laplas | 842bda8d8955a11f5f2396ece8ca9440442b8b4ee9cc146ab5cacd1d209c0493

Analysis

max time kernel
1069s
max time network
1071s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2023 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nouveatexte.bat
Size

3KB
MD5

a8e8d0ac12d7ac9d30184a2fea1c952f
SHA1

4f5ec14b31eceeab8c033925160925fabd68dd53
SHA256

842bda8d8955a11f5f2396ece8ca9440442b8b4ee9cc146ab5cacd1d209c0493
SHA512

b6787f5e5b58eda38da6175a1453901c720fca17a315f3363ea6eb93bb0f4071e3af45e53ef4b4bb4792576fbfb80bde54f1f5f2bf8908ed9e2d50162fb701c6

Score

10^/10

laplas vidar 076239fffceeb88ff5fe3c82df6cb13b clipper discovery evasion persistence spyware stealer trojan

Malware Config

Extracted

Family

vidar

Version

4.2

Botnet

076239fffceeb88ff5fe3c82df6cb13b

https://steamcommunity.com/profiles/76561199511129510

https://t.me/rechnungsbetrag

Attributes

profile_id_v2
076239fffceeb88ff5fe3c82df6cb13b
user_agent
Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.38 Safari/537.36 Brave/75

Extracted

Family

laplas

http://185.209.161.89

Attributes

api_key
6a2714906f1325d666e4cf9f6269c2352ccfb7e7f1a23c114287dc69ddf27cb0

Signatures

Laplas Clipper
Laplas is a crypto wallet stealer with three variants written in Golang, C#, and C++.
stealer clipper laplas
Vidar
Vidar is an infostealer based on Arkei stealer.
stealer vidar
Contacts a large (38083) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Scanning
T1046

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	ntlhost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	09264031422974631876.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	ntlhost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	09264031422974631876.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	09264031422974631876.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	ntlhost.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	LauncherPC.exe

Executes dropped EXE 4 IoCs

pid	Process
7692	LauncherPC.exe
7604	09264031422974631876.exe
5828	ntlhost.exe
8660	smb-7teux2sm.exe

Loads dropped DLL 2 IoCs

pid	Process
7692	LauncherPC.exe
7692	LauncherPC.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses 2FA software files, possible credential harvesting 2 TTPs
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials in Files
T1081

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NTSystem = "C:\\Users\\Admin\\AppData\\Roaming\\NTSystem\\ntlhost.exe"	09264031422974631876.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 2 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ntlhost.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	09264031422974631876.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
7604	09264031422974631876.exe
5828	ntlhost.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\ddf01e57-7132-401e-a126-8ae3304d3d4b.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230611012839.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7744	7692	WerFault.exe	203

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	LauncherPC.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	LauncherPC.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
3016	ipconfig.exe

GoLang User-Agent 1 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	948	Go-http-client/1.1

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\2O23-F1LES-S0ft.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\smb-7teux2sm.zip:Zone.Identifier	firefox.exe

Runs ping.exe 1 TTPs 50 IoCs

Remote System Discovery

T1018

pid	Process
4580	PING.EXE
4508	PING.EXE
4188	PING.EXE
3176	PING.EXE
4468	PING.EXE
1688	PING.EXE
3116	PING.EXE
4556	PING.EXE
2628	PING.EXE
4012	PING.EXE
1340	PING.EXE
4880	PING.EXE
4984	PING.EXE
1556	PING.EXE
1444	PING.EXE
64	PING.EXE
3924	PING.EXE
3856	PING.EXE
4996	PING.EXE
1476	PING.EXE
4356	PING.EXE
4656	PING.EXE
2480	PING.EXE
4208	PING.EXE
4540	PING.EXE
3748	PING.EXE
1600	PING.EXE
1732	PING.EXE
3096	PING.EXE
4272	PING.EXE
632	PING.EXE
3304	PING.EXE
4020	PING.EXE
2340	PING.EXE
3496	PING.EXE
4192	PING.EXE
1388	PING.EXE
4740	PING.EXE
524	PING.EXE
3616	PING.EXE
1308	PING.EXE
4812	PING.EXE
1292	PING.EXE
2748	PING.EXE
1888	PING.EXE
4940	PING.EXE
3356	PING.EXE
1976	PING.EXE
748	PING.EXE
5108	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
6356	msedge.exe
6356	msedge.exe
2212	msedge.exe
2212	msedge.exe
8116	identity_helper.exe
8116	identity_helper.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7692	LauncherPC.exe
7692	LauncherPC.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7692	LauncherPC.exe
7692	LauncherPC.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
652	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: 33	3076	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3076	AUDIODG.EXE
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeRestorePrivilege	6712	7zG.exe
Token: 35	6712	7zG.exe
Token: SeSecurityPrivilege	6712	7zG.exe
Token: SeSecurityPrivilege	6712	7zG.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	7484	taskmgr.exe
Token: SeSystemProfilePrivilege	7484	taskmgr.exe
Token: SeCreateGlobalPrivilege	7484	taskmgr.exe
Token: SeSecurityPrivilege	7484	taskmgr.exe
Token: SeTakeOwnershipPrivilege	7484	taskmgr.exe
Token: 33	7484	taskmgr.exe
Token: SeIncBasePriorityPrivilege	7484	taskmgr.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeRestorePrivilege	9056	7zG.exe
Token: 35	9056	7zG.exe
Token: SeSecurityPrivilege	9056	7zG.exe
Token: SeSecurityPrivilege	9056	7zG.exe
Token: SeRestorePrivilege	9404	7zG.exe
Token: 35	9404	7zG.exe
Token: SeSecurityPrivilege	9404	7zG.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe
Token: SeDebugPrivilege	4000	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
6712	7zG.exe
2212	msedge.exe
2212	msedge.exe
2212	msedge.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe
7484	taskmgr.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe
4000	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 4940	2136	cmd.exe	85
PID 2136 wrote to memory of 4940	2136	cmd.exe	85
PID 2136 wrote to memory of 4020	2136	cmd.exe	86
PID 2136 wrote to memory of 4020	2136	cmd.exe	86
PID 2136 wrote to memory of 524	2136	cmd.exe	87
PID 2136 wrote to memory of 524	2136	cmd.exe	87
PID 2136 wrote to memory of 1340	2136	cmd.exe	88
PID 2136 wrote to memory of 1340	2136	cmd.exe	88
PID 2136 wrote to memory of 1476	2136	cmd.exe	89
PID 2136 wrote to memory of 1476	2136	cmd.exe	89
PID 2136 wrote to memory of 1556	2136	cmd.exe	90
PID 2136 wrote to memory of 1556	2136	cmd.exe	90
PID 2136 wrote to memory of 3176	2136	cmd.exe	91
PID 2136 wrote to memory of 3176	2136	cmd.exe	91
PID 2136 wrote to memory of 4188	2136	cmd.exe	92
PID 2136 wrote to memory of 4188	2136	cmd.exe	92
PID 2136 wrote to memory of 1600	2136	cmd.exe	93
PID 2136 wrote to memory of 1600	2136	cmd.exe	93
PID 2136 wrote to memory of 4740	2136	cmd.exe	94
PID 2136 wrote to memory of 4740	2136	cmd.exe	94
PID 2136 wrote to memory of 4468	2136	cmd.exe	95
PID 2136 wrote to memory of 4468	2136	cmd.exe	95
PID 2136 wrote to memory of 1732	2136	cmd.exe	96
PID 2136 wrote to memory of 1732	2136	cmd.exe	96
PID 2136 wrote to memory of 3096	2136	cmd.exe	97
PID 2136 wrote to memory of 3096	2136	cmd.exe	97
PID 2136 wrote to memory of 4272	2136	cmd.exe	98
PID 2136 wrote to memory of 4272	2136	cmd.exe	98
PID 2136 wrote to memory of 3616	2136	cmd.exe	99
PID 2136 wrote to memory of 3616	2136	cmd.exe	99
PID 2136 wrote to memory of 632	2136	cmd.exe	100
PID 2136 wrote to memory of 632	2136	cmd.exe	100
PID 2136 wrote to memory of 1308	2136	cmd.exe	101
PID 2136 wrote to memory of 1308	2136	cmd.exe	101
PID 2136 wrote to memory of 1444	2136	cmd.exe	102
PID 2136 wrote to memory of 1444	2136	cmd.exe	102
PID 2136 wrote to memory of 4812	2136	cmd.exe	103
PID 2136 wrote to memory of 4812	2136	cmd.exe	103
PID 2136 wrote to memory of 1688	2136	cmd.exe	104
PID 2136 wrote to memory of 1688	2136	cmd.exe	104
PID 2136 wrote to memory of 3116	2136	cmd.exe	105
PID 2136 wrote to memory of 3116	2136	cmd.exe	105
PID 2136 wrote to memory of 4580	2136	cmd.exe	106
PID 2136 wrote to memory of 4580	2136	cmd.exe	106
PID 2136 wrote to memory of 5108	2136	cmd.exe	107
PID 2136 wrote to memory of 5108	2136	cmd.exe	107
PID 2136 wrote to memory of 1292	2136	cmd.exe	108
PID 2136 wrote to memory of 1292	2136	cmd.exe	108
PID 2136 wrote to memory of 2340	2136	cmd.exe	109
PID 2136 wrote to memory of 2340	2136	cmd.exe	109
PID 2136 wrote to memory of 64	2136	cmd.exe	110
PID 2136 wrote to memory of 64	2136	cmd.exe	110
PID 2136 wrote to memory of 4556	2136	cmd.exe	111
PID 2136 wrote to memory of 4556	2136	cmd.exe	111
PID 2136 wrote to memory of 2628	2136	cmd.exe	112
PID 2136 wrote to memory of 2628	2136	cmd.exe	112
PID 2136 wrote to memory of 2748	2136	cmd.exe	113
PID 2136 wrote to memory of 2748	2136	cmd.exe	113
PID 2136 wrote to memory of 3496	2136	cmd.exe	114
PID 2136 wrote to memory of 3496	2136	cmd.exe	114
PID 2136 wrote to memory of 1976	2136	cmd.exe	115
PID 2136 wrote to memory of 1976	2136	cmd.exe	115
PID 2136 wrote to memory of 3924	2136	cmd.exe	116
PID 2136 wrote to memory of 3924	2136	cmd.exe	116

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Nouveatexte.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4940
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4020
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:524
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1340
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1476
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1556
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3176
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4188
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1600
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4740
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4468
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1732
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3096
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4272
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3616
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:632
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1308
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1444
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4812
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1688
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3116
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4580
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:5108
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1292
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2340
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:64
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4556
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2628
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2748
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3496
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1976
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3924
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3304
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4192
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4012
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3748
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3856
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1888
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4996
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:3356
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4356
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4656
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:748
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:1388
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4984
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4880
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:2480
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4208
- C:\Windows\system32\PING.EXE
  ping -n 1 127.0.0.1
  2⤵
  - Runs ping.exe
  PID:4540
- C:\Windows\system32\PING.EXE
  ping -n
  2⤵
  - Runs ping.exe
  PID:4508

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.0.1383814167\492253755" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1836 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a052003b-7dd3-4192-b858-d6d669b14692} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 1924 167ae7e9858 gpu
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.1.1651591199\582565605" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f69b0f7e-1ed5-4504-80f5-34a809219e20} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 2316 167a1871658 socket
    3⤵
    PID:2368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.2.1090166602\1868904255" -childID 1 -isForBrowser -prefsHandle 3164 -prefMapHandle 3160 -prefsLen 20996 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1525c360-98e0-4b26-9840-c2a2c01c0943} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 3176 167b23f2958 tab
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.3.1576928048\587127136" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3524 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d92574b4-568c-4b1f-9215-6ec92252dae3} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 3572 167a1866258 tab
    3⤵
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.4.1074771468\681537327" -childID 3 -isForBrowser -prefsHandle 4080 -prefMapHandle 4076 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8aef5fc-cade-4999-a30c-319764c7d54e} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 4100 167b3493658 tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.5.1518559816\1562745425" -childID 4 -isForBrowser -prefsHandle 5048 -prefMapHandle 5116 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02c40125-b4ea-4b2e-870d-5e16e0c86905} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5108 167b4bd3058 tab
    3⤵
    PID:3596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.6.926855953\906750389" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ebbff9c-9218-4741-806b-18a8f8e79a9b} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5032 167b4d0d858 tab
    3⤵
    PID:3972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.7.1894735316\1938416815" -childID 6 -isForBrowser -prefsHandle 5052 -prefMapHandle 5084 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cebdeb0f-a2d8-41a1-ab1b-3020ce9bf245} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5168 167b4d0f358 tab
    3⤵
    PID:708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.8.961458026\145820860" -childID 7 -isForBrowser -prefsHandle 5588 -prefMapHandle 5592 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {701c83f8-0c85-4b6c-b919-6111516d4292} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5072 167b19f4258 tab
    3⤵
    PID:4356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.9.1385593778\2006726328" -parentBuildID 20221007134813 -prefsHandle 5936 -prefMapHandle 5932 -prefsLen 26692 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aad14f66-a2ed-4b49-a7e9-585e1814de77} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 4044 167b3c1f558 rdd
    3⤵
    PID:5688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.10.1848158472\1031283158" -childID 8 -isForBrowser -prefsHandle 2952 -prefMapHandle 5936 -prefsLen 26692 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6fdd263-dc2f-4c66-9843-a0392af3dc82} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5944 167b31dd858 tab
    3⤵
    PID:5888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.11.1253277516\1979125554" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5948 -prefMapHandle 3684 -prefsLen 26692 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ff0c2c5-bb31-4a11-bd44-2130ae467f55} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 3660 167b6d8b358 utility
    3⤵
    PID:2648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.12.339941925\1360213795" -childID 9 -isForBrowser -prefsHandle 5040 -prefMapHandle 5064 -prefsLen 26692 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83cd8371-dd8f-46f3-926f-2c158b05cffe} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5148 167ae70da58 tab
    3⤵
    PID:5364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.13.784298003\1320380312" -childID 10 -isForBrowser -prefsHandle 9936 -prefMapHandle 9956 -prefsLen 26692 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2723aa0-2be7-4f83-af14-6fb4464fd75d} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 9912 167b4148858 tab
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.14.1273317253\1410839002" -childID 11 -isForBrowser -prefsHandle 9320 -prefMapHandle 9308 -prefsLen 26957 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca2a4ac5-a33f-496c-a14e-a046161a6e9e} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 9316 167b764e058 tab
    3⤵
    PID:6016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.15.555443984\1792459046" -childID 12 -isForBrowser -prefsHandle 10104 -prefMapHandle 9344 -prefsLen 26957 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77f211f2-c371-4b36-b4e0-4b30f574e36a} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 9176 167b755f258 tab
    3⤵
    PID:4948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.16.778788608\1458548636" -childID 13 -isForBrowser -prefsHandle 8828 -prefMapHandle 8816 -prefsLen 26957 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6c7cd4c-3385-4da5-87f6-7e3e3a7474d0} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 8796 167a1830558 tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.18.1126294022\1300235071" -childID 15 -isForBrowser -prefsHandle 10020 -prefMapHandle 4572 -prefsLen 26957 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae097bc4-7d6f-4e3b-a8d2-830bb67ff488} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 3676 167b8659958 tab
    3⤵
    PID:5488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.17.1374603743\1805872070" -childID 14 -isForBrowser -prefsHandle 9992 -prefMapHandle 9692 -prefsLen 26957 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8adbbb0d-1e63-4438-b67c-ad5d57b91b2d} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 10132 167b8658758 tab
    3⤵
    PID:4180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.19.958755452\116592137" -childID 16 -isForBrowser -prefsHandle 8288 -prefMapHandle 8296 -prefsLen 26957 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12d0f802-aaa7-45fb-aa75-a110b0d08948} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 8280 167b0b1f558 tab
    3⤵
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.21.251139568\13965948" -childID 18 -isForBrowser -prefsHandle 8000 -prefMapHandle 3500 -prefsLen 27093 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a27d30e7-3f06-4402-b9a5-5dab19dc6120} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 7960 167b297be58 tab
    3⤵
    PID:3656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.20.265761618\982493115" -childID 17 -isForBrowser -prefsHandle 8024 -prefMapHandle 8144 -prefsLen 27093 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43c620f9-720e-49de-bd63-ce942fd097f3} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 8016 167b0bc5958 tab
    3⤵
    PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.23.1763530926\598645859" -childID 20 -isForBrowser -prefsHandle 7932 -prefMapHandle 9920 -prefsLen 27093 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {777e93bb-fb53-4235-8142-c21257e06d47} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 7600 167b7cfa858 tab
    3⤵
    PID:6200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.22.1543291185\100299126" -childID 19 -isForBrowser -prefsHandle 7796 -prefMapHandle 7792 -prefsLen 27093 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {712886f2-aaad-4288-9b5f-4311d1b61984} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 10144 167b7c80558 tab
    3⤵
    PID:6164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.24.1235476732\581987703" -childID 21 -isForBrowser -prefsHandle 10108 -prefMapHandle 9800 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd29a35e-b9cd-427c-bd8b-7382896e187e} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 8664 167b332d258 tab
    3⤵
    PID:3920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.25.190731552\883611062" -childID 22 -isForBrowser -prefsHandle 9448 -prefMapHandle 9496 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3e778be-8601-43c7-bea7-d5888cf90410} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 6216 167b65f0f58 tab
    3⤵
    PID:5940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.26.95912771\1047285675" -childID 23 -isForBrowser -prefsHandle 9044 -prefMapHandle 7768 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a82e6bc-4969-49bf-bdee-555a37209ca7} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 9320 167b7366858 tab
    3⤵
    PID:5024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.27.1704299459\653534520" -childID 24 -isForBrowser -prefsHandle 8108 -prefMapHandle 5532 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ac9bad7-4bf2-47d6-be42-e467dca4236d} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 7120 167b67af158 tab
    3⤵
    PID:2584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.28.1814425281\2016463922" -childID 25 -isForBrowser -prefsHandle 5596 -prefMapHandle 7328 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9785ca67-be55-4117-9220-0318b781472c} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 6996 167b70ef058 tab
    3⤵
    PID:5412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.29.165099032\65124868" -childID 26 -isForBrowser -prefsHandle 8392 -prefMapHandle 5596 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6bf68bc-2988-459b-9270-109f1a2ba575} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 7964 167b2507e58 tab
    3⤵
    PID:5952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.31.441988170\549107851" -childID 28 -isForBrowser -prefsHandle 7504 -prefMapHandle 9800 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eb94f3f-5dd4-4aff-a2f7-e6e353ee41aa} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5820 167b347b458 tab
    3⤵
    PID:6212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.30.263135188\1449180387" -childID 27 -isForBrowser -prefsHandle 8756 -prefMapHandle 8788 -prefsLen 27149 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8f17181-28b6-40b2-bee8-1fbb6fe9c2c0} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 8720 167b347d258 tab
    3⤵
    PID:4948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.32.1989841367\158650246" -childID 29 -isForBrowser -prefsHandle 8572 -prefMapHandle 4632 -prefsLen 27158 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dc689b9-961a-4cea-baba-eecb9e606c22} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 7252 167a185bb58 tab
    3⤵
    PID:8124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.33.1771704694\1388236451" -childID 30 -isForBrowser -prefsHandle 2900 -prefMapHandle 2956 -prefsLen 27246 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1264ef0-6905-4925-9262-af99548d6318} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 6640 167b70ede58 tab
    3⤵
    PID:7608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.34.64150850\1593680769" -childID 31 -isForBrowser -prefsHandle 5560 -prefMapHandle 7116 -prefsLen 30292 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bd59421-0edd-435a-8022-e120149dfe93} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5572 167bdd47458 tab
    3⤵
    PID:5556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.35.1914774588\912125761" -childID 32 -isForBrowser -prefsHandle 9344 -prefMapHandle 6888 -prefsLen 30292 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7961cf7e-ae55-4240-9217-802eb382366f} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 5948 167be96be58 tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.37.758531024\387324776" -childID 34 -isForBrowser -prefsHandle 10320 -prefMapHandle 10324 -prefsLen 30292 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {202be86f-3a22-4950-bbc4-6c74c28325d9} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 10308 167c2842258 tab
    3⤵
    PID:5444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.36.363652123\1408908247" -childID 33 -isForBrowser -prefsHandle 6236 -prefMapHandle 6240 -prefsLen 30292 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a928fdf6-12b3-42af-bb8c-20cd64585e9f} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 6224 167c2842558 tab
    3⤵
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.38.517007969\451915203" -childID 35 -isForBrowser -prefsHandle 10396 -prefMapHandle 10488 -prefsLen 30292 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82252dc9-348f-49f1-81e2-f46de14a7b32} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 10508 167c2cf3c58 tab
    3⤵
    PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.41.1642844005\1546491509" -childID 38 -isForBrowser -prefsHandle 11164 -prefMapHandle 11168 -prefsLen 30301 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d8f314c-4dd0-4468-9a9a-8f1f596b60b2} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11248 167c1914158 tab
    3⤵
    PID:7912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.40.242405636\1108304830" -childID 37 -isForBrowser -prefsHandle 10952 -prefMapHandle 10956 -prefsLen 30292 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6c2bb23-492a-41a3-906b-5179eb40dd47} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 10940 167c2cf4e58 tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.39.278581158\328285461" -childID 36 -isForBrowser -prefsHandle 10748 -prefMapHandle 10752 -prefsLen 30292 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11f97d64-603c-49ab-96fb-5edcdc4e07d8} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 10736 167c2cf3f58 tab
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.44.262929241\430136671" -childID 41 -isForBrowser -prefsHandle 10396 -prefMapHandle 10616 -prefsLen 30301 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f70a8b6-b97f-494b-a1db-e9633e9fa946} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 10508 167b6fd6a58 tab
    3⤵
    PID:5848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.43.664117059\1089256314" -childID 40 -isForBrowser -prefsHandle 11396 -prefMapHandle 11392 -prefsLen 30301 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e88a7fa-8011-4db6-b362-f15b9eea784a} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11408 167b6fd5558 tab
    3⤵
    PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.42.1586965641\1519981935" -childID 39 -isForBrowser -prefsHandle 11480 -prefMapHandle 3500 -prefsLen 30301 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9814df2-11a5-4008-a1c9-11b9104e1eea} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11344 167b6faff58 tab
    3⤵
    PID:3116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.45.2068556848\573983071" -childID 42 -isForBrowser -prefsHandle 11800 -prefMapHandle 11600 -prefsLen 30301 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {505de123-83ee-4e5a-93e5-14a308c52ae8} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11812 167b73cc658 tab
    3⤵
    PID:5284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.47.1078958877\617870100" -childID 44 -isForBrowser -prefsHandle 11480 -prefMapHandle 3500 -prefsLen 30301 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58346a86-af41-4b12-a082-a0c2d1c151b4} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11748 167a1863258 tab
    3⤵
    PID:1848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.46.562165388\103373000" -childID 43 -isForBrowser -prefsHandle 11772 -prefMapHandle 11776 -prefsLen 30301 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {751daaa6-5b01-4009-8dc1-1ecf198dfadd} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11764 167a185f258 tab
    3⤵
    PID:6436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.48.1097112043\547615890" -childID 45 -isForBrowser -prefsHandle 12016 -prefMapHandle 11652 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86394631-0f6a-4b92-816b-6cd839b197c8} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11440 167b77ee458 tab
    3⤵
    PID:2248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.49.1174262766\452990723" -childID 46 -isForBrowser -prefsHandle 6476 -prefMapHandle 6888 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38074229-ee86-4727-9968-678b0c9259e3} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 12476 167b8afb658 tab
    3⤵
    PID:3412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.50.260974428\221830943" -childID 47 -isForBrowser -prefsHandle 12588 -prefMapHandle 12584 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f60766b-8be8-4035-960b-da95f7f009cc} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11772 167b8afcb58 tab
    3⤵
    PID:7920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.51.2083068351\416232161" -childID 48 -isForBrowser -prefsHandle 11680 -prefMapHandle 12004 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f968e3e-bcb1-440d-b5c3-2da3467d2f19} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11800 167b416d458 tab
    3⤵
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.52.497486212\600113357" -childID 49 -isForBrowser -prefsHandle 6392 -prefMapHandle 12420 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {914c0443-a835-4b16-a629-0e8a00264ccd} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 9616 167b76de558 tab
    3⤵
    PID:8752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.53.211064891\911607670" -childID 50 -isForBrowser -prefsHandle 6360 -prefMapHandle 9856 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a414635c-9274-4380-ae95-68bf24cd4f35} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 11780 167b19f6058 tab
    3⤵
    PID:8788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.54.1515221968\89460162" -childID 51 -isForBrowser -prefsHandle 8992 -prefMapHandle 12684 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e58353a-e657-4e8f-9668-806e14b8c61c} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 12640 167b76dcd58 tab
    3⤵
    PID:6244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.55.473469497\645073158" -childID 52 -isForBrowser -prefsHandle 12656 -prefMapHandle 12724 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {861ba379-7263-4be8-be66-5c815292dab8} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 13024 167b77e8758 tab
    3⤵
    PID:8332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.56.876350391\1480223930" -childID 53 -isForBrowser -prefsHandle 12712 -prefMapHandle 12944 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07b72274-bf16-4c51-88b8-1f6a80f3d13b} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 12956 167b7cfde58 tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.57.1409501249\1045822725" -childID 54 -isForBrowser -prefsHandle 13188 -prefMapHandle 13120 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b94e805-dfb6-4690-b2f3-e3d8e96ab46b} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 13276 167b8365b58 tab
    3⤵
    PID:8292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.58.2121398806\454885177" -childID 55 -isForBrowser -prefsHandle 13400 -prefMapHandle 3500 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b7315dc-da6b-4924-abe1-92945f9a91fc} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 9856 167b91e1758 tab
    3⤵
    PID:6772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.59.1609542716\594012652" -childID 56 -isForBrowser -prefsHandle 12996 -prefMapHandle 12640 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb1ff7c2-0462-44fd-80be-cb8d64169f14} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 13608 167a1865958 tab
    3⤵
    PID:9148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4000.60.989348531\117301195" -childID 57 -isForBrowser -prefsHandle 13776 -prefMapHandle 13772 -prefsLen 30310 -prefMapSize 232645 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65e14ec2-b774-43b5-a86a-a4f8859f0470} 4000 "\\.\pipe\gecko-crash-server-pipe.4000" 13784 167be8d8858 tab
    3⤵
    PID:6708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6176

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\2O23-F1LES-S0ft\" -spe -an -ai#7zMap1295:92:7zEvent21683
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\2O23-F1LES-S0ft\templates\strategytester.htm
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ff92a5946f8,0x7ff92a594708,0x7ff92a594718
  2⤵
  PID:7060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3152 /prefetch:8
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2756 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2752 /prefetch:1
  2⤵
  PID:6524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  PID:6368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4724
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff7c2b35460,0x7ff7c2b35470,0x7ff7c2b35480
    3⤵
    PID:7936
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:8116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
  2⤵
  PID:8160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,13233408521965127728,1926366019790204580,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:8144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5504

C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe
"C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:7692
- C:\ProgramData\09264031422974631876.exe
  "C:\ProgramData\09264031422974631876.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:7604
- - C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    PID:5828
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 1684
  2⤵
  - Program crash
  PID:7744

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 7692 -ip 7692
1⤵
PID:7660

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:8140
- C:\Windows\system32\ipconfig.exe
  IPCONFIG
  2⤵
  - Gathers network information
  PID:3016

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\smb-7teux2sm\" -spe -an -ai#7zMap4533:86:7zEvent4069
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:9056

C:\Users\Admin\Downloads\smb-7teux2sm\smb-7teux2sm.exe
"C:\Users\Admin\Downloads\smb-7teux2sm\smb-7teux2sm.exe"
1⤵
- Executes dropped EXE
PID:8660

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\smb-7teux2sm\smb-7teux2sm\" -ad -an -ai#7zMap22708:112:7zEvent13398
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:9404

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Web Service

T1102

Credential Access

Credentials in Files

T1081

Discovery

Network Service Scanning

T1046

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\09264031422974631876.exe

Filesize
3.4MB

MD5
9a5df208d2d13b800cd27c2bd5ed2274

SHA1
ce3e9147e7385703c1b58ce4497164a2921b9fb2

SHA256
ca75ac12bc95dc23b280682635042c07dccd331ab3bacac39c8983cecb575405

SHA512
d9d8e1c43ebba9a33bc628debf28af9ea00157b8f26a18a65170be99a70d580d558fcfc5042453b116302d37c319af695f5425b9af4c04a2b8e80130233695da

Download Submit
C:\ProgramData\09264031422974631876.exe

Filesize
3.4MB

MD5
9a5df208d2d13b800cd27c2bd5ed2274

SHA1
ce3e9147e7385703c1b58ce4497164a2921b9fb2

SHA256
ca75ac12bc95dc23b280682635042c07dccd331ab3bacac39c8983cecb575405

SHA512
d9d8e1c43ebba9a33bc628debf28af9ea00157b8f26a18a65170be99a70d580d558fcfc5042453b116302d37c319af695f5425b9af4c04a2b8e80130233695da

Download Submit
C:\ProgramData\09264031422974631876.exe

Filesize
3.4MB

MD5
9a5df208d2d13b800cd27c2bd5ed2274

SHA1
ce3e9147e7385703c1b58ce4497164a2921b9fb2

SHA256
ca75ac12bc95dc23b280682635042c07dccd331ab3bacac39c8983cecb575405

SHA512
d9d8e1c43ebba9a33bc628debf28af9ea00157b8f26a18a65170be99a70d580d558fcfc5042453b116302d37c319af695f5425b9af4c04a2b8e80130233695da

Download Submit
C:\ProgramData\75380371294450894012059701

Filesize
124KB

MD5
829c73cdfb82c6b8e1e510ded8fe761b

SHA1
199fc230747fc2501fb5dd5231a3cb2f52cb4535

SHA256
e0bc05affbbb0e21e1a0f37349389c86724e0851d2e032ead7d387ebfb94f468

SHA512
36c1ff49467cc33b94565cd58a066498768e2563ea58bea4dd7ac7d77ddf44d2d7acba13a8e734727320d70c29a75f3a27517ebd7dd62a5ad1c6d401b57d19d6

Download Submit
C:\ProgramData\87652791199928743673327305

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f4e028cd95083851798792408bf77c7b

SHA1
30388a712b6c36094b4477ddb810502c69d72130

SHA256
63c1a7e5a7815c3bcdfe5b26e78f31ac691ffb780ff51eea4faaef52d4b2e738

SHA512
4110faa82b3c3fa61c145a5b3a59b04b4e12901d5211782649ece1f5a30fe7b5497f39118882fc593814edd0baacb8922118db2e365ccf7a5d9229f0b2d5f338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
829c73cdfb82c6b8e1e510ded8fe761b

SHA1
199fc230747fc2501fb5dd5231a3cb2f52cb4535

SHA256
e0bc05affbbb0e21e1a0f37349389c86724e0851d2e032ead7d387ebfb94f468

SHA512
36c1ff49467cc33b94565cd58a066498768e2563ea58bea4dd7ac7d77ddf44d2d7acba13a8e734727320d70c29a75f3a27517ebd7dd62a5ad1c6d401b57d19d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
5e566bb6505379eb34aecbd1dfdfd8ff

SHA1
ca1f505ea0971f2a1e608d4e5f63b96c9be71744

SHA256
b21d5238eb5078baacf7bf1e6f4f88925a05b1eb7cca8105dc6e6c7c00ff3126

SHA512
086ff01e8945798ca51d6eaac01a4577015e5e033a50f677423bcc36315cd5ac3ba52c117cf4200728018f99706296b8e3f14c20bf4ef337b8beedc2148ca132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
36029a2f0608bb18a76dc704515ceb90

SHA1
1bb845ef4f210780d746e43dd79301252e762394

SHA256
da3e56d04061630c1bc32dfabc2a32621a1f2632ca083b9e5a0609fd51f140e3

SHA512
1d0ceb31b61b75d67fcf3f1e2a23dc8b9f8b4829ad7c811ba1f511518f7039cdc8d96176b14a853e3357942789073d8740af7c90c4f5332239d3bb1cac501e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db0a66fe4abd90812aaed4c8c4fa08c4

SHA1
28d883b31c031cd3fff74fba96c2cd9f3d7781b0

SHA256
8afa5cd037c7b79bc10f0a6e63e8cee1cbdfd1d36cb2c09a8ef3122f57a2a9d9

SHA512
b9b02f8fa5e76463bd37a3e9efaa2a43edee3dc1d66f5697ca5a3d100b0a6e1bea1050dc01489ade342f17b809a149d290808a319c47019f280609671372ef32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1128df97dd5642ab9d43159c9d5f6226

SHA1
9ca10e504cf15362f4ebd932a500b4ac12a9b87c

SHA256
f1e66a4077574f873027baf9a9e4ab234b1e1b44d7ad21e529858404d23be268

SHA512
601534fb98c76739feb94b56992a8554b9ad3eab5f50e904112c4e4e7306b86868d093578450bcfc05479cdfa9c5a05395461d26da75f4af686773549397463b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
a7f7464408cecdec1aa864acb1930ce9

SHA1
2c21874c6aba28ea2526f1c83e2a02fe0b59da5d

SHA256
3e21457e9cdbdeef33a9cf5c54d06ef4a3d10be230deb92d1cb803139b2e4e13

SHA512
58a01c9a492c8232b2a663d7a3a01cd9c23099184ffb0a107521a69055e42aade209d6068a5b8075559b272bd66e26b730361ea547646450f0b697a68cc4d199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
5c2041b704bb7d887d1d945b5acf387f

SHA1
c86e14be7b6316ce66811ecddb1eba8d2d8c1d57

SHA256
2daf164ca1eb69a41f0dc9477e6d0c6011ac82b7e410189a54c37760bd50087e

SHA512
b6cedad6de8347254fee0220d91a5ffc945100e0f0eeba61806f02bce7c5b156da4bcb48e8973bdd4744a3c368a681d60cd17f95050c731a753b9a2b71cace0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
5c2041b704bb7d887d1d945b5acf387f

SHA1
c86e14be7b6316ce66811ecddb1eba8d2d8c1d57

SHA256
2daf164ca1eb69a41f0dc9477e6d0c6011ac82b7e410189a54c37760bd50087e

SHA512
b6cedad6de8347254fee0220d91a5ffc945100e0f0eeba61806f02bce7c5b156da4bcb48e8973bdd4744a3c368a681d60cd17f95050c731a753b9a2b71cace0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp

Filesize
139KB

MD5
f92904ddff490aadbcae36071398db40

SHA1
bb6770cc7c9c3684b33ec212789ce2a6db5e35a2

SHA256
0501a107a46e30b2a00ef5a639613458e06d3f3b89521235209e73188eb054cc

SHA512
f8c057f2a8b098246b457a5610eea1875d771951b26f74860e2047838ab2ff90a86c242f420da38b56da75be8b5234d4a4e34b725e157d99460c06898951b519

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\13891

Filesize
9KB

MD5
c93e49689b97ef90b2c3cda3120387fe

SHA1
b8afe354ade27596cf44c963467861e7b63e9cb4

SHA256
3d4a06e34d13ebfbf5ecae95d987ae255e4436a53585091aab22d7bb8d739950

SHA512
67aa71f352c04403797543eb2043f22c986dac9a1b8e560cb148ecc86ac99bc1423a6d8383a1c5b9f4aa1f0c91414a30bce76a2c929dbb02e23b5039ef48020e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\17468

Filesize
18KB

MD5
31e46bea4e9f9315e30d99fa945c7b87

SHA1
204ce40982a211762a207e23a9280f0c3ff630bd

SHA256
0b739d439240cae201409971d855f22d12694f6ddb3b8adfb0144ab83e8b0088

SHA512
de6646a89efb655eb195575e123a6969b417841edb28f4e764ae62b5eb66c98ca0d33552faffc0535508343a468013107949a91d5cf0239848d3ba09c04f719c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\17502

Filesize
47KB

MD5
208a24052db54abe06636f6215357ee7

SHA1
44287b5692dea46c90852232cde0ee972d73e7f7

SHA256
6b7d68949f08d9d83c92af5742ab06087459291bedc1cd00f4da540dd609a133

SHA512
2dc34e8ab8f54ca3280e1ea61883b86f9868fded5e5d049806f5b0fff716a13a8a43b1dda980061c921b335d12b9278d10a0cb8c562c43af56a0fa9a398a25ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\2185

Filesize
15KB

MD5
d3d4f31e0b23416680ec2abf7f10f938

SHA1
1c7be41c15fa8a32244a57a0fd6828708598d531

SHA256
dd072928721cccb01cf9f946035944761a3d78fe683dec99e50f73ae490cfa7d

SHA512
090de83558f3b68315acb719915f9b1a8ead93024cfa1c12cc2cdd46a6a45a64b35f22ae0c82d70001cd11271fed5902b256cd57aa88c2231fc12379baf81de4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\24309

Filesize
14KB

MD5
ff52082d05a450ca278d6386bc115e51

SHA1
0ca40c5c5a6319db825e3673d69e3dd54ea0f724

SHA256
9189ca81810f8a1bb2a8ba4bde570d6895b4de38fbed6d51c8866e3d9f003694

SHA512
1ea2c33b11f62de398bbf3adb914babba5e309cd59e40a11e36a84ac5519e1f065360f5d361d1f894d4b269cec0f888aaf9d9d78580d1e79d23e73668779d354

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\24738

Filesize
12KB

MD5
fc5a56cf51ed9b32b9c7cb4dd6fac6ee

SHA1
b734503151d3dd2a3ac319f90331f1bf11522005

SHA256
a2b6356864715e09cf1faf20a5a8b981e6a1e50a55fee9c06cfdffb4052ae79c

SHA512
68e9073fe5b6501630ad2815283a3559363d97d94be5a595ad8421681890ffc8e1af8bfaff4579586a15304d2b649de9d50fbe4f173da791e38fe4d5207754e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\24914

Filesize
9KB

MD5
fb6575bb55b5b42a05eb582d26d0c0a7

SHA1
6b613e5584c124dd848b0bb775dfa2c01bd7dd7f

SHA256
c2271daf0c5e17440dee1ada1aa21f6c7f3f56e620c4950986759ddd68a59073

SHA512
ef7ea06b7fd7e35baebe7fb090250feeefe6ebe2b9df9904c6d099ebc9e194e8ba53c4cb88348bc52e40713e94926b7324f8c33e0ec53e9ad05ca973599eac25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\25992

Filesize
18KB

MD5
8883cd016924f3c6d032adf811c03d58

SHA1
84cebdfbae92923524129cb427909f6cc4f7aa71

SHA256
5a0ca02e880dee5b916d328ea319150ae076dbb0b08018a2fa5efc042cbb0709

SHA512
f6f8451613d48808d905f338a4319e2fde8ca84ef6c539dc194d6707cd43b718f6d7e4d76c0ed0c3e4229aeb166dfda1f278d4c7778aa22ee85518182bc682f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\26599

Filesize
30KB

MD5
ec3c983f969bf601c4fdb9fbfd329874

SHA1
279042d277d01aa53cbff12ba3ead0fffe5f7f7c

SHA256
7671ad5f084520f1ca1d901d8fbf1ed29cb94d07469ff6ee0cab0f5d148ad1c8

SHA512
04b63041bffc4daf50603e628bdf3ba1422667a9c76c643dd0a257a0d1651bcdce4d01a2e0eddd40e871e1798ea6ffc95bc8d30484c70c4d4dbf3360c2e2c674

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\30286

Filesize
12KB

MD5
4b9f6200956d774586f5909462739d87

SHA1
e79d7b842bae572bb5a462325146871a05acfaf1

SHA256
14b6801a6d29e6f21c40df70d350f0274fb7e45a2609baba61b0fc99098269f1

SHA512
9585bbf93a1426d58f98e59b30667dc30864825530dbe3c313919211001a2d442b62cec60f02ec7841932d7d3c53f21a8633401196a3c8bf760c94893a19ee73

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\30599

Filesize
12KB

MD5
79ecfc0faa7e415c20d1196e5371b073

SHA1
48a6ce892f7ad676ddadb47d38826c4fdec5388f

SHA256
30d5c74e97f393bb1679b4000b8ae9f45015e4495a39c2198dc8fe43062852a3

SHA512
9bb4217cca7ae7ee5fc4c13cccd690e6023566cafc32b48ac05ade76a56b604565b530069007d118129b473d133b7360b60159f36ef884c36c24ea05f29cb024

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\31170

Filesize
10KB

MD5
f99311954b7448f7d5cb44836278ff4d

SHA1
f22f91e9c66f120eb58bda769f7f40a58d8b992c

SHA256
e8fb14ded93b1c59c64f24148334cbe29038176b5b9f93ad4ce7bf87b291c519

SHA512
5e1d95cf2622b727dc3611f12a2f4565f14d1c4b5fa792f64e77c43fe42fa031dbf8ba3eaec18a0bb3a58a01ff475b6e17aec5b998fa10d0095888701db3c788

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\31645

Filesize
14KB

MD5
a746fbdfdc11452826ca1c790f2329db

SHA1
b13cf131d55e387bbcfc54ad86c1c28d97a8ff5f

SHA256
0e229fb85bbed01275c367efa2c240312b484f9302b97d24f69629566c90519b

SHA512
4b0e2de8ec67dcfb970bd1ea2b41749b12cf02659215468c7ad93a2276aa057fe9412c59b221043168f0a0b1c845fc5efad57ca80645a4967cdbf9adf3aed2bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\4260

Filesize
10KB

MD5
f7ed387d348d93f35cdb38ac84ac96a0

SHA1
5003fcbc7465dd2c33b38f36e20e105de5e085f4

SHA256
f2fd6b3ae8397da4cbab806256102911e4015d5b485517581fbdb46414de3bbd

SHA512
a882a98c0d67652c03d5cfa245e16fd63103117614828328afc1856fc91ccc149833c05d84aa814f7a3ab84e662560903b9bd0176869dc0b31c2a12317d8d3b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\5051

Filesize
8KB

MD5
2abf84ba2772f607f861d2b011010336

SHA1
dd92f760ca9f73e8ba5df64503d31da4e8580e15

SHA256
a7dc2cb1b20c64b8a1deced5fd78cca43da440ea607ce0d364be406c6619b11b

SHA512
397c0b1961f442997779ec2099d59a9f941ec37958ffdea5a3d562b9977b711fb76cad5579cd2db919748fe0e8a24fe86796261215829324c08527d71710b0bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\5800

Filesize
14KB

MD5
3746267d3af095814035ee6c8a0e7047

SHA1
9d4b77cda9e2c09f28422ba4524854ef3048afcd

SHA256
f50383ff9bf8085082224fb2d0d8aaa1042ed747c78c12b0bae8ab2fbcd7c053

SHA512
76676950ff84c5f2e5ac6bb6d0f91aa8acd974b53e7efb5b98c1040ce69be6e64836a090fb5a0083f73de4a00d8905774aa9dff282f5385065e90a6e11706e6c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\643

Filesize
14KB

MD5
8a7b81a12c59536b733eecb58de6575a

SHA1
46baef9c57cc348db2cda142fcc5fdbe70809fe8

SHA256
15972a0649468267504ed7fa2eb9bd3be55d138a8ec7f2e527957a9168be4d88

SHA512
071328c70370cae5b2404d7f15bfc335807a4a2ab222baddc22440cf581679418c0326ae65a4b47f902ba49fd21927a9e36effeaae0efa0e43584093350c1597

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\00C91329B3E315644E0B6F1383E3E8218531691F

Filesize
138KB

MD5
d3cb996abdfc7fdae1e307239a4939db

SHA1
b9e2a209f629918e9092bb6b96a23f3b67cbb5ea

SHA256
4eae28ce7bc5574c3d463796a85c623c6b91b120c4737508c913c351dace8ff5

SHA512
ee0116bf9db6ef69c75fdfcfdd102542b680466314fdda4aa8a32498474a397792c27c5f5e48b2e0cfd0ced42c01ca000fe2bdd944d698ee5c22680e3b837304

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\0288467CC9F9F746517D438E0C37D5B13FC98551

Filesize
111KB

MD5
f453a936e0b3874ab78ffa9c73f46a95

SHA1
c162215d88e9b56e74926701873d10bb573ffe42

SHA256
325c500c665a4d1079276d165977f01d07eb5c9c99e0588fc5212f4752ac7eab

SHA512
1b4b0525f85c6190fd32a75bafd1bf782a9f0846caa30eccb0b15dc5711ae8fa90d78c068fdfbc856aff45584387a67b49c944ca623d2b57c44928e2cc81960c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\11629595959287E04313BB1DB6402BA677A7E83E

Filesize
94KB

MD5
3343019d64f53d3465f873ec88eebf51

SHA1
781bfb6802dd6cd558748af6bcae5876038b0fea

SHA256
198d7f349f4ca6a0ba95d2beea02b9e648a8c067ba329d071558ac51fc9ba037

SHA512
d5a3d8b6da4d30694e6c8ff8bdfc16ed02ea496a52935ac0630701222fd5f37c170f3b1009084d52a5014e066e83e2085747331f4461948300c52f9c4230d90d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\2F9D546DA06FFA2BC90685F7351BEE4479B652DB

Filesize
54KB

MD5
ca4a129343023227ee0f9edf129a22cf

SHA1
a99a72a67c5b12fa28f37e3dcc087996c9ab7cb3

SHA256
527ca0dbef37cd29be98666cb25d5d8cd14cc5e2b1b4c57e3abfa831742b91a2

SHA512
92dd322553260de58cdaa16e2d64dc4f9ddc9fab06dc3585c0f28698876dae1c4d05e673c274b28690489654d4a5bb66b38903106c6c8301b15235e9e7679ba4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\4634D5E8DAFCFEED8E55E4845CF80F749E5AB23A

Filesize
55KB

MD5
2f4c173908f779077186e2db09d59c2c

SHA1
51f229fb67b3da24c3f9f857241dfd85dd7dd4c9

SHA256
2cbe8f93828efa1702e6ed5756c82ad64f1f01309d32a3755dbd9b5d20a95774

SHA512
d2ed381fc88d8e8fd84ab0c8dc4f46d248503b1d20d049674c6771219f0522d0d68e12952384fbb29765502876bc2572b5769861482d964a782a900368cd5750

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\48D3BFF8D0D60D321D6E6E3787A1C32F8B63FB4A

Filesize
4.8MB

MD5
974580c4b67e2756abd2424eb6b0d3c1

SHA1
32b0e3db109d25f6a9fa881da889bc606009ca93

SHA256
91cf69cb2a07cc1962839a4330d969b4e4b947f00260a950f40b1c25b696905f

SHA512
9609f3090860fb71b78f40cab5b981ffacd30456d55ff578abe4209aa78b693348f1e3ef899cd1e6017960ddc076d1ae9d3e9dc70d5a2dc4778764c72d1e5f28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\560BE2F61A5036517013F0655C7B24AB41FCF2C6

Filesize
87KB

MD5
b29822de502866fcebecc96d719daeb8

SHA1
8672312faa2c0ace51b1868a5d9c4c998412f13d

SHA256
3a53283a0adbb1517084f6b652bd89d67ab47202cd8f728d3cbef8709a365a9e

SHA512
a6dbf1bc8a0e39295b9ded72d8f181f714154b0bd98b7ca07789d218faf82c4dc3b927c30b50a0b741669def34108ff3a116f05c4b5aaa2b0da2ddd90ad37995

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\58D46C4012E4AD3623A4EA72BB3C1CDD25B3FF87

Filesize
14KB

MD5
5c347c7ccda70f8cd2b8c0cb750303ec

SHA1
21bf58d182d2ea43675109584e9063e8b358c202

SHA256
2a573d69151550e0c636b3e763c2f90648b9fce98846b467baf6efa42a654605

SHA512
9c7a29f9205ada73c71109fd2db38bc7e4ec3187f11b12ae2eca75c463265ed45e0c50e3e45460bde4455f15e69975877ff5fb496ef7194d65b70784830eaf34

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\5AEB067D5324221D2F3474AA05E27EFA19729E6C

Filesize
26KB

MD5
999df8b3c439caa06231667c9945c7d3

SHA1
40bf9c0af2e48e312a29251386cabcc17418d68a

SHA256
69bb61b146429299ffced9097e8f3bdbcd42e2a8285c600e460510d0f9e82889

SHA512
e8db570991180109bff9e8aa0257ed9bb403cf041dcd17f87acaa8ba4d45f886ed2fa70e40b59c8e0d9b9bccef6746f659eb0037fd679ffe3876e316ac9246de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\7668674CB17DCD3EA3D85F7BE57D3E095AE53F2F

Filesize
14KB

MD5
37cf25ea33f3cc1997ebdabb32650351

SHA1
0ea4e8f1cbab3d04d582edd9fef1523421ebbf86

SHA256
0a6b2ca3bebd14fbaab063f2ce7b4d80d2d50ea4ad087e35e212f2698fac0fe7

SHA512
6bf120a45b96e30a3bc8842d4b2aaf8857e4cdc05a0ff2c6fa01b4f6d5cbb14a82009cb94935012869041c5c09cff37d6d97a5d5f7ebc6ced11fb24256d0d453

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\77E56988193F4D79EFC13FBA92424E0273F8736D

Filesize
120KB

MD5
3e26d362e6d4a33e2e49021056857fd0

SHA1
27c0026ef12d0ac928b9356c8c0587e072ae3f14

SHA256
5333ba718bced4deed8e8d488b390350d688cc833bf5d3e9489fc8b4c1ef240f

SHA512
80940ff51bb028d35e53190d557b47897647eaaa3bcd74310ed882246a99983d559e7acc64502fa76167bd0efdaac19cd1337191b194460b13d698e523afa1a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\79A4CE86A1600D1349AA0356C672BEA7A3482032

Filesize
31KB

MD5
72a890d476a29653f1c232f4e2f7c607

SHA1
e3b891393fe9a6c05614670db1bfefbe2e4be626

SHA256
6cd10e34cf0528afc11bd42893b5a0ab16fe83de2e8f62c284f1bc1e774d8d99

SHA512
931bed87d4bb20cc0eb5f7e87bbec5a5ac9e3dfcf40d725341bb6da028c64ae88d2abecf068ec52f883d1e0628e93943bb80d6224ee04914b23c1bf158fef1a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\83694C4B0C983BDAFFBCCD945F9254E4CA2AF6FA

Filesize
535KB

MD5
66d1c3fd0012ee540f51b250f0021f2e

SHA1
12d6bcad7d7d7803a043adcf6c7ab109cddbc1dd

SHA256
de5701f5ef2baf10368144bdeae322d51297371d25bb70e96a942922ecff2d87

SHA512
ab74afe70dbab0ed1c3002b8d15f33746544265e923b61a7978607836b126868a03dddd283363456d467c4b1d106c6e229fae830b92dfdd467d4602fed65be32

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\8655FFA4EFECE7FCC24F7608C628F7DDDF8C44F6

Filesize
20KB

MD5
c0c9baddd4240a1506cfb1ce856bc84b

SHA1
2f0f0e61e9521a4aaa4a301830de1dba6d3e1056

SHA256
c00086bc1e8f348d994b3ca8e081dd03feb1695f5e2058dd1214f23e841a2937

SHA512
597a16b254484ef12e39d9de70997e6d4cc709b92612e1babc9b54c087592407c70184166d2426ff10743b556ffeff55a6cd9c1c42cb8102e52af5fbf6e6d183

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
40KB

MD5
b354d03d88d7f9e9d1dad4a41adae8b7

SHA1
c15c8a2ddfa0d9c7e4abaa2b83730a70cee2fa99

SHA256
e4b97c696f6fde9f1b187761a3a6184173c0cc5baf9a17332c58911f2763d91b

SHA512
ca27b80df43a871dd939302417b487d82229fae6ad0dae7476b89d9c01ff1ddf999e199c2813f62858e6cde034106511404670247c46776968c944cba94685ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\B0985743595C953E243D1553684FEF0F659DC28E

Filesize
32KB

MD5
480b3b0f94832b849dffd04f8cc2a581

SHA1
a3cd7450346490d29498a3b0f1cf6181c39b786e

SHA256
75a330a05184dc6ddf8b24129985d7a856ce23fc726838938fa2a071a7417117

SHA512
ab4d979ec7bf0062b6de79194e52a2d3d100bb5e8c9b885726947c22154ef53cc36dc451fb7592b2a6a455b742410236682d91fbcdcb2b15d0f1b21d5f9e8337

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\BD9500F54C98A0FD45FABB3602781172DD02E735

Filesize
95KB

MD5
e8d96a2658ce60e1148d0e2fdfb290e8

SHA1
9d572369c91c30d6d5c6565dc3123cd4eb665e49

SHA256
06d898b6033932eb5f635a82135777667aac8dfef1a8b1cbbb602d8a5ea53538

SHA512
49dad770c00326e416a5b99ff3b5baa97323c74610979c69d345a967a5a66125e2719278a303c7087418c39baa2ce764bdd4fd69b76250551db5a5c96328c7ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\C1B0590BD91854DC47CA71B709360ABAF20ED34C

Filesize
21KB

MD5
5cb428aae60d26d7025f66dbc25fc608

SHA1
9c1a69f566f81e3c36eb5f3e86d7cf7990783d2e

SHA256
13fe59275217689d5555cd5e89ee280ac4f3af6a9fa29dcfb259e7849788fff0

SHA512
3777411adcc7977dbb5573c1f1d5c4e7fa2751573812f84393a5f7d8b05b2cda9a140981b4419daa837dd4e6bab7951d826e3dbe3e60b4554f833a0f43c7c0d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\CE637EE86C8D67035A9894050FC63AE466686143

Filesize
39KB

MD5
345b1f3ea01b3ece72e6807db15181c3

SHA1
48a793c38c987b3a25932f90c5a2f4d73799a9c8

SHA256
146dbc678107de3ea1ec977be467ea7ff187cdb68de6208cac6a5d2f6d739f89

SHA512
97a869b761152554854009f93a7423ae507552354e47868cd5006160798fcd8ff9df55d6e280ad530e5960d54e0398d83c995a4dc6dcebe5d4d48e6f096a1d62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\DCDEFA1DA3FD1BA95FBCF439489482D62C7003FE

Filesize
74KB

MD5
1e7aaff495125c965657253d50ac705d

SHA1
b51d461a5ce615e18ab4e5e323f8b97a298224a2

SHA256
97b870f00f8ecf764e613e0dbfdbada6c25446d6fba9256e3f85693babf7e9a0

SHA512
a84f0173b24c69c989aa0fba0f96ed68d0ac5628739f5763ada2024b9b7ea5fb74409be7fd2e2a502113d9c05596fc0e8ce1d38438ac7b8f33c45976388d08d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\E516DBA3FD8DC5C2AEC1575D808673EB17E88EE4

Filesize
93KB

MD5
0ace47b542b590a8da1b519615cecb15

SHA1
56a46e4a2a56ed85863e44389170723cbdf71204

SHA256
38d5737fbbd74f1716df656f27703ab27343b6d4f6988792e06df0eb6ad78f6c

SHA512
858d6a3192b3683f9c77325791bddb00a5ac7c4a420c4a7a7988276692d10594b3c565047e7457d10826c743b4382b1828f444ab76630ed40a81ce8700ec3fcb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\E64D56B09F49B1E74113BF916A9F4B7F9AEA518A

Filesize
13KB

MD5
f63c59352fd2de4e18e8b18eebc8b12b

SHA1
aa6c3b999144ea4bcfddfd8fd688fdf97209e329

SHA256
cd23520609cc1ec8f0e89b344a0688d509f9b9f5ba78dcaeab0f228e1295a6fb

SHA512
9836dd54a318dce0c3965bdf2bd1f4b9c52431bc7e373d0e0f7530045e117b9a692a8bea0e7c5f0f5b3ae27df18e7e95097864d8ff60903a0b570567fc5e42ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\F8CD792627AF3E854E759525C66701EC3A1760EB

Filesize
87KB

MD5
a01023b2c9da4bf32be874f2ae2af034

SHA1
573f1998ed5a18beda65c79dbfc24ff53faa4fc8

SHA256
519c9e842a90df8be9702ee36c5573eff982b7b8de3e06ba53b7932506adfc10

SHA512
6338e2a4254683ad255017be40c38e4b4fc4a79e835d11382fd10d65386f911cd5ab6d4f28dc63449759cf2da64dc4f58bede662c6e8c637b0047b45c1dafdd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

Filesize
30KB

MD5
c58a0c5dc158c4e0981ec7472dd2eddb

SHA1
2196170a93df1683e49ef2b960c4e764f41e373a

SHA256
b15a6bee092e0be79d164b3c901f3dff55d30773621581aba5b18d0058f44753

SHA512
ae826e738ccfaa3d56d16fa212e35bb427ddf1e62ceddaef93ed004dea38ab77970c542308a5b808b913a2f5064a4f0f6afbfef9330d01c9dfafc8a13e659b03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\jumpListCache\Lm+fuIfryCytMt0cjWgcxg==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\jumpListCache\W222t44u+i8iqTLNeE8fBQ==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
6cd5b0eb8036f00b3dd047b0a340c977

SHA1
5a67c4a2b2dc60c2f45c0c1e429babd8823b160c

SHA256
c750c1bae6ab6c694787e782f678a537b873250e6779ea4bbffa5b834eebc2d7

SHA512
c9e67a90bc0407a99480a8b6a3f97fc32a0c57c31536c14643c1a8a1c3d32e0862124dee2e09700212973b9a66565e736c44aca930f5b722baa9ac10b9191e34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
02fc15803fee770579a18289309d6a9c

SHA1
cbf99f5fe5d642eb0fbc9e8adfeb49395186c14c

SHA256
737ce9d9b4988d4888f2d239d8b4eb93a3b0932c9e06b56014538948001f13af

SHA512
bfbefd9ff3343cc6523302ea627f52d2bf1359bf5553545af62a61f4a85b4a5ea2e27d39d717da22f6f2c2535a906bdaffc49b7924207803a762cac4a5cc3af6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
a3d06fbccfd472e84f625013977326de

SHA1
d8d4f30ecafa07c0e6c8717e4101db8427cbcb53

SHA256
246ac15902c552229f09c47391a268e1429c78c399688b78ec46036c0160c36b

SHA512
c9efc3cfa175a151c791f4632383cd1eff538d764bb41a4d78781447821fee8b8f975484788f951bd73dd0a3d9868e8a24fbf0f8997de6e114fce5f0cddc9c12

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
934d0c21b1238ef7bf02d9b5f05b7333

SHA1
5687f1c1d65bba599137e3367072a04617c31ff5

SHA256
a0b9aa40cd71b77a15a3b889487fc69c54293a0c7ddb1d85e1d4feda9fb93730

SHA512
812e3ab8420c63a494bf43e14ec4cc4ea8d41840635cf659a851b4a753f8e57d1b8f4c376e153663a095eb01264a10617efdf34af4663776f86ecd5dee6d853a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
65bb2c3a182b55ac83a9cdae298525e0

SHA1
ec8a5140044defcf41c9a41233a38228e68f6670

SHA256
4443fbcb9db24e2e639360eb38254a12f14e8c852c7ea6b2e95f8c0e96aae5d4

SHA512
8b6ca5acd30cceb57f220035690ea08ac51907145346905b11a67e6d6ededd1d13a33977992cf1863a10704b5b02329aaa5c7ad7196839f5c26a846b7d311aed

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
b84f4b5c23bd13d5d42bd68a56a5d897

SHA1
13c181ace419156a98192debd26194ff5e5f7278

SHA256
56762905f2d0ead84dedf7eca8ef4af4feec18d6f89c491af83eef36668fab23

SHA512
5c0ff8b0c862b3c19589753402fedcfa5846a4b8b9162e3dcee8959fa4c6dba9fd58642375d95a2c39bb363bf5cfca19c5386d5b319dd3fbe26ccce50ca87dd1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
701e13fb64a80355aa20b0f2f9bcc044

SHA1
8551c9f377abf0ddadc37b1e9da6e138344204e7

SHA256
fa3024151d52c925c1d2a44e0811f5b7e1bb2cdbbb0b686bc4d5250d9daf6bd2

SHA512
1c5f1d3da61a46af363ecdb03e242f61acfe4ab4d2cda957eaae9a83d8057ccb3d48624496a88a5efeda4a0dddf86458c2f7483d2d899c3afb8bb4d4de01be11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\AlternateServices.txt

Filesize
16KB

MD5
be7bf38109524a771b231dab2999c355

SHA1
7d27dc49f4df00c6843c092ea69191e24cb8c70e

SHA256
cf62f98977511089e9142246bcb91889b4eaa0ad46579fa7e36db5a11b362d2f

SHA512
05a0ababae232f3f3a1e72d37d06eb26935acc1009d676b1628698e31a1d43861278978bb7c77af605bad1a2f0d27a6e2406c92289dccca36c755eb86493f30b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\SiteSecurityServiceState.txt

Filesize
817B

MD5
34dba1c2edbbbe793d658d75ca0b8185

SHA1
8872edb51c7661194600f929f3bbf587bdd8baae

SHA256
e0459cee73125bc108081d73fd563f31f552116f82076a9a8a29bdd7f2132d30

SHA512
55b0b13a8018d30401611773be619895d5835f93249694804d4789db0075a9bc1454839825f17e4d5855e026cb546dcfa6c1a87000e8c45c5153106afa08e04e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cookies.sqlite

Filesize
512KB

MD5
b7a0f572d19e55db7740e86111923d53

SHA1
34dd636abecbc2ad1541d774054680a19617be07

SHA256
911c58fd364ccb844884b502354891f4aa662c4e37792c76d99a09fa31a2df0f

SHA512
ab08c6be161edb5b5a27213106f6e62ef673a8e1f6a889202d2e72b89a1f4f67d204d697ed0a97981ad3bc47cac7ca3d83711e93673c34b9c9773fb7d7f12171

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
63b1bb87284efe954e1c3ae390e7ee44

SHA1
75b297779e1e2a8009276dd8df4507eb57e4e179

SHA256
b017ee25a7f5c09eb4bf359ca721d67e6e9d9f95f8ce6f741d47f33bde6ef73a

SHA512
f7768cbd7dd80408bd270e5a0dc47df588850203546bbc405adb0b096d00d45010d0fb64d8a6c050c83d81bd313094036f3d3af2916f1328f3899d76fad04895

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7fba44cb533472c1e260d1f28892d86b

SHA1
727dce051fc511e000053952d568f77b538107bb

SHA256
14fb5cda1708000576f35c39c15f80a0c653afaf42ed137a3d31678f94b6e8bf

SHA512
1330b0f39614a3af2a6f5e1ea558b3f5451a7af20b6f7a704784b139a0ec17a20c8d7b903424cb8020a003319a3d75794e9fe8bc0aeb39e81721b9b2fdb9e031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\formhistory.sqlite

Filesize
256KB

MD5
ff69da8bd9d66b808abd0ddf86aa3394

SHA1
bd5ba46235f7eb6b6ee8f9c298b99630db7de23d

SHA256
31d681fb2d16aabe651863c2fb370b552d0df1043bbfa422602ed6e1f7e68054

SHA512
3fe6d0ce5ded7c97f6835ecea46da945e57b60ca87d63c6f1b065d3d6f5670b42cadc6e42a3e40b292061e3189593d6653da0b52452302fb5f07101dfe33cd1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\places.sqlite

Filesize
5.0MB

MD5
c0550a636fcaabd9c48490212259e5a8

SHA1
d729389cd363d169ffdbae5f14c553a496ae987f

SHA256
bf5eb1ee1003b8f6ab0c79949837971a129c10f4c24a2579f046f780623548f0

SHA512
4e9f19ae394669a4581bd1644a466f28b7074a7677b4de636afda3d56ec81f2f4afbae42a9ddd6ef06d63b18b06f11e0056a3fd42925565851bfb97aec251203

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
7KB

MD5
cff84c387b33fab0b602ede042d75987

SHA1
e993d46127b0b380790ca18b4a60d8030fb1fb98

SHA256
5de4cff0d296cb764ff588a3d8654ab6dcc2d4a25262c5c0654d9a577815acdc

SHA512
d3a77f604a013cc63b1346a6cfe6fadf0800537279038fa4df296040b82169619a7ca1d778978dfb90173c455d6190b47f97b8be1c320c8ceafa17c4e85601fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
754a32d1056ac49b83e6cde09296dce3

SHA1
efce097d5aee5afb948333ce5175a311f7e1bd10

SHA256
707998d0f542a1d751f7164b2321045baa996db210863100242dba40ce783077

SHA512
007f39f2fe26f8b66ca27f5b9020ff471fe21a31eadee3f88029319be5444a4ea1ff63ef095c7ec2037d3d139db1f34de45b24d0b7640909fc3422e039d4d02c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
4124d64d4dd95b063b591845c0d10a97

SHA1
780c61c39504773fb786904f5da62bf74624d14e

SHA256
70c7aa8600932627fa6af2b42aeceef799201da048da864e939382453e205718

SHA512
991c46b60108660a8f85ab0754a1a56aab20b3cf686a5ba4e503dbbb5e61e31bb0a5ad5dd51bdb0dd18f613100f8021ae1e7d42b468f19caed1f026f2da8e81f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
8f8b1d096f5cf2d287c1c9a0f436c056

SHA1
82ad67bf9936d47e4b3d14ed3125f127f349b0bb

SHA256
e5dbee67b161a008ae701355a77872a002bed6dfbb09744580fa2758a13ecd59

SHA512
e322adc07b0f68de03b0650f0635af42c2b1e644283124e366681ff84365b74caf7b271d6139633252da7b59770faf07e00e90653fcceb8b3b835416f8006ccc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
cee394903f5aa525e07d54c7abb2099e

SHA1
345a218fb915327152ebaaac4690c311d7b1d3b3

SHA256
bcb9d1e4bb9b4dedb0fb7e9338f7b7e5aabc8ac266c5454e16badfde19862c40

SHA512
a0a7e87493832d6e3dbe90706e00e8afd84afaa5de4f553db3616b01617cde56e1813c71ebeed351b91d20b86fcd44d02dee41fb3d7179db2d624a031e0306ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
7KB

MD5
e572166123172a1b67c761e292457f3e

SHA1
a2db1d892b0b4db0ad9c451f1f5e8dc31bbb1409

SHA256
5ff549299d847b271e2d510c1fec472a24f8c47623cb6ff2578bf348677c7dd3

SHA512
75f9ed23f98e53955129979bc60ff1754d32fe17e42df73cf57659839200f162a3e36e201a719d58ae377e88bfe44157c94758693b45eccd6e9d21ad77e1034b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
7KB

MD5
c9a0e0831272fa8b9ee96e770583664e

SHA1
9a0287f2c025a062d6aa9d78f649cb38b05226ae

SHA256
29a00a01fd084361f24493d7479c17c9de5ef2cd45e32c6746033d83cb1991fc

SHA512
a9fbb0d6750c0864892f0d55d6c24f8f8939cb8adc9bf3d71a06260f180d480eb397bc06209440226068b332fc349f063599c4bb939fdb3cdff52afe42dc7359

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
8KB

MD5
aa6d16ed0ba0e93bd548747cfaa2ba08

SHA1
3f712cd244caa831a90b41d74c904e2f1bca7ee3

SHA256
e0326b91726ba6b1597612ff4fdf289fafc3d0e00a4bf7816372fcc7dcabc25b

SHA512
c2d23b771017804a107bfaab0f40444cc5a2c34e3f063d0b81d415cf7e1421611fd3cb0146c1132e69ae2d17ce96ae579fe68e005f2fdecbda65ea24c632d8f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
7f1244c25d34727bedfe2fab194e8255

SHA1
84d5343a08aabad7eb0ab0bb784fadec571a5517

SHA256
803d95993dcf547c3ad78264b5b834ad0f1a8227900c1b3d6980ac37faf3c405

SHA512
c2828e61f17de55857fd29f63e382b3c34940ec204858cef9d3dd81934d7c7a4bda8ba201ff030fc403eef1b4ade717af92608acd0c994eccc8d40978f971e2e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
583b06bd2d348e262ec4ee4facedd8f4

SHA1
b9435eeed4767e0e58abbe9cee2ef9139d4f3c0b

SHA256
90d53bc051c5d0e71c428968d16a9a53b96310844051e86b677982a9a6b75363

SHA512
54897e4f4750cc7422a91bcd3669d9e06cfad297aa1d1b0e50b2b05164ef1b1fb0431f6326ddef8f2ebde5eb83e377cefd05008f3838346f8efc2339052a100c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
418fc697a3aa1cc2c923781bfebb7938

SHA1
27944b56abd25f739f2957f1699585946fa7425f

SHA256
628b79da7291db3c598736189fe63fe9b05bdaf542c99a8356866cd4603cc713

SHA512
163acb8935bb17139ef6217ed144e202ce98b4d3f394d2ed7c65ff8327b074df9c7e42c65dcf905aa5aaafcc9cbf1055facbc4bae8312f734ab7df304832927a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
1e42ef4059fdcc8d6640147a645ca477

SHA1
6592608723e8c8bd104e59946d83a0433b824acf

SHA256
52c6d0934eeb1336597f5731b6f49a8a48005d7c298f1adc1c9d576927f92fd1

SHA512
8f8347252406061061060b95ed753bd907a4bae6948877d38ebd330ca5513058a99f83d2b128d457ce1bdefa020037c0c7ab92d443cd663238c5ca326f9164cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
08135c8831db4fe386e56b6c3a72a646

SHA1
71087096f65927b0ea0f50494ea05c8926ae2089

SHA256
066501297e2bcdd03e82829e66e2988159946f5c559fc84e1248ea2f2b518344

SHA512
892b81d6ab0db10d3ab470518c4ad7f77419ff8fc20c549fad1163e98c97e845ab4a914ccc906c794bc6e54f6cd2e9bcad84e0864aac0386cd4bb971660e12ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
c3054f18dce961b977899f08344ddb0f

SHA1
e6bd99f021314e7fe0b4a0c5654c7ecc3f0dbe51

SHA256
c0beaa17bf637440f1edf3a54f3583e6b4e1d2717609a23650a4572f29004224

SHA512
b46dc90ffe57ae08e664ef9a59c11e6d009add514e9ceba61c3d6ffde80cc56c286264dda13027323cb903d4cfefac05e96584890a3847d8be349b2bba2d4946

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js

Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b391a23fdba7879f68da7f6403907515

SHA1
f0cbcd8c0325d2b4d11d7496b6647daa8f866557

SHA256
7db06175f07bc36528341490c3db2926674461e06d50c2452f1644435a32d6ed

SHA512
e0224515e350688f102f40130e8d40bc34ab58118b93b9c30facd506abf3da692f8dfca9130c05d58767ef4d44d14e4570f38c0c92e841716ce2ddedb1908469

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
564dcd9fa1723bfea15fb55f76c1a389

SHA1
faa5b7db00f0485ff52c9145846fbe7cdd7d7454

SHA256
661f361ec899fc828a30f5475aec84ca727e9af0a8f7588fda434cf79b646c27

SHA512
85b4a2cca16348864bc87ebd2abb12ec0c98bb2be0a87c2f65ec78ebc94c147672a83d53c984cef6051326886435983b65dd3c4ad9ee625b2871fc33766197fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\cache\morgue\166\{0586b743-6bf7-46e4-96ca-d566920504a6}.final

Filesize
3KB

MD5
b3500426923da71f2e0d8bf8ccb3685c

SHA1
c07f404c5e44ecf8bbf3a8c3398e95a9fe6a662d

SHA256
d9c92958138851322969d80a1a3913df6c3daab0429cf823f29f3d0bf6ddd8c0

SHA512
64dcfc9eb05e3c9cba3c5a8d3257a88a5fa4884c9089debed66b4b36a5a32cd7b156a92800d49ec82ceb0178da7181b6c9ea9edde3e015ec78f021737f967868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\cache\morgue\187\{e94f9bb3-2648-4529-9ac2-7cea9a01d4bb}.final

Filesize
71KB

MD5
5af56e80d9a2d727d1b320104e6cde7d

SHA1
ba422be74c69336070d260826553042393af3c77

SHA256
e2607bf057f340cb64f6846e9b3db376b4c5a0e991083c03773c71b587715a6d

SHA512
4108f2b9f1658e7eb16f0d14967853e3a0631b2dd00de575795af5edbf95c8e2c05ea3de21eaf8da24dc195eafea08ddec01c9508e5927290dcbe86d94c8bcbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\idb\2232182701SeesravbiacteaWDosrgk.sqlite

Filesize
48KB

MD5
9b7bb0219650162875fdd1316632df2e

SHA1
accae8b03e007d85b3b4d7276ea82de7d23f4fce

SHA256
719628db0ff4cb45b36451446df14deee30936985b13dc22019f1ebe4ff4a4e0

SHA512
93124d3c7b8822e1210c1b03ec7ef9a1b872cb1d0311e36ed9769ec33ac122d65287850175e550a6962e23a17693cd35d57e5d0552e04cd1bbb4dfb12361baa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
13f0faf0d0283afa9408e85f56527c1f

SHA1
e51abface4f0a78671befa40ef63e5ea76b7cac4

SHA256
0c625d4c1e6133bd689324e2b9f707671fb93a523fb7dd942b512f1a36f24596

SHA512
19f41d261e57aa64bf3ae919ef69bd45ac9739222ae219835722886fc015da5bbff722c343f902faa5642ad5460765944879d1ea8d5bfa7fddf7d55a0ed91f2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
36241eef9d8dc8e72722b59dbca56391

SHA1
33633c68661966690976cc05356bbcf48ebe3127

SHA256
f8ed6efd9268c7048b0a964bb6c031e5c159ccbe32ab2080fe444b8255b96df2

SHA512
408f1679f55f2631e216bd933604190e17e0680b1b34898f726813b2279b2dccec0d222364aa06ad19a5915394d42e934e614dc3f2d2ed2ba49ab948ceb295e7

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
811.4MB

MD5
411dff8194207cc88865f39464a1eaf7

SHA1
df7ae22714b70fedd674890b4b6d1622f69f2621

SHA256
a5d6c7e18355301a596d866684f24b23f280fb3d244ec16b979177b85f1b6831

SHA512
3676151d1dc6020362e80265e3563b2a70a4cb916520d87694506daaf75b76dd96b7076966b827e7967cbdc7d43aae4fccff35c4af4aa3d39aab105b2e87b24b

Download Submit
C:\Users\Admin\AppData\Roaming\NTSystem\ntlhost.exe

Filesize
811.4MB

MD5
411dff8194207cc88865f39464a1eaf7

SHA1
df7ae22714b70fedd674890b4b6d1622f69f2621

SHA256
a5d6c7e18355301a596d866684f24b23f280fb3d244ec16b979177b85f1b6831

SHA512
3676151d1dc6020362e80265e3563b2a70a4cb916520d87694506daaf75b76dd96b7076966b827e7967cbdc7d43aae4fccff35c4af4aa3d39aab105b2e87b24b

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft.9sBW91b7.rar.part

Filesize
16.5MB

MD5
699c763e28c5b268b7393bb53a164566

SHA1
002bf3e2b54be8358dde73d49e9fccb98951ef29

SHA256
8b20c4f222723037b9df600a444b358820f9aa1e51c8e9553cb5465859f9d325

SHA512
4606acc1bde361e191b60e77ec18da3d06a685e114a4ab623bc2f9de43d688b308888b9094759cbbf826d4b3382a85517a03dcd44a04bf6b76326481f4fdd1bd

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft.rar

Filesize
16.5MB

MD5
699c763e28c5b268b7393bb53a164566

SHA1
002bf3e2b54be8358dde73d49e9fccb98951ef29

SHA256
8b20c4f222723037b9df600a444b358820f9aa1e51c8e9553cb5465859f9d325

SHA512
4606acc1bde361e191b60e77ec18da3d06a685e114a4ab623bc2f9de43d688b308888b9094759cbbf826d4b3382a85517a03dcd44a04bf6b76326481f4fdd1bd

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe

Filesize
1657.1MB

MD5
1df7cb5a27be3c0b057dbf746a0d718a

SHA1
106398c07505c1515573b806b35e539074348d31

SHA256
c382f647692c4349f8328f1123f1f24312deef42fe3b4ceaa7fea7518ae94a31

SHA512
d7e0e38e07840535eee4b4ce3e97399f62c4bf14d2b172b0bb0cb33269c9f05c651560b2a9d1ae5829aa116e211c1b7d9fd9fd443010f889eeb816a1f56226c8

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\LauncherPC.exe

Filesize
1657.1MB

MD5
1df7cb5a27be3c0b057dbf746a0d718a

SHA1
106398c07505c1515573b806b35e539074348d31

SHA256
c382f647692c4349f8328f1123f1f24312deef42fe3b4ceaa7fea7518ae94a31

SHA512
d7e0e38e07840535eee4b4ce3e97399f62c4bf14d2b172b0bb0cb33269c9f05c651560b2a9d1ae5829aa116e211c1b7d9fd9fd443010f889eeb816a1f56226c8

Download Submit
C:\Users\Admin\Downloads\2O23-F1LES-S0ft\templates\strategytester.htm

Filesize
1KB

MD5
14eabfe565f4093c112aca11e4af3b9c

SHA1
8492575d00d8158ef5c70836a421b9dad7ba3660

SHA256
bc11a2ea23005e246d554b458c35b8bbd9c1853b5ce92afa29d20d843cb0aeac

SHA512
f516fe61b8ebe82f91d088252dc8b80750c77ad06153fe1f4d1665dcb96f0f033946b5a4d160422765e00f0731f487d3e569f8d7214e249b6bdd7672680d2c3e

Download Submit
C:\Users\Admin\Downloads\REjGw0Lg.zip.part

Filesize
31KB

MD5
c28e52d6f37f64d79d4f43fbde9c300a

SHA1
c55ff6edc8b7d6f03032226fd9cd4daa416b97e3

SHA256
542189e321cb0c3a7d0b25ebdb4d9926e0770e49c30791264855b0b9152a95ab

SHA512
f60b247d92fa8e5b1c4e009dff64d32309c9d77343428fc3686885ea409644808d7302428447c23c4dd6137ea326f072628a2df6f5e8e19a729824afd8cc51b9

Download Submit
C:\Users\Admin\Downloads\smb-7teux2sm.zip

Filesize
31KB

MD5
c28e52d6f37f64d79d4f43fbde9c300a

SHA1
c55ff6edc8b7d6f03032226fd9cd4daa416b97e3

SHA256
542189e321cb0c3a7d0b25ebdb4d9926e0770e49c30791264855b0b9152a95ab

SHA512
f60b247d92fa8e5b1c4e009dff64d32309c9d77343428fc3686885ea409644808d7302428447c23c4dd6137ea326f072628a2df6f5e8e19a729824afd8cc51b9

Download Submit
C:\Users\Admin\Downloads\smb-7teux2sm\smb-7teux2sm.exe

Filesize
56KB

MD5
f024ff4176f0036f97ebc95decfd1d5e

SHA1
010c623120a373b1a8e6d9339540e0cfe745b574

SHA256
7b2f8c43b4c92fb2add9fce264e92668dac2530493c51c5d6b45dcb764e208ed

SHA512
d52ddb217f3a6bbaa7bde6c9a268720bf7d055796dafa7687a06533507727a05ec45a0dc08d8b3e3149ddc53bb4f6c1cffce2ce71f80d05b49177a390995fd50

Download Submit
C:\Users\Admin\Downloads\smb-7teux2sm\smb-7teux2sm.exe

Filesize
56KB

MD5
f024ff4176f0036f97ebc95decfd1d5e

SHA1
010c623120a373b1a8e6d9339540e0cfe745b574

SHA256
7b2f8c43b4c92fb2add9fce264e92668dac2530493c51c5d6b45dcb764e208ed

SHA512
d52ddb217f3a6bbaa7bde6c9a268720bf7d055796dafa7687a06533507727a05ec45a0dc08d8b3e3149ddc53bb4f6c1cffce2ce71f80d05b49177a390995fd50

Download Submit
memory/5828-3962-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-3972-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4589-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4491-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4395-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4329-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4318-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4297-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4286-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4275-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4068-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-3979-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-3978-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-4685-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-3971-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-3970-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-3964-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/5828-3963-0x00000000003F0000-0x0000000000BF9000-memory.dmp

Filesize
8.0MB

Download
memory/7484-3380-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3382-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3381-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3391-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3392-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3396-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3393-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3394-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3395-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7484-3397-0x000001D6B9C60000-0x000001D6B9C61000-memory.dmp

Filesize
4KB

Download
memory/7604-3688-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3680-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3951-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3847-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3784-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3672-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3768-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3694-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3687-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3681-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3673-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7604-3679-0x0000000000650000-0x0000000000E59000-memory.dmp

Filesize
8.0MB

Download
memory/7692-3452-0x0000000001980000-0x0000000001981000-memory.dmp

Filesize
4KB

Download
memory/7692-3448-0x0000000001840000-0x0000000001841000-memory.dmp

Filesize
4KB

Download
memory/7692-3449-0x0000000001850000-0x0000000001851000-memory.dmp

Filesize
4KB

Download
memory/7692-3451-0x0000000001970000-0x0000000001971000-memory.dmp

Filesize
4KB

Download
memory/7692-3453-0x0000000001990000-0x0000000001991000-memory.dmp

Filesize
4KB

Download
memory/7692-3450-0x0000000001960000-0x0000000001961000-memory.dmp

Filesize
4KB

Download
memory/7692-3454-0x00000000004E0000-0x00000000012F2000-memory.dmp

Filesize
14.1MB

Download
memory/7692-3506-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download