blackmoon | 45ed564080a3c100d32f53674d2a66a50219df571657039ae80f788cfeb0a240

Analysis

max time kernel
1231s
max time network
1434s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-07-2023 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tranny-garbage/tranny-garbage.dll
Size

3.5MB
MD5

bc81934baa6f5939787dbb4c19e5ab89
SHA1

aadf1d30a10887a741a901e438a496db6bf999d7
SHA256

f37d3174eac0d4279439ec64db92bc35d7a5b6afcf0c0306c5701072655b459b
SHA512

aaa347e234558fc80f6d9d972aa38e9eea3e1d356669246dd56abcc602d7986832cdda0f2712cfa488830429952e56de421bac9a8e3dad227c8cd06fd169c726
SSDEEP

98304:8k6EP4/F1jENrx4ECqUKtvoNg2mP8zVCrHRjrpu:8fjENrqVqUEOa8m

Score

10^/10

blackmoon gh0strat ramnit xorddos banker bootkit botnet discovery downloader evasion persistence rat spyware stealer trojan upx worm

Malware Config

Signatures

Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
trojan banker blackmoon

Detect Blackmoon payload 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Malz\集群.exe	family_blackmoon
C:\Users\Admin\Downloads\Malz\集群.exe	family_blackmoon

Gh0st RAT payload 22 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Malz\yk.exe	family_gh0strat
C:\Users\Admin\Downloads\Malz\yk.exe	family_gh0strat
C:\Users\Admin\Downloads\Malz\yk1.exe	family_gh0strat
C:\Users\Admin\Downloads\Malz\yk1.exe	family_gh0strat
C:\Users\Admin\Downloads\pyeciqvymr	family_gh0strat
\??\c:\users\admin\downloads\pyeciqvymr	family_gh0strat
\??\c:\users\admin\downloads\oifbktpjmb	family_gh0strat
C:\Users\Admin\Downloads\oifbktpjmb	family_gh0strat
\??\c:\programdata\drm\%sessionname%\uckrt.cc3	family_gh0strat
C:\Users\Admin\Downloads\MALZ6\dhl.exe	family_gh0strat
behavioral1/memory/5532-13551-0x0000000000400000-0x0000000000432800-memory.dmp	family_gh0strat
behavioral1/memory/1620-13569-0x0000000000400000-0x0000000000432800-memory.dmp	family_gh0strat
behavioral1/memory/6240-13571-0x0000000000400000-0x0000000000432800-memory.dmp	family_gh0strat
behavioral1/memory/6852-13581-0x0000000000400000-0x0000000000432800-memory.dmp	family_gh0strat
behavioral1/memory/6852-13591-0x0000000000400000-0x0000000000432800-memory.dmp	family_gh0strat
behavioral1/memory/6240-13592-0x0000000000400000-0x0000000000432800-memory.dmp	family_gh0strat
behavioral1/memory/6976-13609-0x0000000000400000-0x0000000000431000-memory.dmp	family_gh0strat
behavioral1/memory/4896-13614-0x0000000000400000-0x0000000000431000-memory.dmp	family_gh0strat
behavioral1/memory/6984-13642-0x0000000000400000-0x0000000000436000-memory.dmp	family_gh0strat
behavioral1/memory/6364-13645-0x0000000000400000-0x0000000000436000-memory.dmp	family_gh0strat
behavioral1/memory/6364-13650-0x0000000000400000-0x0000000000436000-memory.dmp	family_gh0strat
behavioral1/memory/5952-13671-0x0000000000400000-0x0000000000432800-memory.dmp	family_gh0strat

Gh0strat
Gh0st RAT is a remote access tool (RAT) with its source code public and it has been used by multiple Chinese groups.
rat gh0strat

Modifies firewall policy service 2 TTPs 4 IoCs

evasion

Modify Registry

T1112

Modify Existing Service

T1031

Processes:

host.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications	host.exe
Set value (str)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Users\Admin\Downloads\Malz\host.exe = "C:\\Users\\Admin\\Downloads\\Malz\\host.exe:*:enabled:@shell32.dll,-1"	host.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List	host.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile	host.exe

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Malz\a09	family_xorddos

Downloads MZ/PE file
Modifies RDP port number used by Windows 1 TTPs

Remote Desktop Protocol
T1076

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\qhk48A5.tmp	acprotect
C:\Users\Admin\AppData\Local\Temp\mlk7581.tmp	acprotect

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Bombermania.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Control Panel\International\Geo\Nation	Bombermania.exe

Drops startup file 2 IoCs

Processes:

Bombermania.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Live update.lnk	Bombermania.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antivirus live update.lnk	Bombermania.exe

Executes dropped EXE 64 IoCs

Processes:

7zG.exe7zG.exe7zG.exeBombermania.exeBombermania.exeis-NP8BI.tmpBombermania.exe7zG.exehost.exeGetPass.exeputty.exetfddos.exetfddos.exevmtoolsd.exesvchost.exesvchost (2).exeyk.exeyk1.exepyeciqvymrvmtoolsd.exe集群.exeTemp.datoifbktpjmbvmtoolsd.exe集群.exeTemp.datvmtoolsd.exesvchost (2).exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exeputty.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exe36000.exevmtoolsd.exe7zG.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exevmtoolsd.exe

pid	process
2140	7zG.exe
3028	7zG.exe
4756	7zG.exe
2000	Bombermania.exe
4112	Bombermania.exe
2828	is-NP8BI.tmp
5184	Bombermania.exe
5584	7zG.exe
4572	host.exe
520	GetPass.exe
3924	putty.exe
5160	tfddos.exe
5468	tfddos.exe
1748	vmtoolsd.exe
1248	svchost.exe
5300	svchost (2).exe
5740	yk.exe
672	yk1.exe
5364	pyeciqvymr
4316	vmtoolsd.exe
4412	集群.exe
6100	Temp.dat
648	oifbktpjmb
4752	vmtoolsd.exe
3808	集群.exe
1308	Temp.dat
1348	vmtoolsd.exe
6464	svchost (2).exe
6564	vmtoolsd.exe
5992	vmtoolsd.exe
6420	vmtoolsd.exe
4076	vmtoolsd.exe
7008	putty.exe
6368	vmtoolsd.exe
4688	vmtoolsd.exe
5160	vmtoolsd.exe
6072	vmtoolsd.exe
6396	vmtoolsd.exe
6208	vmtoolsd.exe
6976	36000.exe
5828	vmtoolsd.exe
6412	7zG.exe
6592	vmtoolsd.exe
2340	vmtoolsd.exe
5952	vmtoolsd.exe
7032	vmtoolsd.exe
5580	vmtoolsd.exe
5480	vmtoolsd.exe
6184	vmtoolsd.exe
6692	vmtoolsd.exe
1164	vmtoolsd.exe
2692	vmtoolsd.exe
5432	vmtoolsd.exe
6732	vmtoolsd.exe
5924	vmtoolsd.exe
6108	vmtoolsd.exe
6608	vmtoolsd.exe
5304	vmtoolsd.exe
2216	vmtoolsd.exe
5988	vmtoolsd.exe
4012	vmtoolsd.exe
5408	vmtoolsd.exe
4736	vmtoolsd.exe
6436	vmtoolsd.exe

Loads dropped DLL 38 IoCs

Processes:

7zG.exe7zG.exe7zG.exeBombermania.exe7zG.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exevmtoolsd.exe7zG.exe7zG.exebj.exebjyk.exeriujwyylqjknxgohunflsvchost.exesvchost.exeWerFault.exeHkMh_2.exesvchost.exesvchost.exeHkMh.exesvchost.exesvchost.exeWerFault.exeserver.exeWerFault.exe

pid	process
2140	7zG.exe
3028	7zG.exe
4756	7zG.exe
5184	Bombermania.exe
5584	7zG.exe
1068	svchost.exe
5980	svchost.exe
6408	svchost.exe
6532	svchost.exe
6644	svchost.exe
4688	vmtoolsd.exe
6412	7zG.exe
1336	7zG.exe
5532	bj.exe
5532	bj.exe
1620	bjyk.exe
1620	bjyk.exe
6240	riujwyylqj
6240	riujwyylqj
6852	knxgohunfl
6852	knxgohunfl
6992	svchost.exe
5196	svchost.exe
3336	WerFault.exe
6824	HkMh_2.exe
6824	HkMh_2.exe
5228	svchost.exe
7020	svchost.exe
4068	HkMh.exe
4068	HkMh.exe
4140	svchost.exe
1396	svchost.exe
6240	WerFault.exe
6240	WerFault.exe
5952	server.exe
5952	server.exe
5304	WerFault.exe
5304	WerFault.exe

UPX packed file 19 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\Downloads\Bombermania.exe\Bombermania.exe	upx
behavioral1/memory/2000-8758-0x0000000000400000-0x0000000000460000-memory.dmp	upx
C:\Users\Admin\Downloads\Bombermania.exe\Bombermania.exe	upx
behavioral1/memory/2000-8811-0x0000000000400000-0x0000000000460000-memory.dmp	upx
C:\Users\Admin\Downloads\Malz\GetPass.exe	upx
behavioral1/memory/520-9069-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
C:\Users\Admin\Downloads\Malz\GetPass.exe	upx
behavioral1/memory/520-9071-0x0000000000400000-0x00000000004A6000-memory.dmp	upx
C:\Users\Admin\Downloads\Malz\svchost.exe	upx
C:\Users\Admin\Downloads\Malz\svchost.exe	upx
behavioral1/memory/1248-9097-0x0000000000400000-0x0000000000416000-memory.dmp	upx
behavioral1/memory/6976-12187-0x00000000007A0000-0x00000000008BF000-memory.dmp	upx
behavioral1/memory/6976-12252-0x00000000007A0000-0x00000000008BF000-memory.dmp	upx
behavioral1/memory/6984-13642-0x0000000000400000-0x0000000000436000-memory.dmp	upx
behavioral1/memory/6364-13645-0x0000000000400000-0x0000000000436000-memory.dmp	upx
behavioral1/memory/6364-13650-0x0000000000400000-0x0000000000436000-memory.dmp	upx
behavioral1/memory/5988-13681-0x0000000000400000-0x0000000000435000-memory.dmp	upx
behavioral1/memory/6188-13689-0x0000000000400000-0x0000000000435000-memory.dmp	upx
C:\Program Files (x86)\Microsoft\DesktopLayer.exe	upx

Adds Run key to start application 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

Bombermania.exesvchost.exeHkMh_2.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	Bombermania.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Live Update = "C:\\Program Files (x86)\\WinA\\WinA.exe OnStartup.xml"	Bombermania.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Windows\CurrentVersion\Run	Bombermania.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Live Update = "C:\\Program Files (x86)\\WinA\\WinA.exe OnStartup_FallBack.xml"	Bombermania.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Update = "C:\\Windows\\WinBackups\\sysinfo.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\say.f3322.net = "C:\\Users\\Admin\\Downloads\\Malz\\svchost.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Cntvs_Me_Please = "C:\\Users\\Admin\\Downloads\\MALZ6\\HkMh_2.exe"	HkMh_2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 2 IoCs

Processes:

7zG.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Malz\desktop.ini	7zG.exe
File opened for modification	C:\Users\Admin\Downloads\Malz\desktop.ini	7zG.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

Bombermania.exe

description ioc process

File opened for modification \??\PhysicalDrive0 Bombermania.exe
Creates a Windows Service
persistence

description	ioc	process
File opened for modification	\??\PhysicalDrive0	Bombermania.exe

Drops file in System32 directory 35 IoCs

Processes:

svchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exetfddos.exesvchost.exesvchost.exesvchost.exeWerFault.exevmtoolsd.exemh.exesvchost.exesvchost.exe

description	ioc	process
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File created	C:\Windows\SysWOW64\mbkbkckojr	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File created	C:\Windows\SysWOW64\mcnkpanjvj	svchost.exe
File created	C:\Windows\SysWOW64\nupcamwkuf	svchost.exe
File created	C:\Windows\SysWOW64\nclfgiotiw	svchost.exe
File created	C:\Windows\SysWOW64\tfddos.exe	tfddos.exe
File opened for modification	C:\Windows\SysWOW64\vmtoolsd.exe	tfddos.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File opened for modification	C:\Windows\SysWOW64\nwnpwg.exe	WerFault.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	vmtoolsd.exe
File created	C:\Windows\SysWOW64\nmcisjumhk	svchost.exe
File created	C:\Windows\SysWOW64\nwnpwg.exe	WerFault.exe
File opened for modification	C:\Windows\SysWOW64\soysoc.exe	mh.exe
File created	C:\Windows\SysWOW64\ntnrvotpin	svchost.exe
File created	C:\Windows\SysWOW64\mjpyrotfjx	svchost.exe
File created	C:\Windows\SysWOW64\nqbivtsikb	vmtoolsd.exe
File created	C:\Windows\SysWOW64\mtyrhwllin	svchost.exe
File created	C:\Windows\SysWOW64\soysoc.exe	mh.exe
File created	C:\Windows\SysWOW64\vmtoolsd.exe	tfddos.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File created	C:\Windows\SysWOW64\mjytsfmmwm	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File created	C:\Windows\SysWOW64\mrdrarvdws	svchost.exe
File created	C:\Windows\SysWOW64\nayvfnnmkk	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File created	C:\Windows\SysWOW64\ntghyvedhq	svchost.exe
File created	C:\Windows\SysWOW64\nduahyhbul	svchost.exe
File created	C:\Windows\SysWOW64\mlttakbuih	svchost.exe
File opened for modification	C:\Windows\SysWOW64\svchost.exe.txt	svchost.exe
File opened for modification	C:\Windows\SysWOW64\tfddos.exe	tfddos.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

rundll32.exe

pid process

2456 rundll32.exe
2456 rundll32.exe

Drops file in Program Files directory 64 IoCs

Processes:

Bombermania.exeis-NP8BI.tmpmsiexec.exese.exesvchost (2).exesmssSrv.exe518_2.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\WinA\WinA.exe	Bombermania.exe
File created	C:\Program Files (x86)\Bombermania\unins000.dat	is-NP8BI.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	msiexec.exe
File created	C:\Program Files (x86)\Bombermania\is-UUENV.tmp	is-NP8BI.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	msiexec.exe
File created	C:\Program Files (x86)\Bombermania\is-UQ13S.tmp	is-NP8BI.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	msiexec.exe
File created	C:\Program Files (x86)\WinA\Instructions.xml	Bombermania.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	msiexec.exe
File created	C:\Program Files (x86)\Bombermania\is-76FK1.tmp	is-NP8BI.tmp
File created	C:\Program Files (x86)\Bombermania\is-9V1QF.tmp	is-NP8BI.tmp
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	msiexec.exe
File created	C:\Program Files (x86)\Bombermania\is-04D25.tmp	is-NP8BI.tmp
File opened for modification	C:\Program Files\uqsoqq	se.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	msiexec.exe
File created	C:\Program Files (x86)\WinA\OnStartup_FallBack.xml	Bombermania.exe
File created	C:\Program Files\AppPatch\NetSyst81.dll	svchost (2).exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	msiexec.exe
File created	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	smssSrv.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	msiexec.exe
File created	C:\Program Files (x86)\Bombermania\is-JMD5D.tmp	is-NP8BI.tmp
File opened for modification	C:\Program Files (x86)\Bombermania\unins000.dat	is-NP8BI.tmp
File created	C:\Program Files\AppPatch\NetSyst76.dll	518_2.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	msiexec.exe
File created	C:\Program Files (x86)\WinA\OnStartup.xml	Bombermania.exe
File opened for modification	C:\Program Files\uqsoqq\svchost.exe	se.exe
File opened for modification	C:\Program Files (x86)\Microsoft\DesktopLayer.exe	smssSrv.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	msiexec.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	msiexec.exe

Drops file in Windows directory 5 IoCs

Processes:

svchost.exek5.exe

description	ioc	process
File opened for modification	\??\c:\windows\WinBak.ini	svchost.exe
File opened for modification	C:\Windows\WinBackups\sysinfo.exe	svchost.exe
File created	C:\Windows\vynyai.exe	k5.exe
File opened for modification	C:\Windows\vynyai.exe	k5.exe
File created	\??\c:\windows\WinBak.ini	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 28 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
4756	2456	WerFault.exe	rundll32.exe
4600	5184	WerFault.exe	Bombermania.exe
3080	5184	WerFault.exe	Bombermania.exe
5236	520	WerFault.exe	GetPass.exe
6284	1068	WerFault.exe	svchost.exe
6420	5980	WerFault.exe	svchost.exe
384	6408	WerFault.exe	svchost.exe
6448	6532	WerFault.exe	svchost.exe
5628	6644	WerFault.exe	svchost.exe
6436	4688	WerFault.exe	svchost.exe
6920	6976	WerFault.exe	36000.exe
5380	6100	WerFault.exe	Temp.dat
6572	1308	WerFault.exe	Temp.dat
3336	5312	WerFault.exe	GetPass.exe
6400	5196	WerFault.exe	svchost.exe
5488	6992	WerFault.exe	svchost.exe
7140	5228	WerFault.exe	svchost.exe
7112	5468	WerFault.exe	tfddos.exe
6976	7020	WerFault.exe	svchost.exe
6240	6164	WerFault.exe	k5.exe
376	4140	WerFault.exe	svchost.exe
5992	1396	WerFault.exe	svchost.exe
7036	6460	WerFault.exe	svchost.exe
7016	5324	WerFault.exe	svchost.exe
5872	6308	WerFault.exe	svchost.exe
912	1748	WerFault.exe	svchost.exe
2484	736	WerFault.exe	svchost.exe
2080	6236	WerFault.exe	svchost.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exehost.exevynyai.exeHkMh_2.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	host.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	vynyai.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	host.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	vynyai.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2	host.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	HkMh_2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	host.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	HkMh_2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	vynyai.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	svchost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

iexplore.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe

Modifies registry class 4 IoCs

Processes:

firefox.exeOpenWith.exeOpenWith.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4176143399-3250363947-192774652-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 11 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\BAT.Drop.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\All.ElectroRAT.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2201-x64.msi:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2201-x64(2).msi:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\malware-jail-master.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Malz.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\theZoo-master.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2201-x64(1).msi:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Bombermania.exe.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MALZ6.zip:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 2 IoCs
ransomware

Processes:

NOTEPAD.EXENOTEPAD.EXE

pid process

4264 NOTEPAD.EXE
5408 NOTEPAD.EXE

pid	process
4264	NOTEPAD.EXE
5408	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

rundll32.exeBombermania.exeputty.exepyeciqvymr集群.exe

pid	process
2456	rundll32.exe
2456	rundll32.exe
2000	Bombermania.exe
2000	Bombermania.exe
3924	putty.exe
3924	putty.exe
5364	pyeciqvymr
5364	pyeciqvymr
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe
4412	集群.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

putty.exe

pid process

7008 putty.exe

pid	process
7008	putty.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

putty.exe

pid	process
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe
3924	putty.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exe7zG.exe7zG.exe7zG.exe7zG.exeAUDIODG.EXEmsiexec.exemsiexec.exe

description	pid	process
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeRestorePrivilege	3100	7zG.exe
Token: 35	3100	7zG.exe
Token: SeSecurityPrivilege	3100	7zG.exe
Token: SeSecurityPrivilege	3100	7zG.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeRestorePrivilege	2840	7zG.exe
Token: 35	2840	7zG.exe
Token: SeSecurityPrivilege	2840	7zG.exe
Token: SeSecurityPrivilege	2840	7zG.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeRestorePrivilege	3048	7zG.exe
Token: 35	3048	7zG.exe
Token: SeSecurityPrivilege	3048	7zG.exe
Token: SeSecurityPrivilege	3048	7zG.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeRestorePrivilege	3628	7zG.exe
Token: 35	3628	7zG.exe
Token: SeSecurityPrivilege	3628	7zG.exe
Token: SeSecurityPrivilege	3628	7zG.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: 33	4788	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4788	AUDIODG.EXE
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeDebugPrivilege	1044	firefox.exe
Token: SeShutdownPrivilege	2180	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2180	msiexec.exe
Token: SeSecurityPrivilege	5676	msiexec.exe
Token: SeCreateTokenPrivilege	2180	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2180	msiexec.exe
Token: SeLockMemoryPrivilege	2180	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2180	msiexec.exe
Token: SeMachineAccountPrivilege	2180	msiexec.exe
Token: SeTcbPrivilege	2180	msiexec.exe
Token: SeSecurityPrivilege	2180	msiexec.exe
Token: SeTakeOwnershipPrivilege	2180	msiexec.exe
Token: SeLoadDriverPrivilege	2180	msiexec.exe
Token: SeSystemProfilePrivilege	2180	msiexec.exe
Token: SeSystemtimePrivilege	2180	msiexec.exe
Token: SeProfSingleProcessPrivilege	2180	msiexec.exe
Token: SeIncBasePriorityPrivilege	2180	msiexec.exe
Token: SeCreatePagefilePrivilege	2180	msiexec.exe
Token: SeCreatePermanentPrivilege	2180	msiexec.exe
Token: SeBackupPrivilege	2180	msiexec.exe
Token: SeRestorePrivilege	2180	msiexec.exe
Token: SeShutdownPrivilege	2180	msiexec.exe
Token: SeDebugPrivilege	2180	msiexec.exe
Token: SeAuditPrivilege	2180	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2180	msiexec.exe
Token: SeChangeNotifyPrivilege	2180	msiexec.exe
Token: SeRemoteShutdownPrivilege	2180	msiexec.exe
Token: SeUndockPrivilege	2180	msiexec.exe
Token: SeSyncAgentPrivilege	2180	msiexec.exe
Token: SeEnableDelegationPrivilege	2180	msiexec.exe
Token: SeManageVolumePrivilege	2180	msiexec.exe
Token: SeImpersonatePrivilege	2180	msiexec.exe
Token: SeCreateGlobalPrivilege	2180	msiexec.exe
Token: SeDebugPrivilege	1044	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exe7zG.exe7zG.exe7zG.exe7zG.exemsiexec.exe7zG.exe7zG.exe7zG.exe7zG.exemsedge.exeputty.exe7zG.exetaskmgr.exe

pid	process
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
3100	7zG.exe
2840	7zG.exe
3048	7zG.exe
3628	7zG.exe
2180	msiexec.exe
2180	msiexec.exe
2140	7zG.exe
3028	7zG.exe
4756	7zG.exe
5584	7zG.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
7008	putty.exe
6412	7zG.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exemsedge.exetaskmgr.exe

pid	process
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
4408	msedge.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe
6572	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

firefox.exeOpenWith.exe

pid	process
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
4412	OpenWith.exe
4412	OpenWith.exe
4412	OpenWith.exe
4412	OpenWith.exe
4412	OpenWith.exe
4412	OpenWith.exe
4412	OpenWith.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe
1044	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exe

description	pid	process	target process
PID 1044 wrote to memory of 2516	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 2516	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 4988	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe
PID 1044 wrote to memory of 1852	1044	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:676

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:620
- C:\Windows\system32\fontdrvhost.exe
  "fontdrvhost.exe"
  2⤵
  PID:776
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:336

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS -p
1⤵
PID:900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
PID:792
- C:\Windows\system32\wbem\unsecapp.exe
  C:\Windows\system32\wbem\unsecapp.exe -Embedding
  2⤵
  PID:2492
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:3796
- C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
  "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
  2⤵
  PID:3716
- C:\Windows\system32\SppExtComObj.exe
  C:\Windows\system32\SppExtComObj.exe -Embedding
  2⤵
  PID:5016
- C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
  "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe" -ServerName:InputApp.AppX9jnwykgrccxc8by3hsrsh07r423xzvav.mca
  2⤵
  PID:4716
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:4404
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:4924
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:2192
- C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
  "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
  2⤵
  PID:3888
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
  2⤵
  PID:3508
- C:\Windows\System32\rundll32.exe
  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
  2⤵
  PID:1636
- C:\Windows\system32\OpenWith.exe
  C:\Windows\system32\OpenWith.exe -Embedding
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4412
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
  2⤵
  PID:4568
- C:\Windows\system32\OpenWith.exe
  C:\Windows\system32\OpenWith.exe -Embedding
  2⤵
  - Modifies registry class
  PID:648
- C:\Windows\System32\CompPkgSrv.exe
  C:\Windows\System32\CompPkgSrv.exe -Embedding
  2⤵
  PID:6992
- C:\Windows\System32\CompPkgSrv.exe
  C:\Windows\System32\CompPkgSrv.exe -Embedding
  2⤵
  PID:7024
- C:\Windows\system32\OpenWith.exe
  C:\Windows\system32\OpenWith.exe -Embedding
  2⤵
  - Modifies registry class
  PID:6608

C:\Windows\system32\fontdrvhost.exe
"fontdrvhost.exe"
1⤵
PID:784

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1108
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:2592

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1224

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1280

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1648

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1668

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2108

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2172

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
1⤵
PID:2068

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:1856

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2628

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2640

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2604

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:1660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:1160

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\tranny-garbage\tranny-garbage.dll,#1
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:2456
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2456 -s 444
  2⤵
  - Program crash
  PID:4756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
1⤵
PID:116

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:3204

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:4260

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
PID:3812

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -s W32Time
1⤵
PID:1688

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:1052

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:4744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3288

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:2520
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c~\" -spe -an -ai#7zMap29705:182:7zEvent22969
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3100
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\BAT.Drop\" -spe -an -ai#7zMap28278:78:7zEvent17808
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\BAT.Drop\DROP_B~1.BAT" "
  2⤵
  PID:1020
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\BAT.Drop\DROP_B~1.BAT" "
  2⤵
  PID:3256
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\BAT.Drop\Drop_BATCH.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:4264
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\All.ElectroRAT\" -spe -an -ai#7zMap9379:90:7zEvent9858
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3048
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\All.ElectroRAT\bb8e52face5b076cc890bbfaaf4bb73e~\" -spe -an -ai#7zMap30392:148:7zEvent12627
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3628
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\7z2201-x64.msi"
  2⤵
  - Enumerates connected drives
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2180
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\theZoo-master\" -spe -an -ai#7zMap1982:88:7zEvent11701
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:2140
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\malware-jail-master\" -spe -an -ai#7zMap14891:100:7zEvent6124
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:3028
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\malware-jail-master\malware\20160929\416e32e1b22ecb8f360ff841b87d77ac9450fda24458ce4e70abb35ff4d242a3.js"
  2⤵
  PID:5296
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\malware-jail-master\malware\20161008\140da02684fd276b6c989317c8ba13f066373dc2623153776da5b8a3e4c7a59f.js"
  2⤵
  PID:5276
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\malware-jail-master\jailme.js"
  2⤵
  PID:5584
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Bombermania.exe\" -spe -an -ai#7zMap23802:92:7zEvent10579
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:4756
- C:\Users\Admin\Downloads\Bombermania.exe\Bombermania.exe
  "C:\Users\Admin\Downloads\Bombermania.exe\Bombermania.exe"
  2⤵
  - Checks computer location settings
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Bombermania.exeDir\Bombermania.exe
    "C:\Users\Admin\AppData\Local\Temp\Bombermania.exeDir\Bombermania.exe"
    3⤵
    - Executes dropped EXE
    PID:4112
  - - C:\Users\Admin\AppData\Local\Temp\is-S57E7.tmp\is-NP8BI.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-S57E7.tmp\is-NP8BI.tmp" /SL4 $B01EC C:\Users\Admin\AppData\Local\Temp\Bombermania.exeDir\Bombermania.exe 2384405 50688
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      PID:2828
- C:\Program Files (x86)\Bombermania\Bombermania.exe
  "C:\Program Files (x86)\Bombermania\Bombermania.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5184
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 476
    3⤵
    - Program crash
    PID:4600
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 484
    3⤵
    - Program crash
    PID:3080
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Malz\" -spe -an -ai#7zMap880:70:7zEvent15542
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops desktop.ini file(s)
  - Suspicious use of FindShellTrayWindow
  PID:5584
- C:\Users\Admin\Downloads\Malz\host.exe
  "C:\Users\Admin\Downloads\Malz\host.exe"
  2⤵
  - Modifies firewall policy service
  - Executes dropped EXE
  - Checks processor information in registry
  PID:4572
- C:\Users\Admin\Downloads\Malz\GetPass.exe
  "C:\Users\Admin\Downloads\Malz\GetPass.exe"
  2⤵
  - Executes dropped EXE
  PID:520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 520 -s 332
    3⤵
    - Program crash
    PID:5236
- C:\Users\Admin\Downloads\Malz\putty.exe
  "C:\Users\Admin\Downloads\Malz\putty.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:3924
- C:\Users\Admin\Downloads\Malz\tfddos.exe
  "C:\Users\Admin\Downloads\Malz\tfddos.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:5160
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Users\Admin\DOWNLO~1\Malz\tfddos.exe > nul
    3⤵
    PID:5724
- C:\Users\Admin\Downloads\Malz\svchost.exe
  "C:\Users\Admin\Downloads\Malz\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  PID:1248
- C:\Users\Admin\Downloads\Malz\svchost (2).exe
  "C:\Users\Admin\Downloads\Malz\svchost (2).exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:5300
- C:\Users\Admin\Downloads\Malz\yk.exe
  "C:\Users\Admin\Downloads\Malz\yk.exe"
  2⤵
  - Executes dropped EXE
  PID:5740
- - \??\c:\users\admin\downloads\pyeciqvymr
    "C:\Users\Admin\Downloads\Malz\yk.exe" a -sc:\users\admin\downloads\malz\yk.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5364
- C:\Users\Admin\Downloads\Malz\yk1.exe
  "C:\Users\Admin\Downloads\Malz\yk1.exe"
  2⤵
  - Executes dropped EXE
  PID:672
- - \??\c:\users\admin\downloads\oifbktpjmb
    "C:\Users\Admin\Downloads\Malz\yk1.exe" a -sc:\users\admin\downloads\malz\yk1.exe
    3⤵
    - Executes dropped EXE
    PID:648
- C:\Users\Admin\Downloads\Malz\集群.exe
  "C:\Users\Admin\Downloads\Malz\集群.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- - C:\Users\Admin\Downloads\Malz\Temp.dat
    "C:\Users\Admin\Downloads\Malz\Temp.dat"
    3⤵
    - Executes dropped EXE
    PID:6100
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 528
      4⤵
      Program crash
      PID:5380
- C:\Users\Admin\Downloads\Malz\集群.exe
  "C:\Users\Admin\Downloads\Malz\集群.exe"
  2⤵
  - Executes dropped EXE
  PID:3808
- - C:\Users\Admin\Downloads\Malz\Temp.dat
    "C:\Users\Admin\Downloads\Malz\Temp.dat"
    3⤵
    - Executes dropped EXE
    PID:1308
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 504
      4⤵
      Program crash
      PID:6572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Malz\TomDog_Result.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ff8cff246f8,0x7ff8cff24708,0x7ff8cff24718
    3⤵
    PID:4552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    PID:6680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
    3⤵
    PID:6672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
    3⤵
    PID:6768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:6264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:6256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3848 /prefetch:1
    3⤵
    PID:6648
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
    3⤵
    PID:7020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4524 /prefetch:8
    3⤵
    PID:6276
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
    3⤵
    PID:6996
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
    3⤵
    PID:7132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
    3⤵
    PID:5956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:1
    3⤵
    PID:2460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
    3⤵
    PID:3924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
    3⤵
    PID:2024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
    3⤵
    PID:6652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
    3⤵
    PID:6484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
    3⤵
    PID:5408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:4076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
    3⤵
    PID:7008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
    3⤵
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
    3⤵
    PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
    3⤵
    PID:6356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
    3⤵
    PID:7244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
    3⤵
    PID:7764
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
    3⤵
    PID:7324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
    3⤵
    PID:7428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,13240212405423451507,13330865171624727699,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
    3⤵
    PID:7412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\Malz\TomDog_Result.html
  2⤵
  PID:3396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff8cff246f8,0x7ff8cff24708,0x7ff8cff24718
    3⤵
    PID:556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,5396589886959157242,13083560619784242610,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
    3⤵
    PID:5912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,5396589886959157242,13083560619784242610,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:6240
- C:\Users\Admin\Downloads\Malz\svchost (2).exe
  "C:\Users\Admin\Downloads\Malz\svchost (2).exe"
  2⤵
  - Executes dropped EXE
  PID:6464
- C:\Users\Admin\Downloads\Malz\putty.exe
  "C:\Users\Admin\Downloads\Malz\putty.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  PID:7008
- C:\Users\Admin\Downloads\Malz\36000.exe
  "C:\Users\Admin\Downloads\Malz\36000.exe"
  2⤵
  - Executes dropped EXE
  PID:6976
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 244
    3⤵
    - Program crash
    PID:6920
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Malz\64\" -spe -an -ai#7zMap26179:76:7zEvent9350
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  PID:6412
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Malz\1.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:5408
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /4
  2⤵
  - Checks SCSI registry key(s)
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:6572
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MALZ6\" -spe -an -ai#7zMap21212:72:7zEvent17739
  2⤵
  - Loads dropped DLL
  PID:1336
- C:\Users\Admin\Downloads\MALZ6\518_2.exe
  "C:\Users\Admin\Downloads\MALZ6\518_2.exe"
  2⤵
  - Drops file in Program Files directory
  PID:6388
- C:\Users\Admin\Downloads\MALZ6\520.exe
  "C:\Users\Admin\Downloads\MALZ6\520.exe"
  2⤵
  PID:6168
- C:\Users\Admin\Downloads\MALZ6\bj.exe
  "C:\Users\Admin\Downloads\MALZ6\bj.exe"
  2⤵
  - Loads dropped DLL
  PID:5532
- - \??\c:\users\admin\downloads\riujwyylqj
    "C:\Users\Admin\Downloads\MALZ6\bj.exe" a -sc:\users\admin\downloads\malz6\bj.exe
    3⤵
    - Loads dropped DLL
    PID:6240
- C:\Users\Admin\Downloads\MALZ6\bjyk.exe
  "C:\Users\Admin\Downloads\MALZ6\bjyk.exe"
  2⤵
  - Loads dropped DLL
  PID:1620
- - \??\c:\users\admin\downloads\knxgohunfl
    "C:\Users\Admin\Downloads\MALZ6\bjyk.exe" a -sc:\users\admin\downloads\malz6\bjyk.exe
    3⤵
    - Loads dropped DLL
    PID:6852
- C:\Users\Admin\Downloads\MALZ6\GetPass.exe
  "C:\Users\Admin\Downloads\MALZ6\GetPass.exe"
  2⤵
  PID:5312
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 340
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:3336
- C:\Users\Admin\Downloads\MALZ6\HkMh_2.exe
  "C:\Users\Admin\Downloads\MALZ6\HkMh_2.exe"
  2⤵
  - Loads dropped DLL
  - Adds Run key to start application
  - Checks processor information in registry
  PID:6824
- C:\Users\Admin\Downloads\MALZ6\HkMh_3.exe
  "C:\Users\Admin\Downloads\MALZ6\HkMh_3.exe"
  2⤵
  PID:6976
- C:\Users\Admin\Downloads\MALZ6\HkMh.exe
  "C:\Users\Admin\Downloads\MALZ6\HkMh.exe"
  2⤵
  - Loads dropped DLL
  PID:4068
- C:\Users\Admin\Downloads\MALZ6\k5.exe
  "C:\Users\Admin\Downloads\MALZ6\k5.exe"
  2⤵
  - Drops file in Windows directory
  PID:6164
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 428
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:6240
- C:\Users\Admin\Downloads\MALZ6\mh.exe
  "C:\Users\Admin\Downloads\MALZ6\mh.exe"
  2⤵
  - Drops file in System32 directory
  PID:6984
- C:\Users\Admin\Downloads\MALZ6\se.exe
  "C:\Users\Admin\Downloads\MALZ6\se.exe"
  2⤵
  - Drops file in Program Files directory
  PID:3620
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Users\Admin\DOWNLO~1\MALZ6\se.exe > nul
    3⤵
    PID:5640
- C:\Users\Admin\Downloads\MALZ6\server.exe
  "C:\Users\Admin\Downloads\MALZ6\server.exe"
  2⤵
  - Loads dropped DLL
  PID:5952
- - \??\c:\users\admin\downloads\cvkdmoqfup
    "C:\Users\Admin\Downloads\MALZ6\server.exe" a -sc:\users\admin\downloads\malz6\server.exe
    3⤵
    PID:5304
- C:\Users\Admin\Downloads\MALZ6\smss.exe
  "C:\Users\Admin\Downloads\MALZ6\smss.exe"
  2⤵
  PID:6108
- - C:\Users\Admin\Downloads\MALZ6\smssSrv.exe
    C:\Users\Admin\Downloads\MALZ6\smssSrv.exe
    3⤵
    - Drops file in Program Files directory
    PID:5988
  - - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
      "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
      4⤵
      PID:6188
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        Modifies Internet Explorer settings
        
        PID:4296
      - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4296 CREDAT:17410 /prefetch:2
        6⤵
        
        PID:6352
- C:\Users\Admin\Downloads\MALZ6\taskmgr.exe
  "C:\Users\Admin\Downloads\MALZ6\taskmgr.exe"
  2⤵
  PID:6996
- - C:\Users\Admin\AppData\Local\Temp\server.exe
    "C:\Users\Admin\AppData\Local\Temp\server.exe"
    3⤵
    PID:3672
- - C:\Users\Admin\AppData\Local\Temp\taskmgr.exe
    "C:\Users\Admin\AppData\Local\Temp\taskmgr.exe"
    3⤵
    PID:2328
- C:\Users\Admin\Downloads\MALZ6\UDP.exe
  "C:\Users\Admin\Downloads\MALZ6\UDP.exe"
  2⤵
  PID:5584
- C:\Users\Admin\Downloads\MALZ6\win.exe
  "C:\Users\Admin\Downloads\MALZ6\win.exe"
  2⤵
  PID:6184
- - C:\Windows\WindowsUpdata\bisskvebgju.exe
    C:\Windows\WindowsUpdata\bisskvebgju.exe
    3⤵
    PID:2356
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c del C:\Users\Admin\DOWNLO~1\MALZ6\win.exe > nul
    3⤵
    PID:6056
- C:\Users\Admin\Downloads\MALZ6\yk.exe
  "C:\Users\Admin\Downloads\MALZ6\yk.exe"
  2⤵
  PID:6536
- - \??\c:\users\admin\downloads\pmroguuvjr
    "C:\Users\Admin\Downloads\MALZ6\yk.exe" a -sc:\users\admin\downloads\malz6\yk.exe
    3⤵
    PID:5124
- C:\Users\Admin\Downloads\MALZ6\xm.exe
  "C:\Users\Admin\Downloads\MALZ6\xm.exe"
  2⤵
  PID:6688
- C:\Users\Admin\Downloads\MALZ6\yk1.exe
  "C:\Users\Admin\Downloads\MALZ6\yk1.exe"
  2⤵
  PID:4304
- C:\Users\Admin\Downloads\MALZ6\smssSrv.exe
  "C:\Users\Admin\Downloads\MALZ6\smssSrv.exe"
  2⤵
  PID:6308
- - C:\Program Files (x86)\Microsoft\DesktopLayer.exe
    "C:\Program Files (x86)\Microsoft\DesktopLayer.exe"
    3⤵
    PID:6448
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:7132
    - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:7132 CREDAT:17410 /prefetch:2
        5⤵
        
        PID:7076
- C:\Windows\system32\taskmgr.exe
  "C:\Windows\system32\taskmgr.exe" /4
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.sunnygames.com/?source=Bombermania_Desktop
  2⤵
  PID:5904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cff246f8,0x7ff8cff24708,0x7ff8cff24718
    3⤵
    PID:6948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.justfreegames.com/stats/bombermania.php?source=Bombermania_Desktop
  2⤵
  PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cff246f8,0x7ff8cff24708,0x7ff8cff24718
    3⤵
    PID:5228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.sunnygames.com/?source=Bombermania_Desktop
  2⤵
  PID:6460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8cff246f8,0x7ff8cff24708,0x7ff8cff24718
    3⤵
    PID:5468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2576

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2508

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:2008

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:1984

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1876

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1776
- C:\Windows\system32\AUDIODG.EXE
  C:\Windows\system32\AUDIODG.EXE 0x2d0 0x4f4
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4788

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1736

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1588

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1488

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1404

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1340

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1300

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1184

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
1⤵
PID:1056

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.0.108265609\1849868550" -parentBuildID 20221007134813 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {68be4058-2793-4ba9-b218-6f1f0d9b4960} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 1900 2450f1dc158 gpu
  2⤵
  PID:2516
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.1.1883603098\581243237" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2308 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d075199-c3a0-4ae6-8c24-13ded5413de0} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 2348 2450eb45558 socket
  2⤵
  PID:4988
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.2.1785992211\436330695" -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 3296 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {894464ca-ab24-4104-9619-9faf41e01274} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 3152 24512e9e258 tab
  2⤵
  PID:1852
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.3.465287570\1717510736" -childID 2 -isForBrowser -prefsHandle 2812 -prefMapHandle 3096 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {481b406c-07f1-405f-bd5b-507f78691337} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 2844 2450286ab58 tab
  2⤵
  PID:2676
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.4.476778396\1039277366" -childID 3 -isForBrowser -prefsHandle 4672 -prefMapHandle 4668 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6311ebf8-af6b-4e0b-aed8-8f6771560d68} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 4680 24515065858 tab
  2⤵
  PID:2284
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.5.1003680152\279458204" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5072 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dac2b86-ccb9-43ae-9b4c-4bf9f3318292} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 5056 24511875458 tab
  2⤵
  PID:4296
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.7.973683269\1098224616" -childID 6 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d0dc51f-52e2-42a5-bf9c-646c4ffb064b} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 5396 24511877b58 tab
  2⤵
  PID:5056
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.6.171096527\1103875057" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8edfd33-5843-40c8-ac3d-b5f6ee81d3fe} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 5200 24511876058 tab
  2⤵
  PID:4496
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.8.373939494\265170618" -childID 7 -isForBrowser -prefsHandle 3004 -prefMapHandle 5800 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58a0d6cd-9f54-4d08-9219-0e03b45cd27d} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 2992 24511b25358 tab
  2⤵
  PID:3308
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.10.331867422\738606951" -childID 9 -isForBrowser -prefsHandle 6052 -prefMapHandle 6056 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fdfa084-40c9-47e1-8452-78334a9a1336} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 6040 24517c97f58 tab
  2⤵
  PID:4164
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.9.335310899\1960661101" -childID 8 -isForBrowser -prefsHandle 4800 -prefMapHandle 4808 -prefsLen 26750 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d00b18f-673c-489c-bf4b-22d574bb8a20} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 4788 245131e0258 tab
  2⤵
  PID:4464
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.11.1960480683\990796525" -childID 10 -isForBrowser -prefsHandle 5672 -prefMapHandle 5676 -prefsLen 27191 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1acb72ea-3bff-4703-ae7d-ce4426ef1c63} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 5680 24512e3a158 tab
  2⤵
  PID:4972
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.12.929257352\2089870975" -childID 11 -isForBrowser -prefsHandle 5184 -prefMapHandle 5104 -prefsLen 27191 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae494459-4a40-4134-96fc-098591d1682c} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 6656 24516982858 tab
  2⤵
  PID:2824
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.13.401729839\1292476495" -childID 12 -isForBrowser -prefsHandle 6672 -prefMapHandle 5100 -prefsLen 27191 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a179f4e-cc39-4efa-a327-7514ba89e0f4} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 6632 24516984358 tab
  2⤵
  PID:4732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.14.432197059\686042243" -childID 13 -isForBrowser -prefsHandle 6948 -prefMapHandle 5428 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53db4c19-646e-450d-b3e6-17fddce7a7f8} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 5992 2451709de58 tab
  2⤵
  PID:1396
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.15.1347551678\15894445" -childID 14 -isForBrowser -prefsHandle 5992 -prefMapHandle 5060 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a62e3ee-9d65-4922-9d5a-5ecb7e783088} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7164 2451695d258 tab
  2⤵
  PID:2976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.16.1582227251\1046132913" -childID 15 -isForBrowser -prefsHandle 5040 -prefMapHandle 6476 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {490efab5-19c8-4a8a-b567-f113bc3bdb86} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 3956 2450282f058 tab
  2⤵
  PID:5024
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.17.1960179570\18146732" -parentBuildID 20221007134813 -prefsHandle 7072 -prefMapHandle 7096 -prefsLen 30264 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21505eb8-926f-41eb-9d04-9d4296486004} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7372 24511a89f58 rdd
  2⤵
  PID:1352
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.18.647019097\1097491573" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6324 -prefMapHandle 5060 -prefsLen 30264 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93b8afaf-56b9-4bcb-bc06-cc3ca5e523c1} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7468 24511b23858 utility
  2⤵
  PID:3496
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.19.133574329\802456005" -childID 16 -isForBrowser -prefsHandle 7012 -prefMapHandle 7060 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a821c5dd-cbbd-4c15-a907-a1d19814ad6d} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 4460 24516cc6558 tab
  2⤵
  PID:4916
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.20.1514270144\500149034" -childID 17 -isForBrowser -prefsHandle 11620 -prefMapHandle 11696 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e73b0f57-6dc9-4a1b-8e50-1dd8d1ae4bdc} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 11700 245164b3158 tab
  2⤵
  PID:4952
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.21.532764397\22934572" -childID 18 -isForBrowser -prefsHandle 8264 -prefMapHandle 7836 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {827731fa-c153-45a3-99bd-8244b330414a} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 11824 24514b30b58 tab
  2⤵
  PID:5284
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.22.486358614\1697293016" -childID 19 -isForBrowser -prefsHandle 11300 -prefMapHandle 11296 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef1c7cd4-49e6-4301-a2a7-a4aed834e321} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 11308 24516a75b58 tab
  2⤵
  PID:5292
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.23.1464151258\1464728517" -childID 20 -isForBrowser -prefsHandle 11108 -prefMapHandle 8180 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a50cb652-b70c-4425-87a0-9fe66da4451a} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 11740 2451c64b558 tab
  2⤵
  PID:5748
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.24.827320041\135751459" -childID 21 -isForBrowser -prefsHandle 10960 -prefMapHandle 10952 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e42170ce-0fe3-4893-82ac-1be1de929ecf} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 10968 24516465258 tab
  2⤵
  PID:5892
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.25.937967410\1584406270" -childID 22 -isForBrowser -prefsHandle 5224 -prefMapHandle 4544 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa6a4841-d18e-40f2-87ce-e3504c390836} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 4472 2450282d258 tab
  2⤵
  PID:5332
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.26.1199789085\1361674910" -childID 23 -isForBrowser -prefsHandle 11804 -prefMapHandle 11616 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da971e71-3cd1-4614-bd0e-296be00c646a} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 4456 24512e3bf58 tab
  2⤵
  PID:5832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.27.583741921\391392614" -childID 24 -isForBrowser -prefsHandle 11492 -prefMapHandle 11796 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07315fac-01cc-4d8b-b6bd-35230d7d7ba8} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7632 2450eefc958 tab
  2⤵
  PID:5532
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.28.1444509785\312448167" -childID 25 -isForBrowser -prefsHandle 7752 -prefMapHandle 7740 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65c89be9-d3f3-46f3-8cc4-7a339454170a} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7672 24511876c58 tab
  2⤵
  PID:5136
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.29.1402437665\110233333" -childID 26 -isForBrowser -prefsHandle 8172 -prefMapHandle 7832 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09f2ebd5-7c3f-445f-857e-1f4bfc1bfae8} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7344 24516cc9258 tab
  2⤵
  PID:5976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.30.249459814\1615754966" -childID 27 -isForBrowser -prefsHandle 11368 -prefMapHandle 11356 -prefsLen 30264 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e118b6fe-cd04-4da3-8aa1-789d812fd8b9} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 11008 24511b25058 tab
  2⤵
  PID:5672
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.32.1952111161\296000032" -childID 29 -isForBrowser -prefsHandle 4416 -prefMapHandle 10992 -prefsLen 30353 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2c29030-76d7-4b4d-bed3-96bea0ac608a} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 11004 24518605a58 tab
  2⤵
  PID:5512
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.31.1940369763\444801172" -childID 28 -isForBrowser -prefsHandle 8156 -prefMapHandle 8160 -prefsLen 30353 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cfe983a-f65d-40a8-a187-da6bd803f4d7} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 8120 24518604e58 tab
  2⤵
  PID:4808
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.33.807517246\681096589" -childID 30 -isForBrowser -prefsHandle 11664 -prefMapHandle 4416 -prefsLen 30353 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b1e9fc6-593d-492a-b978-323c45926a24} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 5108 2450286dc58 tab
  2⤵
  PID:5224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.34.1325444952\686905735" -childID 31 -isForBrowser -prefsHandle 7496 -prefMapHandle 7488 -prefsLen 30353 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c5b76eb-6f19-4f48-85d8-daa72365efbd} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 6912 2450286c158 tab
  2⤵
  PID:4396
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.35.1644046480\658016334" -childID 32 -isForBrowser -prefsHandle 7704 -prefMapHandle 5224 -prefsLen 30353 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {054dc315-6ded-43e1-83e2-0b89ff5dc92a} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 6992 24515249a58 tab
  2⤵
  PID:3784
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.36.827206423\1954674952" -childID 33 -isForBrowser -prefsHandle 10904 -prefMapHandle 6632 -prefsLen 30353 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b573297b-c4b3-4426-bde2-6a9c11a244bc} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 3280 245131e0e58 tab
  2⤵
  PID:5240
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.37.477919055\1789923892" -childID 34 -isForBrowser -prefsHandle 6344 -prefMapHandle 5176 -prefsLen 30353 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {567c5dca-d924-4545-81c7-ba6bdd693bbf} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 6924 24516a3a558 tab
  2⤵
  PID:3976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.38.1277780167\55151423" -childID 35 -isForBrowser -prefsHandle 4548 -prefMapHandle 11268 -prefsLen 30371 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d88b8c08-247b-436e-807e-d67455188e8d} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 4840 24512f04858 tab
  2⤵
  PID:5268
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.39.1630513655\167607184" -childID 36 -isForBrowser -prefsHandle 1548 -prefMapHandle 11248 -prefsLen 30452 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7be9047-262b-4747-a0ba-6c48eb14a085} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7608 24502861958 tab
  2⤵
  PID:4244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.42.1599606393\8543561" -childID 39 -isForBrowser -prefsHandle 7832 -prefMapHandle 7892 -prefsLen 30452 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4184bce6-4694-447f-a4f4-8a6d2b24b837} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 7884 24516cc7a58 tab
  2⤵
  PID:3644
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.41.564129778\851007847" -childID 38 -isForBrowser -prefsHandle 8036 -prefMapHandle 11788 -prefsLen 30452 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aefaffde-3a6b-43b4-aecb-de6d485f4dc7} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 8048 24517b2a458 tab
  2⤵
  PID:5928
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1044.40.2102995917\1890384858" -childID 37 -isForBrowser -prefsHandle 10932 -prefMapHandle 11236 -prefsLen 30452 -prefMapSize 232675 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f3ba713-ff6d-48ac-82b0-0fcda04c40ee} 1044 "\\.\pipe\gecko-crash-server-pipe.1044" 8108 24517d05058 tab
  2⤵
  PID:2568

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 436 -p 2456 -ip 2456
1⤵
PID:2228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc
1⤵
PID:2040

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5676

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:5508

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:5876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5184 -ip 5184
  2⤵
  PID:2116
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 5184 -ip 5184
  2⤵
  PID:3028
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 520 -ip 520
  2⤵
  PID:2320
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 1068 -ip 1068
  2⤵
  PID:6244
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 5980 -ip 5980
  2⤵
  PID:6184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 6408 -ip 6408
  2⤵
  PID:7108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 6532 -ip 6532
  2⤵
  PID:6632
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 6644 -ip 6644
  2⤵
  PID:636
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 4688 -ip 4688
  2⤵
  PID:7108
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6976 -ip 6976
  2⤵
  PID:2356
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6100 -ip 6100
  2⤵
  PID:2972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 1308 -ip 1308
  2⤵
  PID:184

C:\Windows\SysWOW64\tfddos.exe
C:\Windows\SysWOW64\tfddos.exe
1⤵
- Executes dropped EXE
PID:5468
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:1748
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:4316
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:4752
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:1348
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6564
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5992
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6420
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:4076
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6368
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  PID:4688
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5160
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6072
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6396
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6208
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5828
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6592
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:2340
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5952
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:7032
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5580
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5480
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6184
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6692
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:1164
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:2692
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5432
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6732
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5924
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6108
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6608
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5304
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:2216
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5988
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:4012
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:5408
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:4736
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  - Executes dropped EXE
  PID:6436
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:7072
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:5492
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:5412
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6524
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:4296
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:4904
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6448
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6460
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6432
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6308
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:3444
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:5752
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:3636
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6848
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6912
- C:\Windows\SysWOW64\vmtoolsd.exe
  "C:\Windows\system32\vmtoolsd.exe"
  2⤵
  PID:6620
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 1220
  2⤵
  - Program crash
  PID:7112

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s fastuserswitchingcompatibility
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:1068
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 896
  2⤵
  - Program crash
  PID:6284

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s ias
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:5980
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 904
  2⤵
  - Program crash
  PID:6420

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s fastuserswitchingcompatibility
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:6408
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 892
  2⤵
  - Program crash
  PID:384

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s ias
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:6532
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 888
  2⤵
  - Program crash
  PID:6448

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s fastuserswitchingcompatibility
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:6644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 892
  2⤵
  - Program crash
  PID:5628

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s ias
1⤵
PID:4688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 892
  2⤵
  - Program crash
  PID:6436

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s irmon
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:6992
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 892
  2⤵
  - Program crash
  PID:5488

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s nla
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:5196
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 876
  2⤵
  - Program crash
  PID:6400

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:1128
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 5312 -ip 5312
  2⤵
  PID:6540
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 5196 -ip 5196
  2⤵
  PID:2000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6992 -ip 6992
  2⤵
  PID:824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 5228 -ip 5228
  2⤵
  PID:2328
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 428 -p 5468 -ip 5468
  2⤵
  PID:6644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 7020 -ip 7020
  2⤵
  PID:824
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6164 -ip 6164
  2⤵
  PID:6688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4140 -ip 4140
  2⤵
  PID:7160
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 588 -p 1396 -ip 1396
  2⤵
  PID:1348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 6460 -ip 6460
  2⤵
  PID:6400
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5324 -ip 5324
  2⤵
  PID:7048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6308 -ip 6308
  2⤵
  PID:7140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 620 -p 1748 -ip 1748
  2⤵
  - Loads dropped DLL
  PID:5304
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 736 -ip 736
  2⤵
  PID:6164
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 6236 -ip 6236
  2⤵
  PID:7016

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s nla
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:5228
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 820
  2⤵
  - Program crash
  PID:7140

C:\Windows\SysWOW64\nwnpwg.exe
C:\Windows\SysWOW64\nwnpwg.exe
1⤵
PID:4896

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s irmon
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:7020
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 1088
  2⤵
  - Drops file in System32 directory
  - Program crash
  PID:6976

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s nla
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:4140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 1084
  2⤵
  - Program crash
  PID:376

C:\Windows\vynyai.exe
C:\Windows\vynyai.exe
1⤵
- Checks processor information in registry
PID:6596

C:\Windows\SysWOW64\soysoc.exe
C:\Windows\SysWOW64\soysoc.exe
1⤵
PID:6364

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s irmon
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:1396
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 940
  2⤵
  - Program crash
  PID:5992

C:\Program Files\uqsoqq\svchost.exe
"C:\Program Files\uqsoqq\svchost.exe"
1⤵
- Checks processor information in registry
PID:5788

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s ntmssvc
1⤵
PID:6460
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 1096
  2⤵
  - Program crash
  PID:7036

C:\Windows\SysWOW64\kgwigy.exe
C:\Windows\SysWOW64\kgwigy.exe
1⤵
PID:3696

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s ntmssvc
1⤵
PID:5324
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 884
  2⤵
  - Program crash
  PID:7016

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s ntmssvc
1⤵
PID:6308
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 904
  2⤵
  - Program crash
  PID:5872

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s nwcworkstation
1⤵
PID:1748
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 880
  2⤵
  - Program crash
  PID:912

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s nwcworkstation
1⤵
PID:736
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 892
  2⤵
  - Program crash
  PID:2484

C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs -s nwcworkstation
1⤵
PID:6236
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 896
  2⤵
  - Program crash
  PID:2080

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Remote Desktop Protocol

T1076

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Bombermania\Bombermania.exe

Filesize
204KB

MD5
4cb21980ad9fb6bc1c603f7d9aa99938

SHA1
0c0393305b4f7c45cf7633818942344706cc00fb

SHA256
308ef26fa14ccdc3496a76501ee0aed656b34825fe6f162b478abdb83167a118

SHA512
a8bc28874a052b20259a8800281c21dfe1b63414b417d3ac59e3d3348f4663476d8c2a0e4e6610befa0a3db93fac9230c314bfa9396197ea385aff6df8a866a5

Download Submit
C:\Program Files (x86)\Bombermania\Bombermania.exe

Filesize
204KB

MD5
4cb21980ad9fb6bc1c603f7d9aa99938

SHA1
0c0393305b4f7c45cf7633818942344706cc00fb

SHA256
308ef26fa14ccdc3496a76501ee0aed656b34825fe6f162b478abdb83167a118

SHA512
a8bc28874a052b20259a8800281c21dfe1b63414b417d3ac59e3d3348f4663476d8c2a0e4e6610befa0a3db93fac9230c314bfa9396197ea385aff6df8a866a5

Download Submit
C:\Program Files (x86)\Bombermania\Bombermania.exe

Filesize
204KB

MD5
4cb21980ad9fb6bc1c603f7d9aa99938

SHA1
0c0393305b4f7c45cf7633818942344706cc00fb

SHA256
308ef26fa14ccdc3496a76501ee0aed656b34825fe6f162b478abdb83167a118

SHA512
a8bc28874a052b20259a8800281c21dfe1b63414b417d3ac59e3d3348f4663476d8c2a0e4e6610befa0a3db93fac9230c314bfa9396197ea385aff6df8a866a5

Download Submit
C:\Program Files (x86)\Bombermania\bass.dll

Filesize
95KB

MD5
85ab9b561224a0e4dbbf8f210b6052fa

SHA1
ff6487a2fdb2d8811d600c9c0a7eaaf8d33a595e

SHA256
1670e07e8e26feb3a2d831c43ea92a9d3a74e075ad90e45b5fa953b738804834

SHA512
e222eff4c7e95631e17f82a62901f23c640015ef42c0e4e57967cead3b053fcd57fd9fe066af67cc19d538e9827d06ee164d86a23d40c2f7641292f2a95df1af

Download Submit
C:\Program Files (x86)\Bombermania\bass.dll

Filesize
95KB

MD5
85ab9b561224a0e4dbbf8f210b6052fa

SHA1
ff6487a2fdb2d8811d600c9c0a7eaaf8d33a595e

SHA256
1670e07e8e26feb3a2d831c43ea92a9d3a74e075ad90e45b5fa953b738804834

SHA512
e222eff4c7e95631e17f82a62901f23c640015ef42c0e4e57967cead3b053fcd57fd9fe066af67cc19d538e9827d06ee164d86a23d40c2f7641292f2a95df1af

Download Submit
C:\Program Files (x86)\Microsoft\DesktopLayer.exe

Filesize
84KB

MD5
5cdc5ad14f0f7476711d2ab65607fe5b

SHA1
d03fa4a202afc929725f969471a8c1d5943fd12a

SHA256
4e7d57da4995611e1451846e7a08017a4fbca09215a31707d6ac2957b71f5a97

SHA512
b0a0c1367efcd37c827306ca5ebad1cd6fca695d12746df1686a3f9ee1d59698ef82ba98b5e697f311168a63533d7046729eae921ce177213183253ea815a9a2

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
568KB

MD5
04fb3ae7f05c8bc333125972ba907398

SHA1
df22612647e9404a515d48ebad490349685250de

SHA256
2fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef

SHA512
94c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
568KB

MD5
04fb3ae7f05c8bc333125972ba907398

SHA1
df22612647e9404a515d48ebad490349685250de

SHA256
2fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef

SHA512
94c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
568KB

MD5
04fb3ae7f05c8bc333125972ba907398

SHA1
df22612647e9404a515d48ebad490349685250de

SHA256
2fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef

SHA512
94c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
568KB

MD5
04fb3ae7f05c8bc333125972ba907398

SHA1
df22612647e9404a515d48ebad490349685250de

SHA256
2fb898bacb587f2484c9c4aa6da2729079d93d1f923a017bb84beef87bf74fef

SHA512
94c164a0b884c939ece30f5038d07b756702998d46786f9f613fbea2eb30bed4bc19a409f347bb4cc565898473b18155d580b453683223beaf30ed4079c251b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b950ebe404eda736e529f1b0a975e8db

SHA1
4d2c020f1aa70e2bcb666a2dd144d1f3588430b8

SHA256
bcc60276d7110e8d002f24d66ebb043c5761e2a4b6ae7854983cef4beacd9bf4

SHA512
6ba228e5b6464c9602db81de8e1189302d0b2aed78a8b06248ccd9f095ede8621fc9d0faed0a7d079b8c7f4d1164b2895c4d0ef99c93cb95bbe210033e40295a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
47KB

MD5
1e71c1fe6719b15fa0e1a5cf5e1058c6

SHA1
a4cc8d320a4be42f5c80270d2839e3d1d80956c8

SHA256
b9c594a25081fa2ee69d3339de33a2328f19a1401e805b19024fcd51bccba5fb

SHA512
53c3f8f42bec50ed5ba2283656704801a788ef1cbc361dfaf469b0551e43575b8121049a2e44263d1b382bcc40fb561c245d12f2d3d226fb26b85215fe042ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
30KB

MD5
903bc7a7e510f87aa5d0201eb59a0832

SHA1
ac9aa4dd94cde1bcba9037e94087138b127e41fc

SHA256
41a7ac8150cc9f38421451d5143c1ffec7a1f1fafbf7a7fc0f51b98ad699cf8f

SHA512
ec9e70bdade612c577243de12452b2bec6ec90390d9e05b0c949a5a30110f51765839bc6ab22edc121d9c73cf73af102890e601a961d489071f2d05ef0fd2c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
48KB

MD5
f9643d1cd35b9ece6e9654459f4646d4

SHA1
15db71a62960bc80f352eefd01b7ec18758b3429

SHA256
103ef5914f7de2aa3c88485367af3f01956d1db8941ca8ce27cb149bd3530b4f

SHA512
db9247a461ebe30efad2783051d78e4b7648b567d188013c11c898b2da79f8b7c6d32699aa62b8d0761a7fd77b3a4fe6770465b0a7a0f9fd6469b341b17cb647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
25KB

MD5
71713aaa99737b0b565f68391201481f

SHA1
d44ec7ed2417a93c33803a6a34608013a2a63a1d

SHA256
a567517c6a6c248a8e02157ddec2e68fb41ebea7a041ecf928600120388aba8e

SHA512
341bf5cf78f38de512d2a76d99a5853ce1a7f24f6d574607b5cff1c80a6a67e693ac18d4a111f7b390406aa350b0f1df7cbe1eeffd9088de881754700c063a2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
33KB

MD5
9a5e313c24dfb0844fb74d8065af1ab1

SHA1
b35faff86fe98188d416516d8f04e41b7f9ad0b8

SHA256
2d9a26d56be35d478a074da3c6379cbe1af67ee72385ae96b087cf99c7446498

SHA512
0a1e37d6caa7f0d0c1ea9bcf602496ef1487479ba092e445afd735445fd9f9dcea2cadbbf6a6cf878a797f0941e2d92159e823919771d26ee5916672e9228bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
85KB

MD5
b0b040e5f0173e8b1d0f665854160ce3

SHA1
fd30c31b698b332cc7b4e6aec50207af03996ca4

SHA256
fccda6185cb9430b43b1d7d0d332986ed95cb4b16b88ed4ff72117b734af0ebd

SHA512
dcad719ebcc1b7eebf23a14e077e667dfbfca3799ee94607f6cb4a3af9273ffd3656eed7dd3bd950e2a0582a4ff54f75217ca9f49c34e9f69e7b22c923bf40f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
118KB

MD5
2a47354f621e065075208fa18f3b7f46

SHA1
5462640dd4c3f1c16a89c3320093994e49265f94

SHA256
30dd2daf97064dce126513ad6fd9b03453c3a0a4ace55d8b04ed974838ba04e4

SHA512
fabe910d7e16d3b68f44b98a82cf179da3033da064ec0e850bab55683bd012afdff5a12e46699b110da392e5aaf0bf73a89c3f5360ff535ae43d5813dcc87117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
5212900cccc4971f9b8dbcb0372dc33a

SHA1
8617e42865ac59a84ceae95d81f64b9e5de95b81

SHA256
8bfaa36b23c8ee91a553e11359d873fbdf9861e25a23dcfffc28b79a583384d3

SHA512
c6869822a17569edf7ec56a8a0d0cd3441ca4cd18150752bb9cf50fb2b444f943e82497118c8f68034c2ffb156f7c9cc723f8d289da8ef8b35369ad271623764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
85c1659027fa71bb10e214a15a89f4c1

SHA1
39275287d65373fe9529eb06798b441aec4a2f65

SHA256
752882df9e73368bdbb861043c20ff0a737e981987d4da419c692f4283e60369

SHA512
4d05a518e0ee95560cfbfb5fd9d62829bca9cf4f6916fdc4edcb5d3c63bdb1c23cf77d4f33106c96001372f75cb0b316c1bfdf29e0277751f0accd727ac61d16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
b74d16c7f43015af62addf8c236d38fe

SHA1
a8edb317c1c7b85d153f767ffea0e3bd8735c810

SHA256
08ea7fc9582509a207299f3f539acd7c1136a8e5793169b0cccca5d0f3c25b2a

SHA512
256ae14bfd0f1c6f2cfd1419ebcca8a5c472a597d47c78eb2ffc8cb363d49187e5ca56d042809002e59f8760ca59dd8bfac50d4dc184a2ef3a2caa7978e920cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ee770f878aba45ff0bd6136ce22249b

SHA1
77dfa042e90796e1cde8d8cc8c67c6c0ef386e65

SHA256
9d85c1638ba3ea532248c21d7f810aa8ff2d071f169d61d003d23187508d09b3

SHA512
8347464ef94196e91010e8af31347aa45815eedebf3c608e2b2dd9bee7aef1ec98fbdda80cf591308737d8fd64d79cd6a191d4fb471715f57518b0165b12305c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b62efc4e0d602307abb7922b632017ed

SHA1
8a5c6001ed571001129878ca2f5860132d91227a

SHA256
b1b1e31869eb70e96c929c4e9c6efe3fc28cb4dfa7358e04b3f7214828841792

SHA512
88982c6718e49f606e5364c302c83bcc11c309f36a20d1cad0a9680fc643ebc928e8044e793cf05f976c9af2156756f886b61384928293f795592351d5debfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21dc18e21f574497262a16b8ad9f48ad

SHA1
9cb716c42d157c1beca3519db5cb3e044bd138f5

SHA256
1f1f1523a14cc916e908f67228dbb6161ce19c2e335df981dc68b01b19126527

SHA512
fafbd7ba700b12007884647a9e846923d91ddf27bed3078c2e5a302cf8d711b737091446b49ba5496626cbe96f0fe89b3d1144432fa1d96771d20e35e30f1d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
244be87bc340b5b556b8633582d4ff4c

SHA1
f84c845c4d03c672cdcc5fe66cb39e423ee3f5d9

SHA256
2789d3f2039a4e32c1754554d00c1e19e351122b4f1260a6ea199c729382d244

SHA512
942843827c945f5303ac3a4530bdbb5f7edc5cbadcbb6ac4413771da02223d0a98b8191433e5369c754560f5c3597e7b0e3e415de35d88a6a22f78106bc08efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cb4c028a3537824188da5f250c38087a

SHA1
3b32d3c8f59441c99a3de86ed39b9d83cbafce4a

SHA256
57cffebf931b1cc7a86dced539aaf5cbd590260cce5803798f6ae69f39aa7e6f

SHA512
9edbdd17ba4bd84e235ea33ed9cdd32a7a8b910c570f6d7c1f1b18cecdf9516e6a853c4d4c6f47329fdd3dde59b54fad36f65c3e483f6149af173a02900cdf28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
037ea58a8d5e1729d0da6bf3aeda4562

SHA1
a4a3a63436b7a892fb0053b4cd29872673246a00

SHA256
5d19a32f21762ef0f32fc792314bb6413a9212f3b7732030d06df5974298e316

SHA512
765e2b2d7a7f0cf3b4f73c7ee33d1b6b0ec008b76078316d6a9a749558d32f1b4138ddebe34a95bfa023048769eca7bfb4692bf6f4458b66c27d7e5aa8b67172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ca36933e6dea7aa507a272121b34fdbb

SHA1
3b4741ca0308b345de5ecf6c3565b1dbacb0fb86

SHA256
fd14449eb781c58e6e7196a384caf25cba0c59ebdba3b10f8ca0ecfd0c076b5d

SHA512
5a9b186ecf085765caee97a2910008dda926ce412001042e165184083a52fb5fb70f05ca781cd2f7740ecbd938895c77c5aa0f9eb8d812b92f412f336212720e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4f5f0839718f9a635f29d43b00d4e0f4

SHA1
e711733491ec3e1c1fedea4fbdb8d281b4cf4ea5

SHA256
fea2c3804338c8ea671c317f0a7148eb88642a49e35c9b9ff58f877ab0a7ed84

SHA512
dcf51a83abc97dd0ac78b9b6961a7c7a2f657dd7441aeef42385db3a35dfc693f07867aa248e8e84c74ef432327938d2c20b5dc33bd183b0db611b4ebb14c0dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6c32a3.TMP

Filesize
1KB

MD5
5a18943e530bccca1334ca9a6cf6b882

SHA1
8a32f9794c4988886b1fa129fb5c5a9e6471d768

SHA256
a01a24d7db6199ee4aa564a4c347e5c2ce95a273c0d01168c44fa616c0fafcd3

SHA512
d84abc227283309fb1907b041b3f7ad3f4b5a3b34b64616688ce83e0479d07df364f0cafac368f315b2288e9ca3827d75b86d40b5e3c418701a8059cd4203df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
5bd5a3995270ab6ec9018f4edd6ab232

SHA1
e7e49129a0320096ab9b119628ae77f360ff28b3

SHA256
b3a82142daa5f8a40766f49440a199a9f9aa36f7ab7b75e82ca3f667b2603821

SHA512
7280fd266882f0dbc7519f0aa1c556a367edeafd048a88d7ab8e13512f9bef0031f459581a17165acd054eab64ee3468f1ad7a1fe71db850f86da79b12062840

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
32e7efa3960bb35480ed37d7ae4864dc

SHA1
c34822944bae8a6048c172373450a4825f95fac8

SHA256
e8787dfa6cfb6a825204a59af52926bf6c04cc133c87bd70a0b1a707ccddd40b

SHA512
66e0a6a4cdbeb06e616486ba1a9d2e724b31639eac5e8d52798bd653e25cc333e782961c51bc520d9fb59a1e9c378fdd4efdf12d5c2b09b7b248bb8b3fd3eeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
ec298a44bc9277dbf3fced1514d7e372

SHA1
d88439ee50220bee3900e15815e1435be9b5cf4a

SHA256
b01a4a1f98fe8efa8d4008989f38beaa89c0823dae1beea5c656874e803b3922

SHA512
b1281adaf7216b53ee3b4de1a23d026f34012239e9b0f2f0509e403827702cabd83db059ec7eeeea33926370830e48f8976e0cb3d9e6c8328cb1bf5e8baa8a28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
87e5c74b625e8b7eaf74e922892e7a35

SHA1
d3d2d54bc4950e5cf0d89271c471be05e9fb121c

SHA256
bfcf45268dfd1ef44de3116bbd355270f08bdacf58585d6e22e8dc5ff5aa8bdf

SHA512
96f63a777b1d3b7d3417c7cd1acfd9bbbca0799d0c63ea81955e13c4566f62fff883db357342ac2599aec19d3cd0f831190cc7d9e322c79adef165c64a90a022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
67d07a47a3d4632f44aad6db16a1162d

SHA1
b8215e7c985e25b198b767330e33ce6854fec106

SHA256
cdcd7899e4d7e8c21f392fd9c5223bbe712371c15996850b651620791d2d1548

SHA512
90bc7f6caf0e4d862f2e06a6ae5c0e2b215493385b456ca6e5163f63f60946999f268986a31ae0a9ed1e603432c921c75635043c81ec3c5442bea56726351c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
244868c8b74828f2ecf8d4e419ad8653

SHA1
e3e83deb8b51e50fb9d01bf7e16be6ad60ffb489

SHA256
42b73befa4ed2302b21c876566e719571aea7654b550d10e1e75b01e1266b895

SHA512
d9140bd6b2be0400a1e8c254124e602d2924ad998c2ddc69a86b19faa781d80673e0272f9ee678d1ea3edf38314d733e1287420fa4d3fb022eeebd8879181db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
4bbd2fbf174010cc78b3cecd277584ea

SHA1
afea52946432715e27a90ea80e87bd55ed918d74

SHA256
92f1b3e2ab25a130538835444f18d652291747c6899461ff3baca7873e7d17c5

SHA512
ad9371ffa9ad9e286c383f0600a373394198348620481e483e723000e51d6dd7fbcc07e7cd2d50d6c245ed32a268c1f71afb8083d32112720b7f1a780de5cb5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
d4a5822b5fee5a1e4b887933c5591d49

SHA1
13be61d253a2714eb9bfbcff36e32b78fdf7db06

SHA256
e126ca45476751a745b6d48a6c307df24a022c853a60be9bd5bc011af9ba8896

SHA512
ae9773e2f78451e93735c9c1ee80e11a709f996e621f641be9abb72a67ab39624f1b3224580b53c740cddaedcccbaf7fcdafb8dd41d157969472e5b7dcfe4653

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
157KB

MD5
3e6a33f22cdc2a3474a0e2a3b1fed13f

SHA1
eb77bc1b133da9522c82174e50e75825cda0b1f2

SHA256
92c5beedd097d56db840eb55a3c7cf131950e8f12ef407e6ef36528186005544

SHA512
55c55e3c098bf916ac511105a1226d99c5abb8caf3debbe174b3f6aa0b82a8c06a464015f55531afd6ae477100a3650c689d05f92c8da2ec61051fc48d61bd16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\10339

Filesize
12KB

MD5
5a3ff64b5cba5e0ce28f03f2bed25bfa

SHA1
33e8674c10c38c3b96c509ba9a0aad570e3967e5

SHA256
9eea538faccbd8fcfa566b41b6326e2bff09029c6dde96231057b1ed0230446b

SHA512
214eea1edac4d002e3b8fa007b342110b0b33887033309125e40a649d3dc8944f811be9fc251d39196a9abb829af24c0c9d74d73810524c5daa4ef8a7b00f55e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\10382

Filesize
9KB

MD5
cbd0934f60b0821320ed00098c085fa1

SHA1
75cfc3d8238883a8fb927ad081e745cb440975e6

SHA256
bba044087e5af6990b9350cc9df5ae76c0816c94d2a50805f970598ee53ade04

SHA512
a9f42c5f3c4a1ea09b96a99dc8273b8452aa2400c13b5c1184d14a5d2ad6f93817940b7ef279a08f632f507bcb2d474dd24d884c2a1c37dff114b4e345768090

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\11459

Filesize
11KB

MD5
342b9e2ef7934927954acec61cd4a08a

SHA1
c44531f7eb70b608238cdd0b100d775999a24216

SHA256
edabfbeafbbffd9ff7fbf462e134a35ab0b3ba82b8e0feba70fb2ff0d914a043

SHA512
96f0341156a34566ee898e732c4eb28bb70226d928855a311f1e1ad32a5f8e33c825684271270aa1a6a60de90e1259b727e56db03f8a631b46b6259dbee2c786

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\12274

Filesize
15KB

MD5
80feb5c27f3f9b2c597177fba930ca5f

SHA1
6c210674519135c60461a045c066277f6ba10579

SHA256
ed61838b983627b3c21bc4fe8ec117c60712f90b64399a7dbf2530cda06b0184

SHA512
23d52eb559d9bc5e0f3385efa06e2a5d1849934d956a52ea3fa6d14f6cae93a7c8557365d1a25a9caf4acf700b69c64d35a607182021686dae3fa77bbacc9704

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\12778

Filesize
21KB

MD5
60b6aae4d625f9dab46c36bbc4aea48a

SHA1
4abb17447ecd326e14c4651c1b8b944aaa74b5d5

SHA256
28ba9ad4a198eeaa7030af08bfbadc58b0a7858a83efc6547c092010bb6d8fc0

SHA512
102dbe251a309ab2ab20259563715ec3559f037bf1b5698f12fbf505a27d37811a4f9589186b26d4d7efe88eb8a10a7a91d2d1b4bae16d78d19153d06698a8c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\14436

Filesize
12KB

MD5
85322e2418e11c34a5798294b977e236

SHA1
bdcb94bc75cdad1ed273b8d2ac2b59f549208ca4

SHA256
acbeb80c745b5192ad80f363fcdcbbf6dc61d75baa77e3678a7b946362fd7d6a

SHA512
522fd32f52a7173e19df01ebfe9fa8e5f2681ff9774cc993e6462edf124de30e2334729312d6383c2c60952341c9c162b5beb918f0c31e1048be0c9d5ccdf91d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\14763

Filesize
12KB

MD5
25ede53feffcd05ccb0cbf5f4602d3d8

SHA1
80dd6231641c2bb58ce8190e3bc9e1defbbf6137

SHA256
25c05b2bd3ab9c4ac3a31701c0fbf60e1dcba85b76e694e633ba976c46f22197

SHA512
7e1e22acb91abfffbdcadf754eaadaa82cc092f1c6adac7db09261a635f20cea822d7f45c98cc6a8b3051c3dafbc333573d3c63af823013e770af6f683ab7aed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\1477

Filesize
12KB

MD5
8d1a25b145bf210de5fdd6e78b44a60e

SHA1
b8acef8aea66b75f2286274b016357a94d9512ca

SHA256
8b1afc144f90376a87aca586c690b2dd84f3e7a9924189c8ab1751aee5652e37

SHA512
5459b9c6c8550a146c9982fe1ffb98f0b64b9d184f98fb85ae833f311dcc833cdc62add15dfc5b1a54dae274d0863e82c77ea84b699663cc1aad1a48449561d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\15948

Filesize
18KB

MD5
42de0b7ce1c688659c5fab8af9727a2e

SHA1
a12e921415fbd3d994bb55337d89abc780dbaf39

SHA256
f7fd64fe98df18f0aee6646c3c117ff7a47d443e85573531bb8b88c0e8dd6608

SHA512
510dde97d577327c96dad37044c738dad5c14303a54529f8306325ca16e2bef86fd904cf39f9218f1c08aa613203852169b3bd0320720540dc873290bf4187c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\16092

Filesize
9KB

MD5
29d4052ec32e963ae1fbbd455ad26932

SHA1
88c3fa17ffb32080767d9bc73182aafa897dc2e7

SHA256
e17d59638ea1c7558467cc44bfbd089e1724e2ea2a350a1d74d0e855826a381f

SHA512
c03550ff864416f5adec19820106c0b91f5bf4eb3c35bef87ef6b822a3e80385f295d483aa8355b71193eb69707bfb5585b3c9403c6142c6308a38147f10a56a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\16982

Filesize
12KB

MD5
da36f84ac57d2cf8dcbcde382455d321

SHA1
1ee91ea59520ab0a982476e5f483bd224e662fc4

SHA256
5a58e1e71d9ed2d62934d10cd091ab24c56066dde3a06be119a56bf9deecbf5c

SHA512
c98bae5dc75633c904e355b55affda00d60b9e87cda79919f909cd8a5de868f3b3d421ad3d3f6a4285aff7a51e8300c76c84c7fcaa3496a74d1728a74b10fee5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\1786

Filesize
15KB

MD5
df96ad47f70d2ffe0a63e7dc24bb6f9f

SHA1
ae485cc6830e1db83f78f739840fae60cb0afd7f

SHA256
101e41fbd8eaf50ce58aa7f1c321058d86a123f84806f9b593b61c7964c09bab

SHA512
b9e90bdc10bd9a97b9ed4acc6f1e1cd06c2ba9427fe3e79eded95271dbf616440b47df29715de710e662a8c9efe15033661d3e5aab06c185beaec75e6c71f762

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\18116

Filesize
21KB

MD5
9da8f2f0df6dc24e75c7637ceaa2abd1

SHA1
7d330ac0bbded9837d3c3de898594954ceab386f

SHA256
a0da4ca797170f10d5772b390195327d0793b06776a489b9010041778b7705a4

SHA512
3c1f09431856814ad2d87cb154e8a5a1c4506d8c26d5b9c24dc5043308310ffe16ed129c94a19ad15e888d8b96ec1b3a47c4a173baf2b8caf23633bb2781c942

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\18415

Filesize
12KB

MD5
bd8471ed43ea60e40ce24be8f4ddf85b

SHA1
e6deffc1da8fe790dd413c15fe7b7769155e7b21

SHA256
8fa02092cb5b34c53c0cbac6b5df5dddb794fcf5ac9b88d51f584f7c177c192c

SHA512
0aecf343dfbcd57b88ea0faa7704cf147c9f7948799e102b3bfe34a80231deb299ca9cb0f423be5c3fb142d9c3652fb308c04d128a5e730990e8eadcc21f2278

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\20595

Filesize
12KB

MD5
34cb33a2e7f66f2f4c675ac24c1ef563

SHA1
9c8f1ab50f7d6d21b00723dfb3301809c3b75282

SHA256
81f87cca45ea763526b57c38f371e17d9053d7ee880f26fe3f4718d459524658

SHA512
9ace7411437e59735fdee8daa9485cffba48fe04c258d909244cc8dc20f67a457d73018ed578cdb6822c089d5c24b0fd4bafa9e85b37dfbc8489ffa7a3048f59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\2139

Filesize
12KB

MD5
d3b1a7da0efdde2935d8cffd1c735940

SHA1
bb058a22f55bfe0654a4ced744476509cf0b77cf

SHA256
0503ff57ce41f8873769d7274f12cc4d676f1e6e921f6f615a67e6b962b5ceb0

SHA512
6556be050887420b24fc31cac1296d2c2b45a62c2a80e82091b037724f20ea26b5e1ad0fc3a8669fa87688233deb7f38e969e36d75ca369d6a4b87612ac9d27f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\21577

Filesize
12KB

MD5
5328150070b800f2b09123f777619116

SHA1
2fd2c25da6695daa139f694ccb7c3067ab2ae9ed

SHA256
fc6e94e336181340b504cad25e7100ecb7a89ab58bb78a0041c4d3cce3ad187d

SHA512
ce995d1eec5c55a4855f1fbd52357796e9a5eb716b089802b5993892f154a153a1f879868f378197305b13afdab4de093acea94f29855f4a33831867f0eade3f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\22126

Filesize
14KB

MD5
2afefb9f65cf633d6b3add9216cf817c

SHA1
631df41add241a2a2b6316cbb4f120fef2ea89d6

SHA256
95e1f7df6bad34dbee0652a96afdd2fd571ab3c23237e71b39ffa1880dc6d6f4

SHA512
356477534407cb19f01e423e20074d15792bbec2de803700c52c88464d7c7b2651ae9f389652d3ef352e31ae67b9341e4d113d5523d41aead5e2f31cbca03913

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\23181

Filesize
15KB

MD5
c6727ec18b929da362564f1d075cde17

SHA1
91de917218a37df902fa9e25fa2f7e081d0e5c5e

SHA256
1db9acf85938728485c1508c58e25f47cb164619aaff919a241e4ae99e8c5f5a

SHA512
4d5df1fb7f3a5204811e26e75aa72f146f9705be406e90f450b3cb233a629063221aaa89c978cafb72993349a10886aeebe96b111087ee4b3fa2efe896d24a07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\2371

Filesize
18KB

MD5
f639ff056e252aaa2deae266b387b27c

SHA1
e976a4a7ae1e4b96bcabc44ad61d49a240a0ec16

SHA256
5ca0de30e94f1fc4edf8a36afa874480d7d398c7c74259090b3d8256fcc1fc81

SHA512
117415352ff76a76658c1a4b882c9112a66e3fe0ecfaacad1b819e924cdc8aa10fae77ceb41bf584edf38abcef187a0f6b9f570820c105d79083c10c9a612ff4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\2374

Filesize
30KB

MD5
402ff23d2385d7c07dcfc389ba8e37a5

SHA1
ce7f2ab4bc8cfd0d96c092466ac17459e7db92bc

SHA256
7ba7fe580feb49377cee66e9d0c9074d9d5dbc493b8afc57304bc77b7d004618

SHA512
6e67565a1db25d2eb853cfa520370dd7a9723a2c3b3b79779203ab479d890dcd2b5a4bb0ee16f7df7fbc9e558ff9d68cc2578976ed1595f21ebf0a3bc6229fe5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\24588

Filesize
12KB

MD5
25f7cee0502faf9540bb28ce0253c59e

SHA1
4c46380db4b3d3ef63f1ee7e44eaee7df196ded6

SHA256
211218d92fdd8e613e9860a4f32ea470815eb9c65753381b4f5d25d82777047f

SHA512
4b833ce10be790b07a2290fbc45e4e0691ec9fa23f069ef9c7ebe698dc832d33c569e9b4011fb289ce5a1455b2833f56f0c8809a7cc648e8d9a42e87f58bbe26

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\25409

Filesize
55KB

MD5
9ae00a43923b75b65662adeed6079c06

SHA1
a5f16de0e4170e9ffa28776139bb24135b36110b

SHA256
daa7cb4ea19af0b10bedda131d5e0ea5a5b5dd1886416c3767fc285ee084570a

SHA512
a179d470455df41c0b08867382c37d679d9e8e259955e6fabda33c383c033fd5394d5149990c18033b112b7b786478a5c0bb9844a3f58e0fb9ffb5b2317a3651

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\2553

Filesize
18KB

MD5
8211b6943630e063889ad2a22f3fd295

SHA1
facfeec651ce281185607aa0d6273eba16e47c34

SHA256
450fa729eb19642d39c594780d5c67ecd1c905ddec5e24fb6a26ea56ccdb692f

SHA512
6d735418fb6b68fbe7aa725f7ec36071b8d4fd1db45bd863aa4526506f0855a5420e42442893034d0a9fa41edccb6407cbc89920ef352bcfd190577455629c05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\25682

Filesize
15KB

MD5
dcb14018e4c807de59a77338e7c0bc0a

SHA1
2c6ff395d43fe6c97dfe943aaff8da02d4fc7ab4

SHA256
f71aaeedfe6c6dd540ee9c6b46f233d5e6d92f3704c5df1aa299ab1ab1599365

SHA512
64f7cdbe3a7e0d74057adfdefb76e1cae96081e914c55beaf68210b0f8f960a5f6dcbdbcd7c3a62d9c50e90a58948ac23b53907a7b335c4b645132b35b2601b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\26037

Filesize
12KB

MD5
25f2274ae40f740d7d05d5c98c60dad2

SHA1
f9cb7841ab306407d2535be1813046ad2b3b6195

SHA256
e37e565da039e5ac23e48f559073bc31d777b81ae1bb3d53ce13af5382a7fc79

SHA512
0b1544c1112a68bac344277983ec99c804b17cb10a4507204028d5767f105bd371a0c2769428faee58a397805af80ad6251d874a7c4700ccb45e1f0c49466235

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\26330

Filesize
12KB

MD5
1f5c60edb9c8e9c00d94b944ccbf7221

SHA1
f1080698ff1f5c0360772c8c5356d2631f4190e6

SHA256
f2a1e016c42e35c899172e1f6cb3758ea69f2f523f4116ad5a3e1db4cf7bc81e

SHA512
3b2fbbc608414b0b03cd3f5810bfcc71222e0a2d540423e6febd54985892ec4e403b42ee0b3189246f544be7cac76215f547a90c06f0919c53cfb39f45efd455

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\27690

Filesize
55KB

MD5
119a796b2e86095527c1612b939f3c5c

SHA1
a83dc140fe696a282440c6dbbda70aff7a84a8e6

SHA256
5ed85c9bb336693aafa3813efc62c3e7010b0ee5e314752b2bb8bef5daad437d

SHA512
2fe2c197ee7d9360cea11846099b302f38bda4a08d20c75851f7aa61239baeb27a2b0e7978ac3a21cc162cd0b32f2655f84b59b14df409a065e3e9ac481265bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\27947

Filesize
12KB

MD5
6696a1bbb72a11f5cba530ec7d6bde8e

SHA1
0bb253e5b4cd814abd06c9400f361598a5e85d6d

SHA256
a9dc949a7e7e0345f81bbdadc24a128002bd00906263530a8b06f3c1003d7e31

SHA512
6fba979b95b5d5790a66eec850a57906d1baa0ee33438109390b1f9a20d1c894a3753ed46622eb6745e808d6e605e4d43a6ec969de44e58d937223c6f284542e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\28172

Filesize
12KB

MD5
e8528dfae79e7ae4d4e70bf5043b9924

SHA1
197408cd072e9fecb564718bce163b0f71923df0

SHA256
7a7812a37323645c23709c27842beba4837013ecdf151f02eb9e4b950b826cfc

SHA512
06dfcf33373cea1949a1edf264160096865c3abf8f02a619d7371d4de937b1e8a3da6de8ea04e3754516d1277fa8c6073659aa4d5032d6b079a3527a9ea271c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\28552

Filesize
27KB

MD5
983ccdcc1b0c72597d2bf7bd203ea31b

SHA1
8b81c1f8dcfa223a8110d02c0a2b0104315cfb09

SHA256
ce069b225d67a0161131cbc0e66996516610ac70305b06381cb3a7c164dd1aa4

SHA512
5d1808693dca3c2d856bff772627c8d7a06bde695566a89c7a53e8796530415107fe4a2705a25c8410a713d8df11380841e9bf8a2c723b38d4cd5c606e000b2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\29483

Filesize
12KB

MD5
a0fcc17a68670b60767b7abefa86c9e1

SHA1
a89bcef2e225c8c752b5186ebebb193c60d10cfa

SHA256
824c0f98fad07c6dc0326dd7d4f5526f1512850b81461b88b1d805d9ee760022

SHA512
18fb33397d0c5d67821faa7bac776175ed3fa7e5c7e257542ef8ba6a7f2dd459e9e70af5dcd0ea90b02fd2215527f8d19b2a0b0f8f1a456664987d9515efdcd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\301

Filesize
12KB

MD5
c13b198a4663326aa038ad21ca914b25

SHA1
8a2131836b2d39f43564b741b84c543cbd52ad64

SHA256
9109286e4f9488383cfc73f958e8f5b70500fb86bca21d1b2c385d2f58190a57

SHA512
50953950f84fa4fa56a1e445715014f2bf7565241b37cc55405a01a8309f8ec87df65c09bb71b0dc2c898f9be7a1b1399a00ee7df71e183274bc4c84a5a7da94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\3208

Filesize
15KB

MD5
4d3be2334aa787ccfd26f87c0c6505f0

SHA1
5011057a6474b6e39441077b4c3c616dc67fdce2

SHA256
4720ea470627e4e0bd1e3d51bb0905a77e74afafe076f21e5b9fe535f9476933

SHA512
f4f028b50215417ef5ea21538bb5789a693ca66c8abf39fd722c3c9fdd38e79dc1f10650709fcffb18c8ac11f2c27c045d086042ee5c861a8b67905db78fc9ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\32211

Filesize
46KB

MD5
5877a87df1a43baf2f12beb7786618c5

SHA1
290c9b5ee55b6f5bcda7b7a6a1fb4989270ef4fa

SHA256
bb88049a6f6c190afc553b78a3231669ef94a8f8b5833881f787a33aea04a320

SHA512
a628787ec65ab2ad541bc0252143390dfb534e213cf14ccb31fc2823e7564f86f334fe24680267f6cec081239db5383fe097932b4a82e73e1e5e943d52a9c493

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\3510

Filesize
18KB

MD5
9fb42b931ddf510695d67e92e689fa09

SHA1
ee1fcb8171984c71d2bcb44e0ca552e27d32b927

SHA256
1ac09163e2e9b54f210051805d9fefe35bdf0b1f71d3989814260574799b0ced

SHA512
10363e3221f28af83e9064c509782570dc2847a630d53d532ab5e83027af1da01de35e390be0e3ee967c10f25284578eea37aff2bcd335dd80bdd0285266c01f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\4641

Filesize
12KB

MD5
f53126de342ed4d8da89ec8993adbb50

SHA1
1ca7fdee95d8755c4f836ceb8ad141f918db8002

SHA256
7daa59b8f1b9dd1805bee99ddfc80e3ae85e380cdc1183e90e00136e1868c6a9

SHA512
a082b7ece98fbe819504c9a2a9e3cbdd6994cca1357d15c261d9dc9b815b801ee39bb022c19c661cf45c0cc8a36a0901fd0cd368264a3bed61022b4c26d02474

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\doomed\9558

Filesize
18KB

MD5
570b5190d07af70f05d2451a1fa48ff4

SHA1
9d823c28e041ac9d5dd28ce36733b47ba073f4c6

SHA256
e3d8bca31f99b6d34d3863895ff9f931f4b9ab67fc1a26c3ac05a6120d2d503f

SHA512
5bc95069a3ad69703c7e08c3344f8e44e1763a50248aced0618c1e8e35a0e5817e2befac19dba67c1d74edaff0886c9b645eace057e3023fa757fac1f8ed376d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\00916BF731465A6B55364BB3F5739DA4A1176265

Filesize
80KB

MD5
5811bb7b480ec9610dfa3952f958fc0b

SHA1
e0a13dde33cbe744d458abe5e6307d08d15449d1

SHA256
7f3cad7f5108341ca340cb90c706a9ada1be4e734b17073852d0145c3cc3633b

SHA512
3415c9edc39594a0aa175c18fe13198e11d8016c1f34d952123ad1ae61674a9b0ce89ec5bf2c2de015c5fd98b345c374c744eeb1890f68cf9956325cca386c27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\0D0D736D46FE47E0D0895EC169CA69CC62A49C48

Filesize
174KB

MD5
82a5ebadebd1af23c01fb81f539edc57

SHA1
452f5b5abaaa17a6c4512773992601e24f6fb501

SHA256
619755a478e0fdfec35d696a9f450fa795a1d3c38053a941b5a1823c7e7551a4

SHA512
453970cc735836c2cc80568f690445f5d90c629db2e60d40f4b579f9abee3d99719fb0f297def0b8523146d26cb0065fd45b6c3548129f2e9e574939fdf735dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\1116926E51C4FBE5398E3A601CEC8E8BDD10B6ED

Filesize
14KB

MD5
1c6a5dab2a43e248894867b9e329fb18

SHA1
afb7d239367ca235118cbb09474d3392c8f9c5d9

SHA256
dc726a8ce9c948980810e936ae1f13dca998933ae6642b38b93f04ef2cf55d59

SHA512
734ca1775bbf32d713e559a7d779f299c564106b3265d25fd29755d844935d726eec4e0978a3afc39f8e1dfe3d50dc30b0a8ffa0fe9c457fb9f572ea8cb8b0aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\116F7BB9EC0299CF47A2E033A295DE26BEE683BE

Filesize
56KB

MD5
ff07737a9da23b7e328f4ba9fd4cc915

SHA1
190da0f4b5608f3b68a73d7c614704066ad58d3e

SHA256
6f5533d62460e6550dcac2a5359cacf8dac313c2a0863993e37196f99035b07d

SHA512
f201aced9cfa9b38ab3641deda75d87d339de52f9c321a0620fc0fb54abc746a0ad491f252fb91c8e0196022af3e02f47c0b254f34505ab869f7352eec9edb5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\118BB2BA245AAA64B01692DF29396B97E11FC1A0

Filesize
14KB

MD5
a7d019743164d32bf26398c097429119

SHA1
6f2fad22d93b169094028542cca817788126c04c

SHA256
00f087019f223f6a8dd01c71dc06a8ed0c04e98bbfcbd1f2941a4854d5b2301a

SHA512
b4df78982d59a2f5fa47a2290922e4cf46f01229dcd2d11b45abbb5d67ade8649a1f5043c016d990aded2840b17d5f9c1f99c3aacec0d2f25c55b0c726f5f8e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\2A05D039381AFB1C18D304BB417266FABEA82801

Filesize
199KB

MD5
fd22a95602ba2b6d2cc985173621e29d

SHA1
447e617509c71b1bd77b5ba4f0e596a6dc028c1a

SHA256
fd989e2b71c50ce73aa1d273aa92505cc98b5a4f261f572e256eb2e7b2c46e22

SHA512
b90eea1a5581ea498fb4a24302b735319fe9f9dfb0fe0e06746062d5b793a914ccbf4581f3b96cace5980f439f375f8a64287ef92f38351ec478a5e5b7b1b522

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\2B934BC65FF1AE7B4AD64FBA5AA91465598D4E6F

Filesize
78KB

MD5
23ade712ee6c30a086cd6d268f2403fe

SHA1
ed75d5ed164175c2ceb0c717c57ab91326c3b2cd

SHA256
a340330bbb05f9fed9f6f3ec7867b6e751d63f80f52892ed13d8eb446ae734ea

SHA512
7ff976c99877e8a2efe0cbc1d3753a001ed4ca1d8307394bd0dfc2e2dae10f2481e3962fd8b92c8bb8d2314af7c5b20f0b0a81cd6f50f6fa739ace88a28100b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\2E790FC43444D524DC9CF216C8196525BA1F5DBD

Filesize
15KB

MD5
34e215b814454c694402357841ed82a3

SHA1
b3a04b8550526361534865345bd08a20ccfd7014

SHA256
b9e183619038fd4a78e32b3ff9dce5beabc46f2304134c03e1fe92ffdcc6d02c

SHA512
79cff75a875c2d5947874beed68f109cc86e111e3e30525200e9293250cb41009c152322330b9c52d8331db49e7601c403f1f73839187c92ff0df51f294ac34d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\3DD29C0BFC40BA81516644BD3E2E41C6463FA1AC

Filesize
69KB

MD5
4ae2478757652752c319fcd26f96c1fa

SHA1
f0265a7f6442ee68b4e99280febd377046f9f313

SHA256
e2a49377afc35887bd8bc9b289522cf899cd30a1b03d03c48ee2aaf8553cc89d

SHA512
a3edb92d7164cc66e6fff74f0d01539344a3cea02f784e59fcce9bc699d6af832e6508608fa05ac941dce09d2ada1e76b16ffcaaa63f0e14565dbec2c886c190

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\3F77809202CC4A281C484177594075D4F9815648

Filesize
49KB

MD5
9918cea080b9cf96abcd5b7e1bb948c7

SHA1
00a9f10e7d93127db32c31173653f4c2d90c2279

SHA256
950c0bf0bb4521e224fcdf9dffe5456d50372852adc217e7015e19e7d6ae066b

SHA512
766a108e71b2c43af0119d0c0c2af9660b77191c23c975c5b5c371ac3f304430eb7267fdae14146adc477fee646305d8132c23f2d329725154e24d24fbe4f0d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\3FE8FAFA9F9C21C432281892F6CB13330CCA558A

Filesize
978KB

MD5
fa9e873e856feba004bbdf7a9636e6ad

SHA1
7100fa8bd7d0c466c4a6c79fb9c4faa823304658

SHA256
0012389bc708ac7f67a648dd95dc3a0c18397f8a7792f8bc885d01ddbd06d91a

SHA512
419fdb88f453b9068d2555ff0202f02c768f0f1237046c3c8e1e8650ff21513140fabaa3252a33155e0632750b4c18afab90d0fe730c1a6eae08bfa6e370e3d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\4DA8A84F1101CCDEC7D7F467403E74E14339C91E

Filesize
50KB

MD5
bd25b1c246524ec1fdb54e90ba90ec25

SHA1
e8f7d231e25151504d2f5ce7a3da8d024432bee9

SHA256
911fb3a2d5f7d3dc037fd220c0ebbf85ac1099830433ef879c863e42188bca8f

SHA512
76bac7ec8c6c141dc7b429cba5132e67211c1721db73feff67274ebee7902be03ad23987c70b2abd6cc8e9d35e1951a33822517bb21a6e4dff5ecc391897cbd0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\544DE4CDCAD014FAF6FB6B1ADBCEE94290D8F109

Filesize
71KB

MD5
5d143302581f65787e895024037bd0f7

SHA1
12c2eb12b951890582a8485fee7cd253416c196b

SHA256
da5994caba6adc401b488ab92383812cfabf9d6ef73d731ecdfc79f9a508cf80

SHA512
50a44061c021dd1154c6d62ab47a24102c2ada1b17cc2c9a38fb36d377bcfc6e694d2e1537074dab2e89a45638aed92475bafe4b3aa1034babaae21bb515c46c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\559D7574328892FC09D6CFD4CB4CB2ED8BCBDB40

Filesize
29KB

MD5
0a29129a5b8ea349e6b588edd723bf1e

SHA1
fc3a2b1203e521a8c483b68bcc60a8e9475a02da

SHA256
72df116505e7ebec332b0c05d8b66a7ca3ba72a32d5b7c825a7642185142ef5e

SHA512
477896ea9d2d41108f54fd26145122a0a5822cf075cd9b0e3abea958888c66bc4307683d889a3388dd59c3d9fd0dadaff319bc7155ccbb2aa7e3d385a09608d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\582F7802A1816DF4086DDE87236FEE8DF9EB28A6

Filesize
16KB

MD5
3af3417a824b57becaf52d3bb972a28d

SHA1
7e66cd963f00b46fa10fb2521fe108832ba2dfdc

SHA256
c25b76996105ccde8fb4b489a9cf707e12449c60f30469ce00946a1c5b594191

SHA512
83f06d8bd9fb037675957ddc7d253113c7d6387ac44a2734b8473a4b7f97b3cf5e9adf0d2d14105beb85d5c56563141aed1961834245d318083be163c6b171b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\5AE68E330FC6FCDA09897D0ECD9B7DDE55F23D67

Filesize
62KB

MD5
3ccfcd85603bd81621cb8188446fbec3

SHA1
244d6d2a1304d0beb8a2e2549124b8e1a18325f9

SHA256
b2ca7b830430959d5941cb28deb4fd8fc9c0edb3543550e7e5a2e01f4328f6de

SHA512
e05f21dd8e3f7daa1613ddea5e75f7fe1e613b5fff978ad400322d4239cacc49fbfd3e9a116de91c6d699929c3322a960c7d30000c7af4942019c82439bb87a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\5C0A7965D65F233979CED699F328E27205361338

Filesize
76KB

MD5
4630a08266948391d98ac614d8811a8d

SHA1
8968171f098f1a2d3d41fabf689a6befd6881844

SHA256
3eb4746f526da0436d515311178c4776604def40680ba24b3a81c1961e068da8

SHA512
fce60b15b8597e029cf4f99114568057e923e50917940f799589da6c797cf1f0373c662d57acc6c065257cf59f367a8061df922c559bd7eac7ebf7bbc03ae7d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\5F8933BE53591900E093A2E6B90ED8B004E02092

Filesize
73KB

MD5
aaa680a4dc1cb0bdedbb6b0088fb028c

SHA1
e9039e2581d286d878c15a414ecb862621ebee0a

SHA256
d92d10a2f135c6fcc65b35cc6dea3cc5a037875928ad38bf8f22ea020ff90f34

SHA512
1a667248b91b21bdb0d57e19118dd6e8b7689bd941f3139d2b32d79b040f2b293f771178d8e5922ff060385b32eae58d4a51f90a8262a41dafce271cb1d9eaa9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\6974F56574072FBA6566085B5F4F0F6386FA874F

Filesize
92KB

MD5
e3a7fa373247687d304f0b4619adb1f0

SHA1
368bf583d2a812a0ec6f70271b4f339a33c61ed4

SHA256
5341a1af92491cad2c3abcd457c4ed902a81233c2b9c158b9c357cdad7232927

SHA512
be1297389109912e21a66ff018afb86330e881146e648141664bf8e2fe65efa9c370c2b08948e45cc52c6f7ab5a3955dd88af9ef998ada628c165fadfa191913

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\6B88B109BBE61275E9ADCEA8D7869382ED0776F9

Filesize
59KB

MD5
5d4b156a06df60121a5c0c591e678f7e

SHA1
cf56924fda4ea96dbd1fb37c08fbab799d182cbe

SHA256
67e32572aade6c4dd986ecfa09f0aaeb5565131d8501a44cc367e8ab11ec82bb

SHA512
dfdea040243286ad428a893bc65b8ee74ccc535593c4c139674132e2a706c3e60789d2e742c98fe62bb880d3cc3f90dc7802539f0519f5be4ba4340d9b25ba1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\6D1C7F458D4BC3772BA08DC6FE1CFDF358FD6795

Filesize
368KB

MD5
1b93da0b3c9aa868e341b306541ecd79

SHA1
39f4c9050901befc82ef85c3890f7160c76a4e5b

SHA256
a725e3e48dfb8aaa990c3f263a4d0a15951581253e4c5877b45d6b48f3c80651

SHA512
5292087969eb6517a2e5d408cb1a769b1b2d9a10ec1d9fefd2902bb4092943d12bd81ea315606a6a755581691e661880bc3225180a5f8bc605dad8c514ef6977

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\6F6DBA09DB5BD4A27E979D35B2F159F01350B5FE

Filesize
135KB

MD5
45731255e213a74d08ce390dc8f30260

SHA1
40a5c414ef4a13eceee5f811a1b7b579903d4612

SHA256
48db386a719122a9004170db35e3ba442514c6246b8b215319a40c5f61a3b8e1

SHA512
26c3ffda3c7c79e33f06e7cbab7559a94bc0aae64b43992897112bd4634994e7c3186030d9ad48e10ee8ad429bdd9e45dfc398952a05a391b4694d3003c7edc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\7515673401E6CB9BBA4E8B969B9CBABCCC4C2D96

Filesize
188KB

MD5
2d9a78c00ca77bf79d20018259ba1e33

SHA1
80ab9777cede4533c8247790ed08df987123948c

SHA256
4bade1089e1f41938d1823434e8f6cdc3baaf173576e8e183fa0645919adbe0c

SHA512
90742d224c4403dd6b0cc3b5e0d4d02827dbae6f8ac2eb4bb7c515ede368649e6fc67d2f9263ad395e3b9a0fe935f3ef366df64ce01942388606ac605588e791

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\7DF24467B7D788A178D0887FC514E28167572B45

Filesize
76KB

MD5
c0e840265470d222019b5f3b783e2712

SHA1
0cc6a4a1c8b33044e00f0a59482b74ecdb943bd2

SHA256
62a5a8ea5a53dadac607b4bcb4844bb7a49c145d1024091302c4d9bb552564e0

SHA512
a480863e23e406cf75edd5aa2352d25c29346a0415701f9913a532b10a9367e1a318d40f1b93832ea61ff0a70266c6349fc72a3240133f8e824978a3bd2732a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\8039DE18F23B5CE1CCE68D5829CA3841EC97FD7F

Filesize
14KB

MD5
8f18d3ffb65882a3811eda9c3ddace87

SHA1
1452b177805bef4c13b4658b0d84fc5b5de585ed

SHA256
564fa3401aa2975fb1bc1290b0b0628d0efca5dae2a2e45c6a2af84f3ebd245c

SHA512
7390426dab47e4f506a539b8ab107a2ce566c1fd278530b4daa44bc08d7e8a64a83679756fe154c4fb13234ec79756194a4cf732cd7df2b6dfec9ad186fbd3f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\81E401DC4F11AB965FBDD67D9B8C0D17C3D5EFB8

Filesize
14KB

MD5
5cdf55f22946d12b6bfc369894610277

SHA1
3627b3f9d3a17b9412d1ace268b5633da093270b

SHA256
ff0d801212baef3a99ee8cbe8af1e738422cc3ed749a9c0c3d7fd254bbd4cb3d

SHA512
f0378656805b8121bfe3c3455aa73764baf3d62361e86a622f3ddaf9a683e16f7b4cf9bc4d82b6d8c9be9c09913d4d3dce60b5836eb799b241bb96a8a36ef956

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\86DF9C7097B68E4F49670E3EA90B7A54828D3ECC

Filesize
381KB

MD5
b046debf83fb15de0fbfc0d2685ba01e

SHA1
4854cb25969dbee8b52ee940e67db6cc21c59f46

SHA256
f7c4f27eb20c4f262965971c8b1b10e3caa02410b5549e9897175b0c463f98fe

SHA512
64e42ca6312933bd3582a74fad8e429de97e2d3faf2c5b4034b44194f5dcc8e10ff373f624de651bc0ec3a534317749da19db6aac41059d82fa5bd9746a81317

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\88A417BCE79E6D433BB14AC0022184FF3A9562DE

Filesize
13KB

MD5
e9c32bc7122b29a6ca29e337132b4337

SHA1
fcaf1f6f4e1aebd62ceb241da8b1eb52da440145

SHA256
267e0b8717c3ec854dd0cba3e13071d7c5aa137aba0b87a69cfeb4bf166b12ce

SHA512
12b229c308524a68ad75a026fc7ca4bbc97ccb5e5b95e1325d01a0041dd55a477777da3e07057b95454a85c03d8aeab10f57897d99d23d8691f2f23f1a679838

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\88EB3DF2CA60044499CA5A9EFB51BDF330479D4F

Filesize
66KB

MD5
116d9bd78d234d059bb964946caa2254

SHA1
67cd4a80cbfb5c704e6b3db5349de561b0fa8074

SHA256
c5b743902cae91765a6ad34c3150b53418086cbbd609f2afeaa97065eac595c5

SHA512
0d0963720e6b2392ecadfecc3f497654ad9012f3d53770af2b493c206ad20d6f46add60dc5c079b3c4644e42084d59c1aa06e19e775b6c785e5d75303ea86ed6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\8BEEC6ACA038D1434F154386F408DD1EB850ABC9

Filesize
110KB

MD5
f161bbd9c6daa1f9a315b9accec6d537

SHA1
d9a9321930a528660f80309f283869e5fbd66711

SHA256
1f6585eb1d2a184380711a15fc30a4be9e1ddcf20e6609263d5f67901a02a27c

SHA512
de7b743e3ff631a6f76842eb34bb845abedf71b2572f799d6e8bd5c413c04c14e05e87c94337a4947d87fd7ea2cc2a669029b0df46526a1b9bb83c002c8e4c30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\911A10352B5C1FAEAEF91B420BE3C5F8E7E1E987

Filesize
45KB

MD5
ce8d3b4012f586e3be0b9a0d36269d62

SHA1
72e40d1a40e0572ae23ff33f61b8196c6016426e

SHA256
aa5a3d4a8630d731eb1a035bb59cb8ada0d069468883dbe453288cde09a93ef9

SHA512
c3aa216d9b1087953e6734c29159c9641580c068afadfa929e32c9b8bc49c8831f7df637e8e4c5b30468ba640de307ce33d45c811931bc931f01a16aad15b1f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\91BDA0AC82D8BF0EA6D4B4EFF2E5FB65C8D12226

Filesize
17KB

MD5
309e3617184e41616335b567fc06dfc6

SHA1
028a3f8a19fc1be82ae75c81b5933e72d96cb205

SHA256
c9c1adfc138fc167971da624bd1819e5a95e4451055fb38d3b3337719edc9d0e

SHA512
6694b7c842154001b5e09fe618c76190bfebc7c1517ea96beab35a65af31e2daaafc83e2db3cb34d854315854698c028d72bdeacb161a328898c79e19e17a287

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\9227F84680B7D22E6B5B2DE4317692D4C80C5E7E

Filesize
66KB

MD5
56653f63e48d90cfac68d664005c1535

SHA1
e6c5e1f7cf1f511a13b80b7e96cc63fd1b3f570b

SHA256
420850eceeb55367dcc8b4a3c24a09d4a7ca5a7b7a32e40dbaea256f6eb26810

SHA512
1c76bb171882ac48fb91df761739b7fe6ed843309b5ed0ecb67b9ccc04132c7e18110989e685d8d016c3b038f49daeaa4ee3655c35b270feeb4351843ecf8aa3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\94E0A6237583362BEEDE8DFCB03A76C48701F762

Filesize
564KB

MD5
45bdf68baa8a42f83112394fde16b75d

SHA1
9bce5081fc072e9c19c9673c09ae12c0643ea0ab

SHA256
671c76906d0c12dfae14936e7d24e1d11cb2cf80b5828538e3481177d00c8c41

SHA512
a9611c66e6e8a5ac83c3631fc63a52e768e47044fec1d8feed1dcaf60b3dd389ae33545f41028645f9eb1826495fbfa033cf689a1defcbb6010a82e6c965b2ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\95794E07497ADA92D6BFE6D4E4C82682F1653804

Filesize
59KB

MD5
ba3854b513ee35469d6c16d245d23fc5

SHA1
91359fc145a3ff26c658150f2f38f517537382b7

SHA256
8a72bff1011c7189822522436c298e46e545dff1487aaa4532fd5210756cec5d

SHA512
8d5a58411ca16f81402fe2ad36b753ee69de2e1ded062d32efd913b63db6d21410ac6b63e801b31198fb517d7fe7cb0a9e4a2edd70a36cec61d0cc26f8a7de25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\9F3DEC475AE6BDB4A51E05D6B481B514085A2CD1

Filesize
14KB

MD5
7983c67058c013bbf9c6cc5f31a12bcb

SHA1
b8502d88079afe6f0090802fc94c36daa33936ec

SHA256
6268d7d7b15cd65bc801fc88dc43cbaf5aa7cc0bc62fe2f03ab7110f514e5d46

SHA512
960852b40b09982728816b56696b0962585a4838a704ea1ef8c41a4a10078a5ba21fe58f2d3ea833ea22a3c4f7fdadf37513a21a7b9d53d1235f28f7bebba71d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\A1431738748F35AEF12F4B65002FC63EE9A365FB

Filesize
105KB

MD5
8bda72143e8b1c6300826ceb0eaabe7b

SHA1
492354dfd2b86935543ad8cd2b140d533f249450

SHA256
a151ef2b016872dccf587799b148c2474a4bfc89a317e585f8db4132f92eb4e6

SHA512
c88fd4ff2dee66793227b860489cec8ce2e67536a144ac31526e8cdfc149ef0c2d9a2f2fdd7b40b90c4eb0734d315d3eeac45ca64d92bec21d0d153e6af64894

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
40KB

MD5
c057b2060c3d2f8ab255da9325ba6101

SHA1
0ab21063ab743e2d7d1bf3daaab56ce16a4ada38

SHA256
3870ee5830b53c41f789b73cf47e7f8e7e0fd6effcddb9cb4aef064560ea5ed9

SHA512
2e54b7b9e286a308606b912e02902022524d8f85422e15b66a7826c9e04ed04362f21af4a54e8b68e2f1856bbb8d247ef6b0f6bf7978eb92511a243f5e2e136e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\A7F72FF69865BF5718C33038E7A018565BA4B471

Filesize
26KB

MD5
671f4fb3448718e3808f9735804c511b

SHA1
2d4ecdbf297155e06f3bbb9ea6562aaed80f84b0

SHA256
e2c11d49e31f6b633ed0ac84488152690bd95b6f587ba339e35212edc2a8e775

SHA512
28a7213954114b62ff64e4efe735c5967b75cb03a697447194573b473b66a2493d342789249f0f44d23bf7c259713d3b48e74af1c78091279dddc947b1cabfd0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\B0086987F1102A3B0CF783B6D70FBEDFC63DEECF

Filesize
92KB

MD5
ecf94326a63d72d22146327f5b8d5b53

SHA1
0cc92ecc5da61809970446dde5fcfa0e0a83c72e

SHA256
4bfd0aa27be724454f677c8c0bbb31ab689d7fd01ad7cb664ad9c0deca94708b

SHA512
ce478622b7fcca96162c5d0a7c19ee990a3cd8c9bbd6301c4c9f8d12cd721d7fb57ff26ee3c190537fddfa7df1f36c356f712c2b32cc91fd7773e71892caeab1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\B04B2F7DCFCD41F35D73C0D20D3D7C052A5FF58E

Filesize
52KB

MD5
bbf1d51c6bcd4624b49bd205ece65cde

SHA1
3055c3c976a7923f7f39ccab90c254063e5491fa

SHA256
8091fb4a124fc177cca43e5f51f2d96c93fa7d21d2f84beff26bc3513843a87b

SHA512
fabb05f73c1df29311c5baf5a1356b042f5faccaaa354dfd7626232df144de7e0405dc97f078d7200538972a6b9a978691a028a3704ffe34253dcdb39cd8a5a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\B0985743595C953E243D1553684FEF0F659DC28E

Filesize
70KB

MD5
b948096790f2547613bff6382d6dfe5a

SHA1
469eeb1e648486e97af1632b4c7537b46a3c86aa

SHA256
f0ab2431a8ee99a77cb499e8b6f6a840a609942fcb9367a335691b0b4f2ff87a

SHA512
064a9bae943eb86f455a17799ee3517bf6a9e1c16443d28a96620377cbf3e6d802d0114ea2182b82fad5fb842c23fa8ca277876b43a8a55ef2c0ac7bd4eb6153

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\B43BE66CD94DD40799872D4E8FCE35DE94A9A7F4

Filesize
67KB

MD5
d54a2028312004143ea45f988524e777

SHA1
0fac7b7e132f28a0a517403ba4452bf18342f730

SHA256
b1f9ef48756f87a429e6ded4047572ebe0413f8904dd5ade9e3a707d2371f538

SHA512
6a9fc1f8956d4c7ef19fd86229b84363d90927060b2efcc4fb51d119f500f2394c84d417acd13534694b419ed967755ac9892bc9216e57b85eded31bfeb5fadd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\BAD4B3193B58277B0E685B51F105B483A30DF03D

Filesize
64KB

MD5
d0d3f7fe3ee77ad2650488a6e8c9b586

SHA1
02590b167d20216b95e7e8b201fb90145d88f6cd

SHA256
99be81c45528969a623827c88ca67ec6ffda10f0757fa6a88beccef799a32322

SHA512
d36fe2f91455b7697bde7d4e9d1768d7f4feafc7f63c1164391de7eb62dfff0a199e7c5fb8139d15676ada9549e19f39920c4191a03876a9ed5fedabd395869c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\BC472A6EFBF4A4938268C663797454163477A817

Filesize
19KB

MD5
cef8ba364ecd7bdf56f0f1669db44d31

SHA1
a9855d5bfff1b7f205e73ae38bc62689699267b7

SHA256
a5e13bcb6112f67221e336090160ceaf680e240aee6ce5533fc28eb5eaf24e00

SHA512
df9242fdd0cb5ae7f81ad8f4daccb770c017deb93febf4653ac45cf63a5392a9fef187e828577d5929cd848adff2e02c44105ac2de54859f2f721a89f513039e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\C1028ADD0F3DA0916388FD3F09904B4000C101CF

Filesize
89KB

MD5
d9fbcae979832b414c7ecd5adbbe862d

SHA1
b946dc7ac1c7ca4e656f83402506228b9f352dcd

SHA256
282161d5d09b27f3df80f3423c4c29491a3fbfb41f7af562117444586f044d11

SHA512
d9306a3542da6c74dc5f55742688a911ae2bfe781f564ff36b3b0d422aea187942b9462b3aaa8d81826b4a1c2a366fd6404ebbef7f4f69f742e42d6333df274e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\C9A3C7ED76B92485E7EE3C68909F94B8EEE2117F

Filesize
65KB

MD5
38e301b1b6f563557e1eb017b52f00d1

SHA1
2c284c6ee3101e8275a4fbed43e1c3f0f4f98efa

SHA256
eb32af3a781e36e08bb1585fcb76bdd6226360990531c166b2a21f320f374390

SHA512
08b630a03ef08d18b0fbe50eae14beb3951babf8bfdafb3fa23c8be3a965ac1fdc45c0b6b35d4cf2c483084bcc11caead8772fa0eff800ce95c6e64790ba29f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\CE0C75D81AF12E0EA94784ADDB9E8BDF23494926

Filesize
36KB

MD5
f45b26a3bb6a7b48918794d4a815069d

SHA1
9844881b7a14dc84b1429c9909e91298850ef04d

SHA256
05c25e5aff00a12a89539a51cda616e5750db24299ed96716e0a1716023dd68a

SHA512
f5832f3dc4fc1dbf76ed1208b0bf4d48d2f26c7f2b2f24549cd04d59a8cd76c89f699b59afb467ad610df776761d6f731de2875b1ca7634e3b41e6b45a897a04

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\CEAA05FA6A80336AAF7400F4F0BFB24F6791C9D1

Filesize
52KB

MD5
0caa675f091b0997e9eef34e600b7d98

SHA1
c5e9abb4b753a99e27a303aa9b63200a069c76f2

SHA256
e77de46cc752370966cb49da70eaa09ad17bfaa91a1311f04429083df8f5ef59

SHA512
ac0218a43b741b62bc7ea0cbdc3371205ffc6ffa51aae346aec32fd64307c4379e4ee2947cf51835b1abb9e223a23af41eb404315023775a4f62bd891213bfc3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\D0CF3516353C6A340264F19C5CA920A63D33B1A0

Filesize
41KB

MD5
af7d9a18d401765b150607e223bad4c9

SHA1
f2b84d48d3951e72def99b5ae1a2cf023841388c

SHA256
a1d495702172147ed310f289ac104ac8845deb50c60e0d9496938533cc64e51d

SHA512
0328371a6fb59660375c6857107ac101535624fca34b6fd44e7563a0fe8a02eda3935623a4d0292b7ac811db887563a2ea8b475893a3a27de0b305093ee6d55e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\D6A11958C3A7AFC44FF1AB5F28D25B83A01B6DC0

Filesize
1018KB

MD5
64cc0c5c39fe76f0da2b5c654b8e528a

SHA1
e6a0ac92bed27f565b180f0a494af47b391c0a46

SHA256
1fd4fc44b04ca54587847b2660f1ab8fe9e317185e548b3d55c907b50ed00009

SHA512
3836da5e5320c7f36da2e04991080d0d3c64a369386b64de8a9306fea49d5956d4bc1908411f5fb316c9052da6c312f0bc6e829a3bf5d358c65081efa740d7a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\DFD768076CB1E99B86F2C8D7FD7D20E9CD4F9741

Filesize
63KB

MD5
456360b429ce178a0a774abd36088295

SHA1
5934c530b90550e24aae0b9f6a7137304c017c06

SHA256
1ca7db2328148334f8355bff2ab0ac3c12bb2c4c345e8a32f1716be038856fe7

SHA512
0fe99ff390cde4cfe9a58668f970eb95e4cad3296b3c294787d81935ef11a29913c461895ce2328541ed88b586e3dcdf749d77b018abc2bea47ca6a6854c33fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\E21BA494A5DDEFC588DA8433334B27D765134C1A

Filesize
14KB

MD5
714d0b5be3e36bb3894da1fd3809384b

SHA1
1242be22e3323f36bc91178f0f23a52617a77567

SHA256
64b566ef2349350020601a5e95129befe79628b0c1a7c3781f59f5b92c657a61

SHA512
f0f58f308b825a460b6ad5934f7d5778b8364f51cf2369ae881e98b9f201647aa220556287502130f69122ce14e1ad44667efc090d9358b071bdf8e731580d51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\EBF418155489272FD558E7BE8D0119468D923889

Filesize
47KB

MD5
81582ace01ab818b159ed43d3a8383f2

SHA1
56e16ea600db1e11ef63fa24e9f64c71fae9322c

SHA256
1772ea1def2a90614807d71d117febe4ec1d61e8ff80f0694ee615559287d9d1

SHA512
54eda306d9d361499224e5592fcc1de8570dfbf06f55818f5dcf7246c5c2f12e7f80a40dadab466fe5526ea38a06b5e38b64ae966b836693aa6ed2e65d567316

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\ED2A917ADD8E0FC14023023EB1140B4BE2EFF615

Filesize
13KB

MD5
2413a2251d1919baaa50c325b9a729d2

SHA1
0792f4e95519e80e743da6861209f33a8ccd8952

SHA256
b0aaf59b0e5e6195d75db07137384c02fbb60ff092d67d89674213ee1a831905

SHA512
4d96a82593c55e050f4d6cee027a5c8cf7402ffe6dc1ba963993764e8ef27510bd00214c51127310148e18619b2df0aca318059c2a789c8e3292478a663eacab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\EF2A8EA992620C865B622BEF88040DCA25032F56

Filesize
62KB

MD5
079812a3b46a7b0ec759871043b7d1f0

SHA1
2722d652151f03ae3bd6f6e04f6f909844c186dd

SHA256
d4265ffa2f7da0aad2757a1f9855f2730b53a949c110e43b9b3a4f77755485ba

SHA512
f12585c08fd902d76b77cbe5b4ac16f37b92338a546248beb9a30e90774f60917b144e13d95ffe81baab88776456a8003a3ad2fcefc50d733c7ecdf631edead9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\F0BD3084D36C8B05D3D6AA63E4E6AFD6109FF7B8

Filesize
32KB

MD5
17ec39aee721fe8bb6db7e6d2f43c35e

SHA1
9797b0c46388a35db280d81ec0cd24e39db3dcb0

SHA256
49925d23385fb3eeff13f0cfd5508b79d8391a74419ee629b45a99d934d0dd0f

SHA512
8dc217625137e7b58e6b01ede204c95557ad5638713f235f25f521d78a6a011c0060c15797abc5adf5b07a87c1ed2dbaa4195cd95e5b9c6e9b6da00a1e0c79e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\F301B328D145FBA923DC4017A6BAA62E1803830A

Filesize
47KB

MD5
27818975d25e725a2364fbafb65fd84a

SHA1
075334930c440204ed99ac2cf309b64648159833

SHA256
9e55f9f06bfc0174fdb92a57c9e8911aacb3369acb058cd075bbf45924ead690

SHA512
8ea60dfb72ca012111584be92bbdc05ff2e5fa6cee6c32880fe4cf410260d9aaf4038e53eedce046cec98676cb31568346836083e06f639aa9755c89ec895ca2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\cache2\entries\FD07C5CF767B958630AFC071338817D5E8E86B02

Filesize
49KB

MD5
7bf41736e45fe7a5a7ef8d4bcab7c6f4

SHA1
289f5c71f337b71cda88dda265889b820e2dc72c

SHA256
63c9c8154f02d9f6974dbc31060735c350fbd0fcb672d9f8e7a4a3ca7a2d587a

SHA512
9fb2ac2526b4d5a20a0f6a61e3e4ee2b4f7c15e05c609efa913df2d7fc4baf54a4295ba40ab5d61fe2e25980b1267a1b9190a9c0ba430d687a088229eb6ddef9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vjiou3c0.default-release\jumpListCache\+9IfQtkETCVqkhH9y4NV8g==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bombermania.exeDir\Bombermania.exe

Filesize
2.6MB

MD5
fe37b30358f0858a8ef4d8b874c8a96d

SHA1
7b4a71cb297852872a505da9e7863b3cc2607d1b

SHA256
77edc8fd4a7edd277bf6a61b6413804380dd89ed2d0e7b768eae09efc3393d9c

SHA512
c0d4a60ec6989f2cb6572a9c9ad63bc469853a669fe7c7e854fc9d49903bf6b67fa928523593e4f34ae44277f084eb6d62737f91fa41f22c5fa49d0dd91cc73e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bombermania.exeDir\Bombermania.exe

Filesize
2.6MB

MD5
fe37b30358f0858a8ef4d8b874c8a96d

SHA1
7b4a71cb297852872a505da9e7863b3cc2607d1b

SHA256
77edc8fd4a7edd277bf6a61b6413804380dd89ed2d0e7b768eae09efc3393d9c

SHA512
c0d4a60ec6989f2cb6572a9c9ad63bc469853a669fe7c7e854fc9d49903bf6b67fa928523593e4f34ae44277f084eb6d62737f91fa41f22c5fa49d0dd91cc73e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S57E7.tmp\is-NP8BI.tmp

Filesize
577KB

MD5
e84de69f85741b96c7755124d725f754

SHA1
66b144676366e003477f71862ce1cb5b7213ac41

SHA256
f8a9acfc4dbbc58dead29730e266726d1650437b76a73f6d2ff1a91949ca395f

SHA512
39bee4921f2391354c30674473c32a388037ded833c368e4114d090c1496b403a3333ca937d5a6d73527efcfe4d2c71037e355929e597598471aeb6a597e6494

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S57E7.tmp\is-NP8BI.tmp

Filesize
577KB

MD5
e84de69f85741b96c7755124d725f754

SHA1
66b144676366e003477f71862ce1cb5b7213ac41

SHA256
f8a9acfc4dbbc58dead29730e266726d1650437b76a73f6d2ff1a91949ca395f

SHA512
39bee4921f2391354c30674473c32a388037ded833c368e4114d090c1496b403a3333ca937d5a6d73527efcfe4d2c71037e355929e597598471aeb6a597e6494

Download Submit
C:\Users\Admin\AppData\Local\Temp\mlk7581.tmp

Filesize
172KB

MD5
685f1cbd4af30a1d0c25f252d399a666

SHA1
6a1b978f5e6150b88c8634146f1406ed97d2f134

SHA256
0e478c95a7a07570a69e6061e7c1da9001bccad9cc454f2ed4da58824a13e0f4

SHA512
6555ad6b4f4f26105ca8aad64501d74519a3e091f559b4b563d6ffb20a2ddfcde65e4fe94971a9bc65e86db577f2548ca00f9920d341c8ea808b04c0947d61d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\qhk48A5.tmp

Filesize
172KB

MD5
4f407b29d53e9eb54e22d096fce82aa7

SHA1
a4ee25b066cac19ff679dd491f5791652bb71185

SHA256
cf0ecf30fc95800a34105acb9bcb484bb594a35b3ef26ace8f122af4f9f888dc

SHA512
325f7b599455195101e4c0dafd3654906d20ed2c1ce2a5f38784635e16ab545df6ee44a83bed6128239be2dee5be110552c7b246b7f52482ab31552e14b54183

Download Submit
C:\Users\Admin\AppData\Local\Temp\server.exe

Filesize
192KB

MD5
79f9d1af3af73660bb33682aad5f2329

SHA1
d02d2d83b9887bfc12e3a3e47e6a700e68406e6b

SHA256
bdea8fddd42a2a8a0130dbfa5e606fd4bcd36a258e748bb5a4ec48223bdb9891

SHA512
11f186b65f13fd7f0ac2af2b527f57d1a7d0ac8bda16bb5edcc1cb991595370dd6832aebe292009db5d35ee0441eb95bb80915ddff158b1cc2256bf18cc4a23b

Download Submit
C:\Users\Admin\AppData\Local\Temp\taskmgr.exe

Filesize
153KB

MD5
841c31aca26c37b28dff3b29fbe84103

SHA1
2d1828ecf8729a14778aeea01eb7903c84a00c31

SHA256
b12838253ebc8a42a41b2607f1a6b80743dd4cd824ed7c871f21621d381712a5

SHA512
4f55314bc34c998da0bd4dfc572eeacff00fa2008f19aa81f40554a70ba2d49659ac4de15699524a432fbfd9e83e1da6c80aebf07006327de232e9bb7228b7e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp-3df.xpi

Filesize
4.5MB

MD5
dd5239e4f0c527c9a8004d88d88428d6

SHA1
c9aed82ac9e354f650c7e265c2599c9ce5b55fff

SHA256
4da228a0e0450f2ecb688a61a4d302556cb449279d6a1ddb4ab11c335c699f81

SHA512
108ac8a1fa42eb3430ab881e8717592fda34e3f5253a423b622ef4cef1bd5e597c3e443c57816e5e8b543430ca4e8086bfd62d4c4d49360701800ea89f704dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFE612784342E4B6B2.TMP

Filesize
16KB

MD5
0c73595804218673cec71dddba8fad82

SHA1
a1a3ef16573e794885064853da584aa39fa6ab2f

SHA256
2a64ad6c3bc3f01d47903678e8f647e7224f7e1479b151016fb6af4b1d7ec09a

SHA512
012940474666a66d2264f119676ce8260fceb3f940fb92418a36ffc3d1ec147ee1adbeb05a102d88ccca940727b8ab6b3efc79051eb2187793483ff8ae84ce58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
2f29105b60a752687a3a6fabcf05f924

SHA1
a6891eaf8ae3a5836d24634b12ef66ae3ac1cce1

SHA256
da4e8ad557bd40f91becd702ce8025866bb9f190ec8df8e153ba7d3617f5f045

SHA512
317ac774950f22666e87ebad95e758b93b208e2cb9f70bc4d5dc0430f7c1948baa0c27ade64f71e95fef384079f5d4419c9db3277b21df5f5ea4af6919ee3c7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
c7071f62ac1dae47940e5614fd789ec1

SHA1
71a076ccfdbc32630b1292500b2491a44680ff4a

SHA256
44a4ac1f04b62fb512bd6807df55ddb2596528555627f41bb449a5f32e65ecea

SHA512
544bd448e3f807be2ce88289d14c139c5f4592a8cca7f540e06ca11ab516e4d99887189f8972725c8d42d8acb8e5e50fbdb7ee08064f955bd39f48b71e8dd888

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
fb090c8597aefa25f78b869cb5d26785

SHA1
d0490c9b97bf6635c01d9dcce4a6ad46b7eb5728

SHA256
ce076e1c0f850daca8966e2ba1aaca54b4fe0ca54a212a57e6f6137b2e01359a

SHA512
43dca43aed263cea954d07ee657e9b1f3af1b85a037f79231c9b94ff2a4a5c3aed5fe532bf8b82f1dd5c5965c6a29c9e7258ba77ccc33f95d210c5e584b67aab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
1451471994aa37a07c8a77bea9e198bf

SHA1
ae23ab44bd4e06837d120a8a9c29951ae308ade6

SHA256
5a1564962c6f059e9a875bbdd0aa71541ea2cf2e5d738a40a2b051b1af963c65

SHA512
54dcbcbc513c68b1fb3e34ea7424987ba6339c123b02b165a78cf8889289930020b2661e8eeb45fb65f470b28e89bb8cbfa3e4bb7af9f5c960a4426a5de57d61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
861351801cf0ae3d94264b424eea1997

SHA1
a4c51ef4b924787d6436c78e8d1b2ee8792764d4

SHA256
1f7524ef3b3ae9503e2410acfd0c13367d5d410ebfa6f39c52491f7e971887af

SHA512
6b81129a52962c5ed063dfc4924d27188ebe29bb51f1b23fd93538ab1925e4e6e8302a05c10c332e1eaba1d6f2b63efbdb8deaa01aa676061d0131b7aab045dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
18ea4c3d9a7df82eb7c332ad8590bc76

SHA1
5b0c923ef6e0394339b0df9ee66092e9a16112fb

SHA256
ea001390590ce6fc83360e116ce95a2848da47243c6c20a56345ccabdf8e2216

SHA512
1ec2d4c77a2946e23e09e19416f1d20f030c5a46420d8c5ee7c337a5f3290423897ebfa33d9337f2bf680416f84b0cf383637d63373f46d77146eedd9075b9bc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
08f47756a3a05c01838f703bf5293a71

SHA1
027dd1de21fd301ae0b2ec0500b42a3577f8056c

SHA256
e67ad58400769732863f6f50df06c800980fe8dfd969bc1839e56080ab6f0bc0

SHA512
083130dae3fe86b13d7d6dd5526ad21c64b2847a825d3621937f05a616f5599ff6cda231987ca10ca81a3d26393f834f993b93aa6d9ea826b53a290f94e62439

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
46b5c484be79e10b4aba95cccab85418

SHA1
d822880e693e6d30b6d0772e58eeb9d33bfe9ec6

SHA256
c039abaab7bfe03ffc46ac785e971600227c9b64d91c167f2dea57a5ac35e2b8

SHA512
57549cfed5de8b204fbab2b7ad697b936369f1739cbacdbea405911e29049123f930474e3c960b2b05eaca09396ced2d7167166df27016044a61ea66f6e5e556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\AlternateServices-1.txt

Filesize
12KB

MD5
feef3caaa764ca348b98f51c150e545e

SHA1
6bc7523ba27831d6c7d9f8643e175de6adcb2e35

SHA256
4c7e7311a1174c4354df8c02bda53a3c7c0a47502064a723fa0584fc48ca4ea3

SHA512
e57ed85588eef51f7667c3fd00db1ed0be2839910e5a5933dd56c4b5a462476c0bc1bf0e5d43e0028c1f2a7e809d3714935b2798fb5008885df01d4d55279fc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
c58234a092f9d899f0a623e28a4ab9db

SHA1
7398261b70453661c8b84df12e2bde7cbc07474b

SHA256
eaec709a98b57cd9c054a205f9bfa76c7424db2845c077822804f31e16ac134c

SHA512
ae2724fc45a8d9d26e43d86bcc7e20f398d8ab4e251e89550087ace1311c4d2571392f2f0bed78da211fcb28766779c1853b80742faa69f722b2c44c283569fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\downloads.json.tmp

Filesize
723B

MD5
94eae81fe7c734da62763746dbb573d3

SHA1
a25f784dc9769ff5aeee626f6fb1706310f9dd3f

SHA256
52975a09b9957fb009f05acb93726be28064c3391b0947571d69d6ce1e7fee82

SHA512
701c276b20f3e775eebdc8fa36e7be1fdefffa5713a5e862ed727ac5669dc03da2bd99f2b18b66d917df9c4113289732001ca067156e449312690ef184bad499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
8KB

MD5
a4be341de172819120b00ab00ae332d3

SHA1
379186377ffd55d536a10044f896c32619a65758

SHA256
19258e2db531ce87d2c7e701e1aa4b8b303c8556ab29db82775c695afd4388e2

SHA512
2e6c01cdb68e162ab10f69b6befbe114492ead7343040a539657ca61d5486bc47d0811633ba118db3d5103ff60689c49d1de09f7a35a04e8ec71753e781a7874

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
10KB

MD5
83f52c6a5e616de83dd370c189855b28

SHA1
b8b3504cafd5447a715471e6516a850f73662ed8

SHA256
30d7fd73a00f0e542c076aa713bd147dbb0bd436eb0db9d0984adf897c4e6832

SHA512
e2c2250d0d5b2e141c0f79e7edfe7ca9e98ee5fc81fe55ef56bb045630f94114d95743bdff6bcfb7f055e8e6538e53ef59488e453165cae90025c6e89a426db4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
7KB

MD5
562040f66c52983cc8e65a8388479967

SHA1
c5ab9cf6ab85d9ba61964ab796d220361606abd6

SHA256
a562e3fa02698c6fca4e6541595cb257b94148401554516614d88cadb766af57

SHA512
eda80c61ec5ec0cad61751eb127010245f96a367b8fdfc247a7616f961e0c1577e41550d450338c90eb7a257b05d73a283562076b0e5aef87e29be538e09e8ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs-1.js

Filesize
6KB

MD5
08578eaf011e7c7cf0d90a9fc74971b5

SHA1
90874f204aa35d9b3ca3ddc172f2870a887675f6

SHA256
28fb7292100e73c5c50d36c752066b7120dd2e5912889b6f1800b8114df6eb91

SHA512
1c3fc945be92576b63307ec5a35776eb4589d05f5fa9046a2ef032be67f8fbedf1f8c02027418d573faffcbd4bc385c2dddeb1dd5d80a75f837e3c09927275e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
6KB

MD5
c5442fcb0bb852e61801541e0a1cc43b

SHA1
684cdb51472379885d2642a2ee24dafc900cc500

SHA256
5946bbb75cd708641e71b3cc65645b58fd33de0859ce957cafe7bf884e9f1366

SHA512
305463cde78b4b06bf6d7fe69a382a167695cdf10f55c24a4961bf9104902707c24e5016825498ce046838b876366db87be2b1de4eb6185a74ecc14159b70e8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
7KB

MD5
3739498627665d9935bd775ee2cac1ad

SHA1
97dd9c1579dd32f25eec6fb3f906c1ba72dd14ed

SHA256
b47ce5de88825c2be5e561ddfa8f1049838d243e74bdde755e2e311733db044b

SHA512
75c24ba886fef94339dd9d98b470b268583e593b8babd531604f679bf5d1fad2640f2576fab83bfe8bd3f5dd111dc8d08e2f471f931bf04572a01238bb51547f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
6KB

MD5
22875c0b604235e44fecc62b56ce0b95

SHA1
6dd0da34fbc860d7ea649d914dd0d1ff32975de7

SHA256
b9ba3c77c0c7802c9e32e5f39ec4c085b88a0a63f3979b687620f7e1b246934e

SHA512
aba80beede86c1f4a284de4dd00adb4e5b4318e21dba92f4d71c230f1b58c2db264e4b659d7b13e68e5771c7d5212a00dfcdea16dc007ada890c991bcf288d73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
7KB

MD5
b94b496083df094d439eafb0532a3903

SHA1
9d01dc17950ac2425c1e619ea84c9ea266eafcb2

SHA256
65bc0c5f660918e905cd8eb4f2d89bd1b4dc9201310ed67603cef301ef706c97

SHA512
bf0a2f7b8c0e8c93d5e5e615d828d70beb52dbe2d7da8011686acdaebcb077191567c558f6b75758d0e9cad60e7c957376dd888d7f0b5cc9fe6865cdf4048d32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\prefs.js

Filesize
10KB

MD5
8a6e743e411011e1ce8d876edd54ae93

SHA1
dcfbc34f34d7af9e1e9fe4378a71c61585941218

SHA256
f6433c8430d6f8141081aa1ced87f98f0b5b8094df67c478e28991ec24491807

SHA512
eb12981f02d5e50ea5598f5ac6976c6314ea02de9a26b70793078974dbecc2ea7195f3276857253c266992346f419d9a03496958a1e6ad309cf4493dd1be2c82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\serviceworker-1.txt

Filesize
165B

MD5
3c644e2c40e3efc6c27ca70bbbc431cc

SHA1
88ad1c11fe801bb15bdf28ea57e06e9b8e271cfe

SHA256
952cf0fcbbc4a322b1a54a574ce864164ebbc478b97b616d1e283729255971d0

SHA512
23d6d325734c273d008e486fb0607f0bdd913febef517db263030b2ee1a61de12747fc98c518739bb30179adc1ed8f4b1a144a33fc9655c251107f9a328155d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\serviceworker.txt

Filesize
165B

MD5
7c8c0e7d6d1ff818e9f26f7b211c4696

SHA1
cd6b4e856f803c2802201e4f6403013b3e56b602

SHA256
b5277483b39ef11a6847b1db2a56591d8d02a984937cfea04b1863c077b6797f

SHA512
b3a8db80f772bf921e7c42759fae4a022707393e28da0aabe2004bb3a521cd7d51f2f69213119dfe7a5851d6c4ba3f8219d4e504962c346e3848a770fb6bb4cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
259093b9906e22804929ba961ed23da0

SHA1
53f37f533e5f0a1e187f630f7404c1c7c6fea3d7

SHA256
ed75ae5098142069cda6b1ad8efb7404e1dcd60128379ad521e439e0f9744aa5

SHA512
d01fd8a35435c6b66a8a91b8fd17a261ed51c16cd1ef84d1b269c0e656fcc5b7d32153445cc91e8e5150f92d317ba8a3f392fdad79a4a381bbc8e0cbb87bce87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
4ec74def7d9c7ebb72ac56113ce30b6a

SHA1
7b2d4984e986f4a7cbd1da4c5ef1de024b04f278

SHA256
5dc314dec5e68213c6e8d2b674d0abeac7a73eefe7dab7e2f077b7c9d37bc2c5

SHA512
1103baebc626b7a015b33122d35f450b671f0ba0f4f26f27d6d68020bda93d4ccaf612b2c9fe1abcdc4efcdca13bb17ca019ba002aef6221d0a4bfa4096ef814

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
af50d26cf4562c87d67cd276e3e3a9bb

SHA1
4799ad886e2f70f4f87273a1ba169dc6c1c5c893

SHA256
3cd70d66401db9a5ccea5634c7ad9824042ba79a7b2920a4d9307390cf289065

SHA512
1d5621e610092366398c67f00d301a9d123b5f1b0f7014aeff95d0417eb32d3ec2511e6f72fccb35c3d7230c05a83bee22584345f078280796ceab265735953c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
5fb8772aff56eb9f552f85af89b738a3

SHA1
aac888880aed73fd2ebf3abddbc83843678da53f

SHA256
1a0b55b5abae5062369afac363cdb17de71cd429ffcdcbaf84efc18c379f34cd

SHA512
fac2527e75e98728051f0c37f654422a84663742ca1c289ed068e29ae5e3e884965ecdd5a93b49871ca58efbff31808bb5972ad7f256eacb595a464e27b3b9a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
0e11ba757a62db44c838a3a4b99ac2a9

SHA1
6f56d93af221f61fc0fe0f6e5720cc3da71e9c05

SHA256
2175cc7db0f0f8e6dab9c1eb21b53ef0971475f20ae22dc8d2b9908c68c21e70

SHA512
ba1b5d503e733f784d8a2258e8c42de11f964d956e10f916cd619674cb5cbede744fd1ed9cba1e860651f9876e983d35e3dfc196c9571251082a8c8dd2bf1527

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
5d0e3247a941e796700830d01da70869

SHA1
1b5237cd4d7e7cb0a9278bebdd416cf5c4efa325

SHA256
bb07d2d11dd88923707693f82bf4594579df8748ca7ecd0ec56f912f7676df12

SHA512
c3727e92b2a4ccdcdcf0a0a30509946b493c8b3cde05eddbaa7ccfd2d85f5e3463decea3554dead4088b8b1fe5ea5ae1c61b6eb548782770578511033d6091ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
cd1801792c211b260b6d68407a9c0471

SHA1
a16d41c7461a9ec856a0ea3ede5375fe5c3be514

SHA256
88ea9ea991544f762bdce6901a66dd3b80475c16def85f5c79281b7f15253f36

SHA512
7431b4862abab14b9936eb1794edcc87ecbef494ce480f5a18f7eecb7aba4398eaa1c4b9bd2453717b2343225ac3ecbccf89e8f7413b4cd1f51a0141b9d44921

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
dca70fb3b4811403f8900aa5204485d5

SHA1
5b49e3dab73c77716bae63d9e9afa14dd632af2e

SHA256
0cca39a9b6364252e5924647a8dff6e26334f6ced42a37f83c18dfabc9ea903c

SHA512
dc2798ee23f8d16025a18ab3a35ae61104ffbd73d948cce4650b72998b31f78c8bc5de76bfcc07b1136788c310f43280bcb8ca25750129a3f4366abf8e945844

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
408218aaf7e756fa2ca98c0d3b816ee2

SHA1
ac04ea446f7d7db4bc1fad0840e8e5a3661b137f

SHA256
abd1282924238fbe8bc2dfaf4433bc2cd3e67e2ac84dcd5fc3dc324d79dbd8dc

SHA512
427032de8b8a8048eca741fa2af1a0caf82bb7e11cd9bdf1a5f7fca5a158a5855f0dd7dc2716514ca840a65d3e6de0ceac5bd379ba87fa2177ae6bea4d03db13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
be41b1a35cc3c2ff6ea75ef21bf6fe0c

SHA1
e73096cb69724062995eeb6d080011fec7e112a9

SHA256
c027d047576f03fb94d79c896dd8aa793cae200f471f76f297e11dad11290398

SHA512
7aa8d5791d4ccd26d6d1fb7016dbf86a61eba389698446a2a440a290b0470fcc161ee146b1561c472f3cb7e2d067b2787cd3dc0a822e1561c1c9b420c47b652c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
859e43922fbf25e63ad13dde0efdaea3

SHA1
c3d812fadcbe346d25ff531a8103efa8b140119c

SHA256
dd31c4aedf3534734514419fbda5a547fe13282a69d26656c1e9bbd20d5bc9c6

SHA512
a59e3bd0965b5f9a330aad065d0c274fbd6021f485f0e1a40092287094bf4ae1d21f9acb86ba4730cbcb0700f8f7022fe3d5d8a4578dfd7f685b41bff170846c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
a08c42277900d8cc5acebea24fe59c74

SHA1
e918a00aa3dbfad73d02442a6d50e5ad03d7fa8d

SHA256
90aaf2565694ff7f02e3d724e0718192e13fd12bb8a3059e9e68137225915dcb

SHA512
10b34830bba5c2fc55cdb2e72f076ca6c3460042796d20b938dd868b89f6a12fa4bbb5378e03c98c8e0d68ba13fd77d466292f49efa49282a6537473b1f4d91b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
623401da19d0419c40e1cc4cd2e88b45

SHA1
1ee6459db7b39022eccc816a8fcbade61790f356

SHA256
e5712922e273d32c4f8b750fca383f529fa8094d93feaf7ec706d5c4758cf62a

SHA512
d8faa535e8b913c6ab99cad73d2e1d3b3f2bbc223e01cc16d046d6dde9414dc37b1abb1ce27c7548e8f9f5a8faf8f1afeacf09261b58577e55f1ac4f3f8c9de3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
b02ffd5135f043ed6224183fe5b5575a

SHA1
b181b4a156d6f26ec467ae57d1dbb0736d79ad73

SHA256
96c142d027b1c3d6ed923589add95abfe2bca44cb85214966ba5aef08e7bc339

SHA512
cce21e9fdc9b2e933f9f31d45d4e05916c7812d5c0025e8875406374d58e13e9b762a6c43c1fa32910ad19e11edc1fefc617442ba3e3618bde3e4877cd6e882a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
21KB

MD5
653f960317e2764bdab6886197f9044c

SHA1
ee5897040f0fb319193bf2fb255ff4d8dcc0f48b

SHA256
7864963e0fabce8c96cf4b20ce3f9db6186383b5a2e5a381ad95225f7cc52c07

SHA512
f8a79cd4a0b121dc1e69eca0ca081ed097541c7ac5cea960dbea3cdee5da7fc718b2801694e733422779761df641f3869d00068810349e0b822571a4c472c5d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
52KB

MD5
a03225305f4317237acd01ba6e5fd900

SHA1
bad8ed2dccbd2b3c5290c2a5055db641463460ae

SHA256
57351a965d1dc942b250add8bc3320a306ec29c304c84f13f7728b7dee70b9b5

SHA512
e5c44e2c0ee283f590be85b41f99e58df98bfbbe11eb91f12f72de0614e0b0277414191eb8ee83ebdd7eedba66c5c969e02d3ca6d44c3945c461876810244646

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
92KB

MD5
6688e9081ec187fae639a043a7514b86

SHA1
2edcc08ad096e22732e44191662bb430f5012cda

SHA256
7f90406347ac4942767b05725e5e221cc6462c4df93ef886a71051016a5e6a8c

SHA512
77c043f0340db888035671b004742837cab3d34dbc85cb4ae3df70b07c41862d886ce72c58f9a3e0b0aaeed12a13f5c85cd6e3d6d35114676902cde8900ae609

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
53KB

MD5
df38b75dd141b0cc34d4362bca499d51

SHA1
047693f1afd39c973bf2b5a7fc1fae4725c7c9ba

SHA256
b864afc836b7eb37b5e29a2c21ae898e91b7e5da9f596207b86f311bf6dec90d

SHA512
a49328cb7a08132382a690d7c8a14b0a49b51a42664dfd03e8ef03c0c889adccf7dffc1eadb099dd87d88f5f526986f2a68fc2740fb94782742d090d1f4daa02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
52KB

MD5
deb16e1f1c1925310daf2d02ffa04e1a

SHA1
2e8c8cb2a511fde56db02cc5e44545f808212abb

SHA256
28ae838c046070c2088cdc355525efe26376a579cc54391061afd480d233f909

SHA512
78508b87edc6b61537d7a4bc2b8030f6912e213c89210191a14d64a8f14858540cb730b1eef476b520221d913ee971ba75a4b5423a7d07a30f53ec04365bdb2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
55KB

MD5
9314cf18f8a90e9e94af09f174cc0fd3

SHA1
50e8f9477ec5284a1b4ca4f8180ea502235391e1

SHA256
59b8050222ebe24a05d95d320f6e0b86a72a5bcaa9b8dc343869576767daee7e

SHA512
1bd3852dae717181bb88bbf0de66eb769d2ad2eda6c6445bdb01b44ba70f82debf61f1dc9441c502c29cb197b76a5eeebef4ed4b78d838636f54a0c4d30ffe9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
52KB

MD5
5f242bd35399d47d44b306c67787e124

SHA1
2381068ba531e8b8f239434496c8d20679f2ec79

SHA256
523952760fce41fc33597860ae813bd250640f99f5e107d9d52a90aa65f8d7f4

SHA512
f67497448c8e360930bf78a2f53c04903bd065d3606a6e5a2e1d8f5ba6d227fd70b55ed8d705d44175bf8ad662661eec4a1c4d7e5896f57c63cf3279971cbdc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
56KB

MD5
416a420e36110cca926981618efa2b2c

SHA1
c6f28c18df2fa99c6e2ce996c8f7e315ab7051cf

SHA256
fcf3267e1c33e2fef75828b3ee03980ad89a7b14e32489e67f2c7eeadb01d833

SHA512
26fe69141f42306c6facbf6192307c9d8d342fe479afb6c74a067644973213dd177a3dde3e17b1d843caa83dbbcb9ad5c3d4427f113eb2ff0f3f459a80d4e3ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
56KB

MD5
ff38d1b5406df92d7d255b403a99629e

SHA1
a36371ef89ddb546b213a25ad668b686dd2f5142

SHA256
7e69cc0ab07cd1beea64997ab76101acbb70d707b7b64cff58ca6d8d73790fd0

SHA512
2fdaabb459f0f0764dc8633c764566acaf71d69acfb48496732ef95c8f8bc1ae9fb0acdf12b4960f0ed1fb0def0749d4d50b651d1d9a94f8933c44100a855d29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
56KB

MD5
b2fc9c47247b325236f6e7767b41eb73

SHA1
ec16848e6f673ea4c4507b29673ad34579f8eca0

SHA256
c5db949f6e36803af603d927337e7d88798365e258e5a830dd4a4f6abc38293a

SHA512
f5177b6589e1616c790d3fa6232b5b97ab76853291cd03ffcb6bd3c156721a852e941c3f76f34b5d9f9deeb337aef8f4dd13c4bdb1a4aa3ab4de63aeaa29553d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
62KB

MD5
6249c4d459142d4babb853a3d38a332b

SHA1
001917679fa7d3422321e064335a3c75a3f7552a

SHA256
10715a7190e1d2b3c49dba89d2e48857325bd027d5bfd52a04a9cae5da31378f

SHA512
69a568a51cfa6365121db92bf516ed98aff21cdc3c278fdd7f440a60849b410e48844a261b763a413a06cc0132d861fb7aecd88394bf457668dfac25bc8157aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
57KB

MD5
0e765a62a4fb394b3b4cd090a601ee12

SHA1
c0312fd0c3decaa91f3dd7c0c812ae3f8c84963c

SHA256
559ab006e8d4f2fa834b95fac07553caace3ba310ed6441eb35da02a780c7663

SHA512
16134e76d3ecaca35780c674fcecc383a15d4256a1ae04bd15fede188e1fef08dbbe88970fa002257db6dc8948a887ef79bc5d8e23b11444ea97d35dd361dc9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
62KB

MD5
29c794f3ca842db695026d80abb8175a

SHA1
cfb13648da05a39552f6f4c91863c2407551e54c

SHA256
20916dfd8af93a026275759a1cb0be18b46adcb11899ab2ac1565fe35ca1907f

SHA512
81f4b7ae337b3112f43c3fba0858d1cea6f003e39abbce65208dc80b7f871e656d94d4b27ee7cef98f927261496b141692705e8011a6accb78d8bd9d99bc1cff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
65KB

MD5
7b2e24b04f2d492b58c7c84937758871

SHA1
3e81844b593790bafc321171583f22b26dcc7508

SHA256
b29facd1d93164fe14c9c1c83bef8d68c1a21220f65594066a2792e8ddd6ff7a

SHA512
4dd842eb47c8bc404761a6950321c6b44fadd8fd22b432a56d04d83506c496bec21356f8a5ffbb7fb4883b590f8d9a488759ef97a47c6972fec17887939256b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
62KB

MD5
c27e8450d5305b2620863c815fc0ba5a

SHA1
5fd76802c2b5b5e043958b1094553f4f0540b0d3

SHA256
4d3724576cb82c008aa1a3fbaace74d425ff0db91b25217e417eac934e080778

SHA512
654d409fb6e917bf2e0dd00c9b8ad687a1285abadc8a7762cd187abf3f9ed1d287d933aa45318cac055eff505d49db0f4380671d1bf91d2429c4b56c9e9080ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
71KB

MD5
97cab88d9eddcbc9e2e8d2449f98fca0

SHA1
fbf68e55242e4f39fc0f09208e92b068cca57481

SHA256
e1570e472f85f1d5e1a9dd663d1b60534518e2466d85add95df2266bb68428af

SHA512
ec8f2acebd28c2dd30d6d5d8b92bea8a80313f6612798f31fc8f7b7eff77877815db6c555a8e7d4883f1c8cd1e94b4af88c8c7259cfb30bca969045141132d7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
69KB

MD5
c23ca6f5e9886c8fbb5c48b83d1642b2

SHA1
036ad9ac3e7c864873e1cdba53aac9895e76527b

SHA256
ab032eca79e7bfef63c3e82addf8c6530676d9e58a43c87b042a75d1b0f694a1

SHA512
4e8a54a0e73f2959f31354a3c2b152356f1fb40c9ae0aa9b29f53e186eaf6977bc36f49fc4ecd9aa7e9a881faba3609de8d85863ea9d172107fe49d0f1d24f77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++mega.nz\cache\morgue\192\{97c8e874-5814-490b-99d2-fce52b3153c0}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{253a8f76-86fb-4348-92c6-183523e88c7a}.final

Filesize
4KB

MD5
412f1c992ae455fd75852fef5006972d

SHA1
63f6335fadd363c76d467e0856c5d1c7b1b9f57c

SHA256
9310022a6a9239c968e9034aa9f950873cde0572e64b4304b33cd0ac99eed96e

SHA512
22816dd10a7fb94335e607b9a3fd5b02d63fe64e38727b0743d404cc0bbba22a164ca144de6e1b0e59a2cd88314f692bf8727cde8215e401eed8a857844fca4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.youtube.com\cache\morgue\25\{85718de6-7d47-4c85-a40a-b33db7e36219}.final

Filesize
73KB

MD5
87bfadb24c143b38389af086cf512d8e

SHA1
2d4f47269119e7076bdf97b55ce503df0313dafc

SHA256
0667a162e507d083a37ec0a5679c69881bcf409dd980b1b4275f27e93ff838bb

SHA512
96b1f78f8e79e84bb3102e268a22719d8c6a545562314b281082b9d55b771d68aea25612a07680a69edf9bd39a08c79cbc49b4d9263bf37e21e2165e556861b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.youtube.com\cache\morgue\99\{250f0248-6f47-456b-a592-c8aa66d0e263}.final

Filesize
4KB

MD5
0300c2af84e6164218c117fe6f102112

SHA1
d1c022fe6812fb4177584151ab46ac1a98a22990

SHA256
0b31f04dc26525ad65e80626e0e1b974740e1f877183a63e6e13ca15bcb62db4

SHA512
0c5c5ebe50e1a31741786b1e645efd681e6aec67c245d08ab8e478c238098b25dd351955809bed2719f2020ec580590da5d17327fcc707508b461f5d8455764e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
36735758493bb5a7dd3fa42782b5a958

SHA1
225f9b3b663cfbd76049a8dff71dc89a4538dc5e

SHA256
8ddf585e89394433c4b76aa9edaf192751ebc3dcc76ecbbdd00f9910ece572df

SHA512
f04a78703705860d46019b161b11b64c3c6fa6e67c4fd6d6824df5aab4cc06e4a70d6938548d83fa21f34e438565defd268972993c103414dc7846d1a8430ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\default\https+++www.youtube.com\idb\702431989yCt7-%iCt7-%rae7sdpao.sqlite

Filesize
48KB

MD5
9d8b4666fb0f670ab4f0c8985ad0c46a

SHA1
7488f76f936538623cae6b46b5fcae97890a6633

SHA256
778038873fb0de05f2c42c5ff5cc055f216c5c5620327b18c9730208aa5080c1

SHA512
ad0f7d992fcda7f4f7457daf7f126858a124fcc321bf3acefcca99af64219bbefb8928faa0d678eae1a993196fda2accf8d0469d701d2e86f89d7f7537904e7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vjiou3c0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
536KB

MD5
bed00786eaf4f0a7a05deac22a23df9c

SHA1
3e851d17b10faedbd8aa3b9540a5174daf5f20c5

SHA256
cbe2f3783262d6796afc317f661cdac6594bebac5db6fe40c5949cf6b1f8e1e7

SHA512
499951f3b427cdb21cc46db140b156f6d41ac859d6944f731febc2e27ecdbe37821cf4d6f6503cdbf6d470f01fc5f591b721340950fa068e2e301254c904cce1

Download Submit
C:\Users\Admin\Downloads\7z2201-x64.msi

Filesize
1.8MB

MD5
50515f156ae516461e28dd453230d448

SHA1
3209574e09ec235b2613570e6d7d8d5058a64971

SHA256
f4afba646166999d6090b5beddde546450262dc595dddeb62132da70f70d14ca

SHA512
14593ca96d416a2fbb6bbbf8adec51978e6c0fb513882d5442ab5876e28dd79be14ca9dd77acff2d3d329cb7733f7e969e784c57e1f414d00f3c7b9d581638e5

Download Submit
C:\Users\Admin\Downloads\7z2201-x64.ozQrE74j.msi.part

Filesize
1.8MB

MD5
50515f156ae516461e28dd453230d448

SHA1
3209574e09ec235b2613570e6d7d8d5058a64971

SHA256
f4afba646166999d6090b5beddde546450262dc595dddeb62132da70f70d14ca

SHA512
14593ca96d416a2fbb6bbbf8adec51978e6c0fb513882d5442ab5876e28dd79be14ca9dd77acff2d3d329cb7733f7e969e784c57e1f414d00f3c7b9d581638e5

Download Submit
C:\Users\Admin\Downloads\All.ElectroRAT.zip

Filesize
881KB

MD5
7ff8d31ad43f62f1c6876b725a1ebb1f

SHA1
e23baf502bf5b2eb81fea0a2e570e7ade8998bee

SHA256
dda14413450a11f336a8305cf274943d614905c3429d4f0efeffe6bf4b8b7bdc

SHA512
b1afbd5ed92933ffa1a1add1b5b8cc581c7361d8106fed20a8aee1493af7a0279b27e4220515d39e4f5640df43309aa40073750f9e232438cc5f7a561273a9c6

Download Submit
C:\Users\Admin\Downloads\All.ElectroRAT\bb8e52face5b076cc890bbfaaf4bb73e

Filesize
222KB

MD5
bb8e52face5b076cc890bbfaaf4bb73e

SHA1
df430358a2c7eaf3e328a00a6f961ded9428e491

SHA256
5545f31c832c8bde6cf7563cdc0f4a4b9b15416480e14f15420b1691444c376d

SHA512
f465c12bf336e659608c3a4f1e8e14b0876d28f0ad1a75ffb60c674da9a3535493a7e9357ef6b55f78666418ef9c4f7795aa2840aac0f41d6b53131e353b1a59

Download Submit
C:\Users\Admin\Downloads\All.lZRyN_ez.ElectroRAT.zip.part

Filesize
881KB

MD5
7ff8d31ad43f62f1c6876b725a1ebb1f

SHA1
e23baf502bf5b2eb81fea0a2e570e7ade8998bee

SHA256
dda14413450a11f336a8305cf274943d614905c3429d4f0efeffe6bf4b8b7bdc

SHA512
b1afbd5ed92933ffa1a1add1b5b8cc581c7361d8106fed20a8aee1493af7a0279b27e4220515d39e4f5640df43309aa40073750f9e232438cc5f7a561273a9c6

Download Submit
C:\Users\Admin\Downloads\BAT.Drop.zip

Filesize
1KB

MD5
935ce64b55d3462931375e344da1ce38

SHA1
c8ac794923e3ba4edbc8279a58012fddd43b2b3f

SHA256
af6b6dc7ec20ce1979fa9bedce80af02f108db398b90ca56e09b7ab7260f4a87

SHA512
8a32a5429e785ba671e4693d61e51886e78a0f1e1d26b0e6e09f3199e9befcc9c9661c4d7a8d582bda798c8c01daa2cf4ef47f1f32be2f22d3bb3f33860968d1

Download Submit
C:\Users\Admin\Downloads\BAT.Drop\DROP_B~1.BAT

Filesize
2KB

MD5
f7d236c4a75f9e0111f0a2d53b7cbc2e

SHA1
d1fd6334ff9e5dc438cfd356c7ee6a0b56bde3c1

SHA256
586bfcdacc303a9053ea56125b6b05955b2bf063a60f334d733fe1012865522b

SHA512
9ec85edc5f26914306fb109257352336dbee71cb42ab1aa6c4efdc9430a49eaab268b81aa3efe37381ce9059fb861ed208ee2c044ddb8697682075e3a907ae4f

Download Submit
C:\Users\Admin\Downloads\BAT.Drop\Drop_BATCH.txt

Filesize
338B

MD5
57d97a1323534e4b8ff43cd218b2e715

SHA1
6883232bb021136c221ed5d7d34fda60c7901005

SHA256
f1ce9ea6fd925b7dd1057d5c6e346f930d72f674c3361c4291bc60f7d29a0384

SHA512
8092a9cd96e2e3cfc94c16179ebb0d6796996e9ff7bd8430d647cf6c2cf668bb652df9077cef75cabb2d7f239a101ec979ad6773efdff5fe656805db8428f1da

Download Submit
C:\Users\Admin\Downloads\Bombermania.VEq43eDG.exe.zip.part

Filesize
2.6MB

MD5
e5459c4864695fda631fb328b024ce61

SHA1
14c17c4446f03dcae11ca4ba4ebf81a0f35028d1

SHA256
46ee42fb79a161bf3763e8e34a047018bd16d8572f8d31c2cdecae3d2e7a57a8

SHA512
dd42df768a6d71ff56a4cd176427e5ba5169525db25bd69214206aae6f0e6b8c04b3451522c6ede5b197a1ae7264becbbfd077d961f309b9bba9969c0ea50986

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe.zip

Filesize
2.6MB

MD5
e5459c4864695fda631fb328b024ce61

SHA1
14c17c4446f03dcae11ca4ba4ebf81a0f35028d1

SHA256
46ee42fb79a161bf3763e8e34a047018bd16d8572f8d31c2cdecae3d2e7a57a8

SHA512
dd42df768a6d71ff56a4cd176427e5ba5169525db25bd69214206aae6f0e6b8c04b3451522c6ede5b197a1ae7264becbbfd077d961f309b9bba9969c0ea50986

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\Bombermania.exe

Filesize
2.7MB

MD5
471d39a51a79f342033c5b0636c244dc

SHA1
b0324ddd99677d9b0458c7328879f8fde268effc

SHA256
1154535130d546eaa33bbc9051a9cb91e2b0e3a3991286c3d5b0a708110c9aa7

SHA512
e1df6f0c06a0438d7b1cabae01d38e9bb723feeff67b4a9c8176d46b4da7fbd89be287ff86db9617c02a553d1a7c76c7f5ad1286d12023ad7628f5b0a30066af

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\Bombermania.exe

Filesize
2.7MB

MD5
471d39a51a79f342033c5b0636c244dc

SHA1
b0324ddd99677d9b0458c7328879f8fde268effc

SHA256
1154535130d546eaa33bbc9051a9cb91e2b0e3a3991286c3d5b0a708110c9aa7

SHA512
e1df6f0c06a0438d7b1cabae01d38e9bb723feeff67b4a9c8176d46b4da7fbd89be287ff86db9617c02a553d1a7c76c7f5ad1286d12023ad7628f5b0a30066af

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\Instructions.xml

Filesize
15KB

MD5
06686de253bf5bca9b3fd61dae44eef2

SHA1
a1aa56ee5745d6cca90a99cdb6314fb07817f7b9

SHA256
78730e10b80da6e7b5306059bb77869928e0655a1e2a049e8f1a43a93452c05b

SHA512
8beece0e9dd2868b3ce6309a812b71d255563280aff4db341508c08da081810b9f721e729678b443953d973bfc3601cbd1256550f0899a7b5dcdd9ad7e196c12

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\OnStartup.xml

Filesize
3KB

MD5
6f6e56b9f9755b4b8c1f09e48c1b61a5

SHA1
3532bd25842e606def492430cf01671f6d7301b4

SHA256
4b07f2452780c190f54673618a9ccb7ffdee69b21be5231c0dc17d824d10acb0

SHA512
d27e70e8f56181fd0046a8669a02906a5329839e1e9a45f93081b481303069f7129c25d57f512d907411ba99f4398e116ea336b5f12d5e750b81754b7beb130c

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\OnStartup_FallBack.xml

Filesize
3KB

MD5
623dadbf038a827d7dfa0e631c3bc0e0

SHA1
3dfddb9d4a056404d0fd1dc0de7de6ac23ea1148

SHA256
da73a0a830fced711a3ff1941e3dcc8c6786d1b1308cd5852f0f0f6b768dd5a8

SHA512
4560608f91d351f27434933c590d2698e69f57c6c16e4f7169d201bc5076c12e20fa2619226e39b9f9348fd3291ac22aa01c5c1c4942ec3a879fbc7321fe7b3c

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\UninstallPartI.xml

Filesize
1KB

MD5
f8da0fda97735dd86e697be9f8534f19

SHA1
3d9a17fd176c6f0cc9e7000b7786461210d110cd

SHA256
9c1a8636ecb5e8f49f88b316dcbf81f2b6803b9905e3c6865aaa6e92805695fc

SHA512
c615190b5ffe88c2559b54af685cf1613dc445a7e699c3069ba367bb1c8cf024a4be8186c6a569a12e2c21dfb25fef85bf5183d2f1b014b849e6cd6f9f37c40a

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\UninstallPartII.xml

Filesize
1KB

MD5
514bb2b46bf58a41392d58062f86c0bf

SHA1
4094056e016b542b03e8634662280e3cb71668e6

SHA256
a04e3251ec95d7cd9a619cf183d9ed99fd6b18190f53a0ce72607d257bd4a2d5

SHA512
3b44f47d65197c5f6deaeaa96badb65213015e3636128d9a846f15bc988c4ddef2b23f913b82c8b4deac7e5a5a27f94ffc7b4d82705bdce76edbe7ac518c221d

Download Submit
C:\Users\Admin\Downloads\Bombermania.exe\_Bombermania.exe

Filesize
2.6MB

MD5
fe37b30358f0858a8ef4d8b874c8a96d

SHA1
7b4a71cb297852872a505da9e7863b3cc2607d1b

SHA256
77edc8fd4a7edd277bf6a61b6413804380dd89ed2d0e7b768eae09efc3393d9c

SHA512
c0d4a60ec6989f2cb6572a9c9ad63bc469853a669fe7c7e854fc9d49903bf6b67fa928523593e4f34ae44277f084eb6d62737f91fa41f22c5fa49d0dd91cc73e

Download Submit
C:\Users\Admin\Downloads\MALZ6.GTj_vU9F.zip.part

Filesize
17.8MB

MD5
5ad5a10e0ae8eeb1bb6817c9d0cd960e

SHA1
ecb3ffcf79aedfa3c35c2dab0b4f5ca0f872b62c

SHA256
c858e10e29b769ca86445ba1bebdf708e88245da4e96c4afc967818e8293e099

SHA512
05b6ee99e6843d928255daded5a699231c25275b726f68be2b67c6bfc59305bc2b2ad5ae6ab11e70ce975a3ad10e7acbb520601728d9e4b255b7891263828cdd

Download Submit
C:\Users\Admin\Downloads\MALZ6\Trustr

Filesize
1.5MB

MD5
8e300a75d4dc0bb5ad7ca16f3b982c4d

SHA1
acb3a0014a41c7002507281fa203051c2bfd6df7

SHA256
0e6b7297e0d268689c958889a39733a7367e6836eadd82c475f577f26b64d7de

SHA512
f0f5b84911bf027b2af783d10b23e2711a43fa7492dc7058d0a64bc109f06ed5f4f32c82bea73861c3786956783c7bd73cff5d1c359729a1a672dbb5312c725b

Download Submit
C:\Users\Admin\Downloads\MALZ6\dhl.exe

Filesize
378KB

MD5
a770ebf2e59e29c7460a01241a0a493f

SHA1
97e59e483e1fa524a305828157a50203e918ada9

SHA256
ca89debe5dff34c2e2f56875d7dcde5e47565329d3aeb2f2f4a6a3e2248fe664

SHA512
4cf99a862fc6e2299e33113bb757dd31a0543c5b5716146de2051fbabe86a122e895a8ced9d4f2290ae82dd9f6093dc883abcb2a6747caa90e8fd46e061f6140

Download Submit
C:\Users\Admin\Downloads\Malz.1f52_Fxo.zip.part

Filesize
11KB

MD5
89a1a694ba4736fb1455bbf0393b302b

SHA1
d9436694bceb01abedfb984929ad7a9f7c820dcf

SHA256
752d39026601ffea7836eeeeac1d3cc5a4e9654f11865c0e81dd77967056b67b

SHA512
ad2cf8338cc09e30c881761c2a27da04f420174c5c26ab98812cf9767e677d4a3349129472dcd8a2e9fbb33d04057c26c5b90e8a5470c26172e17076505efaa1

Download Submit
C:\Users\Admin\Downloads\Malz.zip

Filesize
41.8MB

MD5
72d76d00f0cfa5bcf976ad2f91c31219

SHA1
631f788057a9c0c9afa5adb3634cccf49134c707

SHA256
664fd170b1d07e372b3daa91aab78a8151d3f0b0361a2b3157b405314dd219a2

SHA512
d6c6afacd7bf9680545cbc306361b16f8f4d41326d3e67db8fdb7d0c771362e5833d2ec09b06f09401956c30c1921e31788c9a7029591e8950f9c25b21ed8326

Download Submit
C:\Users\Admin\Downloads\Malz\GetPass.exe

Filesize
178KB

MD5
2e17ac792a4ae32ff5c9d751ab3a77e3

SHA1
d18d952b24110b83abd17e042f9deee679de6a1a

SHA256
e9cffb4773da2d46282aeafc6680e7aed8ff8537040a2a27d3c1ee3e3229d88e

SHA512
30144f1ad0b0967f29dc4628ef50485fff201234041fa4aba8fc55521ca10aa3b16f391c5c7332267438235985d9e703b6155c59b1c34f06dbb56ae0072899d9

Download Submit
C:\Users\Admin\Downloads\Malz\GetPass.exe

Filesize
178KB

MD5
2e17ac792a4ae32ff5c9d751ab3a77e3

SHA1
d18d952b24110b83abd17e042f9deee679de6a1a

SHA256
e9cffb4773da2d46282aeafc6680e7aed8ff8537040a2a27d3c1ee3e3229d88e

SHA512
30144f1ad0b0967f29dc4628ef50485fff201234041fa4aba8fc55521ca10aa3b16f391c5c7332267438235985d9e703b6155c59b1c34f06dbb56ae0072899d9

Download Submit
C:\Users\Admin\Downloads\Malz\Temp.dat

Filesize
1.3MB

MD5
f2a410a2c1d2070f580a62e804c7b98e

SHA1
788897c25d52bd2cf4f778405c273f8527549835

SHA256
ecee630ab2c6e867e3c6d5cd13bca809c5fbe3d6f124d21e69ef200f1c3f966b

SHA512
c413f459a2d4b7b01e2ffafd6d96cf1d9f0fa1e9e7b8b126b61b9b0008f1a2ea81d5571d670e6a016cf90e87786a7e31ad44138714a204aeb36fe6e8094145b3

Download Submit
C:\Users\Admin\Downloads\Malz\Temp.dat

Filesize
1.3MB

MD5
f2a410a2c1d2070f580a62e804c7b98e

SHA1
788897c25d52bd2cf4f778405c273f8527549835

SHA256
ecee630ab2c6e867e3c6d5cd13bca809c5fbe3d6f124d21e69ef200f1c3f966b

SHA512
c413f459a2d4b7b01e2ffafd6d96cf1d9f0fa1e9e7b8b126b61b9b0008f1a2ea81d5571d670e6a016cf90e87786a7e31ad44138714a204aeb36fe6e8094145b3

Download Submit
C:\Users\Admin\Downloads\Malz\a09

Filesize
611KB

MD5
d1b5b4b4b5a118e384c7ff487e14ac3f

SHA1
038b7e9406fe5cb0a0be8f95ac935923c6d83c28

SHA256
0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b

SHA512
20885f782beeca1712924d6dec7fa474fb2fa7f926d7cbdbdd5f7fa18f6a3ac2bcd5dbd771a80c13c3403cbad05f2cda86ffefdc8170d6cc0f0b4b01a5baec74

Download Submit
C:\Users\Admin\Downloads\Malz\host.exe

Filesize
453KB

MD5
2671c77ce697f1b49e8c8aa752dc95eb

SHA1
6ed8539508ee5affcf8e5d3e71a2b798c3cbcab6

SHA256
d72db0cb5fbcc8652a4b196ad6940e6fb6603d472b7a68a67931686436abaa65

SHA512
cdeeab0562304841d4a1d78f7eb9fbf036264b9019f34bac894bf277feb77475be0d5f35e5326c90fc432c9e53c6f3c416aa82fce8af9d4690a4a41e7718511b

Download Submit
C:\Users\Admin\Downloads\Malz\host.exe

Filesize
453KB

MD5
2671c77ce697f1b49e8c8aa752dc95eb

SHA1
6ed8539508ee5affcf8e5d3e71a2b798c3cbcab6

SHA256
d72db0cb5fbcc8652a4b196ad6940e6fb6603d472b7a68a67931686436abaa65

SHA512
cdeeab0562304841d4a1d78f7eb9fbf036264b9019f34bac894bf277feb77475be0d5f35e5326c90fc432c9e53c6f3c416aa82fce8af9d4690a4a41e7718511b

Download Submit
C:\Users\Admin\Downloads\Malz\putty.exe

Filesize
512KB

MD5
19cd59b6bc94b9096a7c0e187c271003

SHA1
1e7c713a8f7d43839b5af9558999957b0da0edd5

SHA256
40c279a7f9b57747f54277779483e26408835c83afb3fe02988d93d33cb0278b

SHA512
3a51f848b5e451bff48ceeb008b530d82cd68d8821b3db3856725769033e561aaa32f3ba8fca52f396f2cd11ffb70f0dd2336080af340b3ebae18516735bb800

Download Submit
C:\Users\Admin\Downloads\Malz\putty.exe

Filesize
512KB

MD5
19cd59b6bc94b9096a7c0e187c271003

SHA1
1e7c713a8f7d43839b5af9558999957b0da0edd5

SHA256
40c279a7f9b57747f54277779483e26408835c83afb3fe02988d93d33cb0278b

SHA512
3a51f848b5e451bff48ceeb008b530d82cd68d8821b3db3856725769033e561aaa32f3ba8fca52f396f2cd11ffb70f0dd2336080af340b3ebae18516735bb800

Download Submit
C:\Users\Admin\Downloads\Malz\svchost (2).exe

Filesize
9KB

MD5
3cf3cbc5067f1a59c6b8cffec761fc07

SHA1
a4823b6e75a354f444e1f95b2292e6b10977d8a0

SHA256
b82e49141349f594081acd9cf449606c5abb08fa0ecf817e429246d2a53f4e1c

SHA512
bceeeecd4eaf28fb7c88766d317307e2194478fd82ce22f756f926a55df31b5b248d7e7b0fe63577fe431d984ee6492e49e78c057f6b0d6bbf536ec2c3f96243

Download Submit
C:\Users\Admin\Downloads\Malz\svchost (2).exe

Filesize
9KB

MD5
3cf3cbc5067f1a59c6b8cffec761fc07

SHA1
a4823b6e75a354f444e1f95b2292e6b10977d8a0

SHA256
b82e49141349f594081acd9cf449606c5abb08fa0ecf817e429246d2a53f4e1c

SHA512
bceeeecd4eaf28fb7c88766d317307e2194478fd82ce22f756f926a55df31b5b248d7e7b0fe63577fe431d984ee6492e49e78c057f6b0d6bbf536ec2c3f96243

Download Submit
C:\Users\Admin\Downloads\Malz\svchost.exe

Filesize
30KB

MD5
d10ee1a1099f6b1cb16fc6c31c339188

SHA1
d2c4f82d9b2399e37b34055474d90c5f6e5d8cd9

SHA256
8276a9b4db9e0de90a1dd83478a68d4d1de09b71918926266555740c6fcc32fb

SHA512
f163bf6b0bc6a834f3a50c29191f5adb2b4d08a6d6a1de3b1977096f7b0369645b6b012c0d21111c589ab5f2fe0cd510bc6653c6c545afbf13850eea7f37fb83

Download Submit
C:\Users\Admin\Downloads\Malz\svchost.exe

Filesize
30KB

MD5
d10ee1a1099f6b1cb16fc6c31c339188

SHA1
d2c4f82d9b2399e37b34055474d90c5f6e5d8cd9

SHA256
8276a9b4db9e0de90a1dd83478a68d4d1de09b71918926266555740c6fcc32fb

SHA512
f163bf6b0bc6a834f3a50c29191f5adb2b4d08a6d6a1de3b1977096f7b0369645b6b012c0d21111c589ab5f2fe0cd510bc6653c6c545afbf13850eea7f37fb83

Download Submit
C:\Users\Admin\Downloads\Malz\tfddos.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Users\Admin\Downloads\Malz\tfddos.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Users\Admin\Downloads\Malz\yk.exe

Filesize
204KB

MD5
f300317af13482d53a001ec2d6a0f1f9

SHA1
0e5ba65affd69f93062cefdacf8bf143b24d22bb

SHA256
ccd37df0ab155d1378d4ba9fd5f862b4c162bea0668c3951905d45b0c5210d56

SHA512
bf9e4a63c5f5fa0a72bc45fb9969ac546042c51bba2067d9d47ad7e57f91fdf1a4039abed2c2819419dc20278802d95ef2b4930381e41e8e7713d4f8d5fb30f6

Download Submit
C:\Users\Admin\Downloads\Malz\yk.exe

Filesize
204KB

MD5
f300317af13482d53a001ec2d6a0f1f9

SHA1
0e5ba65affd69f93062cefdacf8bf143b24d22bb

SHA256
ccd37df0ab155d1378d4ba9fd5f862b4c162bea0668c3951905d45b0c5210d56

SHA512
bf9e4a63c5f5fa0a72bc45fb9969ac546042c51bba2067d9d47ad7e57f91fdf1a4039abed2c2819419dc20278802d95ef2b4930381e41e8e7713d4f8d5fb30f6

Download Submit
C:\Users\Admin\Downloads\Malz\yk1.exe

Filesize
204KB

MD5
f300317af13482d53a001ec2d6a0f1f9

SHA1
0e5ba65affd69f93062cefdacf8bf143b24d22bb

SHA256
ccd37df0ab155d1378d4ba9fd5f862b4c162bea0668c3951905d45b0c5210d56

SHA512
bf9e4a63c5f5fa0a72bc45fb9969ac546042c51bba2067d9d47ad7e57f91fdf1a4039abed2c2819419dc20278802d95ef2b4930381e41e8e7713d4f8d5fb30f6

Download Submit
C:\Users\Admin\Downloads\Malz\yk1.exe

Filesize
204KB

MD5
f300317af13482d53a001ec2d6a0f1f9

SHA1
0e5ba65affd69f93062cefdacf8bf143b24d22bb

SHA256
ccd37df0ab155d1378d4ba9fd5f862b4c162bea0668c3951905d45b0c5210d56

SHA512
bf9e4a63c5f5fa0a72bc45fb9969ac546042c51bba2067d9d47ad7e57f91fdf1a4039abed2c2819419dc20278802d95ef2b4930381e41e8e7713d4f8d5fb30f6

Download Submit
C:\Users\Admin\Downloads\Malz\集群.exe

Filesize
1.3MB

MD5
4345c8537503b26aa878288ad91682b0

SHA1
5341c1e49892cd2c89e787d0a7dbe892a4b9346e

SHA256
d20a5986bc03b195f49bb7b6f77b1b23da5584ef493db3caae21bcd4f622a144

SHA512
dc04dd2cdc148fcf44136d109d6e2b58503a5bb11d3e2e7e4300cdd9c39ebd3631667aac68a6374984b939efea400b750643cebeb08f015fc16141a34b58710a

Download Submit
C:\Users\Admin\Downloads\Malz\集群.exe

Filesize
1.3MB

MD5
4345c8537503b26aa878288ad91682b0

SHA1
5341c1e49892cd2c89e787d0a7dbe892a4b9346e

SHA256
d20a5986bc03b195f49bb7b6f77b1b23da5584ef493db3caae21bcd4f622a144

SHA512
dc04dd2cdc148fcf44136d109d6e2b58503a5bb11d3e2e7e4300cdd9c39ebd3631667aac68a6374984b939efea400b750643cebeb08f015fc16141a34b58710a

Download Submit
C:\Users\Admin\Downloads\Q5OtL_v0.zip.part

Filesize
1KB

MD5
935ce64b55d3462931375e344da1ce38

SHA1
c8ac794923e3ba4edbc8279a58012fddd43b2b3f

SHA256
af6b6dc7ec20ce1979fa9bedce80af02f108db398b90ca56e09b7ab7260f4a87

SHA512
8a32a5429e785ba671e4693d61e51886e78a0f1e1d26b0e6e09f3199e9befcc9c9661c4d7a8d582bda798c8c01daa2cf4ef47f1f32be2f22d3bb3f33860968d1

Download Submit
C:\Users\Admin\Downloads\d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c

Filesize
1.1MB

MD5
3153abb3ee1acea396b0f7b77c0162c9

SHA1
53b98f18d8f6bef74063e7b3e6d724c4195844f1

SHA256
d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c

SHA512
2c4bb7c39c32b2ef4a27e2a9a96b285aaed1e424eecb509b32c2a13bfc955bb726a8c699de478f86cbaf23c9453e4a37620a06b5d56a5001d0bcae003e3bb904

Download Submit
C:\Users\Admin\Downloads\d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c.BUDsxNvQ.part

Filesize
1.1MB

MD5
3153abb3ee1acea396b0f7b77c0162c9

SHA1
53b98f18d8f6bef74063e7b3e6d724c4195844f1

SHA256
d6ac1d0599bd4972263f0db15815f753dff1644095ba862897eaf50dec9a1f1c

SHA512
2c4bb7c39c32b2ef4a27e2a9a96b285aaed1e424eecb509b32c2a13bfc955bb726a8c699de478f86cbaf23c9453e4a37620a06b5d56a5001d0bcae003e3bb904

Download Submit
C:\Users\Admin\Downloads\malware-jail-master.gzT7KBXO.zip.part

Filesize
4.5MB

MD5
0a1eed79d462e45b1cc056eca06d4699

SHA1
2aaacc15fb4880b349d4f0f6cc124207235b04da

SHA256
75bf6c7f7faa94ebb6ece1682d0df08ffd06ff6f3fd7e6f637459a324794ed28

SHA512
f555e836accf078720f21ffaab07c7f6b611434628a3bf313d974f8bc97f53fccd8fd03626e719b32f77754998f12820cbdbe1c2b0176ff3f6053359dfba8a78

Download Submit
C:\Users\Admin\Downloads\malware-jail-master.zip

Filesize
4.5MB

MD5
0a1eed79d462e45b1cc056eca06d4699

SHA1
2aaacc15fb4880b349d4f0f6cc124207235b04da

SHA256
75bf6c7f7faa94ebb6ece1682d0df08ffd06ff6f3fd7e6f637459a324794ed28

SHA512
f555e836accf078720f21ffaab07c7f6b611434628a3bf313d974f8bc97f53fccd8fd03626e719b32f77754998f12820cbdbe1c2b0176ff3f6053359dfba8a78

Download Submit
C:\Users\Admin\Downloads\malware-jail-master\jailme.js

Filesize
15KB

MD5
de140986048dba83e0cf8fcd450f4074

SHA1
3541fec37062d053cf24da9ae414e523d9a15650

SHA256
0003da90a09d657a7e3c4fd80b5af12f38d94adc1bcfc32ca44e628e273a52ba

SHA512
f1adea871a47d18872615c095941efce9cb1b89dab8266c7eac263a89fc285b36272eae3cb7d7e2135ec42ea4c6fbd0a4f9a3f5aad0e2afe53bd154979ddee7e

Download Submit
C:\Users\Admin\Downloads\malware-jail-master\malware\20160929\416e32e1b22ecb8f360ff841b87d77ac9450fda24458ce4e70abb35ff4d242a3.js

Filesize
7KB

MD5
be950e42b5ce6fa4298a47d8d4fef100

SHA1
296a0d75e0c33b1147f7303cc1126ea21052f73b

SHA256
416e32e1b22ecb8f360ff841b87d77ac9450fda24458ce4e70abb35ff4d242a3

SHA512
91c4f4de7cb383d9d9ece46231656f648bfe235121213a4c4ac75d0de5507bbb112729fc610b408d1fa867bc2337b9404d16e152e3db46500014c9be0c7601e8

Download Submit
C:\Users\Admin\Downloads\malware-jail-master\malware\20161008\140da02684fd276b6c989317c8ba13f066373dc2623153776da5b8a3e4c7a59f.js

Filesize
6KB

MD5
622602771704e4a0a48ba3d5feafe27f

SHA1
0d4928de86ec703967788dd3944059306a7604c3

SHA256
2a19ebeca5335efbe6da7d9040a665c82b2ab44f3275e15a05baeff08cc28fbc

SHA512
22eaeacc2063e89c215d679c8031e97f0b43c635fcebdacd480d3eab17c477e7ba88581009acadea2ff20c82c2c1dedbc909628ae77f4b0bff0a39a131724c67

Download Submit
C:\Users\Admin\Downloads\malware-jail-master\malware\20171004\t404\malware_20171004_pdf.js

Filesize
14KB

MD5
72214b17dbdd2c0e9f14da4addf3381b

SHA1
e1a52139d6f1cfb83adff15cfad596f16a558a24

SHA256
e78dd87a868cc8d0653766260d1e21ff398d5f4ba524dc665862b8137f9d6086

SHA512
a28422ece36ade757df76412c16e39b869969581188a1627a0ba1fa477142a486b1d4285d9852847744df6d16d9e5d56b112a9525c88063f1ca152c4f80c6b01

Download Submit
C:\Users\Admin\Downloads\oifbktpjmb

Filesize
20.0MB

MD5
5b917dd5060feb5240da7753c52808e2

SHA1
1f983f6a9ad36dd8c78d9745b63fa518ac4b0adc

SHA256
0661fae4eb96c200bf995e2467238c5cb872b8a38fbb40ea59af819159fcc56e

SHA512
57d9f2b346b85313bb2fa5eac2eb65742f49bb09df0e401e1ae7ee1a220afe9772d7cbbc051cd91f7a75e519dd405161ad7d661ddbafe895bfaed6e0a7050abf

Download Submit
C:\Users\Admin\Downloads\pyeciqvymr

Filesize
24.1MB

MD5
004d49da24efd9aa0fe9d4a6d6b499b6

SHA1
dfa47e3f8ed2f611889e34a634b5300a274a4477

SHA256
2e0301059bd5f708235981e6e2c884879b46de6b3384a4a1207cc3e3149f02e9

SHA512
c6cc0af8ece736374e9528588c01b9d54a81d4773dab5c2ca744b53160923e95dbc37ee2d6c9aea58ef0e3d9e7666696aad94d99a83a76070b1c60335db41940

Download Submit
C:\Users\Admin\Downloads\theZoo-master.SRuUU8Ei.zip.part

Filesize
874.3MB

MD5
016933dd1db56e367b30a8bda6ca87e2

SHA1
f19bbfd0494f159f57661e653415297172b8ff4a

SHA256
e24311023ce92f4d5e3c14fbba68c499221c5606b428be4024a2a090b2d63f9e

SHA512
822f87f8ffb3a17d44f436d55d51bfb0cbb09d5715d2743af6e3ddb09dedea66611e7d5ebdda76291a79098321039e3aaea6ef5faedec10fc1ea252da525558e

Download Submit
C:\Users\Admin\Downloads\theZoo-master.zip

Filesize
874.3MB

MD5
016933dd1db56e367b30a8bda6ca87e2

SHA1
f19bbfd0494f159f57661e653415297172b8ff4a

SHA256
e24311023ce92f4d5e3c14fbba68c499221c5606b428be4024a2a090b2d63f9e

SHA512
822f87f8ffb3a17d44f436d55d51bfb0cbb09d5715d2743af6e3ddb09dedea66611e7d5ebdda76291a79098321039e3aaea6ef5faedec10fc1ea252da525558e

Download Submit
C:\Users\Admin\Downloads\theZoo-master\malware\Binaries\Android.Skygofree\Android.Skygofree.pass

Filesize
9B

MD5
d1ffcf28ab933ac685753cc6c1be9b20

SHA1
5d0447073056a1e9de9b38ab47d0a52b53418fb7

SHA256
d682d88cbb07ad1adfc69618adc71e3549733be116fbbbf4395e6235da0dbf7f

SHA512
921919e71a1bc899f9dabf3eac13d4f6a793067976925023e21601d897838e5d8ce71e69cdad920046d8fa3b408b6acb19dca748ffd60b3892f60f322b28df0a

Download Submit
C:\Users\Admin\Downloads\theZoo-master\malware\Binaries\BAT.Drop\BAT.Drop.pass

Filesize
8B

MD5
77ca4701486f87d1b571dc1be15ef4cb

SHA1
afc795ad602e173aaf56d4aed92bb865450bd38d

SHA256
c810e76f2125db71bfbdd7e29ce902f37f5b2250c48c16d241bd46c70aed1a91

SHA512
84d605d4b2f5ac627d99d00b5b275995179426e2dfd3be4a33eaea07dab6d6af8396913f95608a99bc173ca0c4df90b6d201bcbdd6d0bd21027021bc2050b152

Download Submit
C:\Users\Admin\Downloads\theZoo-master\malware\Binaries\BlackEnergy2.1\BlackEnergy2.1.pass

Filesize
10B

MD5
4cc96f0003b6c0429f29013a8d9e3e3c

SHA1
eff0fc5a16e132a5fcaceedb95609cbdecdfdd04

SHA256
02786fc9baf3ccdb3286dc7001997edcb010c187d8a6a7bf6ec85d48fdb80554

SHA512
ada8cc63119e011d6303b643b74f8042b62f98c5d6ad6de2bc9bfd9458d71230a1d263567e90ab6e9b14d891b2126fdb9997d7a8a7d8eea30ac42cd1e2be2c35

Download Submit
C:\Windows\SysWOW64\tfddos.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Windows\SysWOW64\tfddos.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Windows\SysWOW64\tfddos.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Windows\SysWOW64\vmtoolsd.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Windows\SysWOW64\vmtoolsd.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Windows\SysWOW64\vmtoolsd.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Windows\SysWOW64\vmtoolsd.exe

Filesize
192KB

MD5
82efd741d6a2c3633068cd9dcbf50fff

SHA1
8eb8083d5538d2e352980e30bc3c6e7467f834b8

SHA256
6c71a920a87b5a470f11b8dbc574a9cfeffca65d75fc3015a523d456c7754d18

SHA512
a3338a2e33e7f6ff9e7ef787b4e235cfc9f22f66615654fb14af3bf9f28ff725e318b99b8782d1129cc81d5124e4d578b9310abeb2b3ecdf0e8568937ad92002

Download Submit
C:\Windows\WindowsUpdata\bisskvebgju.exe

Filesize
44.1MB

MD5
4ebb61a434215bdc2f79899f43f783f1

SHA1
b732ecca929d0c47f217569f40377321a00e7a2d

SHA256
6fe989825a731798b788e128060a0efca4c6b8f64580ce1fac62791b91d256fc

SHA512
70822d00943e3a1a7ac0c296aa1c5833569fe6e5ecfb5d0d48d6ee7726360dcdb6ba1f473aed9badab90326fc701f96f3f13277b4167c0d87c305556431f6780

Download Submit
\??\c:\programdata\drm\%sessionname%\uckrt.cc3

Filesize
22.1MB

MD5
8ca8e2c7c69628fdc172b173e598ba49

SHA1
93ede08739fd2f6c677984c6b49ca2e9f5570896

SHA256
2c9097158b97582409718f9692dcd9ed5c92d64c170fc6d1cf7835f67b135a85

SHA512
79e6640ff0124689cf5a1dc128bca9362332972740bc57869c1998894f3eab1f42ad844e3665d3beb69f122462ac21a0fd8a9781ac5bcd392faa5106532b2a12

Download Submit
\??\c:\users\admin\downloads\oifbktpjmb

Filesize
20.0MB

MD5
5b917dd5060feb5240da7753c52808e2

SHA1
1f983f6a9ad36dd8c78d9745b63fa518ac4b0adc

SHA256
0661fae4eb96c200bf995e2467238c5cb872b8a38fbb40ea59af819159fcc56e

SHA512
57d9f2b346b85313bb2fa5eac2eb65742f49bb09df0e401e1ae7ee1a220afe9772d7cbbc051cd91f7a75e519dd405161ad7d661ddbafe895bfaed6e0a7050abf

Download Submit
\??\c:\users\admin\downloads\pyeciqvymr

Filesize
24.1MB

MD5
004d49da24efd9aa0fe9d4a6d6b499b6

SHA1
dfa47e3f8ed2f611889e34a634b5300a274a4477

SHA256
2e0301059bd5f708235981e6e2c884879b46de6b3384a4a1207cc3e3149f02e9

SHA512
c6cc0af8ece736374e9528588c01b9d54a81d4773dab5c2ca744b53160923e95dbc37ee2d6c9aea58ef0e3d9e7666696aad94d99a83a76070b1c60335db41940

Download Submit
memory/520-9071-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/520-9069-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/1068-10034-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1248-9097-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1308-13192-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/1308-9975-0x0000000076110000-0x0000000076325000-memory.dmp

Filesize
2.1MB

Download
memory/1620-13570-0x0000000001FC0000-0x0000000002034000-memory.dmp

Filesize
464KB

Download
memory/1620-13580-0x0000000001FC0000-0x0000000002034000-memory.dmp

Filesize
464KB

Download
memory/1620-13569-0x0000000000400000-0x0000000000432800-memory.dmp

Filesize
202KB

Download
memory/2000-8811-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/2000-8758-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/2456-134-0x00007FF8C6E90000-0x00007FF8C79A2000-memory.dmp

Filesize
11.1MB

Download
memory/2828-8871-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/2828-8869-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/2828-8821-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/2828-8868-0x0000000000400000-0x000000000049E000-memory.dmp

Filesize
632KB

Download
memory/3924-9076-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/3924-9082-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/4068-13622-0x0000000001F50000-0x0000000001FC3000-memory.dmp

Filesize
460KB

Download
memory/4068-13621-0x0000000000400000-0x000000000042C000-memory.dmp

Filesize
176KB

Download
memory/4112-8872-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4112-8812-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4112-8831-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4140-13659-0x00000000017E0000-0x00000000017E1000-memory.dmp

Filesize
4KB

Download
memory/4140-13658-0x000000007F850000-0x000000007F85C000-memory.dmp

Filesize
48KB

Download
memory/4140-13661-0x000000007F850000-0x000000007F85C000-memory.dmp

Filesize
48KB

Download
memory/4572-9077-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-9066-0x0000000000CC0000-0x0000000000D0C000-memory.dmp

Filesize
304KB

Download
memory/4572-13652-0x000000007FB30000-0x000000007FB3C000-memory.dmp

Filesize
48KB

Download
memory/4572-13338-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-13205-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-12351-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-13296-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-11271-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-13615-0x000000007FB50000-0x000000007FB5C000-memory.dmp

Filesize
48KB

Download
memory/4572-13267-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-13266-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-9073-0x0000000000CC0000-0x0000000000D0C000-memory.dmp

Filesize
304KB

Download
memory/4572-9104-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-10193-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-9081-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-9080-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4572-9078-0x000000007FB60000-0x000000007FB6C000-memory.dmp

Filesize
48KB

Download
memory/4896-13614-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/5184-8878-0x0000000000400000-0x0000000000488000-memory.dmp

Filesize
544KB

Download
memory/5184-8877-0x0000000010000000-0x000000001005A000-memory.dmp

Filesize
360KB

Download
memory/5228-13623-0x000000007F920000-0x000000007F92C000-memory.dmp

Filesize
48KB

Download
memory/5228-13626-0x000000007F920000-0x000000007F92C000-memory.dmp

Filesize
48KB

Download
memory/5468-13640-0x000000007FE30000-0x000000007FE3C000-memory.dmp

Filesize
48KB

Download
memory/5532-13562-0x0000000000550000-0x00000000005C4000-memory.dmp

Filesize
464KB

Download
memory/5532-13552-0x0000000000550000-0x00000000005C4000-memory.dmp

Filesize
464KB

Download
memory/5532-13551-0x0000000000400000-0x0000000000432800-memory.dmp

Filesize
202KB

Download
memory/5952-13672-0x0000000000570000-0x00000000005E4000-memory.dmp

Filesize
464KB

Download
memory/5952-13671-0x0000000000400000-0x0000000000432800-memory.dmp

Filesize
202KB

Download
memory/5952-13690-0x0000000000570000-0x00000000005E4000-memory.dmp

Filesize
464KB

Download
memory/5980-10105-0x0000000001800000-0x0000000001801000-memory.dmp

Filesize
4KB

Download
memory/5988-13681-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6100-12415-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/6100-9123-0x0000000000400000-0x00000000005CC000-memory.dmp

Filesize
1.8MB

Download
memory/6100-9124-0x0000000076110000-0x0000000076325000-memory.dmp

Filesize
2.1MB

Download
memory/6164-13643-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/6164-13656-0x000000007FE40000-0x000000007FE4C000-memory.dmp

Filesize
48KB

Download
memory/6168-13666-0x000000007FE20000-0x000000007FE2C000-memory.dmp

Filesize
48KB

Download
memory/6188-13689-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/6240-13592-0x0000000000400000-0x0000000000432800-memory.dmp

Filesize
202KB

Download
memory/6240-13568-0x0000000000480000-0x00000000004F4000-memory.dmp

Filesize
464KB

Download
memory/6240-13590-0x0000000000480000-0x00000000004F4000-memory.dmp

Filesize
464KB

Download
memory/6240-13571-0x0000000000400000-0x0000000000432800-memory.dmp

Filesize
202KB

Download
memory/6364-13645-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/6364-13650-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/6388-13664-0x000000007FE20000-0x000000007FE2C000-memory.dmp

Filesize
48KB

Download
memory/6408-10328-0x0000000002040000-0x0000000002041000-memory.dmp

Filesize
4KB

Download
memory/6532-10424-0x00000000016D0000-0x00000000016D1000-memory.dmp

Filesize
4KB

Download
memory/6572-13257-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13260-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13255-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13256-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13249-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13250-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13248-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13254-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13258-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6572-13259-0x000001E167CF0000-0x000001E167CF1000-memory.dmp

Filesize
4KB

Download
memory/6596-13644-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/6644-10606-0x00000000019E0000-0x00000000019E1000-memory.dmp

Filesize
4KB

Download
memory/6824-13616-0x000000007FE40000-0x000000007FE4C000-memory.dmp

Filesize
48KB

Download
memory/6824-13599-0x0000000002090000-0x0000000002103000-memory.dmp

Filesize
460KB

Download
memory/6824-13598-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/6824-13651-0x000000007FE20000-0x000000007FE2C000-memory.dmp

Filesize
48KB

Download
memory/6852-13582-0x0000000000500000-0x0000000000574000-memory.dmp

Filesize
464KB

Download
memory/6852-13581-0x0000000000400000-0x0000000000432800-memory.dmp

Filesize
202KB

Download
memory/6852-13591-0x0000000000400000-0x0000000000432800-memory.dmp

Filesize
202KB

Download
memory/6852-13593-0x0000000000500000-0x0000000000574000-memory.dmp

Filesize
464KB

Download
memory/6976-12187-0x00000000007A0000-0x00000000008BF000-memory.dmp

Filesize
1.1MB

Download
memory/6976-13609-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download
memory/6976-12252-0x00000000007A0000-0x00000000008BF000-memory.dmp

Filesize
1.1MB

Download
memory/6984-13642-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/6992-13612-0x000000007F4B0000-0x000000007F4BC000-memory.dmp

Filesize
48KB

Download
memory/7008-10532-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/7008-10999-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/7020-13638-0x000000007FE20000-0x000000007FE2C000-memory.dmp

Filesize
48KB

Download