146KB

MD5
6296e88bdb6577e2d939e8bf3e740c0c

SHA1
02dbdb65078b693fe3a4b968213d3b56acca310e

SHA256
d3a76b97bc6be067fb98c1560245cefe24b9db78a55a9c7a59c00cf51f517c39

SHA512
1184d0e77fe7e2a94c93fe2497346f7d07d30801b18bbd73860dc4d5cdcfc11e33d80f7a2c0fa41fac24fd6c5a394cd73860b85946e941ba891c9e0a4618044c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\10137

Filesize
74KB

MD5
67f821bbaf443f61f25d9808426d6df1

SHA1
08a99c0610de655c0892b97ba94a0c6dd2f360e6

SHA256
fcb1218b5d64ba6d7f7073d88bc1dd6bcbf0f10b0bd2d974c87dde5a87c7704d

SHA512
9098387ab5d99ce948cb3858ae51dd4decdd3bf5514fd582a61c4f7c66705894b56c2b0f4c545230e9995be03ee5e7c0582c351758d02d908b7cfe124e2fde74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\13767

Filesize
74KB

MD5
85998f5a31e73e4fd9c26a4588d25bd7

SHA1
8f61b9835f59ae5c878189f5c541ad3e129ce62e

SHA256
5f7bf530c46347bb0d33868220a7f77408b42e0d60cc031638062f0afd60f33e

SHA512
d2745828f1b0bcccfe8b4b5b01b1ed5997dc983c03c954d973495d5f1dc29a92f535fd9e91b86a5d6c718aa9e2196dd207e3fdfbac7669e51d0f23031e1bedfe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\15120

Filesize
29KB

MD5
4d01acceee3aaabbeb890c454f457cae

SHA1
2a93be38f1265bc0bbf5c92afcd49475b3de261d

SHA256
57f1b96e19787d3db80fdb4fb40fe152722799059558b8529001c7e89d982ef7

SHA512
d87becfd9c592f1c6755d69624a120076e95eb449d90a860d17038c862a69f434f89ffbcf655ace6ddbd7a7f26ca0a3c52f2f6e61e955bc9cd6d8fb6d3859eb9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\1639

Filesize
9KB

MD5
a856f123bbce9bd57d1971bbb2d0a6eb

SHA1
63b567c1c19c43338ee5fd035c8969e5f48227a5

SHA256
aad8ee56fe06ee04aff1fe493198f020598fc545867a73ebac13e3f9a8f5780d

SHA512
d2feca76e83593d8dcea1dbecdd9c3c42a1f9c64fe9737263314cd8b7e60f2d08dea3828a496913ed443c3b084b2d52e794f1f1004e47b46371b9d8dba70d87b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\21852

Filesize
95KB

MD5
c6940b1588e4a46b980a06f81e9ff237

SHA1
719656564960f4d0ef55f1ac93711abe7ba16ade

SHA256
2a97100c052846b79bea6dd0f16c7444418ba5c522ae9303bb67376ec4ff71c7

SHA512
3e04bfb7ac9d1690f79a220c3f8d6546011acdfce46fa7832ef406f4f92c110afbedda873594d16a2c26e72da75df25fe5b19760a02d5ab91bd11e881a4f28bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\28271

Filesize
95KB

MD5
a74769838728eb7b67b43d56d76d0571

SHA1
99330635b4fe2de97c8c0522358261b01bc29e56

SHA256
2a57d3a86927969d103e2b44679819779e3599bc12d5ab0da448c7772e3efb06

SHA512
ce850819b1f6ec43d2d122a84af6dc6985274591623bfde08a48b673d4ef6ea5dd56256bcfa84c8a3d247b605f41aaf7502e5cbd7555c4c921f70b39f710feef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\30204

Filesize
9KB

MD5
cdebe5d7457274adb669f8b83df51cee

SHA1
db64c075d04dbe9878c3246f602294b56006236a

SHA256
db3ba65a14b155cb9f7c1da8c9cbae995f625dad8cfe2ccccc9053c67b0ede12

SHA512
c40bc238c6de8dc399a41d27d1b8387f88abfdc190bceea9b3376e3d63180fdefc384b922f7856d2f902a3d865fba18f3e18f9bdcffd9f97b5e69021f42da1e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\5665

Filesize
95KB

MD5
44df0d64fe04e532cbad0ca20886d899

SHA1
afef75e79e4f97074f3f29fd252de1c00c827fa2

SHA256
9344df1eea10157a8a5dd20428b3341248cbec3ef25934412547a692bda40646

SHA512
feca56bd7ca9e53239e190c6aafaee175a8188db49d1f0eaef8a90dac13ac1a52fa7245506b0865a15c5e5acf383d1b98afe72cd9d17ae74aaf05cabb99219a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\doomed\8589

Filesize
55KB

MD5
a319c2d15426a35f4a24c0cce21533d9

SHA1
160efb5dd03a6327fe738a9e99213600512b3fa0

SHA256
29d5256203f1c8d922447854e365acfdace74033b63129cf97d50c02f683c8a2

SHA512
7f42d55b601ba3635ddc6b550dd7f9bf6fec85c93d6f91de2076150281248092441a07b4439c2dff4cf55b6763a1c86ee2f557704e9b1266e599942a41626dfc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\entries\0255B172655637D645FF090B5C8871809B23CA3F

Filesize
128KB

MD5
04ef64264b242c193c77720eef5e6ff6

SHA1
2e84010bc0ceff086b0f5ca3a3c1063299e1e2e6

SHA256
308e6c5fe23cf6f1340a70fdeac5c660c91a30a8787e603f5811fc437798f36f

SHA512
468e7a9308dbef5aeba55fa1ad108e7e3342eef8e285ea813d0f780d9a2c5077cfd8677017f5c817500aac550606da6aafc10ef38fed938eb61da1086f251d96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\entries\7668674CB17DCD3EA3D85F7BE57D3E095AE53F2F

Filesize
14KB

MD5
8882bec66561cab3afcc98c72713b5e1

SHA1
4f50321848178c956c8eb6fc4b2e5c0ecb0189d8

SHA256
133365f989965ed456a2c275f0c965f315d254f2a73f4de00c65a0c2f0b26049

SHA512
4af454c95a6745f26948887c25d89bad905f903316c25d52ded2eb3c927c0fec7cd0ebda38a9eaec26daa7011d99b449282d3559851331c203e6f5aa3f907d67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\entries\917E41E135032D6BD66E5D6F84F0988D37234A33

Filesize
14KB

MD5
7346a4bd41e0b93a0030ede88877e9bb

SHA1
99cb0babd11ea76a20f507f9337567220401e01a

SHA256
eb6b2283fd2952f823990dcfa6ecd1f4082dead7b32bac15fab479d09ddaa3e7

SHA512
b9aacf355f479adae54bdd4bbb5b378c672dfc7ca559ff4abe24da32d9c88e85846221d86a441527c7fe03aa36ef22bf9d080b9e59d54c67c2951d9fe1fef7ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cache2\entries\AF90C0E6D5A427706EA5308BC366F06D179545E9

Filesize
95KB

MD5
99b4429b8a1af454f47573f31443420f

SHA1
e92c420e109a5f4d407cb6f4b8a4a29b6b8ba1ba

SHA256
1bbff4d8ec973eb2ecc3c9b2b0146b739e3562273e528a0b17f6cce1ffd967dc

SHA512
4fb257046942e11c463d081b9905cdac97eed7458db5ce70b1f2a70edce0fe581d31e621c252ede8ccdac64d72fe6fc36409b6f0f65f46ffec2fc44586c2bc08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_arts_and_entertainment.json

Filesize
67KB

MD5
6c651609d367b10d1b25ef4c5f2b3318

SHA1
0abcc756ea415abda969cd1e854e7e8ebeb6f2d4

SHA256
960065cc44a09bef89206d28048d3c23719d2f5e9b38cfc718ca864c9e0e91e9

SHA512
3e084452eefe14e58faa9ef0d9fda2d21af2c2ab1071ae23cde60527df8df43f701668ca0aa9d86f56630b0ab0ca8367803c968347880d674ad8217fba5d8915

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_autos_and_vehicles.json

Filesize
44KB

MD5
39b73a66581c5a481a64f4dedf5b4f5c

SHA1
90e4a0883bb3f050dba2fee218450390d46f35e2

SHA256
022f9495f8867fea275ece900cfa7664c68c25073db4748343452dbc0b9eda17

SHA512
cfb697958e020282455ab7fabc6c325447db84ead0100d28b417b6a0e2455c9793fa624c23cb9b92dfea25124f59dcd1d5c1f43bf1703a0ad469106b755a7cdd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_beauty_and_fitness.json

Filesize
33KB

MD5
0ed0473b23b5a9e7d1116e8d4d5ca567

SHA1
4eb5e948ac28453c4b90607e223f9e7d901301c4

SHA256
eed46e8fe6ff20f89884b4fc68a81e8d521231440301a01bb89beec8ebad296b

SHA512
464508d7992edfa0dfb61b04cfc5909b7daacf094fc81745de4d03214b207224133e48750a710979445ee1a65bb791bf240a2b935aacaf3987e5c67ff2d8ba9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_blogging_resources_and_services.json

Filesize
33KB

MD5
c82700fcfcd9b5117176362d25f3e6f6

SHA1
a7ad40b40c7e8e5e11878f4702952a4014c5d22a

SHA256
c9f2a779dba0bc886cc1255816bd776bdc2e8a6a8e0f9380495a92bb66862780

SHA512
d38e65ab55cee8fef538ad96448cd0c6b001563714fc7b37c69a424d0661ec6b7d04892cf4b76b13ddbc7d300c115e87e0134d47c3f38ef51617e5367647b217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_books_and_literature.json

Filesize
67KB

MD5
df96946198f092c029fd6880e5e6c6ec

SHA1
9aee90b66b8f9656063f9476ff7b87d2d267dcda

SHA256
df23a5b6f583ec3b4dce2aca8ff53cbdfadfd58c4b7aeb2e397eade5ff75c996

SHA512
43a9fc190f4faadef37e01fa8ad320940553b287ed44a95321997a48312142f110b29c79eed7930477bfb29777a5a9913b42bf22ce6bb3e679dda5af54a125ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_business_and_industrial.json

Filesize
45KB

MD5
a92a0fffc831e6c20431b070a7d16d5a

SHA1
da5bbe65f10e5385cbe09db3630ae636413b4e39

SHA256
8410809ebac544389cf27a10e2cbd687b7a68753aa50a42f235ac3fc7b60ce2c

SHA512
31a8602e1972900268651cd074950d16ad989b1f15ff3ebbd8e21e0311a619eef4d7d15cdb029ea8b22cf3b8759fa95b3067b4faaadcb90456944dbc3c9806a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_computers_and_electronics.json

Filesize
45KB

MD5
6ccd943214682ac8c4ec08b7ec6dbcbd

SHA1
18417647f7c76581d79b537a70bf64f614f60fa2

SHA256
ab20b97406b0d9bf4f695e5ec7db4ebad5efb682311e74ca757d45b87ffc106b

SHA512
e57573d6f494df8aa7e8e6a20427a18f6868e19dc853b441b8506998158b23c7a4393b682c83b3513aae5075a21148dd8ca854a11dabcea6a0a0db8f2e6828b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_finance.json

Filesize
33KB

MD5
e95c2d2fc654b87e77b0a8a37aaa7fcf

SHA1
b4b00c9554839cab6a50a7ed8cd43d21fdaf35dc

SHA256
384bf5fcc6928200c7ebb1f03f99bf74f6063e78d3cd044374448f879799318e

SHA512
9696998a8d0e3a85982016ff0a22bb8ae1790410f1f6198bb379c0a192579f24c75c25c7648b76b00d25a32ac204178acaccd744ee78846dfc62ebf70bf7b93a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_food_and_drink.json

Filesize
67KB

MD5
70ba02dedd216430894d29940fc627c2

SHA1
f0c9aa816c6b0e171525a984fd844d3a8cabd505

SHA256
905357002f2eced8bba1be2285a9b83198f60d2f9bb1144b5c119994f2ec6e34

SHA512
3ae60d0bf3c45d28e340d97106790787be2cc80ba579d313b5414084664b86e89879391c99e94b6e33bdc5508ea42a9fd34f48ca9b1e7adfa7b6dd22c783c263

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_games.json

Filesize
44KB

MD5
4182a69a05463f9c388527a7db4201de

SHA1
5a0044aed787086c0b79ff0f51368d78c36f76bc

SHA256
35e67835a5cf82144765dfb1095ebc84ac27d08812507ad0a2d562bf68e13e85

SHA512
40023c9f89e0357fae26c33a023609de96b2a0b439318ef944d3d5b335b0877509f90505d119154eaa81e1097ecfb5aa44dd8bb595497cdecfc3ee711a1fe1d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_health.json

Filesize
33KB

MD5
11711337d2acc6c6a10e2fb79ac90187

SHA1
5583047c473c8045324519a4a432d06643de055d

SHA256
150f21c4f60856ab5e22891939d68d062542537b42a7ce1f8a8cec9300e7c565

SHA512
c2301ed72f623b22f05333c5ecc5ebf55d8a2d9593167cc453a66d8f42c05ff7c11e2709b6298912038a8ea6175f050bbc6d1fc4381f385f7ad7a952ad1e856b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_hobbies_and_leisure.json

Filesize
67KB

MD5
bb45971231bd3501aba1cd07715e4c95

SHA1
ea5bfd43d60a3d30cda1a31a3a5eb8ea0afa142a

SHA256
47db7797297a2a81d28c551117e27144b58627dbac1b1d52672b630d220f025d

SHA512
74767b1badbd32cacd3f996b8172df9c43656b11fea99f5a51fff38c6c6e2120fae8bdd0dd885234a3f173334054f580164fdf8860c27cbcf5fb29c5bcdc060d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_home_and_garden.json

Filesize
33KB

MD5
250acc54f92176775d6bdd8412432d9f

SHA1
a6ad9ad7519e5c299d4b4ba458742b1b4d64cb65

SHA256
19edd15ebce419b83469d2ab783c0c1377d72a186d1ff08857a82bca842eea54

SHA512
a52c81062f02c15701f13595f4476f0a07735034fcf177b1a65b001394a816020ee791fed5afae81d51de27630b34a85efa717fe80da733556fdda8739030f49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_internet_and_telecom.json

Filesize
67KB

MD5
36689de6804ca5af92224681ee9ea137

SHA1
729d590068e9c891939fc17921930630cd4938dd

SHA256
e646d43505c9c4e53dbaa474ef85d650a3f309ccf153d106f328d9b6aeb66d52

SHA512
1c4f4aa02a65a9bbdf83dc5321c24cbe49f57108881616b993e274f5705f0466be2dd3389055a725b79f3317c98bdf9f8d47f86d62ebd151e4c57cc4dca2487c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_jobs_and_education.json

Filesize
33KB

MD5
2d69892acde24ad6383082243efa3d37

SHA1
d8edc1c15739e34232012bb255872991edb72bc7

SHA256
29080288b2130a67414ecb296a53ddd9f0a4771035e3c1b2112e0ce656a7481a

SHA512
da391152e1fbce1f03607b486c5dea9a298a438e58e440ebb7b871bd5c62d7339b540eed115b4001b9840de1ba3898c6504872ff9094ba4d6a47455051c3f1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_law_and_government.json

Filesize
68KB

MD5
80c49b0f2d195f702e5707ba632ae188

SHA1
e65161da245318d1f6fdc001e8b97b4fd0bc50e7

SHA256
257ee9a218a1b7f9c1a6c890f38920eb7e731808e3d9b9fc956f8346c29a3e63

SHA512
972e95de7fe330c61cd22111bd3785999d60e7c02140809122d696a1f1f76f2cd0d63d6d92f657cdec24366d66b681e24f2735a8aabb8bcecec43c74e23fb4f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_online_communities.json

Filesize
67KB

MD5
37a74ab20e8447abd6ca918b6b39bb04

SHA1
b50986e6bb542f5eca8b805328be51eaa77e6c39

SHA256
11b6084552e2979b5bc0fd6ffdc61e445d49692c0ae8dffedc07792f8062d13f

SHA512
49c6b96655ba0b5d08425af6815f06237089ec06926f49de1f03bc11db9e579bd125f2b6f3eaf434a2ccf10b262c42af9c35ab27683e8e9f984d5b36ec8f59fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_people_and_society.json

Filesize
45KB

MD5
b1bd26cf5575ebb7ca511a05ea13fbd2

SHA1
e83d7f64b2884ea73357b4a15d25902517e51da8

SHA256
4990a5d17bea15617624c48a0c7c23d16e95f15e2ec9dd1d82ee949567bbaec0

SHA512
edcede39c17b494474859bc1a9bbf18c9f6abd3f46f832086db3bb1337b01d862452d639f89f9470ca302a6fcb84a1686853ebb4b08003cb248615f0834a1e02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_pets_and_animals.json

Filesize
44KB

MD5
5b26aca80818dd92509f6a9013c4c662

SHA1
31e322209ba7cc1abd55bbb72a3c15bc2e4a895f

SHA256
dd537bfb1497eb9457c0c8ecbd2846f325e13ddef3988fd293a29e68ab0b2671

SHA512
29038f9f3b9b12259fb42daa93cdefabb9fb32a10f0d20f384a72fe97214eff1864b7fa2674c37224b71309d7d9cea4e36abd24a45a0e65f0c61dc5ca161ec7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_real_estate.json

Filesize
67KB

MD5
9899942e9cd28bcb9bf5074800eae2d0

SHA1
15e5071e5ed58001011652befc224aed06ee068f

SHA256
efcf6b2d09e89b8c449ffbcdb5354beaa7178673862ebcdd6593561f2aa7d99a

SHA512
9f7a5fbe6d46c694e8bc9b50e7843e9747ea3229cf4b00b8e95f1a5467bd095d166cbd523b3d9315c62e9603d990b8e56a018ba4a11d30ad607f5281cc42b4cd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_reference.json

Filesize
56KB

MD5
567eaa19be0963b28b000826e8dd6c77

SHA1
7e4524c36113bbbafee34e38367b919964649583

SHA256
3619daa64036d1f0197cdadf7660e390d4b6e8c1b328ed3b59f828a205a6ea49

SHA512
6766919b06ca209eaed86f99bee20c6dad9cc36520fc84e1c251a668bcfe0afcf720ea6c658268dc3bbaaf602bfdf61eb237c68e08d5252ea6e5d1d2a373b9fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_science.json

Filesize
56KB

MD5
7a8fd079bb1aeb4710a285ec909c62b9

SHA1
8429335e5866c7c21d752a11f57f76399e5634b6

SHA256
9606ce3988b2d2a4921b58ac454f54e53a9ea8f358326522a8b1dcc751b50b32

SHA512
8fc1546e509b5386c9e1088e0e3a1b81f288ef67f1989f3e83888057e23769907a2b184d624a4e4c44fcd5b88d719bd4cca94dfb33798804a721b8be022ec0c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_shopping.json

Filesize
67KB

MD5
97d4a0fd003e123df601b5fd205e97f8

SHA1
a802a515d04442b6bde60614e3d515d2983d4c00

SHA256
bfd7e68ddca6696c798412402965a0384df0c8c209931bbadabf88ccb45e3bb6

SHA512
111e8a96bc8e07be2d1480a820fc30797d861a48d80622425af00b009512aacb30a2df9052c53bfbf4ee0800b6e6f5b56daa93d33f30fecb52e2f3850dfa9130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_sports.json

Filesize
56KB

MD5
ce4e75385300f9c03fdd52420e0f822f

SHA1
85c34648c253e4c88161d09dd1e25439b763628c

SHA256
44da98b03350e91e852fe59f0fc05d752fc867a5049ab0363da8bb7b7078ad14

SHA512
d119dc4706bbf3b6369fe72553cfacf1c9b2688e0188a7524b56d3e2ac85582a18bbee66d5594e0fb40767432646c23bf3e282090bd9b4c29f989a374aeae61f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\nb_model_build_attachment_travel.json

Filesize
67KB

MD5
48139e5ba1c595568f59fe880d6e4e83

SHA1
5e9ea36b9bb109b1ecfc41356cd5c8c9398d4a78

SHA256
4336ac211a822b0a5c3ce5de0d4730665acc351ee1965ea8da1c72477e216dfa

SHA512
57e826f0e1d9b12d11b05d47e2f5ae4f5787537862f26e039918cb14faff4bc854298c0b7de3023e371756a331c0f3ee1aa7cebbbf94ec70cdfc29e00a900ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\personality-provider\recipe_attachment.json

Filesize
1KB

MD5
be3d0f91b7957bbbf8a20859fd32d417

SHA1
fbc0380fe1928d6d0c8ab8b0a793a2bba0722d10

SHA256
fc07d42847eeaf69dcbf1b9a16eb48b141c11feb67aa40724be2aee83cb621b7

SHA512
8da24afcf587fbd4f945201702168e7cfc12434440200d00f09ddcd1d1d358a5e01065ac2a411fdf96a530e94db3697e3530578b392873cf874476b5e65d774a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lpcztjky.1z5.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp-x03.xpi

Filesize
301KB

MD5
eac298753ea3f38be782563d2109f69e

SHA1
0efcd3b02130ba249a1a1aa470c37c100d94e741

SHA256
67399a6bdc5677f8d99ecbd0fa362a0025ded8d2766f816160d062b330b88db9

SHA512
5690e962d2a3018c43f9ffa2a85629a8b83b62fea78a0d9bea1d698c4524bdcf1f6bdd2e50b2b72ba935dae4770b865935e6deb652ed39c936e9d2cf19d474cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
cd5b96e1cf7c0271b1bac1331d555ddc

SHA1
f6867aff7db93d6e83efa1ce6f08a05667ed5369

SHA256
932f3ade1cd71ec459b1543d602d3c055affbbe8ec937e58198e5c4259d27e9d

SHA512
000a15184434ea00e944f3db6332099936061bf784e753e3e0a2a23b6024dab4b0d655f817777daea0d4397e48567c3d6be5384ab00574da3f662b6145c49834

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\AlternateServices-1.txt

Filesize
18KB

MD5
555051bad1be14127c356d38097a6e1f

SHA1
9a68161d2a1184e14174712c56c73c1a0a2bc276

SHA256
ee447035680636eb3d52061eae191e2ab92f12940d1430902dde1d8635783885

SHA512
016549362e992ccdb5d3e2ac563944790971252c25b5212d8c734e0da8b37dacc2fa93bc7303755b12ccd96ebd140c104fcecc55c2ef7a0c6b02914611dc4900

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\SiteSecurityServiceState.txt

Filesize
816B

MD5
63c5138e34cc329a5998ef8338d8374c

SHA1
6ae4e0fbe2753a2dc1f303e2a23d2e95a9e44f8f

SHA256
0aa402c42ff68c7484c9cb6bdc39c479108e245b32d3a20b10abc81ca14d168f

SHA512
2fac5367ffe75880d4912f70aead0a29600e6a1fba06694f0292714e1672ad1d61f28f467f8f9f18a619c0e0895749e3cdae8e530bcb728a73f4990fe16b89c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
627dcd5fdcabf27d41923a1cdd47d232

SHA1
c2509e9dce91b84c540e1bf4c39c51c24cbd4772

SHA256
3909a6ff7d4a8d85a17d9368dc569c24bdb9362eb95a79ad9df69eac95d101b2

SHA512
220734c66a8ba8da3a399119ad5e07b86368335ecd3d545f9c92b0be3ba55c63bc8746ae8f497faa48808af7586148b8b15f1452429088eaf335d42c97b51c07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\bookmarkbackups\bookmarks-2023-06-01_11_ntsCKqzqWqOHOwhBPZZM4g==.jsonlz4

Filesize
951B

MD5
e9c18f5260930eb1e0f1a1fee3e2d690

SHA1
1bd30156222e9b708876414d487b94010872db1b

SHA256
d74c1faed278752ffe15155d6c061f210dff31cd923a3fb22bdf9684ab5253a9

SHA512
847af43ddf4c5e4dc38d048cf1c99c793b9a8fd335ea06c97fc14f2fe946f1ed833bc45701c0df2c34ef5b213e7585058c76ba279b4f4315a6a887b587e4947e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cookies.sqlite

Filesize
512KB

MD5
8a5a671c1ca7257bcbe7bbac020082ae

SHA1
a28f2b157749910476f1e58e51b0c223c0a0b809

SHA256
abe2f7ea4a531405ace760c28c67efa958b2b8af6b6660aa74129b9a7b33ecfc

SHA512
663bdbcd3af65f79dbeedb0208dc611172b425c78a065d6e28affd7609b3a5b2d35057a25c7319abbc631b313eb905d66cee2b5143c1d6f092360c6d76f52173

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cookies.sqlite

Filesize
512KB

MD5
9f495f9aeed433851ab05c694a508073

SHA1
e39d2fab04e1d8ac6667d7d7dedb5e8ae4936ee2

SHA256
0108f3597562a25ffa431e30c3b912282fef89b3fb5fa2f2c2d04a3d071918ea

SHA512
f37cdff4b922eafbb57ae3bfda649bace5c67cbf6be7c1b3d58d0ee8556c43d82d57c68a41d93c132995a5e5e55915fa505e92eb87db888fcddd8338e2756b0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cookies.sqlite-wal

Filesize
544KB

MD5
99de25525325cdcebeb17214eb242a45

SHA1
2648e0fdf81a435146a760229c8a564db3a16ba8

SHA256
67da49f3ccf754be763a099f8c6c93b89793527c8f398066b67fbd765093c542

SHA512
16257a4c0ad0d9607165d8f0be7ba5106e82d42abbb16dd8ee567469edbea15162489f5116ca0351758eed5de782e7fa99c7fca4a04c5b32fa1f5e716e092a42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\cookies.sqlite-wal

Filesize
544KB

MD5
5f1e72a0247acbc0539912c6ecbe6202

SHA1
1ad21fbe4b67b7ba7d279f45939fcbad8980c471

SHA256
f3cc91995c924388e28cc81ac876b9ebd86d8ca7a1ede08c706d80698ad75333

SHA512
66ddfa4ff5ffa8be0f7336e71b2c5a198f7eeb9fb95015fcf394de356660a2b2f2b9343a346ce7f87c5614498a13b599dcd248167a453c52fade9fce6ff1ef38

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\extension-settings.json

Filesize
252B

MD5
44c2ac20aa667acded637aabeaec8d01

SHA1
6f48b40bd8fd29b63b53f571a4330dd1faf605df

SHA256
b31be1d8621453404422a5f0dac94730118b2e01f57dac92b4ce3f07ddefc5a8

SHA512
1659735ea22eece8ae747022618e862f1909b763f5e1d309e4d5fc55e44fe5d50c000b3df50fc42e348337b9f26bdf877390a64a8447eca3a869683aa6e90c1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\extensions.json.tmp

Filesize
43KB

MD5
1606c49116a6a6a2ac9cec533ec7894c

SHA1
f0254667347c180436a3a08703a9de16d761fed2

SHA256
c6d622c7ecf44198e8537c848b289fc2d2606d5862ba9b947c2a1881f5fc9cd3

SHA512
71e68f908d12fcb4c17e9a2bdde1a086de49290f122be70fb3133f924214180874bfc52a5c693e1b630cdc91a43362e13277bf2d1eff9be9f404c310110c0c0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\places.sqlite

Filesize
5.0MB

MD5
72382aa7a5b448c7775b2aab4981421a

SHA1
bbee50ada77e928637c3a236575beb57d177a9d3

SHA256
7ec5f117f7da4c624011e0dd1bbba43978a8dbdceb4b1f164986d934753d9b76

SHA512
a7eb46263cefa001f1f540143c68ae6e352ef0a127a33308a0b84fef5e1a837523f0b9abe6944a1ab04465b6ee4ee99dbbb93b331983af8b86c890f219f2b083

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
7KB

MD5
d6bdb38b9305d38fafad69d38c10b9a5

SHA1
fb3e173e22b69fe59af2e9068401ab8410a0a235

SHA256
45f0fb8b273e977cc2fc553c42388e395e409965c05f424deee7f5abace54165

SHA512
30b470f8ad83350041aa98e1c17285e05adad98cb486893415180ea4cc408abed40037e3eec2ec992fb518e9a70bab0354aa68ecdade4beb46f2664309b4a9c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
6KB

MD5
fd54a1a27935b73eb609c12bfbc5e5ee

SHA1
bfad55dcb71809ba17a72f90de450e8441566c42

SHA256
1a03d00e6392d99a6443c34b5e082ed82148116eb08e1815409cd2aeb4f56fd2

SHA512
313a34351bed317468f01eb4b083cab0e190d3e43226a85961299a637898ba4cc62f2e38bd95109a489d28d4e73c8d5622ecc16a758b8e9dde2511ba6b43a780

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
6KB

MD5
f2b1c0269c33f9f1bc08ad3be00a10f0

SHA1
0ddce285f5a71112f073da8233512d594b87288d

SHA256
8cea74a205ebd8db05275aa279f003a8575d36bdf362ee96a21b3a2aecd8c105

SHA512
4f1aff6f76d55ac29de789408b8be21607ac9381e57e1da4530ce5842be54e9930ae99c119486a5cad9bfe329e0ee8702d8df66015af0943e8575e0054039b1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
7KB

MD5
830fc4e8b05dddf49fd7ccc3a53e7908

SHA1
ac184224b0aa2687043cf45dcd36b24359f17e31

SHA256
778bbef2e4d0999c3753a7dcb0f14cb299ce773fa7f36d469e32b8df41fa870b

SHA512
cd1b81406363f0b95156565d132ab02c9fdfc49c17031c350bf124e37cd9ee90f0271d81e4fed2ec6b7430b9a204bf804d9e42bdf4525d4d32df9d8b73987bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
7KB

MD5
3b697ecf53e340833be08fcfcc10df0f

SHA1
206f2c667515333f4fa24d2e7588a2ee2ac5a5c4

SHA256
a7c2b283efcdd899874b73be3887192ed8f9a07333b562ffd2443d322786ca20

SHA512
8bf68c2ef184fdfee72a2987a0439f776dbc1d7dad2a50e532ad1517918ad0e4e9c0fd7ef5bcdeb5334b5da1123d0802f1bb5fe03994a38c3c8b670902afd308

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
7KB

MD5
7424a6077a4deca82e3de0883b7671f3

SHA1
1e5227168899dc40441321cea8e51677750649d8

SHA256
f2c338fe870a06801a093d713e3da96f98a5d9f10e2bde15f288f580c3b300b5

SHA512
5cc948365141f5462f932381ab89634491803df296879223ee15fda30d841a37d656a8a03d605282616454b997cc9fc34082dc79dd16e1bfd0bd87fcb781d6a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
7KB

MD5
db4213e958af72c610d05107a69bc3d1

SHA1
3c88cac65e53051e12120a89d0efd63a52d190c5

SHA256
4cd894166b100682fef3ceef09897a7855f354589091d90a63e95147b98a0ab7

SHA512
42e9ec08382964d437dfaaff6500d7a9a0621f2c876add80f090e44de0213cc01797fc4097d9f97705fc383581a43135ce7054b4cb7219583a3d721ceb5164ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
7KB

MD5
d8970b77bb324e6efa5e95cd4a3cb90b

SHA1
36f6af4fdeb63e8e1e3cc3870f37ac5818379639

SHA256
34ae9a2c48a1dfc59c5c54c3acaf88722861048ce39832adcb0d2ca36313e33c

SHA512
24a4da6be98d5642ee20229e5165a8548d1de464787700275f3d895c6b27ecb172053cfcf000866ba5e93525169f4bd9665b8a2cb2e2230d00efe3b4459da99b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
8KB

MD5
fb24ac58490665c6496b48265b381540

SHA1
966a46d479884479eed7acc2a899ec57ec071e97

SHA256
4a2330b7b99f9be110f1c3fdd56fe3fe566f2188591f723d8914976fa03252d7

SHA512
ad111a5aa3787d226afbb10ad0625fd72b129d52516c807f976e417e48f4b22b5a796615c9de0608358aa59b13bd267f8b6096b8ebfdf637735c0afbfed319ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
11KB

MD5
4a9d3ae9f963ed01ebd5b8667ea1e125

SHA1
6ac02b53bc376d786ac51cc79a0f2ac409b723af

SHA256
2157ff59ae68b6b8c3fbcbddd160c6a5025d05867f6e2bce946e27b3d98084ca

SHA512
8febdb0e9251ff868d08f5fbfe2bafdf67d7f3632cb4ff093306103e8cc29dd81c9513df8f9e6abedb9fcac00ed0d00c9be2d0437cded2eca84b3976b3a6f01b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
11KB

MD5
60099a0d8904ca28be04fdf520b59408

SHA1
9df6f0194dd72a75fe88d25bfdfb7aea70f31f0d

SHA256
01cb64bc7f361abf0bd2c5f6ad2ed820e4e0b876dad338ae29fd494877bd9f81

SHA512
4d2b626a0a1d3f6f6ecfb2912bec1f37d2def9f4d8f92faf57b22f93da7a6763bb26ec6c064fc33fb091526e62799ce23a76cc4f1b2de8f43bd39272b7372801

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
11KB

MD5
6084e6edbf497b6afdcb49f958ae33ef

SHA1
f0be3c3c7747d398a205ade86fb0214d375a5759

SHA256
d08dbf71404c5c9b3422ea61656e5a374e91089a3963fa662b22961cf5f11fc6

SHA512
ee66488a8841134fb02b32d11410189e36701b5426e5dbb83ee8827aaf274809f0f7eccbc916150c427a0aa315c9210e34245e12a6b1f6eb28b47ebd18ff8e7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
11KB

MD5
995cd6c2392ab4e3710bbc7feea42b0d

SHA1
411d334f96919814e81936b554f38f2741c92f56

SHA256
b78ef9702e00263680750167d5487144e125242c0ae22b14ab8b7a2e7bb6d8af

SHA512
7c8eadf6feecf48687ffe6369e8d135c9a189517e24855d3b3282a8c5baeba8673d5048285a503894f1fdb4e748004abca3e274e62844ffc7830a51ae0f8f9de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
11KB

MD5
3aa3f78fab5512325e1f30f61796c793

SHA1
521c1617bc3d518019109a8c74ba015432d373e5

SHA256
36f95ee8f95dce0bfc78792a756c8d7fe7646c2f0f2fd5a101102c2ea7a97ce8

SHA512
f72241269ca46fb792d87172aa55207849f50897c8f03e7a46988a7b8f1240a227557b1b2519ed2d20ce0fb7c3fa83a75e4c55e41c479d7fa919d5a110919c25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs-1.js

Filesize
6KB

MD5
66c205051aa1c0cf0897cf9195e5a963

SHA1
30378a0f908e43624fea4a43efef88400dd1451f

SHA256
654b26510bf010625be22d450206623f05e8bfcc5bf1b856f4540bdfeed7b996

SHA512
2905dd1bca06aa8883a75e174061fa1ecb0cdfbf1751fe793a7c42113e9dd41df7f8c2105e3c6df122a661824f55434908f9af9a9a064fabaa610ccf8a15a9f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\prefs.js

Filesize
6KB

MD5
2ca68eec3c1fdbaa1ae996ee759fc3c8

SHA1
54363409a7393613ff528d0488d1cc16796ef2d8

SHA256
4fe10ac0c622a99629804d64c89b59339a12a63ffb0b56132bfe39ec9b25aa1a

SHA512
e2fdc625ee7d3e54c1cca72810eccccc3f493253319dad56693d77904692830302564897d7d9c33b876f645bfcd1a5498be9be81bb18932e3333d00ca3408c12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\search.json.mozlz4

Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
49065efa4f7db5deaf7f3949355199c9

SHA1
e9807ae4f4e26fd5af4d758b3fbaa482dfc6f959

SHA256
9c12111d407e7b46c5efbeabf5067fe31d923344e980ae219cb44c2ec8f7a130

SHA512
01d69f972fe033abfd85049d6eb8a533c659a8e7a651fe5c84f365c658d9280e38f6708d2b8d8c214ceb5d262d0ee76d29deaa375dcef0a07a51e391d9d3d034

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
f80fc79ffcbb10fb0dd6d60eaaf952a7

SHA1
1c9d046afc9670aa097ec6948eafbe73932e050a

SHA256
cb2c80ad6cb203a33d41f7124d3531b55508194bcb5e17e1223f684cef9df64c

SHA512
0af6a75dc7757c5fd564a22307ed0fb3e35c645c632a6b30594e91a3e2f15a5c9b0601dd675d0af0cc249cc0054e4e9d727886669566d06c935b1b9ad79d6e51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\storage\default\https+++www.youtube.com\cache\morgue\188\{dcc80dcb-b923-40ef-ae88-919ce8990ebc}.final

Filesize
71KB

MD5
86d6621ba73f666cd8d7dc5462f28759

SHA1
c44b3a3c84b5d3ed2d1cfe46d35936dc55017fdf

SHA256
8de34bbb239b6b81fbd83c338f686da1d8c6aa5cddded8cd46fab27d141f04b4

SHA512
9f8713b0ee53c39c9707976e3f0bb75f6a80124b17e24dcb4eb4af13d63356a149222906e14f50a5d76aef3dc1b6d9759751a0386f65e1c976b6207f0a56b4e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\storage\default\https+++www.youtube.com\cache\morgue\46\{7120c0ce-b68a-408c-9b79-89774d4fa92e}.final

Filesize
3KB

MD5
c7ee5ce6bf8d830fd6f2e9b3ddfd068e

SHA1
8872e30d1c34617effabd4a0fbeda2d326370815

SHA256
8efc7cc24770b6e7d2aac4d2e32066cf9076dc980fea19b9d870444751b56905

SHA512
c9d839ff8d7f9749b8ea1a5968085292fbd4a607c0fcef0a4fd131cf2aad89d21029080818cc31ba5194e3906e2f1cc0ba17b3ad2cec9148f5b8347475643fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
281126dd759e5468152ca84c675ce618

SHA1
ff0609298e87779b2260be5d64a41b3abbce70d0

SHA256
fdd7c3c819a42b6e5e355af37071d7e802a9a6203740b0efeffc6f0ccd3b9516

SHA512
4fe71c821387581e6e5070dd05a8c54bc8128c2aa650d16f6a67f55e2e77df686aa0fce77eba5aaf6d1fd50a8fc38fc8d4a5d67b7f8c42621e866c9b3d66ee1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\storage\default\https+++www.youtube.com\idb\4136533915yCt7-%iCd7b%-3par4e3f.sqlite

Filesize
48KB

MD5
cda0bd02559743e4bd7a4b0aa2583926

SHA1
f0b05d7df768ec7b51db924ebf475f85598b58af

SHA256
248bbc03b6a16cd598cfcdff7adc18cefe4840bc58dbdefb9bb096e513d6d5d7

SHA512
0dc23fb76b0ba5a8fb89aeefe82f0111fc72db63b9fa78dec9bafe6ca904dd25eee3e6fd635b980c16b1ab2a9292b2726406a21288e0424bc1f4b94d979579f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.2MB

MD5
11583885d955254d277cf5d02ba4af10

SHA1
294a39448084853cea950fe77928e85e94da01c3

SHA256
886e8a04d83b5169a85d298929e5a7372e88e6552e907b52ac0ac2bc250854e4

SHA512
fda27d8ed72d6434b90b7acc955edc00f889892121808d77e619133c34f521e08002b579b4cd059359837d62819b9bac3feaab849df26ac4d1cc6c3fa1617b4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\targeting.snapshot.json

Filesize
4KB

MD5
e4e185d2e289c989c54d0c612281c783

SHA1
670463501c200134ea91864218ceedfb40ea222d

SHA256
e36605efb1758e519cf90b3063d48e76c12bbebb71ed6fbc1eab2db1ebfdb15c

SHA512
e09de34540268bfd894fd4b736335d8e74cabd3ecab5e47d8508368990b26e6f54d8c1ee9cf4a78a0059b86e7390c80480ec302a399d3a986b5693de819ace32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yz6mdvpx.default-release\xulstore.json

Filesize
217B

MD5
6d87256a2b21b9603b7d731eb033b9e0

SHA1
8e2603f254af21d5dcf310fdb5a688e9097aefd9

SHA256
5b3e57bf27b98cae50a753101df9a00a1f6d96886c1a92c4106a6f7eaf6d09a2

SHA512
67bfabf0b5d3fc75b5223a5da836e6909b2af8d98172120fc5efc0b0f6ece72b6cafbdd97ac170bc5357d85a39b15fda7e2df861981d193f84cfca82f360e156

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
789.1MB

MD5
5687545b1763a97507b2a5edd493f6b4

SHA1
7109bee8034b01db1d0bf19a6bbc3f8907f267b0

SHA256
86ded1ce547b7ea4edb768a20b49648920a8899faafebd6bf0507d3915ecfad4

SHA512
90ec753a88869efb0af8a9b01285fcdc3f1786b94b34bb99e90880b6b33a095795f8e44662b6627e31be5b44b86534b81e7dc7eb6f9c93d7c55203d81e7b3e9b

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
789.1MB

MD5
5687545b1763a97507b2a5edd493f6b4

SHA1
7109bee8034b01db1d0bf19a6bbc3f8907f267b0

SHA256
86ded1ce547b7ea4edb768a20b49648920a8899faafebd6bf0507d3915ecfad4

SHA512
90ec753a88869efb0af8a9b01285fcdc3f1786b94b34bb99e90880b6b33a095795f8e44662b6627e31be5b44b86534b81e7dc7eb6f9c93d7c55203d81e7b3e9b

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft.rar

Filesize
15.8MB

MD5
f5907d79164854c81a5a150702c0b001

SHA1
457d6c2a224286305a293c7ac3e02cfc826683b7

SHA256
a8e384833db52ba7cc45b37e81fb19314bbc167fae8bd0a0b9cb3090f59fe10a

SHA512
a0857004fb68772782e6570abb812362520ff54cbe5c19e4d88bf9a4efdcc83d706f7ddfa02189bd52ad457f0a6bb54911884bff36365a7b6ec23d77e45f716e

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft.wdmCxPMs.rar.part

Filesize
15.8MB

MD5
f5907d79164854c81a5a150702c0b001

SHA1
457d6c2a224286305a293c7ac3e02cfc826683b7

SHA256
a8e384833db52ba7cc45b37e81fb19314bbc167fae8bd0a0b9cb3090f59fe10a

SHA512
a0857004fb68772782e6570abb812362520ff54cbe5c19e4d88bf9a4efdcc83d706f7ddfa02189bd52ad457f0a6bb54911884bff36365a7b6ec23d77e45f716e

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\ExtraChannel\English\Cancel.png

Filesize
3KB

MD5
97be6746d2ec5ca609773ed62f429460

SHA1
7e248e93eac940f70f0b3f3a413d9762abd0860a

SHA256
8b80e4409de2bc560b7402dbca25a965929963539ef1e5d5c7a3d81c2b3ac409

SHA512
2edcaf15e5e87bd81e32e3af67d0c2b264d45f5e59d658d315ee77630713a678d8695575f85d2938d85befe0ce8ebe656db70704b6ac1b39ea7c1f699d2c1bf0

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\LiftHeightCalibration\ChineseS\Cancel.png

Filesize
3KB

MD5
381b67cd9c9211cb99970dc9aee40850

SHA1
8ca63f63de6640d5cdc6645c23059505bfc4e943

SHA256
e6187ea970cbacf7eef01eb604df661f6098f5d796f8f887384856829fcac209

SHA512
1c64408dff2ee18e05ad3ff7ca188f3bb0d963f53095f134efe2ac19bce831eb0f0f28aea403b066b7f2abd41ae30ab09867ef755ba9dbb81f27d724f5f62fac

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\LiftHeightCalibration\ChineseT\Cancel.png

Filesize
3KB

MD5
14b06e1a0d2df42ae52ef6ec859be95b

SHA1
7ad083a7e704a509600f7f5b9c2c0e6d57c1c609

SHA256
7bed4208f6ed09b8e51468245be33dca42573d8f34776b9c7ad7099b72b3a7ad

SHA512
5fec6006a53fa4b7c99592725e2a0e64a6eb21a686fb5585f850e13ecf1bfbb13f88251d2c1d4a36da1ab3fe1c5e376968332d804ddcaf0f07941c5611e4515d

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\LightEffect\English\ComboDown1.png

Filesize
735B

MD5
a62f4fdbda4d5107af50d67c255b210f

SHA1
0cf7f35abb29b40fd40595ec2a1f24d8631b8fb7

SHA256
a8200c3d0da4d3d6a482c2be7a9c01fd55bc4ad13516a06cc3874aaf9afccfb4

SHA512
d63cecf2d82885e02a164288b1d8868db14a8e88effa8f96afaccbab37b66e5ab2db5355f8dd23b975587816b28d7b76d17228973db1fae2cf858e8510accd98

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\LightEffect\English\ComboDown2.png

Filesize
758B

MD5
c8484f59b5515359f839c89391450caf

SHA1
da0fb45835af7a897d635e98508773f2a066c85b

SHA256
05648df3e71e8828c6f0862f8f908b9adc7bd168c695081d694d9f9ba6acde15

SHA512
67258b9d7fb0460dbbe101f0c7305ab79f54b45f9ae6c141dfb0f127b7125864f7cd083ef9dbb28529d4ea4c46830dd69de1d6a73feda040aa5062ca4709430a

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MacroEditEditLine\English\Ok.png

Filesize
2KB

MD5
1184ef09a2e393be0210c24247c720bf

SHA1
1fa41e3efb39f1815d5afaa1692642463fe5408e

SHA256
9fe3bed8c2d33bbb6148be5b6adeeb548695492b2e6756fa04f599d8397de299

SHA512
40119179b228b33d0a44fc49e0988a3f6e5c314818bd25f9b772b90c15f029a640c9cc249fada3038c26f5dde90f08b0fe445586cf07813c9974889ae25ca969

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MacroEditInputBox\ChineseS\Cancel.png

Filesize
3KB

MD5
df833bff528928a1429bb615d6155bac

SHA1
8cb2cace45004644844e81e06c0b4e779260ffed

SHA256
cd020266b6fe58c8d3d67438453fb4774bf0c5e1b3b7a9159cdd98f06ad708a9

SHA512
440509d8bb85e02ac0afd94198d626109efc06f9bbb4e6991eb2d8c80b7cca7dab63caa0b186942bacc844afc2ff06fd313e0fa21c8bf33bece69359ef61ddd4

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MacroEditInputBox\ChineseS\Ok.png

Filesize
4KB

MD5
7cc05051932f05ff02b89f35f20c702f

SHA1
cf8fa4c93dce60566b52d4136bbb5bb4e112f652

SHA256
eb60c394d5fece9573aadca09efa14a831d49dbb09c3a8595b7e2fe694ce7ba9

SHA512
7623d03eb0c319dea3f26c95d6148243f503b07df8d5547a82fd84e88a2605a864589ab1307a8a8a67c9c459917688a25f47c4fa904653c78727dc931dc6a101

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MacroEditInputBox\ChineseT\Cancel.png

Filesize
3KB

MD5
6e6c152748571bf7b3747e1480f4cf09

SHA1
ea20c7c7153017af8407912620ed7ac1d14095f8

SHA256
5b91d4e87e0dae295d091226e44c946662887f33ba840ab9034af86f2df33825

SHA512
a91d72211ab030e6b26d9124ef50740dc4ad8541cca5ffd036ead2f2e399724927116392ed924b876dc771220dd98428d9b58599893be615dbe4251bdd26d313

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MacroEditInputBox\ChineseT\Ok.png

Filesize
4KB

MD5
adb3974c18281884ca3fef11cf47b877

SHA1
a6a4f15c9a96d7debe03b635b36e654a7f236013

SHA256
2997bad1487561e435dfd25a42337a913f9ff80f55ee9217b074210ec999eb66

SHA512
07a65ab6b3efbaeb535bacd62160eaaab70d702b4edbe28007cb4212635c3460ba77c82335b5cf9dd503fcec2bf38f043b459087fcb335058f03e1fc0f11b9aa

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MacroEditInputBox\English\Cancel.png

Filesize
3KB

MD5
06f53b5bb9f897f2aa53763b2de225fd

SHA1
b47de5e6ee7438be41a4a64e430697103826dd83

SHA256
0e27ee6a5e4502e09e9b409fbb49d0b4de895b98d342a2b7ed4ee94e4e83bd2f

SHA512
006922d6ebd363722b1b0c5c0dadbb88fcf445720a5e6a740c19d2749b699c82981f219c20dbd03b9acbf42c875d038f8d4e0e48deffae038898b8d559e7af8e

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBoxEx\English\Cancel.png

Filesize
3KB

MD5
aa16516d0eb8fc291cbf7d9cc421ac75

SHA1
50a82f8afd94cd1e5dc8dba49f667848bb9f114f

SHA256
9db2b9f1d6289ffc07e26d11e7df0f0367011fb856360407ddb64d1dc899979e

SHA512
affa6efb2b32b589a576fbe357fdb3250013b5ead1d99a55133831c62dd00188d15e40c726e8075f7bf827df75242b9c253c1644b1838b2b7dd283943ecccba7

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBoxEx\English\ComboDown1.png

Filesize
735B

MD5
8b1108dd1e4098a776b2497328d8f7ed

SHA1
4c5c3959c4e428a2d8b166e55513ccd3c7602781

SHA256
72437690c17c9624ad7e6821813d32128e87c64c0fb2fe52983b5ab19aa9a4c3

SHA512
528c62c739320ae25a1b8eafef1ad30f1b73e8924600c4668f572c5296c493c31babae79ed0bb257cdbe8b58ad28a9ed8a618502b4f4a06dabe9c0aa0b0ee0c8

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBoxEx\English\ComboDown2.png

Filesize
758B

MD5
dac70823b27c7479c86c592a530d1e8d

SHA1
cc9c15ad4178a3b50569901256c11a8c2b5276a1

SHA256
3d8d9fe508d4a056629c6be152c1988f53f1f1e94d2b22882809b6acb64f97ea

SHA512
681227eececb42eb79121adbb3f7225d38d4568aba4219b3ac621a4754a5a3f1e91da8270e27db8af453b3df9dcb09da6c039620784846dd367200da452663c0

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBoxEx\English\MessageBoxEx_Background.png

Filesize
18KB

MD5
d7d551193b4f2026ba11b739510703ec

SHA1
6cc53d6f0a73eadf867d1ae9a98e4c0c7a24b9d2

SHA256
17769e83127e6445945579f7d5674639c889a10a87c7afebf9ea6fc767b0e5f7

SHA512
84c1eda1fb514bc195287dbb58f777246f0838fc04b1de82969d885250e020736e4c041a0073c231865cd70011307d4ce45bfc30fa683d11f66e6f6690d6af3b

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBox\ChineseS\Cancel.png

Filesize
3KB

MD5
885081d928ef2337380c8cdb03b45143

SHA1
a711cb82779db4d65e49f750b96f2eb97f502687

SHA256
a63815199a77c35c303413b9d83fb079d9ae9330870de331dcaecf84fda985a0

SHA512
5de0e3a00e3e4ff33421884f3f081217297c335caaaf5b114427d9dad5f3ad52db10ad04f140616340e1af491cadf84c0e0ab54efbb7157956864075ccef8f75

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBox\ChineseS\OK.png

Filesize
4KB

MD5
b50cf16c824ba36dd4cdf1df378f417a

SHA1
44fe96d1883576cc3468fa9038db58b45fda4eac

SHA256
8b5a35ef7c6bf1ca24c1cc3c4130f4918738080b2408b957be0e8141212b62b6

SHA512
c1febac6eae97ed41a3c4e2a70d62a964a36b2858b8aa011dca981c50bed0fca7ae4cc9a0112bee89e1e65fcc08f09f675343229e9334c200d69768020393664

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBox\ChineseT\Cancel.png

Filesize
3KB

MD5
df4fd08a80ec88bc8c5e34106935dd38

SHA1
c5b6f9ec9cbe392f34cf4c35eb7c5ac71f2ae3a2

SHA256
f7ba6866decd0c67de8920c12c40b7b93a1c1efb795e85fc2dba401d1d2d1a6c

SHA512
159b6d4f374fdd86a29316b57a770527a9cc49fd4c310412f7ce32ed4faa705b06c5c8eee8cdc690eeea7e4fdac9ebdf8dadceb2e1dc9818e3409e2706afe8da

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBox\ChineseT\OK.png

Filesize
4KB

MD5
ee47b450de403b33a845c0976f86a6b5

SHA1
9d67e0debda12566a41f2c416b3b0dce32854bc1

SHA256
c9b99c73580c4f428c54259a9f153535aa6a63286a434819e236f2ff20d50c17

SHA512
b3c0f04910c044ac6319ed53961f8fc6915d949dcacddc6a2e7e808cbdefbf8cee3d94586547f27d00824fe80e8fc913d86f799319bef2bb3d032016a86c2333

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\MessageBox\English\OK.png

Filesize
2KB

MD5
b07714053d653afde75d2a3c0cd7eb96

SHA1
d65d4dfaaaeae8e6153a85b1efde4ac450d04d7b

SHA256
519975b10d91959233c0178d98dbd562b907cef7e9508a5961b1c88afb53a593

SHA512
f1ce7eec4337485d9dd7c7753797705b834873ea070f499fe16b8864098adbba7f39ea6c4bb602d784ac87205f170432fb476e0bcf25a8c36c2ffad0350b043a

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Option\English\OptionDialog_Check.png

Filesize
609B

MD5
0389acfd29d222d4436c4dcdc350e4d1

SHA1
02f19191eda00a104e96bc8720885b8e9689bfee

SHA256
7fd0dd4310a1a3516ab7afdb687e4c5597fb7c5535acf19086e050bde9defaae

SHA512
c36e4bf32171ff0d36f84327fd1718e2970daec60b766e283497b836159b70a480f718b59c36cc477cc315f960499371968dd64352b887f3cce38064337efc0b

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\OscarDragMacroEditorDelaySet\English\DelaySetForm_Background.png

Filesize
28KB

MD5
74b90c72ecb509ee68efa5f2038cfe93

SHA1
7dc88bfd41caffd5cf614d2d727a191faa0e0605

SHA256
221874e86c274fda3f593d2557a2b002da3c2ae69d445a6b0c740be8fb09219c

SHA512
564b8fe136b90d9d9bf0a4860b23285af73d74ed667b46fe0b3a239bebfbbd8c9af38789503a21f7cbb2d234a7d2cdb8227f53d1e41e950d2a38b5cd5819a604

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\OscarDragMacroEditorInstructions\ChineseS\Clear.png

Filesize
7KB

MD5
0d0f58fa5e21b9e49087ff8c64f2e098

SHA1
80305e8e644d6f61e4fadff4d788c9b08d3ebb3b

SHA256
4e083955ed385ffc900bd93bcd781eff00e276c0a7bfee0c54a167cb4281442c

SHA512
d1395116a15133c104b1c0eeef6bcc3e8b373dbcb65d494dd3f97ed8df8b71ac3e05f38cdea94058ead9b619e639af4baa0e39180a025143121fb131b2a161f7

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PasteTextForm\TextStrings\Text2.txt

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PenSuit\ChineseS\Cancel.png

Filesize
3KB

MD5
c49cf7814eb3aab7598cdf7a2b4d1f2c

SHA1
2511678b6f560c7f1ce0c7659dded24c6419594b

SHA256
79d8b515e39d19915a5ff784a172956d10ad7637cbbc314a60b2d49616b504e6

SHA512
849bf59f99e2a2dee3ca6046807375e76956e5417fd05ba7ee4c827722c2daf521607ee8bcc5641ac6e7822c213e17d38cbe73d3359a576d5bf252f42aacd1df

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PenSuit\ChineseS\OK.png

Filesize
4KB

MD5
7749e0a5bc488cec75377f6aa43a6bfb

SHA1
4baa4ff6ec706a0d43fa23ef21905f417360d5b4

SHA256
b1b28e8710d35791536d5ca366756ea01704ed6e8b131f07679cde0facc73c83

SHA512
072ef7232ad42b97dc76b588a71d60fe8f32b3c673ba018db8bebf8a93527140db8452ce098495196ec2b620c0a498d8016ae45debd5d061d1a319be768bc8a9

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PenSuit\ChineseT\Cancel.png

Filesize
3KB

MD5
862e0975fba74ad67be22a7a6eacf8fc

SHA1
09e3cd273f8f7b80581eb051b4968d2729661369

SHA256
955612dc554059a29a7b12282f43b1538b6c7b2ed315f891e570dc855016e093

SHA512
cd348b4fb1ae4af0ece5779a8ab65059dc5d797660d8316f2b4f5bb5d18e14a16ba7f63810bba21ede04ffbba7c24fb65abe9d9469e4acbbe53a577e406d359a

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PenSuit\ChineseT\OK.png

Filesize
4KB

MD5
a7e403233521f14e38e1cb3c3b163c6b

SHA1
2f32e3889ddaa4d5d8a4256c1fc64d2abb65b371

SHA256
207b1a985f8049040b58d14f414628ac5a06718dfe17a560819cd07731e21465

SHA512
7efa678fe2fbe50fe86cbb7b399a743ccecd3c0dfedce8f0577d6b7245ec3d7fd00d01864d8164d93476f804bb5b2ffc5de84493dedd710fe9578f3d2713416b

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PenSuit\English\Cancel.png

Filesize
3KB

MD5
901ecf1c69f4d47aa59758686ca2034e

SHA1
baa6c85e220971f09664fccaa46b9f8470cda4ac

SHA256
6d8de456f7f13031120c1debc20a298487e256b5a1be384fd0fed63f4c749de2

SHA512
5fe600ec5bf01ae6fdcc936059b2436d0844f514f03b17f536689b8c1ba152f44c330e9df7097b86adab94286597d6284e4e508f37a8e8890262f2e4f210c4b4

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PenSuit\English\OK.png

Filesize
2KB

MD5
82f33d81dd64656cfa91944f7de61a91

SHA1
5b9615a10064ccb5938f51d998dd563e86f36546

SHA256
16ef118f98e2c6af77b349182c069609e6c28c42a8a6d4b82c842e3e68700012

SHA512
2a84df1c5f365e9b8ab3063fecb2b9e3e1704a7f88278c8519c359a501d669935a31719daa23d09dc699cff4ac9f2d52749e8cdadaf7d278a2fc61c17c377ffd

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\PenSuit\English\Radio.png

Filesize
979B

MD5
3bb50852dc444a1b793ee33b2a4e3bc0

SHA1
7fe48f32d1e3bf30b7a4942b056efcc573fb5312

SHA256
96a65490f749b3641ed3d3485670523ccb0da145b02e3ace9f2d5814bc74c732

SHA512
e78b8c01b5e5a4535538befe26df3118de0e0c8a08f64ab0424c38ff3d09d0f993435c7621048311a4ba569a8efc12cdd4fa24bb3536fcd7755b3411f8e54a6f

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\ScreenCapture\English\PaintTool_Background.bmp

Filesize
79KB

MD5
3d61055725c8c7cd02dcd60f650203e1

SHA1
eed81019d9987f604babeb4e9895cee5b3ecd3fe

SHA256
c3b7fb14ea4c20c83dc5070a15b774ec4fedc726b58387983f8c10792f3eaf6c

SHA512
cb906a70233e3d2c954d9b34532821c9c865378c284107ff0e3056854774bba1f21b26243e45c58cd8877327949c2381bc39f88a74b5dcb2a32b05c6b4491916

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\ScreenCapture\English\Rectangle.bmp

Filesize
14KB

MD5
36a572146bc6471a05902ff8557663a7

SHA1
425ddcbe435cd0aca3d718e077cb45e7dc990492

SHA256
2b9635a50c62b245265309521ae3dfed5820ca645ea968ca1f87f2732911558e

SHA512
3f8cca6306a23f9170b918f9361613779c86eee3bf2f3658d616e50089476585385ed32552a34801e8734be50e5db292e981f22ea6175f0f34abc688046d76dc

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Arrow.bmp

Filesize
14KB

MD5
b3b48ef567048b8ff065db190d7e6a00

SHA1
6df9b48cbe0f05165c9a88526bdbc391c2b41dd2

SHA256
89db4fbd85ef58f24b56b54118c725f867284e2dbf7f5e70b75579aec2db1448

SHA512
836719ad871d04aa806d95c9267350dada18d73e0d31b1b412302e55ccc1fb52054a890eb87893d944eec387a4b3affe6a7b9ba49af2fae560ed26edb5f9f19a

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Brush.bmp

Filesize
14KB

MD5
5f327dd247ccb73f06ddf3b321c2387a

SHA1
2e1a5507b8c20bff984c74da1b852e9e105a5347

SHA256
9e8e0fe44723b904c97d6eadcc8d5f92be4e1c37697ebd43b1e012906533eacf

SHA512
23211fa9b7059bab468cc42b3f679eee934f635fba50e1d241459a3281be79cbf9ade08592277bee5c527c3411c5b5268045aabc98332bab945e52160b65f8ad

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Combo.bmp

Filesize
4KB

MD5
9320a18a38344ab52ab3d92754f27e96

SHA1
00a76c885a84172204f84fcdd7f8105453be473f

SHA256
0773adb3310ecb2a6c644ab8b8c406a1f53ba4d30e126713f49091400781dd29

SHA512
f55bbf70ea647668a2cbb04ddf5dbded10d8bf9c3671fb42af13f5a146cbc9ef74265a3f24e8d90cbded17be65d4e6fe1dec108d9691680353b63678c5a43e31

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Ellipse.bmp

Filesize
14KB

MD5
5bea3935fc7ee48416d8e11009b402f5

SHA1
c5c3f9dd3b620c07e872a29cf994901281206835

SHA256
d7d5347e58de6e9f8e951c6497abff4082a71000469e7a162ee9d3eddc76bbdd

SHA512
e5d84dbc36976c6004c7ac47f60c90988442849ee6f63a5b45b033b193f7aaeab956b01cd23e21fe94b81a62ae257e675993d1db7bd4f891f8684c9e3f76f74c

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Finish.bmp

Filesize
14KB

MD5
c0262b20f86a92fe19aef29cfe91925e

SHA1
804b16a49ec31aee126fecb8110e60f45116100e

SHA256
af09984f6c8fcdf403081120817216fbccf68c554d1db55fa70f04d9a075d785

SHA512
038f5b7ecbd40a52348087040524545808318cc123e7c8e3a77414126f257171fbaad585f7303e7c088e470106847bb246e92f53aac3110a8af23afcf412919b

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\FontBold.bmp

Filesize
7KB

MD5
0b73f0a2c6fa8d25c3fe10d161761d79

SHA1
f72e41be7035f752efad189aad1e3909b917845a

SHA256
0dcc2a5783df4bfe128f3918a8c2e494fbcd9df2863e3d1ab21abf2f7870502c

SHA512
3cde64d72898501611795a6c52531141a8f244e092be829f73fea243e56888d411f88f6c695a84e5c87e9eada1817f35b14e05d40cc4734b7ea00e8fc7206868

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\FontItalic.bmp

Filesize
7KB

MD5
4c2b06f01b4746f87304c93848ae83c4

SHA1
10eed28298f76f8567f04749a4f93bebbbac004f

SHA256
0823e6a20fe37f9d4e7061057b979f8becac6badc91cd3aa0353d0c3cc743ab2

SHA512
38e9de0c68ec18103af9a8cedd7a5a33d3b7f1f1c26a8019a40be301ad785c548da26d53d1a38d83e94110db87829d8b987cff25c44a674f36682292f348a151

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\FontToolAttribute_Background.bmp

Filesize
38KB

MD5
81f3f49db22a43cb8f47725892a67d72

SHA1
db34009d508d14282a1ae1040ab23888b48332d7

SHA256
df38e289b57eae45ad910b18144bdd974f650eb19fabc06cb38889131515411b

SHA512
398c3e48b840a5fdbf3e3b0808f6267706cd633b8e5a615d81316fadea021f62b26c97c56808789da82c90e805ff60a1cccb64e454c74c8921fb4c990b3fe1aa

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\FontUnderline.bmp

Filesize
7KB

MD5
e3d45d3b00221652e0834ee4745e2444

SHA1
b2d6dbef865594f1e0a8e4145cc62b1bd209a30f

SHA256
4eee25d9e62423d7e7f2143e6b022a031b5e6d2f884a9f457efef038c8e81ce3

SHA512
24f93e5f977e3ec9dd5166b52afad91f75219d1faef6cdd193c4485e5923a1850f70262d6facc06c4eda5917f5a2992572bb3192f3e9cd1748799c54fb1fafbb

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\GiveUp.bmp

Filesize
14KB

MD5
a880995cdd10535aabfd2a6b138e18b2

SHA1
8cc08bef066ce3c9dc94f39e6c2d44e499613b77

SHA256
e98ff07d9e7d7e51e97444d299a03a5c13f3b9bd87c8299d31e78760d1445e74

SHA512
3b1d8567c38b909f809ecad3c96afb2657382533ec3fb0c9c8f7bf4bcc44a9a2f282326586100b228c92112d583445c1c92269a7fd97e33b89060e06e0e497af

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Mosaic.bmp

Filesize
14KB

MD5
8ceb3579def8b9faafa0e5049215d242

SHA1
a8f8539164015e9d349a4168b3e325014be1734b

SHA256
239e2a988b13918e1dc34cc56eba15e8cd01f9ab8dc82239c3a94c709c5e5e6a

SHA512
2c3d9b354e2eb3394fd3a3be81fe37c62b5f036cde47bb5881cf741d87c8f73e23c89980b3cd44c3b067933c2d968db72aeb7b2a88b8e7cb75004191154ee179

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Note.bmp

Filesize
14KB

MD5
4847bd7176b492a5c9e67332852ac9e2

SHA1
7e08ec2f4b719e4bbed00daf8fe68bb6e52743c0

SHA256
2b0e721d33c3494950e29518bc9f849fadde91ae4703c4a3e556f9b6608dcbb6

SHA512
32be72a4dba948c603b150348f169c6f15d1c5e056600a16161f1df9a8b608d16a02a724a5d6480328b5f25c2b3616f1db6a5a6b1f97d606ee28f7ba12426b90

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\PaintToolAttribute_Background.bmp

Filesize
33KB

MD5
643a0a31fd86d879ed905f915cd63274

SHA1
67a73953fe96c46c72225b203f145c76babb915a

SHA256
9211f1d047cada44861d43ae8d5b2e2bd719020857b150ad1cb081aa266a9645

SHA512
e5c06e2f47dac5755098f3b741b592ef39e26c3f9a148c8f9d7715c14b91055170864d10496d60432d58c0436e1ad2b9cee9442e32bd6337d5c421ba98b93a22

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\PaintTool_Background.bmp

Filesize
78KB

MD5
2294630fa040786be8d54a8c14456657

SHA1
f8698f801603a338ae9a16c5a16c2b6038d7404a

SHA256
57b54868d8a61a715e831d9668217b3c8d4342ac2015d09cacc4bacbfa9a2494

SHA512
a94ec0becc2f02a209c9047e823c98548d23bc5e3846ff92ff6c8f93297fed9669dd7a289000da711844785eba658a6e2ab8b5b8a900e7e6d0abfb9357c31248

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\PenSize1.bmp

Filesize
8KB

MD5
0040ba650fd0797f51df5041c31ff239

SHA1
44fe3b22b922fec95a128481027a88412f6cc914

SHA256
6bfb317494faa81f01e746df823161356425066cc51bb2bbe12a9b9f4233607c

SHA512
6ea83d2e4a87972047ef0b127305eb22b56b6876a6f91cc318719e373e405369219769a9430baf2fbb31b3adac2c65ac74d45e416c9dfc951971690e4cdfd21a

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\PenSize2.bmp

Filesize
8KB

MD5
3cc6c32da1ea4e91362dfabe2a47f00a

SHA1
4ecb63fca57844dd7b74d31ae7cb154965c492e1

SHA256
c74c773298685a3aa0036c726e9253909997d6155f4d58010cffd514f1bf59bd

SHA512
f66ddf62dc5c46493743fd95edfe7625ca5446d1348e1204c4753f7c296fa4f0c1d79721ac0130b7bc2ee53f1da53467baa40bb4009c2598c837a9534ae46a86

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\PenSize3.bmp

Filesize
8KB

MD5
2084f999ab8178d957f48378fffc2c33

SHA1
e73c95c33f6ef093ccafd766126f35cfeebf74e8

SHA256
29600144cb0a01359e5cb267be555ca60b53cfeb20b3b9551ae5de1a55ed90da

SHA512
820b4f09cde170f9f289ac786887fbe80bb6a892ce1fcb1c1f003fe71147e715f0d0d387f93561dc63a474ae17b5e0817eb9f5356e23a528819067abe1459420

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Restore.bmp

Filesize
14KB

MD5
e7a1ce4e2f5f75b7b91588bab5ac853b

SHA1
a03707ae284f5a7cc22cb5a1dc62ff3f483d9c60

SHA256
538325b59117aa2739ea0b76241a14fbe4e6ebcb9bca167af281532e411b25fa

SHA512
0335d345af06e8c809754bbeff30e071604f576cfc8d3fa7bd68bcf57e05e87dbd7f978e63dbeb69b546cc153aa393e89bdb936411cac1261ff7b499e3e02a21

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Save.bmp

Filesize
14KB

MD5
7832d0f9e1424fd316caa5c756ba2b4b

SHA1
75ea7a9ada8a0c047580edc8111ed57998d95ab5

SHA256
34296c04af0bc179373c3342fbe317fce8372f19f81c216d9b773b71aa8fb30a

SHA512
92bb1d2aeea5fc6a498319b3ca20b4455a1ffec451782ecbeb9b550953ff2d1aa4de7117f446922c12ae0e8f9f7a6aea8cae4b329410d4fcffeec3d9d5e6e276

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\Screen_ScrollShot\English\Text.bmp

Filesize
14KB

MD5
a662e0455b594d500bb6b6780a7f9da7

SHA1
0beff33f962ee34a4763d356c780f559584c9ab6

SHA256
3f9a899ee2cc5deb068e90de26f0e789cd6e9a84a3c726822632dcbcb2e0a592

SHA512
731501903bc72b5a56872e79d525b01b04c98573e94a1f62a65d0a7d8b0ba1d919b09b1c876f54927626f1312a4400a4a8bcfa4297ac39a28a7f311039af1e8b

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\UltraComboRecord\English\RecordButton.png

Filesize
4KB

MD5
aea3f39350dac6ad8d1035bfee94faa9

SHA1
fa0685b022ed65ba7e9b026bc92309d9dda02d89

SHA256
e829bc2dfcb8fdcb4478f6449c1e3d93481ca5f6781b07dce87d1ee855aa7ac2

SHA512
c1e1481d212650ae29d7b2265606cd559613d8c98b4173973c722c4abd7a65bdb8d32206ac92235265be3ef8553af0301ae32dc38031b0686dd171aa6e8da965

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\UltraComboRecord\English\RecordForm_Background.png

Filesize
28KB

MD5
20fee4fcf9766e22ef85761d94a97973

SHA1
d72d2234de3c7f24064f15b22b5dfb225837c552

SHA256
e3981e4dcfd5622eca6907acc45178b5189ae6e0cb41bda91f44ac7fc0f0823a

SHA512
223dbb9e7f1bd6350c719ab77fcd474fb5ff2678f5704986639fbd1f4c17d0ba0546a785601487696fa8081f6f9005ca0816f79c06dce85f9b1c5b2867008a97

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\UltraComboTest\ChineseS\OK.png

Filesize
4KB

MD5
283cf74970b2c71bbfa6a0b13acf798d

SHA1
a8581f5b5351f0f83ebc30bb3f7755acb9a9f4ea

SHA256
5e4a676ea63bbc32053e8d6c90a5b0f23d1bcf2d5fd249e0c18e9a5403fe1874

SHA512
06037bf0cd0dbfcb168735d394495c897ac711f23a1691f654cdb079e62ebf63172f60cd417940e3f9fe80d785845cbe03a612f5c36b1ab1ab78597e37118cc9

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\UltraComboTest\ChineseT\OK.png

Filesize
4KB

MD5
6b2a29f272768ebea5b43d31b460f5da

SHA1
d4e6d7d27a1c3d99b8814429c4056a3ded68b129

SHA256
cfdd635481014f3eb2c221a01f9c198c3719cf1ed831a0b8d4d5f98a796551ee

SHA512
c18863270f73b75c9deef5b0a47d8443e6e53dd32a68b2d45e79a67d9d81c45f1b14cc5d519d40dd24074052050f756c7832be1fbf2b43f58a985f07d8f3bba8

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\UltraComboTest\English\Clear.png

Filesize
6KB

MD5
a86977a69ecf13795fa25824ea8e615c

SHA1
c3456a1263c10529a48fe7144c7e2c25f97addd5

SHA256
2a214a3d76a0375758022cf73f590c65f3c24b745217ca38e00fe84608183023

SHA512
c140ab262bace67b58cf497c3046c7dc76fc626edac306d9448f7355060c3c60fe0fe67921b9e88e6acd9cecc8ffcb84ccd80cba0900484da97e29b409d54f30

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\UltraComboTest\English\TestForm_Background.png

Filesize
69KB

MD5
8fd937cd5a1c4eca5847fd7ebd366c19

SHA1
0eff56ff0c0efc6f406c67bbb99f5213b24b0ac8

SHA256
60ffdbb438707bdabdda2ad5d7ba0cc0e3695dfac5df8d7949f95edf710f592a

SHA512
73a0300c0b577736797461a4859ec89f524b4b582ff28b68167752cb9b71882f84d9df22e3b3ed52773dccbf837b93de8ad4123545eef288364cac42b15ae480

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\Forms\WirelessFOCA\English\WirelessFOCA_Background.png

Filesize
28KB

MD5
0d0d6de57a3f7343d0edd0169ebdcf7a

SHA1
ab6521c2f737c547220abf961bdcd47c279b5f01

SHA256
d7acb1ee933760dfedb01ec4c2c2709fec5091345ab3180b7e04287d0367fbf2

SHA512
077fc742114b9decb7db3377e6891a8c562ba69c4451da1afab30803ab3fecd5693caba5aaa1936914ffd1776915679e04720eb0e02f55bb84817c3dde3f34d0

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe

Filesize
1568.8MB

MD5
561f7450ba8c62696d807d09f022b2d6

SHA1
7bdce23643e38d384862c967c47cbeccfd0727c3

SHA256
817a22a7f397860149d0d8f0cac2ec0e86480c58d9f3cf72ca59b0b3e8ec87eb

SHA512
95d29513d6b761b2ad62605e5c711dca27904964959b3790f74c7032bb5914f12d80598591b1ff111be395b16cdfc649389dc921648af4909f4da97a9532e09c

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe

Filesize
1568.8MB

MD5
561f7450ba8c62696d807d09f022b2d6

SHA1
7bdce23643e38d384862c967c47cbeccfd0727c3

SHA256
817a22a7f397860149d0d8f0cac2ec0e86480c58d9f3cf72ca59b0b3e8ec87eb

SHA512
95d29513d6b761b2ad62605e5c711dca27904964959b3790f74c7032bb5914f12d80598591b1ff111be395b16cdfc649389dc921648af4909f4da97a9532e09c

Download Submit
C:\Windows\System32\drivers\etc\hosts

Filesize
3KB

MD5
00930b40cba79465b7a38ed0449d1449

SHA1
4b25a89ee28b20ba162f23772ddaf017669092a5

SHA256
eda1aae2c8fce700e3bdbe0186cf3db88400cf0ac13ec736e84dacba61628a01

SHA512
cbe4760ec041e7da7ab86474d5c82969cfccb8ccc5dbdac9436862d5b1b86210ab90754d3c8da5724176570d8842e57a716a281acba8719e90098a6f61a17c62

Download Submit
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
4KB

MD5
bdb25c22d14ec917e30faf353826c5de

SHA1
6c2feb9cea9237bc28842ebf2fea68b3bd7ad190

SHA256
e3274ce8296f2cd20e3189576fbadbfa0f1817cdf313487945c80e968589a495

SHA512
b5eddbfd4748298a302e2963cfd12d849130b6dcb8f0f85a2a623caed0ff9bd88f4ec726f646dbebfca4964adc35f882ec205113920cb546cc08193739d6728c

Download Submit
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b42c70c1dbf0d1d477ec86902db9e986

SHA1
1d1c0a670748b3d10bee8272e5d67a4fabefd31f

SHA256
8ed3b348989cdc967d1fc0e887b2a2f5a656680d8d14ebd3cb71a10c2f55867a

SHA512
57fb278a8b2e83d01fac2a031c90e0e2bd5e4c1a360cfa4308490eb07e1b9d265b1f28399d0f10b141a6438ba92dd5f9ce4f18530ec277fece0eb7678041cbc5

Download Submit
memory/1236-7203-0x000002547E620000-0x000002547E642000-memory.dmp

Filesize
136KB

Download
memory/1236-7305-0x000002547DF80000-0x000002547DF90000-memory.dmp

Filesize
64KB

Download
memory/1236-7212-0x000002547DF80000-0x000002547DF90000-memory.dmp

Filesize
64KB

Download
memory/1236-7222-0x000002547DF80000-0x000002547DF90000-memory.dmp

Filesize
64KB

Download
memory/1280-7494-0x000001C0350C0000-0x000001C0350D0000-memory.dmp

Filesize
64KB

Download
memory/1280-7495-0x000001C0350C0000-0x000001C0350D0000-memory.dmp

Filesize
64KB

Download
memory/1280-7504-0x000001C0350C0000-0x000001C0350D0000-memory.dmp

Filesize
64KB

Download
memory/1280-7669-0x000001C0350C0000-0x000001C0350D0000-memory.dmp

Filesize
64KB

Download
memory/2012-6836-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-6863-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-7002-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-6864-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-6862-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-6856-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-6852-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-6844-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-7696-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/2012-6835-0x00000000001E0000-0x0000000000BF5000-memory.dmp

Filesize
10.1MB

Download
memory/3064-7011-0x0000000000E40000-0x0000000001C8D000-memory.dmp

Filesize
14.3MB

Download
memory/3368-6585-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/3368-6510-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6526-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6541-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6542-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6548-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6549-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6960-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6681-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6967-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3368-6775-0x00000000009C0000-0x0000000001C96000-memory.dmp

Filesize
18.8MB

Download
memory/3392-9088-0x00007FF6D82A0000-0x00007FF6D82CA000-memory.dmp

Filesize
168KB

Download
memory/3392-9293-0x00007FF6D82A0000-0x00007FF6D82CA000-memory.dmp

Filesize
168KB

Download
memory/4232-8713-0x000001C4A1B30000-0x000001C4A1B40000-memory.dmp

Filesize
64KB

Download
memory/4232-8791-0x00007FF4C2F40000-0x00007FF4C2F50000-memory.dmp

Filesize
64KB

Download
memory/4232-8856-0x000001C4A1B30000-0x000001C4A1B40000-memory.dmp

Filesize
64KB

Download
memory/4232-8695-0x000001C4A1B30000-0x000001C4A1B40000-memory.dmp

Filesize
64KB

Download
memory/4232-8704-0x000001C4A1B30000-0x000001C4A1B40000-memory.dmp

Filesize
64KB

Download
memory/4232-8858-0x000001C4A1B39000-0x000001C4A1B3F000-memory.dmp

Filesize
24KB

Download
memory/4872-7879-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7905-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7969-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-8144-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-8463-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-9061-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-9360-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7935-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-9527-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-9257-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7953-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-8683-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-9154-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7870-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7840-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7814-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/4872-7831-0x0000000000D10000-0x0000000001725000-memory.dmp

Filesize
10.1MB

Download
memory/5016-25318-0x00000285757F0000-0x0000028575810000-memory.dmp

Filesize
128KB

Download
memory/5016-9165-0x00000285757F0000-0x0000028575810000-memory.dmp

Filesize
128KB

Download
memory/5016-25523-0x0000028575810000-0x0000028575830000-memory.dmp

Filesize
128KB

Download
memory/5016-9062-0x00000285757F0000-0x0000028575810000-memory.dmp

Filesize
128KB

Download
memory/5016-25522-0x00000285757F0000-0x0000028575810000-memory.dmp

Filesize
128KB

Download
memory/5016-8887-0x0000028575100000-0x0000028575120000-memory.dmp

Filesize
128KB

Download
memory/5016-25319-0x0000028575810000-0x0000028575830000-memory.dmp

Filesize
128KB

Download
memory/5548-8475-0x000001C8F7550000-0x000001C8F7560000-memory.dmp

Filesize
64KB

Download
memory/5548-8617-0x000001C8F7B30000-0x000001C8F7B4A000-memory.dmp

Filesize
104KB

Download
memory/5548-8509-0x000001C8F7AF0000-0x000001C8F7B0C000-memory.dmp

Filesize
112KB

Download
memory/5548-8634-0x000001C8F7B20000-0x000001C8F7B2A000-memory.dmp

Filesize
40KB

Download
memory/5548-8485-0x000001C8F78A0000-0x000001C8F78BC000-memory.dmp

Filesize
112KB

Download
memory/5548-8498-0x000001C8F7980000-0x000001C8F798A000-memory.dmp

Filesize
40KB

Download
memory/5548-8487-0x000001C8F7550000-0x000001C8F7560000-memory.dmp

Filesize
64KB

Download
memory/5548-8543-0x000001C8F7550000-0x000001C8F7560000-memory.dmp

Filesize
64KB

Download
memory/5548-8618-0x000001C8F7AE0000-0x000001C8F7AE8000-memory.dmp

Filesize
32KB

Download
memory/5548-8633-0x000001C8F7B10000-0x000001C8F7B16000-memory.dmp

Filesize
24KB

Download
memory/5548-8592-0x000001C8F7AD0000-0x000001C8F7ADA000-memory.dmp

Filesize
40KB

Download
memory/6392-7120-0x00007FF695410000-0x00007FF695DF5000-memory.dmp

Filesize
9.9MB

Download
memory/6392-7706-0x00007FF695410000-0x00007FF695DF5000-memory.dmp

Filesize
9.9MB

Download
memory/6972-8345-0x00007FF71A1F0000-0x00007FF71ABD5000-memory.dmp

Filesize
9.9MB

Download
memory/6972-8885-0x00007FF71A1F0000-0x00007FF71ABD5000-memory.dmp

Filesize
9.9MB

Download