hxxps://github[.]com

Resubmissions

26/11/2023, 08:27

231126-kcqedsfg92 8

25/11/2023, 20:09

231125-yw6sdace74 10

Analysis

max time kernel
451s
max time network
453s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2023, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com

Score

8^/10

bootkit microsoft discovery persistence phishing upx

Malware Config

Signatures

Downloads MZ/PE file

Manipulates Digital Signatures 1 TTPs 1 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6EFA92872C2651A65B3DF96F86DC7E757A7CC4CC\Blob = 0300000001000000140000006efa92872c2651a65b3df96f86dc7e757a7cc4cc2000000001000000b5070000308207b130820599a003020102020c7437a5598abdfe99d24fc056300d06092a864886f70d01010b0500305c310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613132303006035504031329476c6f62616c5369676e204743432052343520455620436f64655369676e696e672043412032303230301e170d3232303131373135333835385a170d3235303232383136343934395a30820115311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e3111300f06035504051308485242203439323031133011060b2b0601040182373c020103130244453120301e060b2b0601040182373c020102130f526865696e6c616e642d5066616c7a31193017060b2b0601040182373c0201011308576974746c696368310b3009060355040613024445311830160603550408130f526865696e6c616e642d5066616c7a310e300c0603550407130554726965723120301e06035504091317416d2057697373656e736368616674737061726b203236311a3018060355040a13114a414d20536f66747761726520476d6248311a3018060355040313114a414d20536f66747761726520476d624830820222300d06092a864886f70d01010105000382020f003082020a0282020100dfe1d8bb3f3517598fdfda7270068418b9575ae4f59959a5c0c379f23d7895a6c7545b1cd993ca4391ebcc82cde7d1274c869b3cac7ad8674cbb4132c179e3cdabe7b9200801bf6e0741e6e446890f5121ea11822a27e2b02efd66e621066d3722cfbf72ca8289deea36f58c4b2e12977fd2dba0587f40675e30bac5f9d50a56627f4586556ebd5bb26b4bfbc16388c0e0be73c2ea5e8e6bb44cc16de0b181871e66b4922e7de444f9b70679d91a4f5ce7d7cfa88112f493db002afc41678026b2d3fbf781dda4ec790272716c459bf2d6c140139d7c248cfc6759897a5195c53563536f3a4f30254f72e17c8bbc5c25b4971786caa4c78f097cbac7e1630925f6f852de31b9a7fed46f1f5d2db50b41ddef0cce66652765b64f9127f9821ed40c4510610377334ab455c5b64b6eead2469b983b45e0716d4efc149f925ad296ffca431fe82762ca58a4d8a5d38850fc6b53d4a14e165ce89054589395980d13939ecc631fb60531f3525c72d3cd85c0cc5d89243bf0358556702db239505668c7290a780c973266a1765f1f3f6108ba2ef9c5c8a221e8a3ca6a7594c23295272e25fef5e8a57a68d7f62fcce2d2900e8069223356768a68e7aecb035bd79384868ed4069c4f685ccf025d3b2b508212be0790c889196bad4142bb5cdb21b57d360f41deb49762fef07da7b98b40f65c1c848a223406cb736043789b9e7b99c30203010001a38201b6308201b2300e0603551d0f0101ff04040302078030819f06082b0601050507010104819230818f304c06082b060105050730028640687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f67736763637234356576636f64657369676e6361323032302e637274303f06082b060105050730018633687474703a2f2f6f6373702e676c6f62616c7369676e2e636f6d2f67736763637234356576636f64657369676e63613230323030550603551d20044e304c304106092b06010401a03201023034303206082b06010505070201162668747470733a2f2f7777772e676c6f62616c7369676e2e636f6d2f7265706f7369746f72792f3007060567810c010330090603551d130402300030470603551d1f0440303e303ca03aa0388636687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f67736763637234356576636f64657369676e6361323032302e63726c30130603551d25040c300a06082b06010505070303301f0603551d23041830168014259dd0fc59098663c5ecf3b1133b571c03923611301d0603551d0e04160414647495db252799919e92757aeb11cb618e59743e300d06092a864886f70d01010b050003820201008fd7b515355202901afd61d31bea633386377258c9c1ea08ac27238bd28f8c92419631c0cda42e4e7c238650b4dc44feea66be7e6312b8f10a84e93274d7949766555a4b7bb1e296331b4e233e9933e3ece45fb1648d37fb40003c67dd39730924f68989b18dd9325b456c9ac83e34677897bd97c03b544aa8bd78c9995454bbf70fc49e80e0a2f5cfdb9ea5f4b185f3d1fbe63a3e78a90af3dc173f0df983a5ecedcb103a4945cf3dac113d826cb3e3f21dd93c3b510023560c6453e86c6a1b38f2fe4e0e23a5c88c4caad66e95bdcff58a359bbb0302629bcbf03646dc9ab1ce80ee9aa15a045a9fe38713623396843dd92ebfbaf7c40a971be64ad03a4ef792cc7fb1a25d0de4a5b897ea1972112dd380338f50486343eb840aa573ec58312b8b0538461c2dbef06af431970d32a59c9e63e555306881e5f0d4bc53c256453db9ee918693aaa6b15c676f444d22fe3b7ddb685a5082f6a4f1ff9d23ad11888278b15ac48f57b54a29984744d842b3ba51ed5681bde0f749c700dc5e14f2336886f0f61c5969b46141dca08fc7362f4a11ba6f8e5789b013faff5675023175eb74f6e565a1456b0004cbc9bfaebf6045ed02c40236c7ba353bbcf8f956b8a714b2efaf458e5548c6fa6b29daa88d2192222b9c9014805b966baf57f63f84e1db6970d95cf80d392b15842446ead9d0d71b23fea52a3c603968c846d7cb4898	HeavyLoad.exe

Executes dropped EXE 11 IoCs

pid	Process
2940	CrystalDiskInfo9_2_1.exe
6016	CrystalDiskInfo9_2_1.tmp
6140	DiskInfo64.exe
6268	HeavyLoad-x64-Setup.exe
3460	HeavyLoad-x64-Setup.tmp
4780	HeavyLoad.exe
6936	HeavyLoad.exe
3896	HeavyLoad.exe
1304	hdsentinel_pro_setup.tmp
4780	HDSentinel.exe
4028	detect.dll

Loads dropped DLL 4 IoCs

pid	Process
4780	HDSentinel.exe
4780	HDSentinel.exe
4780	HDSentinel.exe
4780	HDSentinel.exe

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00060000000233b6-3930.dat	upx
behavioral1/memory/4028-3961-0x0000000000400000-0x0000000000473000-memory.dmp	upx
behavioral1/memory/4028-3965-0x0000000000400000-0x0000000000473000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 47 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	DiskInfo64.exe
File opened (read-only)	\??\F:	HDSentinel.exe
File opened (read-only)	\??\H:	HDSentinel.exe
File opened (read-only)	\??\A:	DiskInfo64.exe
File opened (read-only)	\??\X:	DiskInfo64.exe
File opened (read-only)	\??\T:	HDSentinel.exe
File opened (read-only)	\??\P:	HDSentinel.exe
File opened (read-only)	\??\P:	DiskInfo64.exe
File opened (read-only)	\??\R:	DiskInfo64.exe
File opened (read-only)	\??\I:	HDSentinel.exe
File opened (read-only)	\??\M:	HDSentinel.exe
File opened (read-only)	\??\W:	HDSentinel.exe
File opened (read-only)	\??\L:	DiskInfo64.exe
File opened (read-only)	\??\V:	DiskInfo64.exe
File opened (read-only)	\??\W:	DiskInfo64.exe
File opened (read-only)	\??\O:	HDSentinel.exe
File opened (read-only)	\??\N:	DiskInfo64.exe
File opened (read-only)	\??\S:	DiskInfo64.exe
File opened (read-only)	\??\U:	DiskInfo64.exe
File opened (read-only)	\??\Y:	DiskInfo64.exe
File opened (read-only)	\??\G:	DiskInfo64.exe
File opened (read-only)	\??\H:	DiskInfo64.exe
File opened (read-only)	\??\K:	DiskInfo64.exe
File opened (read-only)	\??\M:	DiskInfo64.exe
File opened (read-only)	\??\Z:	DiskInfo64.exe
File opened (read-only)	\??\J:	HDSentinel.exe
File opened (read-only)	\??\K:	HDSentinel.exe
File opened (read-only)	\??\Y:	HDSentinel.exe
File opened (read-only)	\??\Z:	HDSentinel.exe
File opened (read-only)	\??\B:	DiskInfo64.exe
File opened (read-only)	\??\E:	DiskInfo64.exe
File opened (read-only)	\??\Q:	HDSentinel.exe
File opened (read-only)	\??\U:	HDSentinel.exe
File opened (read-only)	\??\J:	DiskInfo64.exe
File opened (read-only)	\??\T:	DiskInfo64.exe
File opened (read-only)	\??\A:	HDSentinel.exe
File opened (read-only)	\??\B:	HDSentinel.exe
File opened (read-only)	\??\L:	HDSentinel.exe
File opened (read-only)	\??\N:	HDSentinel.exe
File opened (read-only)	\??\R:	HDSentinel.exe
File opened (read-only)	\??\S:	HDSentinel.exe
File opened (read-only)	\??\O:	DiskInfo64.exe
File opened (read-only)	\??\Q:	DiskInfo64.exe
File opened (read-only)	\??\E:	HDSentinel.exe
File opened (read-only)	\??\G:	HDSentinel.exe
File opened (read-only)	\??\V:	HDSentinel.exe
File opened (read-only)	\??\X:	HDSentinel.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	DiskInfo64.exe
File opened for modification	\??\PHYSICALDRIVE0	HDSentinel.exe

Detected potential entity reuse from brand microsoft.
phishing microsoft

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-26HEQ.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-0EOS6.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\JAM Software\HeavyLoad\is-RVSJ4.tmp	HeavyLoad-x64-Setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-KPPUK.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-KVCV4.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-8BNVS.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-16O64.tmp	hdsentinel_pro_setup.tmp
File opened for modification	C:\Program Files\CrystalDiskInfo\CdiResource\AlertMail48.exe	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-UR05H.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-MJHL2.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-6GGQR.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-F15IP.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-1PGTT.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\unins000.msg	hdsentinel_pro_setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-54S48.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-SJVFV.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-756AT.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-CASTP.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-9FQ66.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-ME07F.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-BLKKG.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\JAM Software\HeavyLoad\LicenseFiles\Jedi Component Library\is-8V6IO.tmp	HeavyLoad-x64-Setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-3M3HU.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-0QR83.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-RO6R3.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-TODBH.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-QOE8K.tmp	CrystalDiskInfo9_2_1.tmp
File opened for modification	C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe	HeavyLoad-x64-Setup.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-GDQKG.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-3I1OJ.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-UHSIR.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-SJTKR.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-9B8I1.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-9ETHA.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-75VA7.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-15SMF.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-OLVRN.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-JCBJ4.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\License\is-KFO7L.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-O25FB.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-JV078.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-2QNGS.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-KLKGS.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-NMP0E.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-IQOMK.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-GR583.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-C7APO.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-EP25D.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\JAM Software\HeavyLoad\LicenseFiles\SynPDF\is-9OU3K.tmp	HeavyLoad-x64-Setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-2LRB1.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-V1480.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Dark\is-ASVA5.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-MFK50.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-VBFR3.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-AFP86.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-KQ7HC.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-3PLB4.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-R3K2G.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-UBCL1.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-VDKLK.tmp	hdsentinel_pro_setup.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\is-V1TG8.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\CrystalDiskInfo\CdiResource\themes\FlatSquare\is-Q2CA2.tmp	CrystalDiskInfo9_2_1.tmp
File created	C:\Program Files\JAM Software\HeavyLoad\is-1R3KE.tmp	HeavyLoad-x64-Setup.tmp
File created	C:\Program Files (x86)\Hard Disk Sentinel\is-4DQ58.tmp	hdsentinel_pro_setup.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 34 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	HDSentinel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	HDSentinel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	HDSentinel.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	HDDScan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\RemovalPolicy	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	HDSentinel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\LocationInformation	HDSentinel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	HDDScan.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	HDDScan.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\UINumber	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	HDSentinel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	HDDScan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	HDDScan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Driver	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\LocationInformation	HDSentinel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	HDDScan.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\UINumber	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\RemovalPolicy	HDSentinel.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Driver	HDSentinel.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI	HDSentinel.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133454608752530791"	chrome.exe

Modifies registry class 22 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Explorer.exe\Drives\C\DefaultIcon	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Explorer.exe	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe\Drives	HDSentinel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe\Drives\F\DefaultIcon\ = "C:\\Program Files (x86)\\Hard Disk Sentinel\\win11_statusg.icd,1"	HDSentinel.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3811856890-180006922-3689258494-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HDZfile\DefaultIcon\ = "C:\\Program Files (x86)\\Hard Disk Sentinel\\HDSentinel.exe,1"	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HDZfile	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HDZfile\shell\open	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe\Drives\F\DefaultIcon	HDSentinel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\HDZfile\shell\open\command\ = "C:\\Program Files (x86)\\Hard Disk Sentinel\\HDSentinel.exe \"%1\""	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe\Drives\C	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe\Drives\C\DefaultIcon	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HDZfile\DefaultIcon	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HDZfile\shell\open\command	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\HDZfile\shell	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\Explorer.exe\Drives\F\DefaultIcon	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe\Drives\F	HDSentinel.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDZ	HDSentinel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDZ\ = "HDZfile"	HDSentinel.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\explorer.exe\Drives\C\DefaultIcon\ = "C:\\Program Files (x86)\\Hard Disk Sentinel\\win11_statusg.icd,14"	HDSentinel.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\C10BB76AD4EE815242406A1E3E1117FFEC743D4F\Blob = 030000000100000014000000c10bb76ad4ee815242406a1e3e1117ffec743d4f2000000001000000ec060000308206e8308204d0a003020102021077bd0e05b7590bb61d4761531e3f75ed300d06092a864886f70d01010b05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303732383030303030305a170d3330303732383030303030305a305c310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613132303006035504031329476c6f62616c5369676e204743432052343520455620436f64655369676e696e67204341203230323030820222300d06092a864886f70d01010105000382020f003082020a0282020100cb20ef971eb9013243a05ba98a23fd205eae38128bca2cd4ff41d81a55d41953b7fda317e77a395cc0f7ce11a3f9a5ed01fab5ba93efaf93dcf8e2b3194c83b04a4450047884106aa4d696908e81f87cab2fb5a35733d2587b940e6d0fa591262ab3834f72b18a7b6492d0f0b4555f960b11e59ab52cb211cf251b7d512b981f49a35ff8139e35b80302daa4132f854aefc42f700ec1d4cc3312ecbd4095d311cae6cdb3059cc853eb52d7784c51019282de13f3078e74ba84809fd2a4150ee8afebf789f6df71f0d1bea7b241332075ccb1d5ed1d0719c4eb2677f2ab6d179349a9b7e6c3909cc6b8ecccc97b9a5ec5c52493636f7e108b61cf9855a324a28836f2f99fbe932eb2069f26c00c015612e1b28a9f0e1edc988b2ecfdae28934a61f26a0a8ae786deca188153cc2eaeeb7d8ad61a5af7036a2798edc0d73c0f1e42cab94ec5806393648d63b5ae822ce740eaf2cf115dad1b495e8acd5496de5afdd9b6b63205d8e7e3bb243d8623a94e5cdb498b3371924127273ab04b009dc85e6d42204ef402a1d2e6dc769d36eb7016c0de097a716e6268b88f70344865f62674cb5a737a855dc03368c6ecf6d3626f10e8fb03d71c0e132a782e4b6320232307cb593c821fd3c88e66963f8ee75c98bc2abefba3afde95ebfb611f1bef03dca323e6e7dde0f7e9b95c41287e71ab84eee2cc1dfa165e82483c92ac2fdb9530203010001a38201ad308201a9300e0603551d0f0101ff04040302018630130603551d25040c300a06082b0601050507030330120603551d130101ff040830060101ff020100301d0603551d0e04160414259dd0fc59098663c5ecf3b1133b571c03923611301f0603551d230418301680141f00bf46800afc7839b7a5b443d95650bbce963b30819306082b06010505070101048186308183303906082b06010505073001862d687474703a2f2f6f6373702e676c6f62616c7369676e2e636f6d2f636f64657369676e696e67726f6f74723435304606082b06010505073002863a687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f636f64657369676e696e67726f6f747234352e63727430410603551d1f043a30383036a034a0328630687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f636f64657369676e696e67726f6f747234352e63726c30550603551d20044e304c304106092b06010401a03201023034303206082b06010505070201162668747470733a2f2f7777772e676c6f62616c7369676e2e636f6d2f7265706f7369746f72792f3007060567810c0103300d06092a864886f70d01010b050003820201002575a009c939bab7a139892f189fabd6eb1d4be8947c0d07689b1c9def71b6176a6b024fb33f864587cc659b4ce35806022266d56102c5638fd4a2f1b65e250b7796e9cd7140338829eceef3a26dbc4db53e064bc97333ca08142d3d4ce8b0ba75a6742da4583a6c1349f8a5150a149685b16a68342542af9656f410fa247df12b72c116e16bebe6a998c73e5af4d0189dfd74978677462a3d237d28738aaeef2b1b9abf6c53a7149e3c8771c05e8ec8fbd32a9233ea574d5e075ecac118ac812d1a21fa6ecf97617bdf717a3aca63f7d530443732febb4385dcbafca6ca33192b776ddbcb05f07e5f752ea2b6bf35aa3663c9ce64d9bdfcbc2cf3495600c8122bc627bb37af57efc4cf1e29c4f4e22dce2a61cf57edf50a40e2f518d61ee9902fcad3875f938a481a111de537859f2e66629a5e814e95ac555743dc538b257e3c610f8a0bbaf53fa6d78ef704565e21bb9fd76a7180bf96de7203d8d8222bf327164f38e851400cae92efbe3d7df780c64c36578495a7841548300e5227088d8ea2bd22c719c9a6ca0ea87a36db6aba615f112495a4e28e68ee19a949995ed0b434bdd6f940c710973152393529118724d3c4fba963cb7748d5fa62fc24e0047a4ed0e46edece9e385026f4217165d70925d4c907007ab8c7f377e8c5d4e255d0d31ef67f52e2498db911720c88442633660144dfe4330e21de62894807daf5	HeavyLoad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6EFA92872C2651A65B3DF96F86DC7E757A7CC4CC	HeavyLoad.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\TrustedPublisher\Certificates\6EFA92872C2651A65B3DF96F86DC7E757A7CC4CC\Blob = 0300000001000000140000006efa92872c2651a65b3df96f86dc7e757a7cc4cc2000000001000000b5070000308207b130820599a003020102020c7437a5598abdfe99d24fc056300d06092a864886f70d01010b0500305c310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613132303006035504031329476c6f62616c5369676e204743432052343520455620436f64655369676e696e672043412032303230301e170d3232303131373135333835385a170d3235303232383136343934395a30820115311d301b060355040f0c1450726976617465204f7267616e697a6174696f6e3111300f06035504051308485242203439323031133011060b2b0601040182373c020103130244453120301e060b2b0601040182373c020102130f526865696e6c616e642d5066616c7a31193017060b2b0601040182373c0201011308576974746c696368310b3009060355040613024445311830160603550408130f526865696e6c616e642d5066616c7a310e300c0603550407130554726965723120301e06035504091317416d2057697373656e736368616674737061726b203236311a3018060355040a13114a414d20536f66747761726520476d6248311a3018060355040313114a414d20536f66747761726520476d624830820222300d06092a864886f70d01010105000382020f003082020a0282020100dfe1d8bb3f3517598fdfda7270068418b9575ae4f59959a5c0c379f23d7895a6c7545b1cd993ca4391ebcc82cde7d1274c869b3cac7ad8674cbb4132c179e3cdabe7b9200801bf6e0741e6e446890f5121ea11822a27e2b02efd66e621066d3722cfbf72ca8289deea36f58c4b2e12977fd2dba0587f40675e30bac5f9d50a56627f4586556ebd5bb26b4bfbc16388c0e0be73c2ea5e8e6bb44cc16de0b181871e66b4922e7de444f9b70679d91a4f5ce7d7cfa88112f493db002afc41678026b2d3fbf781dda4ec790272716c459bf2d6c140139d7c248cfc6759897a5195c53563536f3a4f30254f72e17c8bbc5c25b4971786caa4c78f097cbac7e1630925f6f852de31b9a7fed46f1f5d2db50b41ddef0cce66652765b64f9127f9821ed40c4510610377334ab455c5b64b6eead2469b983b45e0716d4efc149f925ad296ffca431fe82762ca58a4d8a5d38850fc6b53d4a14e165ce89054589395980d13939ecc631fb60531f3525c72d3cd85c0cc5d89243bf0358556702db239505668c7290a780c973266a1765f1f3f6108ba2ef9c5c8a221e8a3ca6a7594c23295272e25fef5e8a57a68d7f62fcce2d2900e8069223356768a68e7aecb035bd79384868ed4069c4f685ccf025d3b2b508212be0790c889196bad4142bb5cdb21b57d360f41deb49762fef07da7b98b40f65c1c848a223406cb736043789b9e7b99c30203010001a38201b6308201b2300e0603551d0f0101ff04040302078030819f06082b0601050507010104819230818f304c06082b060105050730028640687474703a2f2f7365637572652e676c6f62616c7369676e2e636f6d2f6361636572742f67736763637234356576636f64657369676e6361323032302e637274303f06082b060105050730018633687474703a2f2f6f6373702e676c6f62616c7369676e2e636f6d2f67736763637234356576636f64657369676e63613230323030550603551d20044e304c304106092b06010401a03201023034303206082b06010505070201162668747470733a2f2f7777772e676c6f62616c7369676e2e636f6d2f7265706f7369746f72792f3007060567810c010330090603551d130402300030470603551d1f0440303e303ca03aa0388636687474703a2f2f63726c2e676c6f62616c7369676e2e636f6d2f67736763637234356576636f64657369676e6361323032302e63726c30130603551d25040c300a06082b06010505070303301f0603551d23041830168014259dd0fc59098663c5ecf3b1133b571c03923611301d0603551d0e04160414647495db252799919e92757aeb11cb618e59743e300d06092a864886f70d01010b050003820201008fd7b515355202901afd61d31bea633386377258c9c1ea08ac27238bd28f8c92419631c0cda42e4e7c238650b4dc44feea66be7e6312b8f10a84e93274d7949766555a4b7bb1e296331b4e233e9933e3ece45fb1648d37fb40003c67dd39730924f68989b18dd9325b456c9ac83e34677897bd97c03b544aa8bd78c9995454bbf70fc49e80e0a2f5cfdb9ea5f4b185f3d1fbe63a3e78a90af3dc173f0df983a5ecedcb103a4945cf3dac113d826cb3e3f21dd93c3b510023560c6453e86c6a1b38f2fe4e0e23a5c88c4caad66e95bdcff58a359bbb0302629bcbf03646dc9ab1ce80ee9aa15a045a9fe38713623396843dd92ebfbaf7c40a971be64ad03a4ef792cc7fb1a25d0de4a5b897ea1972112dd380338f50486343eb840aa573ec58312b8b0538461c2dbef06af431970d32a59c9e63e555306881e5f0d4bc53c256453db9ee918693aaa6b15c676f444d22fe3b7ddb685a5082f6a4f1ff9d23ad11888278b15ac48f57b54a29984744d842b3ba51ed5681bde0f749c700dc5e14f2336886f0f61c5969b46141dca08fc7362f4a11ba6f8e5789b013faff5675023175eb74f6e565a1456b0004cbc9bfaebf6045ed02c40236c7ba353bbcf8f956b8a714b2efaf458e5548c6fa6b29daa88d2192222b9c9014805b966baf57f63f84e1db6970d95cf80d392b15842446ead9d0d71b23fea52a3c603968c846d7cb4898	HeavyLoad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	HeavyLoad.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	HeavyLoad.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\C10BB76AD4EE815242406A1E3E1117FFEC743D4F	HeavyLoad.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\CrystalDiskInfo9_2_1.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
6016	CrystalDiskInfo9_2_1.tmp
6016	CrystalDiskInfo9_2_1.tmp
6200	chrome.exe
6200	chrome.exe
3460	HeavyLoad-x64-Setup.tmp
3460	HeavyLoad-x64-Setup.tmp
4780	HeavyLoad.exe
4780	HeavyLoad.exe
6936	HeavyLoad.exe
6936	HeavyLoad.exe
3896	HeavyLoad.exe
3896	HeavyLoad.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe
552	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
6140	DiskInfo64.exe
6204	HDDScan.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeDebugPrivilege	3920	firefox.exe
Token: SeDebugPrivilege	3920	firefox.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe
Token: SeShutdownPrivilege	1864	chrome.exe
Token: SeCreatePagefilePrivilege	1864	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
6016	CrystalDiskInfo9_2_1.tmp
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
6140	DiskInfo64.exe
6360	HDDScan.exe
6204	HDDScan.exe
6204	HDDScan.exe
6204	HDDScan.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
1864	chrome.exe
1864	chrome.exe
6204	HDDScan.exe
6204	HDDScan.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
1864	chrome.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe
6756	taskmgr.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
3920	firefox.exe
6140	DiskInfo64.exe
6140	DiskInfo64.exe
6360	HDDScan.exe
6360	HDDScan.exe
6360	HDDScan.exe
6360	HDDScan.exe
6360	HDDScan.exe
6204	HDDScan.exe
6204	HDDScan.exe
6204	HDDScan.exe
4780	HeavyLoad.exe
6936	HeavyLoad.exe
3896	HeavyLoad.exe
3896	HeavyLoad.exe
3896	HeavyLoad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 1348	1864	chrome.exe	83
PID 1864 wrote to memory of 1348	1864	chrome.exe	83
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 1272	1864	chrome.exe	87
PID 1864 wrote to memory of 2088	1864	chrome.exe	88
PID 1864 wrote to memory of 2088	1864	chrome.exe	88
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89
PID 1864 wrote to memory of 3328	1864	chrome.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd5479758,0x7ffcd5479768,0x7ffcd5479778
  2⤵
  PID:1348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1668 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:2
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2204 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3036 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3028 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:1088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4724 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:2004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5248 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5020 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3060 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1560 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5400 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1072 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:6212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4828 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6060 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4608 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4056 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4476 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:7124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5412 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6468 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6436 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6384 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6416 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:1600
- C:\Users\Admin\Downloads\HeavyLoad-x64-Setup.exe
  "C:\Users\Admin\Downloads\HeavyLoad-x64-Setup.exe"
  2⤵
  - Executes dropped EXE
  PID:6268
- - C:\Users\Admin\AppData\Local\Temp\is-E3OG0.tmp\HeavyLoad-x64-Setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-E3OG0.tmp\HeavyLoad-x64-Setup.tmp" /SL5="$4023E,17230085,857088,C:\Users\Admin\Downloads\HeavyLoad-x64-Setup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Suspicious behavior: EnumeratesProcesses
    PID:3460
  - - C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe
      "C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe" /nogui /installcertificate
      4⤵
      Manipulates Digital Signatures
      Executes dropped EXE
      Modifies system certificate store
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4780
  - - C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe
      "C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe" /NOGUI /INSTALL /SAVESETTINGS /Language "en"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:6936
  - - C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe
      "C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:3896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6960 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:7064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5396 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=7148 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6936 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6708 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1612 --field-trial-handle=1904,i,2034105846464090673,10904949969998839155,131072 /prefetch:8
  2⤵
  PID:4824

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3932
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.0.978885921\704267970" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1868 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {97787f0d-f3e0-4722-8c57-ac381f931fcb} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 1972 240ff703b58 gpu
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.1.1799967413\1050398189" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d5e703a-ecd9-4024-a151-dd94de94c904} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 2376 240fe3f1858 socket
    3⤵
    PID:2656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.2.1037285933\1892859746" -childID 1 -isForBrowser -prefsHandle 3300 -prefMapHandle 3384 -prefsLen 21077 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca5ee167-2a3b-4034-9a77-149dae731155} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 3432 24089fb1058 tab
    3⤵
    PID:5284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.3.1661099851\647003907" -childID 2 -isForBrowser -prefsHandle 3720 -prefMapHandle 3716 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82b3402a-8076-47a6-a245-146ef67b67e6} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 2796 2408a5b5e58 tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.4.1868613507\1562834772" -childID 3 -isForBrowser -prefsHandle 4276 -prefMapHandle 4260 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8e6e9c3-7c39-4fc7-8f06-75acb53765a3} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4292 2408b368f58 tab
    3⤵
    PID:5572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.5.338414137\1844910953" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5224 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84528169-1d0b-40e6-a860-1064a6385302} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5244 2408c3dfd58 tab
    3⤵
    PID:6124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.7.329431598\200191366" -childID 6 -isForBrowser -prefsHandle 5572 -prefMapHandle 5576 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4aea85c-4ee5-40a1-99e4-c97d497c6a31} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5244 2408c787c58 tab
    3⤵
    PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.6.1166286429\134827688" -childID 5 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec03ff0-0018-4943-a51b-985359b3c26e} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5376 2408c787058 tab
    3⤵
    PID:6132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.8.409063288\401757689" -childID 7 -isForBrowser -prefsHandle 5920 -prefMapHandle 5224 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a947c742-2216-4afc-bb3f-2868641fc1f5} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5928 2408e532358 tab
    3⤵
    PID:6056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.9.1783153931\5504510" -parentBuildID 20221007134813 -prefsHandle 4412 -prefMapHandle 4408 -prefsLen 26831 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45568bb4-1bbf-4b71-9108-608cd2294d2d} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4400 2408866fc58 rdd
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.10.1540385546\1442769588" -childID 8 -isForBrowser -prefsHandle 3064 -prefMapHandle 4412 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {243fa0e3-dc5a-4d18-bb07-1573a7017e9d} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 3372 24088670b58 tab
    3⤵
    PID:3332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.11.163390533\1358845584" -childID 9 -isForBrowser -prefsHandle 4100 -prefMapHandle 5876 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {619536ac-813e-4684-bc5b-b15e04d380bf} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 6296 2408ec05258 tab
    3⤵
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.12.913836046\436570179" -childID 10 -isForBrowser -prefsHandle 5728 -prefMapHandle 5716 -prefsLen 26831 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c21cf30-1630-42f4-99fb-0116eb13d9cf} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5708 2408e20a458 tab
    3⤵
    PID:5168
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\18c8c9be-044c-49de-a68a-dd516daee3e5.dmp"
    3⤵
    PID:5872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.13.380907395\1275507158" -childID 11 -isForBrowser -prefsHandle 6200 -prefMapHandle 6196 -prefsLen 26880 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88354ea6-5d1d-4fcd-b1c6-6b39f51ce635} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 4092 2408866e458 tab
    3⤵
    PID:4684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.14.2125491407\696666927" -childID 12 -isForBrowser -prefsHandle 6444 -prefMapHandle 6440 -prefsLen 26880 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08695f64-4acf-4f08-9cd6-1c3b6e630bcd} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5944 2408e732e58 tab
    3⤵
    PID:5896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.15.2098531496\1404146866" -childID 13 -isForBrowser -prefsHandle 5992 -prefMapHandle 6008 -prefsLen 26880 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26b55b3c-2cd5-459e-ba37-cef61324099a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5980 24090cf1558 tab
    3⤵
    PID:4740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.16.1582132790\897190213" -childID 14 -isForBrowser -prefsHandle 10352 -prefMapHandle 10356 -prefsLen 26880 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db181ff5-cd48-4a97-bee9-565dee4b4aef} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 10460 24090cf4b58 tab
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.17.2069146431\898263701" -childID 15 -isForBrowser -prefsHandle 6408 -prefMapHandle 6208 -prefsLen 27145 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {633ddd4d-65ae-4296-9972-b86cded20cc2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 6416 24090dc6358 tab
    3⤵
    PID:6328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.18.1837457894\923002879" -childID 16 -isForBrowser -prefsHandle 6532 -prefMapHandle 6520 -prefsLen 27145 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e683bf56-8ab3-4742-9acd-41039115bd2d} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 6512 2408d8a5b58 tab
    3⤵
    PID:6340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.19.701856585\1398106299" -childID 17 -isForBrowser -prefsHandle 4848 -prefMapHandle 3004 -prefsLen 27145 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be011238-a063-49e2-b722-7fcbe16f2ae4} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 10700 2408e198458 tab
    3⤵
    PID:6996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.20.1383467945\1190764907" -childID 18 -isForBrowser -prefsHandle 11072 -prefMapHandle 11068 -prefsLen 27185 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f84bb2f-f835-4acf-85cd-8142d8103831} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 11084 24090963e58 tab
    3⤵
    PID:952
- - C:\Users\Admin\Downloads\CrystalDiskInfo9_2_1.exe
    "C:\Users\Admin\Downloads\CrystalDiskInfo9_2_1.exe"
    3⤵
    - Executes dropped EXE
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\is-82TQ4.tmp\CrystalDiskInfo9_2_1.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-82TQ4.tmp\CrystalDiskInfo9_2_1.tmp" /SL5="$11018A,4683783,857600,C:\Users\Admin\Downloads\CrystalDiskInfo9_2_1.exe"
      4⤵
      Executes dropped EXE
      Drops file in Program Files directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of FindShellTrayWindow
      PID:6016
    - - C:\Program Files\CrystalDiskInfo\DiskInfo64.exe
        
        "C:\Program Files\CrystalDiskInfo\DiskInfo64.exe"
        5⤵
        Executes dropped EXE
        Enumerates connected drives
        Writes to the Master Boot Record (MBR)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        
        PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.21.207127402\1890275394" -childID 19 -isForBrowser -prefsHandle 10272 -prefMapHandle 10244 -prefsLen 27185 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae36744-33a9-43a7-9f94-6df9fe8a97b9} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 10284 24090fa5658 tab
    3⤵
    PID:6148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.22.1240677335\193356255" -childID 20 -isForBrowser -prefsHandle 5804 -prefMapHandle 5812 -prefsLen 27185 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c8afb8d-8982-4784-898a-19dee5a7571e} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5984 2408fe0b558 tab
    3⤵
    PID:6796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.23.750714333\2102655318" -childID 21 -isForBrowser -prefsHandle 1724 -prefMapHandle 5092 -prefsLen 27185 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9293fe6-1eef-4ecf-8020-8447d461a7b2} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 6292 2408fe0c458 tab
    3⤵
    PID:6824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.24.1098128600\379750735" -childID 22 -isForBrowser -prefsHandle 6216 -prefMapHandle 6668 -prefsLen 27321 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7c09c22-3b79-406f-acf9-c42275e7a884} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 9644 2408edfa558 tab
    3⤵
    PID:6244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.25.1947381453\1414347227" -childID 23 -isForBrowser -prefsHandle 10204 -prefMapHandle 10292 -prefsLen 27321 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa7cf51f-2459-48af-b45a-a8e91e5a7528} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 5420 24090af2258 tab
    3⤵
    PID:1552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.26.1633507186\1432325999" -childID 24 -isForBrowser -prefsHandle 10356 -prefMapHandle 6400 -prefsLen 27321 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c09a7bb-1315-4d55-8d40-4cd748d3d7b0} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 10264 2408a8e2458 tab
    3⤵
    PID:744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.27.130785808\1626166071" -childID 25 -isForBrowser -prefsHandle 6268 -prefMapHandle 6412 -prefsLen 27321 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa4314b9-0733-4341-a43c-9fe98201b70a} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 416 2408a8e4858 tab
    3⤵
    PID:2668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.28.1848953668\737719929" -childID 26 -isForBrowser -prefsHandle 10748 -prefMapHandle 10804 -prefsLen 27339 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fce79683-39ac-4c28-85bd-70149760b583} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 10796 24089081058 tab
    3⤵
    PID:3236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.29.42249603\1462334835" -childID 27 -isForBrowser -prefsHandle 11136 -prefMapHandle 11152 -prefsLen 27339 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d212063b-6040-43c0-98be-91fcdff6daac} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 11164 2408a5e3a58 tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3920.30.328449012\1748045608" -childID 28 -isForBrowser -prefsHandle 3060 -prefMapHandle 6384 -prefsLen 27339 -prefMapSize 232675 -jsInitHandle 1112 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d36ec7b1-f5c9-40b3-89d5-76d25c4e5216} 3920 "\\.\pipe\gecko-crash-server-pipe.3920" 6280 2408a8e3f58 tab
    3⤵
    PID:4860

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1044

C:\Users\Admin\Desktop\HDDScan.exe
"C:\Users\Admin\Desktop\HDDScan.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:6360

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\c96f9815902b4a99ba02cbc75a9b70ea /t 4780 /p 6360
1⤵
PID:6920

C:\Users\Admin\Desktop\HDDScan.exe
"C:\Users\Admin\Desktop\HDDScan.exe"
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:6204

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4984

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:6756

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
PID:552

C:\Users\Admin\Desktop\hdsentinel_pro_setup.exe
"C:\Users\Admin\Desktop\hdsentinel_pro_setup.exe"
1⤵
PID:5696
- C:\Users\Admin\AppData\Local\Temp\is-K7V91.tmp\hdsentinel_pro_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-K7V91.tmp\hdsentinel_pro_setup.tmp" /SL5="$506D4,36747359,68608,C:\Users\Admin\Desktop\hdsentinel_pro_setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:1304
- - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
    "C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe" /firstrun
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Writes to the Master Boot Record (MBR)
    - Checks SCSI registry key(s)
    - Modifies registry class
    PID:4780
  - - C:\Program Files (x86)\Hard Disk Sentinel\detect.dll
      "C:\Program Files (x86)\Hard Disk Sentinel\detect.dll" *WMIC2* . "C:\Users\Admin\AppData\Local\Temp\231126083420797.25656095.tmp" SELECT Index,PNPDeviceID FROM Win32_DiskDrive
      4⤵
      Executes dropped EXE
      PID:4028
  - - C:\Windows\SysWOW64\fsutil.exe
      fsutil behavior query disabledeletenotify
      4⤵
      PID:6240
  - - C:\Windows\SysWOW64\CSCRIPT.exe
      CSCRIPT //NOLOGO "C:\Users\Admin\AppData\Roaming\Hard Disk Sentinel\hds_control_remove.vbs"
      4⤵
      PID:1060
  - - C:\Windows\SysWOW64\CSCRIPT.exe
      CSCRIPT //NOLOGO "C:\Users\Admin\AppData\Roaming\Hard Disk Sentinel\hds_control_check.vbs"
      4⤵
      PID:6804
  - - C:\Windows\SysWOW64\CSCRIPT.exe
      CSCRIPT //NOLOGO "C:\Users\Admin\AppData\Roaming\Hard Disk Sentinel\hds_control_add.vbs"
      4⤵
      PID:6120

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:1900

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:4852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Hard Disk Sentinel\HDSCtrl.exe

Filesize
268KB

MD5
a3e7cf440c7fd5f0e8aeb1308f308d32

SHA1
c6f5147c1eb22894609e9f9d57706abd56a893bd

SHA256
c32cfe37c659db18f0780371218df95a2703f494bdd15f9796182aa14737b2ce

SHA512
c8c2eab66d958e22746794576dc45329a301e06f2c15f316e82a7593fc3840e3df3a2ff5be5c5b713d0ad65b3b9fa897d6476dc8cb4fd615ab1844db6f2fc56f

Download Submit
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe

Filesize
5.9MB

MD5
1ebd530811531ac50ff981ffa29ca326

SHA1
524a82a4a834b6dbd248c69f8e3be4d84e7adcaf

SHA256
ddaab944802ec2dfc43bce46d5630d274b8eb219b4809a45425e8c22db239da6

SHA512
4723ae1b954f37d2451f88cc27e69ef43caa37a8530c731f7404a2b0b7fcea0ff28364050dddd30ad111aa9813284322f2be9ac0ecf32312c48d87760210191f

Download Submit
C:\Program Files (x86)\Hard Disk Sentinel\unins000.exe

Filesize
713KB

MD5
63dc3ef4dd183d738ee674a7aee7edd9

SHA1
861cf46966aff182604afa2c1a153f7b2ae49a6e

SHA256
b6c65001aadd2c8696c610cecd6b9acbf1a3b161efe66683858ef3376e915eb4

SHA512
6420ecb24f5ed89317ba8d0f0a8a22c73156abe1f0684c1fa7c8d3c5b0745ad85b020956c90393a8297413090185f6e4ba0c52f6fdfa4f2cc8b9a00e6d44dfef

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\dialog\Graph.html

Filesize
8KB

MD5
8f1697ee6ec9064c8f34e987e1492b23

SHA1
1055e314e088f5a21d8b0e49b10ce4e8bdd3b2de

SHA256
93abe1dedcec0cc9cee33562d2e9b4990e67186a171e9eb7ad0354818c071f06

SHA512
f313b3a7bd973cdc724033802a901a4dc0f6646c35d8987048829ecafb865ab08364a816be9367b9a0ec3dc7e97ed4720cacf37303f70a14c99b7167ba65eb77

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Arabic.lang

Filesize
78KB

MD5
3676334c27f13b30e5ce3797c0ba175a

SHA1
ddfd2ccc1aeded64121fe512cc69a505648245e5

SHA256
10c624fafd4a72b5fc326c0628929867d859eff3fbd0161d0ae0a7e9a3570269

SHA512
cc0c4e19a4df83b353b4e50fd6e9292c9da2830dc0a5da2eeadfc27e9c96924f92f157b29ca64828e18ac8afa8c85491c464611d1ab022029222adcdd7878b1c

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Armenian.lang

Filesize
81KB

MD5
c55c061781c81d5ba8894b9951215465

SHA1
7c33118473864357b1aa8ccecbd1678e1c13e483

SHA256
acdd52b591145367d4064d85b96a3b119a01c72bea0bdf9359f687f5db7ee68e

SHA512
4cc2eb8ac4d84e61058794f6dc34d9eec5d64865f3ecc8e067757e48738c268ebd4aa82d3eefcee428e8fb82238f990fa08da5e65b83b223b06671bed4346ca1

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Azeri.lang

Filesize
78KB

MD5
f5aeeb73e529482c4edf72b019e22979

SHA1
55aca6d784225b9a625fc359ea450535a18474fa

SHA256
2f6fee034d892b6676b93dae148e06c63a38a51f6d8213907e575ab812194d7e

SHA512
68c78b3905af5c3107f5ba3d289437b0b26327f70e394865b43b6bb951ca6688be565a1fb273c9e6b00ff9ab3bb582f283fb44cb67e4379423ffa983ea774876

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Bulgarian.lang

Filesize
82KB

MD5
27c1f963859fba8b79f7e8b7b8ec242a

SHA1
7740dfa9c4a5887ed3ffec5775c3c6860ea70a52

SHA256
6a941715e7e837ba6e5be511da60272f1acb0fe60ff01e09be19287b2a297c66

SHA512
0453398dca018d03e478a917a135196d674ef1f297da598364558db331276eedfcdf5f9639c9c0f215b83d8b9070c8bdc64787997e07e06d138581594ebd3d40

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Catalan.lang

Filesize
97KB

MD5
490c4cf36624b7cc578f7e269953279c

SHA1
7ef4a84803e6ab7a2d5ab5e5513a52bdeb0dae44

SHA256
0e0fd7d021be88f906214d818400432c2b3c75b7e43bc5f3f5e66742484f38fc

SHA512
2261f727e8b316cab19ae840743c2ddcfa86702801aff248a07901a674c035918254929dae121039b726ec5dcb14f7668760f8f6e6c1f27bacf3fd36cfeeb2f2

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Czech.lang

Filesize
84KB

MD5
9fd91dd78d422052e37ab1d959baeb9c

SHA1
2262b7050762e5fa991181b0875a7244cce32b05

SHA256
86e173ed7d18e12f1d7696927d358bbf9563d79cf235eb5aba625ed5f9e7c45b

SHA512
e8525eb4262e6e3982d6d9dc7d25f77f8cfd4cf35582c7f5c05615718d6c0509bc8d94151addb8095fec75d954503a0bddb675d5a170064001b09403a093ed11

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Danish.lang

Filesize
81KB

MD5
e486bf2659e9139eab09682ac9de43c9

SHA1
654e33d1906fe99f70e240b2a3d7f3b2d308a0a4

SHA256
8dd70e66276472bc2f0d984761bc8db371741ea1f0fc994b2d3c807941a4cb10

SHA512
4b98ff62b3a8d50f94f460e16b6b0aad71b8ac32e4e21b0c72b503c8802fc27d64de36ae0514337997d2ed9a37b435dba57c4270fb4cd5c79edff8549f957a1a

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Dutch.lang

Filesize
79KB

MD5
5c7053893433fb558a9f0aa7bb5eab68

SHA1
c9871b4588dbc95a76a190b196e89cf213d47ca9

SHA256
aeda8f5a4675121ffc33406daaab2ee4e6903d6e6cfed086051bfd8f926e01bd

SHA512
7ceea5edb68aa63f995b9455b1e1630626ccdc2f970fe2f208f7e13767bf07f6c01a3f6c51c56e86949b0478a5664e71da7c49eba1429d8999db7fdf8c9f5603

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\English.lang

Filesize
81KB

MD5
bded24764dec971822ee1a41ad50014f

SHA1
a3b9822140b0395f07d9d99fcc84eb8165d364ab

SHA256
58545b5ad2cd34c2263f45c468bb2308dd406badbde06f4573aeaff9ceb7ca04

SHA512
6e72ef271b6b87cd4bacf011f23a33a512b430ec4e84f770cddfa932210e493b5451e67e7fb04b34c3dd13907c39e2c130e960faf0a5961be3fbc4d80d7484be

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Filipino.lang

Filesize
79KB

MD5
d136d0ce065218d49f4b9d5e390b676e

SHA1
68766665f3aad7085c85e06510bc72127ff58fa9

SHA256
3d1a58588b1374396198ef6e1fcafaf355517017ccfdc03655b510fa205e555c

SHA512
b5c65764c1763112809879996ae32fb122f91a34cff740d5b38a99ed91ec0633b2b9b65790214bb5028c3e42cd898d5cedc32f8e02ff8ff1d4247d3ae2a14265

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Finnish.lang

Filesize
84KB

MD5
ba5018f5aa566449bd66c0e1d1eba16d

SHA1
038ab261ac34e9ea0b61bc82cf2d65f7f3c18157

SHA256
8177a374bc936d31f4579daf109502995bd139776886232c10119d04d790d703

SHA512
27db3be006baa31ae6cb0144027e709b1d00b0e59d24ab30139a7cc0834fd0640163f450e7127f5c168f2cf2e586334b2b6e511f1d986831f6bdab98d5015c51

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\French.lang

Filesize
94KB

MD5
4e818d55245fa0635e9a96a9f9760650

SHA1
8cdd88b84f8cd7af3bb28771cf6fc54fcbbe6b5f

SHA256
b228e2f55e78534d1c3a70097428e7ff17d8f0b59ebffc55973fa7dc2db51149

SHA512
c19ed8ab16c6f5085713f128eebae1ebe012c5581db37fbf88dc7034da37e3fc747698c6a284a55dfa6cbca8882698b18dfc0ba9355dd29fe59c7963fd4ee9bb

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Galician.lang

Filesize
92KB

MD5
87c98a1c08195ba99fdcdba5ad051e78

SHA1
26a0793dd533713fd12ada8e52bbd13c8e200a96

SHA256
8fe98912c9c8c3e71afb6eec568a874d6a40979bbb5fdaa73d7cbe079424098b

SHA512
57c473e2edaa0b46fd356ca0d94be893bf780918867e1b5ef7a5c9511d81109ad426cd0260cc3eb030b7955f8bf665ec2117ef7541d7187958a305c0d2f82d68

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\German.lang

Filesize
81KB

MD5
73d90cfc1108360a89a1fb9094e20ba2

SHA1
bc246be29badc855027d65562cc685a933d14cda

SHA256
0902348f5fdf447758372bc94343a4717e018e6af9af5ba8ea8b9fc460bb89dd

SHA512
661238393174e3585562bf2365c828edc1b0352a914e2f0a3de1ce3b10d18116e106878b1729ddbef19fd34fbcb9ea1a12fad33359060b0d39a5c2891169ba03

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Greek.lang

Filesize
79KB

MD5
374ee6ba330f03941268dc00fcd2365b

SHA1
d240d21368911e1a85044f45f2883c778055c4cc

SHA256
8ddb285af88023a9beb9afe3238726e056490fc188676340489191cc9b2185ef

SHA512
3af67f9a85d6959d0039d3a04e06dce123fd58f152938b9673650caa52887808e274e76dc3a3673a47add2ebdb796ad0de2a6de6cc41792dc3f44868aec3d52c

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Hungarian.lang

Filesize
85KB

MD5
98022b120eb5138dacfb078c13807930

SHA1
cfc15eccfdb6aeb748ebf9b25984682346cc307c

SHA256
bac7d503e87164fc7c14803f484f42b018be8b2a3e221c800040534d72db197c

SHA512
eb5f29f9a24ecf445e903e7728c7aeda175a2659782552ac204ccd0202afb0e13cd3650a44ee02f6e66405be908c89d33ec5717093c66fa9ca9d74f188775f5d

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Italian.lang

Filesize
84KB

MD5
00fc2f9256c6a9067f590fa9c3ae3242

SHA1
d11fe86fcf8c4685c27b66bf1d23eced5e0d1af3

SHA256
47564085a50590379fae6ddaff16b3e5d3cc3ca4a0c8e2bead6485448d30575b

SHA512
7db837a6fc27cf3cfcc5f84ad973bd08cf27f29e9ee2f7cb1abbe3548ff7e72127839db42296e65faa73e86fd7493ba33f43185ad576e6689017abaf8451416b

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Japanese.lang

Filesize
51KB

MD5
fa2e3f23795fcf62fbeebf49d8dc41a9

SHA1
0d9b8f7b643017edb558e83cff42f0ebfd3d5e00

SHA256
e68c8e53991cc961767f20bd451bb90c0bcada81609d78af1bc2aa651eea5349

SHA512
ecd2a89bdc0d3f023fbba7a29d0aac08faf6a987b50b8f155782d8b9fdbe394b0e60ed48a50442ad23bc463c477fbb7e1f932373b5cea1fcb509d188ca97b9fb

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Korean.lang

Filesize
53KB

MD5
8725a816be084750d5468d6fa979e3ce

SHA1
445ee0bc8221156cf540e4c0ff9638ec83040468

SHA256
cbd27665ea2f58654672571344f9724cfcf73aedf93b6ff17ae043e08b3d0c33

SHA512
1dfbdf95ab4608682a2013576749480ba58225cca0a1dd30900dc8cccb3a25bd03e4a14dfc2fd8c2f7d7940d5615c668c40f41abd52617ab21eba4e88632aa0f

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Lithuanian.lang

Filesize
78KB

MD5
2e628d84ddaf1bdc648218554788476d

SHA1
9a757d754bdce35cc7822d68e1ae76c89bf67c4a

SHA256
e582fe3170a00a33fddbee7f9ca41e5f6a725d2b6169cf59b4b75ef1e6124ca6

SHA512
6865b6d68c82bcaa524f099589e8fd756a94e309008727ac9759d727602d9e73e671e99e7ca8783a51c15b29371c155a3a63576c17890c974463f0927f2cdc89

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Norwegian.lang

Filesize
77KB

MD5
0ab7053507fba56b2a80492aa1e91bd0

SHA1
e6e98b16e939fc2fbe5b9ce449250338a8a27983

SHA256
e52ca969e2ec39bc2afb0d5b2603d48837a29bbe16aa14a85ce3639ab731492d

SHA512
8a01ee6cc9bf073345259de281e17bffd1e6bc6e9c8b7ddc98e4aec9b194b22fe1058b9ec1600bf470f87101a7e39c5aaf328ee3313ba7a6aa6f951ed11b69f5

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Polish.lang

Filesize
84KB

MD5
2e75997b70362a0840414a5380111229

SHA1
70c6fa56607e95bd4befc75d55afffdefd373197

SHA256
c908270fb5284e478747f7b32af30c242e4909a45ce1dd7b774b4a173732e277

SHA512
ec8585d8fd78f39cb1a8185d59ea144feda6097873e83200acff1370b6e8de6e7865d016efd9a42f2bf134fe5dce06ffa3ad6cd970ed4065fe3d852d2447027f

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Portuguese.lang

Filesize
78KB

MD5
1f290d6c16f9d59a2bf7ef59f69f92a0

SHA1
1ecb8b13b94f57d7497d4128633b25de804ac885

SHA256
ffd34cff6d0d44abad56a60ce8796b810880fae6df584df8e0aadf739b1da1b3

SHA512
bc6f7ac2e256bd5e68cac30dddd4140949b1ca09ca75b0584ee14cccbbb3e975a40aa8b3b54f4146f04a721d510e82cf58b79455cd7417a8563c1f1d4a8956ab

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Romanian.lang

Filesize
80KB

MD5
3739a91f13db39de07600cb2696dd491

SHA1
3eea331726ae9a154d097eb65677371ca428ffac

SHA256
50fadcbaaf9a902c64fac2e810c0e609ee5fbf1425799dbbcc64c7ff595c15ad

SHA512
f116d59c713465c61ebc909a9309ff6f4c17f1814b042c6938076eafc11b10f627d2c106d84038e1abb6f7fcd2ec7316efef0b32e59e943abe30918ac897d805

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Russian.lang

Filesize
83KB

MD5
559683e9c44da3a69f869f590a376e41

SHA1
7d4badcf8b6222f8ceca8a44b25ba2fca30e2d26

SHA256
b6776360e9ec0f24626078f750ddd63460276306c06fd591c5ff2f8803f6496b

SHA512
1075af06f41b1c7b782539723da8e3745a02b369f4add42c29d27a2fbc8acba5d8689a648fe1fbb2c8ba553407340ac3309026905a58233896fea389c316153a

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Serbian.lang

Filesize
77KB

MD5
4faf9d8562cdc3dc21f61a117bbcad3d

SHA1
ff3da27c44e79aa1293baf98613cee74f4815ba4

SHA256
4fe178e688f7a6c3d951da4360a68847ee0535b84fca463af1457382c2d74062

SHA512
a9529809c4da26d940070242d6a822067ec3eb39e8bcde129c5df6790ef3eb64014f0806c631f4eb33655fea2499cadeed21bcfb9cfbad3a2f9461e2bbf59536

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Simplified Chinese.lang

Filesize
48KB

MD5
51525c99780ffa3b500b942d9e6d9395

SHA1
133d375d3b4a86abcc7211ac7ec6af70d53085ee

SHA256
b169e0dc14d19e6775218edd484fe94ac2a65063d8aab1380a90d02787411f0e

SHA512
60c4fcdab1c311c73d502ea9c3c34397195e66edb89c3464a34f74fb2b009322d53743ed00548abaa3cefa321c2d4e88f09c99669fe9bfcbc0697313e8399b6c

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Slovak.lang

Filesize
98KB

MD5
1b4a18e4ebc46d786e1651c8860fb5d1

SHA1
e2be88205908e3902e3155c948b96819b771bee4

SHA256
a335ba101ebf3c0a287fa7870ac47c7c8d4b59623056f972ea52e7e4005ac102

SHA512
7f42574fa66e5600858847bfae1d6aa73a682832b8d4755d05108f75476cf484e72fe25e5f23df5345372db5388cad83ba5033f188000f290c3377ba2ceea383

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Slovenian.lang

Filesize
93KB

MD5
f7cf70e8ee1cb4cdff5b1a8d3cc211f1

SHA1
dc3e4d30e1e6bedb065c4487a5df24d79ba48fc3

SHA256
9401d47d0c6edb50d519f4539491ec25dc11cbb08ac8a1fe6d185e187a83c775

SHA512
cdf80a3ef4649be5e01c15a49d7ee360de1e5d350ae5ee5e232fcc081cfabde2dce6a3db073ad9b83750e4797691fb6f8240f1a504976f5bb5cac98f9cc62cb5

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Spanish.lang

Filesize
104KB

MD5
5c07e4a88cf88c54ab51d33c830de631

SHA1
07de9cd98e3ea096e932ff80d5b4e7b09964ef2d

SHA256
deffdf89dfc808f367cade94860f26b81b70e29e31df9f71a8c2f932584cd900

SHA512
67c970d435f8cb53b27ec35deefa505d058673708eeeecf10d5175071247769218f5ec05080124e3091bfb691d9abe2fa18506dd1e543698e977bc8c03eb34b2

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Swedish.lang

Filesize
78KB

MD5
ea33636d0f3950eda1e0ccb60b70fd8f

SHA1
188530f8eaeb44293f30e3714d899ba5ec072c79

SHA256
e9bb29bb40fd435d72cd2fd5a8892b37cbea9f636979e46033a4dede07f33432

SHA512
0ccdc6ddfe5fa78c5c411233703b8b874ba2ad3282c3817f3e3ab68059b13be989c3f39030eb048942fca53c4abbd3a6ae5b047c0a21914e923764378f4ca312

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Thai.lang

Filesize
81KB

MD5
c99d0e28b39cd09ba366fa8b2d2e8dae

SHA1
c54b0c988d3fa53af152994f47f3dc9ea1a58ade

SHA256
f33e449a66d9cdbfb40a2a1c36ae016deaa8578a3b5f796ef03d45397a005f3b

SHA512
06fcb64ef5ecb48b668a6e0e0399ce01d6de89e0e4565256ffd4bcc7ac2b247a5295ae033fa04c2cc8ee78fb30da1ad5a53055fd35c4eb97a56ac16dfdd27067

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Traditional Chinese.lang

Filesize
47KB

MD5
ffdb75f3bd0712c3a19bbbddbaf97a59

SHA1
bca8afcfa3c340e38a9b011df8dadd40a45e7f9b

SHA256
841ee143c9c4080beea53db87452ff72119457a806364fb78997a2f515d30aac

SHA512
2199783c8c56794d082a61d06dc5b82c876a4cc2e67b6b120dbe71bcdff9967210418a2096295965c474d0234a3b6b83ea6aee04b0674fe26e671c94e425849e

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Turkish.lang

Filesize
89KB

MD5
62c941cfd898c12dc08cbee61ebd0a8a

SHA1
b410e6f5524071d288cfec625146164e080ec38f

SHA256
99b47946b466d65332111cf65652cc3c97d7a81be91c7fa7ba505f2c39a88c85

SHA512
59448d5886c02c1878a2ab6a7c5f828ca43123dc870861d00b7d4853178a840044a5c7e1dcb78631d7714d40c2fdecc9641ed9fbb6d16cdc1b917a21c2c84f1c

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Ukrainian.lang

Filesize
78KB

MD5
315d1dadfdb1b4e36425b9d404803a34

SHA1
157bcf6d800777120dfb6420040f576380f6ea4e

SHA256
d8f154dd8a1d68e08b6ca42d17e8906862a0155e7c020ae06848684210401da4

SHA512
c4b7a57385978fbadcf53e6c1cf66bbaff1be6fbb2667b7b06fb5924f5c5da01c43ff62d28f4c2287580fd008e04871c9afc4095c43c772efd288a306c5dd895

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\language\Vietnamese.lang

Filesize
78KB

MD5
16a9821679a2d88891a385fbb0d9b42e

SHA1
bcb6ca8effd5af715bd4964d92b283ebd368d989

SHA256
a1b6e2be1aa32a2bbfcab84c2e9aaf5c0288ce8f74721b00b41f2658006d82de

SHA512
04f7ab6148d482d1722aeb36f3888b55ae4b09086f56a116aa77f9e56b9e4e44b17a8d54f4f6889ad9e41db939d6c97d20364900e40781efe587766a038d8623

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\Background-300.png

Filesize
29KB

MD5
77767641110eb0eb62cd38ac3494fd24

SHA1
2d6c0cedf6b9a96292695ebd3e829e6f47dbfc45

SHA256
8717fdc9d5f8a4c200d38dac5178b31e1157d7a1f4f389c839dae74198d35e10

SHA512
0e0bf2ecf9c765ae0265706f19218ede958c65cab79743fcc2785bccef824200f06ce0543a8b1a765681ee9846a5c911548f8e1f5f25310aaa1122d22601b3ae

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\diskGood-100.png

Filesize
1KB

MD5
c0e81a6dd776dcedbe2107bcad87bdcd

SHA1
1d1bbc27de9329d287179b36cdcaad1083359ea3

SHA256
41e8e14948103b7ba676fceaccef1f6b4fb08b70ea6f207f4d6fb6aef3f1e71f

SHA512
38b57f9cee97ac10b61a2fe9222c0085b0e6ffe18ac6457963a5a5e21ff5b602350204675f1ff9606c384d5b8484e4588ad9bac9208aeaf0008215c6fae678b6

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\diskStatusGood-100.png

Filesize
918B

MD5
ad2e97a4c59814858876abad24002ffd

SHA1
7636bf632981a0d6ccbf3adcdc78d2715f9f359e

SHA256
e290f8d7031f82007b91cf3082825540f0a6585065dd0ae8f467fefe4d81e4fc

SHA512
09a1485cb7c4580e5094c4d6f08c5b10c567b6ffa6a6b7f7b80d8fcc5ee0ba88091432530f1b01ee09b0cd15a6e387e5557d843d91b0273bd0a6bb1a550f2efc

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\diskStatusUnknown-100.png

Filesize
721B

MD5
c1ce67fb776dac5793910f863c5ea96f

SHA1
cd007917fc199a30001a8d0caf1ac1b0d3461df7

SHA256
5ec1b8f09bc590ee7b93c88eba131579b5acd921db4efd44a1003e160f9c055b

SHA512
1556ebe02ef6f63ce2b0377547eb3e919298fda10375da4d2dfd3b5c772b79c1f7c71d322373c366e534680c07de9affc22844f8ad7bfccc6e0b3c3a09694478

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\nextDisk-100.png

Filesize
1KB

MD5
dc3be62f884c9b96af9a3d5b2a937cb6

SHA1
7a06d204ea1bb9130845305face66d7f74efa2e5

SHA256
cb9099db8ccb5d69db902858ebdd0657667fdc4c2ac1b8211b0d2503be18639a

SHA512
2b8163d191793ddda76ce36c08d87b343dd528ca042cfb795a816b96c8d7be90d584a34e4734d217a24ed54db1ce11332108540bd34baa64778f785c0bcd4a19

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\noDisk-100.png

Filesize
137B

MD5
aca9c4d69b8c4779167452f77f415a9a

SHA1
d40806f8ef1a7cb989dfbe9cfb4b3be717a47292

SHA256
0229291a30857f8ce7499e7f9a6ac30be452419bd5327b98468deba097ae76ee

SHA512
91652e2bdb710a11c25e78a8192c0da52538690e2743ba2f228e29279e0175d02e30ee01e4213b866552c4cf4e8c18ce687da13bd64d4ee554054f2efbc2df8a

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\preDisk-100.png

Filesize
1KB

MD5
b49a97118724c54530d4c4eaefd729c8

SHA1
102187b9534a2c6359d37b68f9509e0fd227b473

SHA256
4358ec9b50bf01820f6037299941916c196616fa08d8150b57607957cecda485

SHA512
5a5ab0d9cec7aa61b99cb1b3742df2acdadff43cb12dcdc48cfea95eb9479ae4c5673870f2b85560ed3285961837fe0c4eed3e31f1ada33fdcdcd23336dc236c

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\temperatureUnknown-100.png

Filesize
1KB

MD5
88b4976e1a7618d1bad04673d382fb62

SHA1
37717ab939bda51d66b14eaa46f0cde97226f6c1

SHA256
3b5c53c752b6155cfc66917b2cd8dabdb43cce1f98d623dd39342655e60d076c

SHA512
f159ec4b2518b5022a66ba896c38d92c69f7a23fb847dbbdca3026e1f22dc5ddee04432c20a30f684b7de5ea4f4bc8233c8bb1d5e47b5ae7cad107dafa471a17

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Default\theme.ini

Filesize
263B

MD5
13ad481754e04748b701e99dba1590d6

SHA1
e3acda213a1e905177a700f2c051b3f646da9237

SHA256
b9f6949d00fe5da3508e363b970435bc8d4c34761dca6e84b651459ad9cabfb9

SHA512
b734653b9ce95f9752f749c2cf686c4e82459cb3b8b47a8f46aadcf87042dc70f5c3ded20a884be04033aec39fd00f9c1fa27039f64335b3e19d89f2198b371a

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-B9CS2.tmp

Filesize
1KB

MD5
cd53ebbeedfcdbe04ac94f0323440d83

SHA1
2249087471df17ab704b9e24c620a7d7f9e406d9

SHA256
16e367b75d0cb12efeb05cf23e696c06941e319509302bd99942b06d8daa4cb6

SHA512
07bbf2cfff944579a68dc337ecf7ededebd408ba7849f58e4de6215656f94f04d6af3b197c00b147092cb018dfaf196b1fbdd384360319fb1367fc55c77e2ee6

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-J8SPA.tmp

Filesize
923B

MD5
dce02b9a45fba2a70042c8c1e03d9b94

SHA1
978e46984c3122ca2ecc5392b6b6f877dbe178b3

SHA256
0b0106761cac0e726c84c5883c989fae0e33c9ec90f3951e9a16e0e6128c183f

SHA512
476d6d814e6d5402d33748469d4cc86acb41aa79b9e4ce851c1531fb6706b9adcf1386b44cb293c8abb0b11768fb004ba89814a0caaab4579538d35edfa3060f

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-M4G17.tmp

Filesize
1KB

MD5
8d1ad40d84930c904a3c46a2e876110e

SHA1
b49b07507ded62c5be9db303de3c0ac129eeb89c

SHA256
d7ad392146e0be9b808bf4568cf9e10d8f6c20c2055aee1f26763118fd6d422a

SHA512
d8f63bacd180132d4d63a9ef40fea46c0b2a712ccfca9b05814ebecd300e31e2f55a72dec9a7fe18c150866a0abf0eb88aceed5ff6c856895dfc2ed0cd052137

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-R3K2G.tmp

Filesize
1KB

MD5
e8799e2989a9ec24ea55195adf9d2e89

SHA1
3ba12b043c5d27b56b9691271d53d037dbe0f410

SHA256
3ff066b7b8d75fa423837c5880f45727b86e1f2366852c399d672c3dcf6a80ae

SHA512
05b854ac0c5faef1f255e2d24c1923c40019f1eef8d4a77215469ecba004720e6f781f84a872e790a9163799be6cd7cec088e04200e15aed5b7ada174b2436b7

Download Submit
C:\Program Files\CrystalDiskInfo\CdiResource\themes\Simplicity\is-UOTH5.tmp

Filesize
1KB

MD5
f8b559a259cfe0f8eb39d1596f371767

SHA1
fdb89b6a1f08f7d8e83fd862403da71e110f737f

SHA256
c964d3efbe51d9c9ceb113d6eee196e1fd19938cadd733011c24b91d093f16de

SHA512
d8ab05bfac764187049cc0ca3c7a5e7112e5bd685b083d01fee6ea1939b8ff53c1a316e549f3a4c2a1e011fea101155fe36109c875593884972dbb0fbbef171a

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
56B

MD5
639b21ec594fd6ec5802c828dd4ff54a

SHA1
74ce0add6ab4393ec10564121e3e11927f845cf6

SHA256
14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

SHA512
89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
56B

MD5
639b21ec594fd6ec5802c828dd4ff54a

SHA1
74ce0add6ab4393ec10564121e3e11927f845cf6

SHA256
14d1c79e51df74708de3a6868d6fdd3dd30a33867051a7c60f0746ffc977003a

SHA512
89e36f93a2afec70873e4a6735db00cfbf01715888bab35cc7feab68e5a353495b2269f47b6cb2f4ecfd2faedc66367c1bbb157757a6dea0f91f93c0b99522d1

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
185B

MD5
17352b2f682bad0c5439890d8061690b

SHA1
2d511cf2935fa6577512bd47d1e3162db106eaa7

SHA256
e3cdd454570afb0046bfe53476b2d6c0969640ba39d6c7183cf38dfb6db59d20

SHA512
71ba280e64705a909913dca34ad4b1ce7a492b9b6615551360db344b0e4b51c7b9783eb4d4dfb347eb216b52fe7f58b0617e2b37b1bd3c7bfcec130fa4e40b18

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
443B

MD5
1e0a78bf7bd6749476c79b8e3e20b592

SHA1
79cecf5444f76706eef325ccae84c98c84df58ff

SHA256
a16785218725fd0f41fcb8baab7c2374688eab2cd42e593973b6f5abbd79d8cc

SHA512
d0f29111756d8e98d7e947dd2d602ec6e46d6e038cd9e366cf34419462434e8bcbf0797145e0c495d223147a2e0d48db8d1f4b641ade61e437ac92bd66d5ff9c

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
443B

MD5
1e0a78bf7bd6749476c79b8e3e20b592

SHA1
79cecf5444f76706eef325ccae84c98c84df58ff

SHA256
a16785218725fd0f41fcb8baab7c2374688eab2cd42e593973b6f5abbd79d8cc

SHA512
d0f29111756d8e98d7e947dd2d602ec6e46d6e038cd9e366cf34419462434e8bcbf0797145e0c495d223147a2e0d48db8d1f4b641ade61e437ac92bd66d5ff9c

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
461B

MD5
23a389c0c6e087f1fc9879bfa91e0e78

SHA1
060f6ee6dfb657eb0533791b07b905fade4e4e5b

SHA256
12cc9df29c6f75624956bafef7d8564ec4f7dcf7e5996597053af283e45a9d21

SHA512
e52c674d6cece410fd8d350b6323559a41bd9aad816a1e69d171fbbda20940002b8a378e0efb900ee2d628b20186211a201fe3b2ecad8a8553147d06dfcc27b1

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo.ini

Filesize
572B

MD5
05fe48ff6b5c697843899cd3913ebb45

SHA1
8713a4788347671c997c5f7dadf796a71ec5f023

SHA256
14d1fe62ff15d792e47e37934b83f1647c28365469390c74fda2cc0cced30e80

SHA512
f7f0a46e7ba3e830f79538017f8bb8d1b3d72fd475caabfc83ed573bd96191b968c5fbf130e67200abdc26880939def22e2307a2e3fd52e612f74872f2700f6d

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo64.exe

Filesize
2.7MB

MD5
a9214b0b4df0723adde02f9d5d843a2e

SHA1
23c133af9c1b29a39b7007d8e43bb2b34783c9b2

SHA256
e9bc648da48ed6d7cf32cb85d801117a7fc672ec08cc2433b275319c7f11291f

SHA512
92aee5bc4a0df83e0380e209e3a6916822021ca962ef71d78114a1824882f9bb19d1a504f2b52e5b003d6b5a5efe3639b3e1a76e242ca56f1c2d5ba17d4bbf3e

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo64.exe

Filesize
2.7MB

MD5
a9214b0b4df0723adde02f9d5d843a2e

SHA1
23c133af9c1b29a39b7007d8e43bb2b34783c9b2

SHA256
e9bc648da48ed6d7cf32cb85d801117a7fc672ec08cc2433b275319c7f11291f

SHA512
92aee5bc4a0df83e0380e209e3a6916822021ca962ef71d78114a1824882f9bb19d1a504f2b52e5b003d6b5a5efe3639b3e1a76e242ca56f1c2d5ba17d4bbf3e

Download Submit
C:\Program Files\CrystalDiskInfo\DiskInfo64.exe

Filesize
2.7MB

MD5
a9214b0b4df0723adde02f9d5d843a2e

SHA1
23c133af9c1b29a39b7007d8e43bb2b34783c9b2

SHA256
e9bc648da48ed6d7cf32cb85d801117a7fc672ec08cc2433b275319c7f11291f

SHA512
92aee5bc4a0df83e0380e209e3a6916822021ca962ef71d78114a1824882f9bb19d1a504f2b52e5b003d6b5a5efe3639b3e1a76e242ca56f1c2d5ba17d4bbf3e

Download Submit
C:\Program Files\CrystalDiskInfo\Smart\DADY HARDDISKQM00013\09.csv

Filesize
25B

MD5
a9bf02a40b53d547bc87eb32570a7134

SHA1
be6225b64267f8fd46f23c9ff43dfb89415b2d28

SHA256
1e4d71f53f160b0c80071b1bad8f8afc00671d39f81b53c39ae486d434a6acfa

SHA512
b7d72fea900840ca15b1a468f82f798a19090df1a6cef4cc5fcafbc2c8452de283951e457e077ae6ef417ed85c211ed79e9d8893cbb35c006c9e4041a5d51635

Download Submit
C:\Program Files\CrystalDiskInfo\Smart\DADY HARDDISKQM00013\Smart.ini

Filesize
536B

MD5
1d60a09ab36b43506cf68f54fc4db714

SHA1
b043ac10f7c02607e75a50b2ee2b0eb310a3cc13

SHA256
13a9494bca152f0105d9fb3f8111b9125e913bddce2d7bd8ec1f6d3c3e01e932

SHA512
58e657e7e0e98b74d0cdfd1f17080eb5a4cad40ffa1c1ee832882fc0123d73708a745f03bce18e5cdb2390624b60fcc63b93d977fd0d98239eb0d9b7142dbbb5

Download Submit
C:\Program Files\JAM Software\HeavyLoad\HeavyLoad.exe

Filesize
27.4MB

MD5
74eb66d2ff83555188d9b364f99218c8

SHA1
5cbd67f0da9a49f4d854924b544853b651858aef

SHA256
ede5305752793334638e7862ba3472d1c3254aef1ce611b4952987140edbf74b

SHA512
48b3037f83a9680530d24695d38b04502e4223f23f40082ef5e03f62cbda2875893412c1249a58ac74a70edfacfbf494ecf89c186d888558dc8cc0f68a030bb2

Download Submit
C:\Program Files\JAM Software\HeavyLoad\unins000.exe

Filesize
3.0MB

MD5
33f2ffb717d045ab524cc62c11df89cc

SHA1
94685f0861b98e02b76a9208ab991caaa6f364ff

SHA256
d415e061910923c859a9c1838360abf8cc31b9498a9760720ba66378a0deab27

SHA512
9fa52d99f755e6e73f170e2e7ef5e91646912369b7280364ccf717dc3113447f1f3bcb6db0feb008899e82f21ea1fa2b21cfc4f9a5b72eb4693168bafa914ee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
309KB

MD5
9e760eecb1845d48457374c7ba06334f

SHA1
fbd09df59cb8d24ff47033ad6cbd908673d9eb58

SHA256
dd411430540eca2d3ec97a1e26fccfb8cb3b6e441c5341ad2d62afa0a59ac1b3

SHA512
f91390be3e799c4f3728277055c698442d8cd480488c965055bf88775e56a8665f4e67d45649b2eac3b2c387b62bd4940547a77276a5cddcf24b52fc647bae46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
120KB

MD5
b5c78b4f8693b8a9fc3ce69891bea59c

SHA1
708b03a9b971cd0fa991d5d0ba249647155c8ec3

SHA256
0b8010a0ca16d8e50ef4cdc9350c7f1aafb6412b12378f0ce83d287400d5461c

SHA512
6e56b8802f7f6f8e6ef2f02114b933c6bd36ccc25c5b1c7d45933fd63438f502c6102d2804f6b82c8ed21837548154c81d2013c08a48bed915d2d80cf7ec51a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
74KB

MD5
529426feb70844b5ac1321070005c649

SHA1
962854ebe7774368d8698c000246b62e40d5fe0c

SHA256
9045ecc3f55f0c65ede6d7ef1d928d7edf440dfc24f9b3090e3f8a53dc71aff0

SHA512
b7b47d7a8028b1d95b99704f44e0a4380e68b71c0406fb4082eee37589a2d753d1b1f3f440b5c255200edccb680a73f4245ccfaedd1e8f6b299ea2a8ac7a8704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
39KB

MD5
17b9bb9509fa8aa6e3ef890dc6cb9917

SHA1
81d4f55fe01ad0a40d0d798b102ca826e97c0de1

SHA256
b1e8315c3e639293576ca2ff44b6374643ec3d70faad0b74972bd3d0183d1efe

SHA512
0a22b4d514642116d483d522bf3a86ac3fa4ed7e9931a67e401cb98ced433316711416f49682ba3014dc0249356a65122e09465d84331574c59e62c293b0344c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
18KB

MD5
692f2c028a3583c6bad99a7b7e74a88a

SHA1
40e8a007c12df378e4a8aa674868b4e925c32040

SHA256
6c4a316414033c92c0c24502027d89044f52f509208f5165aa3924172a7cdcf9

SHA512
f042b02bbd07684d19a17795d46ead19c1679bc0476b22f74c99d0501b6635010c244f384f77aba1e8bbefb7d8b0701dad5f9dc5c0441b9b3dd0f9feb15afe91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6a97dc14c56dfd1dc772403eb403272c

SHA1
7b7e2cd08063d0cd3fc872d1ee3c63c5cbd7a591

SHA256
cb6cb05626284f4abb17f3a1742fe8642b6efe630581138f526b088308189bd1

SHA512
4190f95cf370cd6517b71c8d174538d76c2a0ea39cc38a26c53d20634ba7911b8026bbe39975ace03c4ee42ec4b686cc41b4e3a3008b297ad893ff14c60fdccb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
dfb2a2effbb661341f618859a1668737

SHA1
d7d9893e77d3b88d6d698ff29357787a485ae80a

SHA256
a66493dcd18ab1e9f2f8c4ddb112a37f64e3cfb9688b00492d5b570e7bea5b67

SHA512
956df0e7cc186b8a8377750ab5cf90d476645d4f5a93796ddfaa021544c73e2fb8b1bd9b81b3961f23df6887b4b19273871fc0b9fe02fe1f5d928b1e73d5606f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ecc2eb68a516ec6901b444d245a6b8fa

SHA1
b3ad543aa55c059fcb75b77501d363dd0d5e77c6

SHA256
0f9d939d7587a3d868e4d0a3ce2ecb72c107272f95566a94f098c28cc024c2e2

SHA512
917b006e138a6525770f5c39a9b6803a2a76a1c960815bd824de130ac09228700ea3673700ff33e0e6e6130b7d6a4a09daa4a422213514de3e65433b80f90754

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b330680ad0c6b13194ac90e35944c39c

SHA1
a717c1b777679837319a1853f065f528279ef553

SHA256
e1a3111217f561b3740f934b60f10dad979bcf910dacf7c6d6ea370dd734aeae

SHA512
d8b0cd86bf40655f01b5a9419240dc4179902e9c995d3a9b0f76c023160f339930567179c4ffd2d00ff28c2f62756899bfda6af7c8e79d04e8d3480ed90fcccf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fbcc049f41e50fa26dd984db3ba730dc

SHA1
7e20964e4c6c4cb3d9a761ca6addc9207bcf565a

SHA256
f2fceb9e76a2ca3d92e2a955aa05c4f6997e7ba19df8dbfb93aaef075415d98c

SHA512
50fcc6728dc1ddd1dbee9045f110e5c585537bb8c787fdad64ef5f433e24da4e91a40fa96bde0a87146f3e7f844a0216af18b9bc62b5e238ae8d6a61714e5f4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
5f5ceae8b40899bb1cc80d65fc8b7221

SHA1
95c0ff2c68d92a06d002115a8fd6b046cac90269

SHA256
13874c3e713c28370f6ef3b37d26ac1f06dfbda6ad79728bd7dafe13eea96245

SHA512
e44c870f07d7ebaf93a4f709c67e513772e633ac9419598582839a5005153e64e82e4961ac7aec1cab0cfda755f5f9ca15afb68d74b763ce4cccebfe1559c15f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c3c4b7528e8404e8cd9ea9db221ff77d

SHA1
13bdfd0e1cd11a28b88df64a940684f08ab93c55

SHA256
90271f0962d2c2923efba5db2c7f4aaa5b25f6e7fecb4ee692cb65a2a53f37ef

SHA512
291ddf5250ab0a24266e4ebb01d698313aafacfcecc3a4e2bcc413cd794c295ae7659b02b692532ac2e036b7890a040e13f46002d61631ba4703cfac4aa5727a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
5cc79963d09b06e707f2bd5435020b9a

SHA1
284699485421a353f83da66059edac649b09f658

SHA256
12ce7a3f36a83bbab9eebfa304e6313f69a337e61950bc2f7233cf4375127ae8

SHA512
1a90c7b3a1e5927bee300b1fd46b7269213f45bcb30179394b3c76a524b26f15938cc79db413bfed27bd7e97eb949edd4c5cc0ea50542a3f3ecd91a6f97f68dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e4229b1303def24cb79d33cddb82994a

SHA1
608452e62ade440c37f107a87923061fc4755907

SHA256
29b3a592be66c78f7c0b93a4860a0ec23c299e16286b54613bdd05ddb860e702

SHA512
2fbf3c852ccec740ba3a4259e1bccdb9cd73230121bd760f9724d7d9e7a8789f253e23cb337004dfe5e533c8d5173120eb272e9ab769854287640cbbb26a2123

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e3d76ca4215a4f6802135eb838379957

SHA1
e7ea00531c31cb85f559b31dfc4044ec8b01cd21

SHA256
e642dd6b646091da7adfbcb69bfb48f02a662919ad381709d44a1d4da2d8fb2b

SHA512
9b4a3e91db95604f5e13d32851f38c1dcac8eaa631847c708879c69a9ab5207fe77fc271cdfcb4a176691d8510e8e9623e33c6767abe6e35ab37b6b4dbbad320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f66d60c940964d8f8c832236cf748c54

SHA1
3de5abbab9d040766c99366b93cfeedc6d4e30a3

SHA256
05bf3165ed5b2c42d07e1fb3f502fc384ef4fc87a0da1567bb6d6908b0ab43cd

SHA512
7c12ac22781e6814ecdbfbefbf2feec48a42994a738b407c3b7c701b98c4ef5a17b2d02ce7f5eb8f417c424eab5267f3fe5ce4419439d66eb60018b35c2dc62a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
7246f1abb52fc5ac0e15965e901779a7

SHA1
933a3553768e2b1a00f7ecc8a07bfc2da8f22a9f

SHA256
5e8d60f8d7b48c401272f53e32712ca1385793be9f419f13b5d544df7fa1fac0

SHA512
ef973961882ff9dd5e9d88c917b2fb3f43277c6eeb2a6d401d2ef54f5e6bf02c125bd3f3eadf88f20014f63d285f4af6055135baf2a3d7e86223eab733a7cb92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
528f3e527f0e5efc0c0bd6e8c91859f7

SHA1
207fdf8ebd30657666cee5fe8e3bfe20c3234592

SHA256
a5c69848664454b8a6c1930c7f59c6230445d5ee5fbd48989e8c9b7fd553f3ac

SHA512
8176a02fa15a2e7d02799e28d1d25a2f76ee09c1aafd31b608b682b0adb4e72e9d24538340df34f2dc881e12ea2716f7c896d4cba7b75f9567bb83bfb010f289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
6fcc95de444d2c5dcb73d037b05b4976

SHA1
3808beae4e5374ef8947a1fa9c6234345ffd1ed5

SHA256
fae02c5f536280613caec4abe71eddb742ebdb0271b5f8ba70770e6d4e286b3b

SHA512
7e93a50a1d99da50a8da375c934cd7c9de60dd899d29e045f4f3eec95ab86d5a7bae2a6392e9646fb39055ae69297895743babaa0a327192b97642e68b0e62b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
b5fbe0f78f9d51dda0a3f9061b9b1c10

SHA1
4b29d350aa4b8755078fe8a809886989924d918b

SHA256
8bbbf339df7ad6ffbd2b838f94fc9bff2b4ea592b8049973858a3fc88177cf9e

SHA512
f8e14ac33f99bde7481e0fe71407e4661725205a87cae409740bfcc94a45aec94f0439e153f40b7e2f9a033a92a49154b3e726fa6f288dd79bb0bbcf87ade172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\dffe7ddd-4509-4400-89db-d9e88d917920.tmp

Filesize
1KB

MD5
1d87960b0c6a0c2b44a222f1b0445714

SHA1
a9979ae9d5e88465fb2a01fc3e23dd8024a188eb

SHA256
5c951ca6edd2dd789a599f0401e4b3158b7e37ecfa8d69406d702aa939b42e3b

SHA512
7670acb9e18f02b50484bd1e22cfbbf41e030d1062fcb2f4111cc4d96e55d738557f7f18d142379647ff409da11736aaa6436c7a4c7529315581ff0786d843c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
ffaf5e814518a01720fb75ebcc239c51

SHA1
138d9415be20f39e4c28aabca1782d4afc1b2e89

SHA256
82275b111386ec5458406cbee1d5305a83e5eb518163151665c11ba050e734d5

SHA512
f1acbb372c23770c17697f3824f297d73aeb48cdaafbcc43cd0fd4dd5e7a1355029f52dbeb9448e2546b5f48fcef0f8a72810b9a91612ee81ead5e265573b0b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b3101e2cc041fde73389d7dd068bcfdc

SHA1
66ae4953dadb8a9eed061634372fa816e4e77188

SHA256
d38338a49b9dbbf8c28178a70f5bffc7241cf4ee8d669ac0b1f15a7ea47dc1f5

SHA512
62dffe76e0d52f518a88992067ac448250220ce954974d18a084a6b84c3386c46f439ad2da73d62a8f13c80ed06f8db6f0af661c2b3e0834010475a690569d59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
499bd68dc79a2da14dcf2f31444ba151

SHA1
5c753c05409e9a4b6abe6f5a4f5bc2eca77bf338

SHA256
2d09d4167561412f246caaad3540bc9735d7c214552f028abc8881d1654e215e

SHA512
e33424d445deb3615d5163e3692dfc9000d7fc9b8914853bc75935cbe6266d5520f1ae6ead09c5c457167612fb04759a35dd2ecf00f6baaddfb14b7ed7899fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8ce18bf5040ecd1dccf453f58cf581b5

SHA1
f2d6becae9db361d6412d58a8011ca337bb2974d

SHA256
89644a6f231da33da3101c68f8ffcc526d6841f8238d33ed62d1555f3ac16e50

SHA512
8781656efcf53de00e6ad9c3f527c51dd23f498217829539a39fbb77d2ab2fed60527ae178e72072c7627327cb4a72d91130e22f0d475ff3a92ba6c636c20107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
a92d6eca9dc5e23135def20e44a92af6

SHA1
6ac5918ea90a428b1cec7fa674ab65c711e2e097

SHA256
ac9f36d5f2a86ff0ddc4d51346e711bd854620b2cc17ab188337aed9efc07816

SHA512
0b85d5a45b5b07c65b253179daf744c3d544d4b9f5b8c9402eb370be8ff643e0735ef417a2a1bb6d53ff710ec0366e05af73275893233cea4586f3455e8aec2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
4b3632f155e538256dfdd1753cf4aa3f

SHA1
570b3f84fe4c3fef72321a8b529de002475aad30

SHA256
c0181abb21afac67f54db62e09cf509ecc70ac169938d1d009db5b18bcd4e940

SHA512
04b20ad90dd23aa2a6c7e1e3241f5737daf12ca37cc449f5c69e7455079b2c5124d8bff7fd4d9217ebe5f9a7abb03bbc1ecbcea8806aaf94d38030a4ebf3eadb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
08d660757c5f68ea7aaac3251edd6c65

SHA1
534c7f6329286e37d56f51e47d188a57bb4571e0

SHA256
a1e2710dbb3761bbe476ce2f6e3efb8a383f0d44e764260d43bfa4fb1d883640

SHA512
99af9a16a1a60279542d12b93eabd5008beceab8311e33ace1f88ff42f4b3496fa2b679335e5ec57fefe74f50945408efa01df680f2b142864a6abf50f2588b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
1cff3a0efc00e31243a05d3c11436f9a

SHA1
72cb55e5bce54eb4ca865f54c0cfd58df3c81b2c

SHA256
4e790ad0761610f6397093856f177bbb331d4f9224b507b169ae10672a21e8c9

SHA512
d4f3bf2dc51fcb9a1f734b4faa663440e0ebc46702f93d503bc57b8b2cfa804f9fc7a6bc9e12aec4c58d85301ef4eac3cdf9a4b164d7c13d4b9b4e1468cadbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
5e9760df217352b4a01227baca9cf945

SHA1
19530b2028bac3da69accb1fd183bd4784f150d1

SHA256
25be7b6c26f245a232c15256d80226436dd83e917ad4cdeb9ba10cf9f6833e39

SHA512
1b69ae038b1e0f57dd662924eead6a7a2d8d04b17e79d67f7692fc85febcedd1da4bb174c0fead3bb2c7f5aae78ac3649b96010e7f49c5f102c18eeb4434610b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e9aa0f331a0d55627f4881c8fc27ec72

SHA1
782c68e15c49f250a793281338a58756e82d5c37

SHA256
79ec97d3edc80d0fa596a5d7c7cd026d9795bc9eb65a5d58a0cc5b728683a762

SHA512
dadf152bce4c9d0afd5d1b0eacebd52a746e09f8ca26e2087c2db329f315b9b2459c9733fff06a4f1271e8691eb3c0b2fe95fbbb07ca4cf3ad2809e96331eaf0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
70d9a1cdc01dcf6f4a0c20b4c67f28c7

SHA1
5c873a8875867362e5de5c1d409a75b3fe263e0f

SHA256
9d2ebf7a3f40a36c17d87105885b6bc2918eed773283b3f51dba193551145332

SHA512
3fc1cd65f142b0f4dcf16dca9369564e2edf8282f2d7dadf58b44c46a7e0cbc6010ecfd317743337c8193e936b2411fdc680d9ba3fcc4650cb7d544b6bfd77ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
8e49c27efa9a0082ac57fbd03630ed40

SHA1
77a040d107b6794d80797d01ef41dc0b5ac261db

SHA256
1beba7a2116f3f24e27cdc11f8beccffdaee86074d8dc24f9d6b482e853d190d

SHA512
b0ae955df08766afa71eba498609b652a6cbc6f6dd27cda5f26157e12f8495dbc1bc46e3460b227d3a8ae7e778df54484d1b908c715d4811b15071cb7761e12b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
07b12803a9354800c399ede3f64b5160

SHA1
5faa95ccb73a958b9cda73bf91582a935bfff4c3

SHA256
2d1570a92a31f872bf2604dc91a105d4ea07b7a4f24928f0fad076b0cc0ad953

SHA512
0e9866c07cfea795f951d992765956ad1be0d0d967adf934f2602c99412e51874f02b05a1e7ae153af6cbcfb8ad739fdec940abb5d2bfe03417c41c130f0bf33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
109KB

MD5
4d20d3154caebbac8ae747d16577a18c

SHA1
e6c67d7c181e54502fc606cd0657507d2afd24d3

SHA256
79af59c542103665cd6b4a08cc606ddda1e122671b2541df2eccde7e2ced0c0c

SHA512
de1fb95563fff354834c75d7ded8f232d1a9dcfdefb5a7984fcf8093c65d2bac2336496027a8bdf50ec753ba63fe57d9071fb7c2f812e801878321a951238eb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
114KB

MD5
c6bf8f72c0cb093736d2b1af4001e2ad

SHA1
7cf5f0fd506c2fdf3520a0f4e6d7ef986981a922

SHA256
50e19e41d10573d0452db1386d05049d4d4ebc30283ee8765a718cc808fa503d

SHA512
6aa8c0a42d2d5f037d3243df2ad95e217f2abce2cc203650fea82e77eca5a469b79cbe1ec699f5be9616cb0f34507dbf92df0df9107ed31974e8fa83d1d7b0ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
3678aa84cfeb8f8ae97a0f7bdedcd85d

SHA1
5b30be0d693bc3b9dbebd4cac45fbd873c5a73ad

SHA256
b8b078402823939bcd6ad4ccc5d1a119fe92a6dded6293dde6dc27d4349d0d63

SHA512
9228a45e7172f3feec542b3b65de021d450033e9f3cecc49f470d0b0cf1b7c9300c2f0a7636bbd031f60c6bd9b0bb04c70df5891dbd918f44d02877147710d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59a445.TMP

Filesize
97KB

MD5
7808fc59576fecbf4bfbe15ac9f2a438

SHA1
ae08b2572b2059dec93b15f80638673245f7ad65

SHA256
5660fa7c9397ca8623624628c94e61c0ef4db60cd2c1843d997e48551684e120

SHA512
f5ebf771848c4e818628f35e2fea1092a705ee52f6ff70e106c23b64613787d5595c1aaafc0dfccdcd0db5447da44c3413447e545cef6a814f873f521f773dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
9f8064e535834269d079a2df065db5f9

SHA1
b9c1f706d6ba8c0153a2867f002e8ea44650156a

SHA256
cf17827fd2500024dcefd82250a2f02a941889a0594b9d61613d0384bc769ea7

SHA512
b3fdc655cf4b9f47d99f22198740833e07f61a012732a76ac05729c4efd9524c4d216746ca7e32a0592d99bd28f345054bfb8033175bf2d42d8bee9d8fc5bde0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\10009

Filesize
8KB

MD5
a2cafc19fd7cf970f16ae379529b66c6

SHA1
1c8253f641016dbdd0dc75a0159dba665b5e9726

SHA256
3005cf891ca043b9c7a433083023383e286fd574bc34fef4d9ea714713552948

SHA512
7fc36c3eb4ed6bb2d8342224e77bb092d169fa08ccc19b6feb195e87b07777400341497c3249e1ac62c5f6e86d77410459a55b13d4141a14c6d005beeddf8a9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\10683

Filesize
10KB

MD5
fe834bc0728da404f58a05498e400b83

SHA1
485e4bc703bd43aed77d9287be361e6e04ea7868

SHA256
44a16a22ab88ae7553a7e9d8bc47ad92de443663140ae4b135345dae0721b25a

SHA512
067a9c4b9ed484a32e4d11ea7b39d74737a1bfdaf2fef4ed5a693f8973a0202a0212407da96b766a438075d08721daf8edb950a2a391a3a693d96416519c9cee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\12322

Filesize
9KB

MD5
0b1d246d97976d8543ce2bc9526c1c1e

SHA1
3f1ba652a23dea337ab7a461d92c976c8e134c16

SHA256
0db49794c10fc8497ec69e7a99782bb8d4e20d7e322ed973920294c965db51bb

SHA512
fd11975bfa9db00880c6256c4792550f193e28753a9131c3b1597d5800d6e5f333b6734d255c732c9569cc38335a6db67fd7077de20434acba30b805f0c1dca8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\16903

Filesize
10KB

MD5
07a0d699255c70f08919d52a5b3caa6d

SHA1
a553595b69d7221f950e12d68157a748c2c120c8

SHA256
e5d28c9d773fab043a49e899c6250a5a281222c5df0279a1fb6bd10fb0732500

SHA512
10464be6e58f08594e0fd98d744728911dc7be001520ac6f4b8ba13dc71f245d8914337f0a0232eaad0ba86c56331520047703878621277ec39fe6e93078dae5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\19459

Filesize
27KB

MD5
f76d601555162f2b55106c94facf221d

SHA1
4338af112cebd6799c37a137fd3497560ca61d9b

SHA256
435b7c89dd2afcabe39f99364b19e72c9715589d117251c3a51739f7a46bcc96

SHA512
2ec5e974182cb01d7b3f084fb68688cdbf7764130ba52a47f6719c225473a0a576fed6031b95fa146b7e192f61d92bc731c27763a991796e8082e81653c7bd67

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\22076

Filesize
8KB

MD5
18f5625957a34f4b2650445a2d9afc43

SHA1
981f5c16f5f982833f378ec06c2528490fdc3230

SHA256
cce2be7b04c059178376589797d8c0b651d127750ada679695686529b30b7110

SHA512
e10611d27720bcafb1a6c913313f573deba60daaf140b29a580bebc4a03feb264e22d4a7cd4a7dba28cad96196a661c94371d4c58b5c15ec17e56b07b6ac7e8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\25791

Filesize
8KB

MD5
436bc567b9091e6788478b909aa66659

SHA1
05e289aa56eccc8cd21b3c8b4595ad7c53c95584

SHA256
f6b4a2158bdd3ae59464623e23de13c3562a3b62d77150bfb1848aec420f2850

SHA512
66981a1532e9e71a4432afda1d50697ae1158e43ca12db2a6609beffa5a7ad3400ff108efcefb33b21134a2a2890f9256a3bde6a50f183d91c40c1cbf80eb939

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\26271

Filesize
8KB

MD5
d900e917cde4a821d4939053f02ec611

SHA1
3671e575981d4d37d87c2710618907e66983b9e3

SHA256
3ef78725fcf41905c29c21653657fc7e186aae95c453fca26ee43ff20363e206

SHA512
b15b69526bf5332fffb76c12391d8d9503db9f070c6f13f0368245dd886885e2f48961a073ef789c84a48ec4764a7d21efb2fb7371ce84524820e559ccc3a7b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\2707

Filesize
8KB

MD5
51e63221258dfca37aa8aad7c96c1522

SHA1
2ec83988ea6823f3e85df08ea883a48dd464e92d

SHA256
c69caa59798978ca767f4cb1bcb906824f8de74af7d2f2ab00520daa4c1da9bc

SHA512
c027dcf4ad6e19e575dbbf3491e808af17a46603946060f1a5b598f65e0b7875b0420525d5a2baea4ee8f03c6111e6d2f105b338bd45a20308da2ee74aacec70

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\27439

Filesize
15KB

MD5
8c310b5131ecfa9a034377737999bf9d

SHA1
54eea8e8ec5494a35e6fb90074c9bbf0f011c75d

SHA256
380ba5d53a61dcaa29d5c99d9a0e8b81b0fc4b8f334ac344b77688d6eff52ea8

SHA512
043373ed2d6b088df9a472f1e99eab2a4612013e6c6a675f677bfa41038d4e5fd5f6fc206e724d9e7de0ae27a95a29f9bca18253feaaaa3998495d4ccb1001ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\2785

Filesize
9KB

MD5
8f623f3662b37e216aff61343965556d

SHA1
b9b358a2361cc90182185c35373b0ba339fd4bf1

SHA256
a553fea8fd2c7204f1af6aa610d58ed12f6db312c355201d9f61bf7fc6eab73d

SHA512
67573a334e6fdd79884e1a4422209df865188f00dd60e45ad04d2c463eb15c009d00cc76326492b8ba2c203420f17b4a3e31235c6e5b1d0e8049637e72942f66

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\29715

Filesize
8KB

MD5
edde1661fe047af21796a2730432a7c7

SHA1
7fe26d76eb611bdb5a856fcc523430f661ca3294

SHA256
15209bf6b38bb64aea47977bd447b0e0aa3a83debaa41894d1c1b73fc0f286ff

SHA512
f37e57594419c86677a2e85414eff62b1eeb2b0d6bb7a3306e97fc88a460d528ff4fd2905690f27fe878abb8187a9cac75a8819076f276cfe51a33f11b1578af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\30567

Filesize
8KB

MD5
a0d726094f586e59e4267fab02cd2a1f

SHA1
424fa05d5eb2adc561f1e86faad4986e6bb694b3

SHA256
ea706bafa2db209b635367e560b8e1b150111fce4fd9fce43929dd0c95925143

SHA512
321afaf93c9db1d69ff01789dcb8b0132be1e57cdbc5d060924988a3e8e94b7a3a063ead523cae0d6f54e524300ebbee9654cea6e8293f96cc016b50f05c76bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\3233

Filesize
14KB

MD5
7969371e2958fb03c8f364a084a26b70

SHA1
df8dac4aed47611f1401f416e12b529c47eae7a5

SHA256
44e2f405c922ce0a45e23bf6db1991f8fb7c90fbfe2e68a7be4b56544790ec52

SHA512
386155673d44bf73a841ef3931dceb2ad23e1810c4ab5203df093ead7f90f31db0a10b28fce2f0ffa983333eaaa1615f5866eb2fa523ce859e7cf7872261b536

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\4379

Filesize
7KB

MD5
ce16a9db58c7b34e1da375253c1bc2aa

SHA1
970fde9e58af39605ac4f90eaf8967a4f922132d

SHA256
d593138479a5c4cbda189cfc82d908b5628ae515c62bd9de2a4282e6695cb8c7

SHA512
594fb7a242d00e62b0356f586a01a9c9e0e848582b367cd95a832fa1acbe74c98e5004cb8a0fa33b3d9fd4cd9c2588a096082196be5309abf8f3822ddb86f018

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\4937

Filesize
8KB

MD5
15aa36f189ff3c5eede8e8ae441d8950

SHA1
a09bc4900b3d9ae71321640cfcc538d233476e1f

SHA256
e185ca8a2d80b8f9395d5850b13c36b4751453ec1feedb981be5eb0c397f1863

SHA512
a2a8d2a706a6ac02f76b058bc2a7e6369690bf9a3520186c6e814fb1b63e0505264c9bd2d9ba590b9611dd8e4371d866aad716f14a1e18540ddf10d2397e3882

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\5286

Filesize
10KB

MD5
f2e05ad203b59eca6c2ccbcc4823ec10

SHA1
9cc0657311e67e5e6c6fe9ee020af47859a43dd6

SHA256
4dde4b7b05d5ebbcb3e16fba42a54e03d1c5edf01bf14bafe1d39e3f744a8757

SHA512
986ba0fe3d4865d07178e56371cb31a73c21d4267c9aa11204b7829b9e054a212f3b0f52355ad49788f2a7aba37351a07be3ee55416f9b20b4e5abf93a57c84f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\6433

Filesize
21KB

MD5
d57777c603a84a85a4d6664b8304f0f3

SHA1
02b9821dd5805b319dd31a26f3e15bd2b1baeb01

SHA256
aebe6bd3c3155628d3e0d27d1fc746ddd46b98299cf3f27618a8d46b4d7be54f

SHA512
de19fbab21497091bb751ad6cf6c867716b95b9a009b519891cffbc0cea9795def05a2947c16051011ce79524cabc9e045ccb94ec2d19f4755efc375716b6d7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\6577

Filesize
10KB

MD5
54fd6a451c1e0e3b65bdf86c2b7706b5

SHA1
a1649c8484b5810032478958cdf9ad185a6c71d3

SHA256
195e47f5c431a9faa17a022fe151820702b3850ed7f9ff3fcba49ee1a862a6fe

SHA512
2e9ae8a5c2260e0feeddcce180123c2f14a902544b055ff4fb1654a21249c25964d0e5865606e4a7a1a42d52597bf097e8a96a2886c8fd04c894d2956229d032

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\745

Filesize
9KB

MD5
b2ce426e244c3932689fdd7aaf98a5ae

SHA1
ef811af872280774065b8c9cd9fa43c635e2aebf

SHA256
040c728cb09981445924675755a7225536dc9c157796c3749831788c0d17b9e3

SHA512
4254e021dabbcefc5c642724eb890901ca00fe97e879f3cc40a5ac8c4a9a7e6770c6d3bb7cd95a9c7408a1bafd1f140f69a9fcd1e15377008c6e02999f235029

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\796

Filesize
21KB

MD5
03a8664d597f0b3e31eac05da5bcfad0

SHA1
280b389fa7697093a44935b016cc9dd6590aa523

SHA256
1ae41e60ceba007fafbea142636e27fb9ac1e38d05707371f863808da4e9de8e

SHA512
8f4b1069a375fb858761679edef06e7c1caffb502df8c8487544cd8894d9ca82ac9363447ecf56b3705e7920d401773cb6b9f9013d3756b63b18aa4fcbf78963

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\8551

Filesize
9KB

MD5
3b0b53a4f5cb2b575867fd98ad029282

SHA1
0c6887b0501118f5014177f93f6ed2b7b2a073bc

SHA256
dcb248abadfb3000d4172caea647453acd42baa7a702b7efede3507d767410eb

SHA512
01292cd7ca489d5b577c16480393d676e8e50b1deec9a2494072ba1dfbd6ace907aec0dfce3912c38e790e3d3fb47158455a26e019300c481557ffc1b6449697

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\9045

Filesize
8KB

MD5
271722c83f0fba13321a6eca9078ef3c

SHA1
7c26dfea2cc9c4453e6aca25740614e916249617

SHA256
29c4e56cc5751d8fd2546807f417e294a599038f3d32bc2f863d55a41e62723b

SHA512
2246d93e86f343e5787405f5a2fb0b7398c5759a07f0d8a11871e376617858406890437b3072f78e643de6dab9ac2075637f1685415af82f8c2c739158be38fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\9382

Filesize
8KB

MD5
f8bd50a78d3c85723c49b95b4e1b48b9

SHA1
aa4b52053ae0882654cd2fc6c8ab53e17dbe55a5

SHA256
20cca0b3fa3dc8a12a5bec7e759bd84c3766eba29b37d5fa61fcaf05dad89167

SHA512
bfc07e9ed095f321f9fd1c4aae25d4477a737a4384a8329edb7f7f6b84ff1173774138ea2632fdd1d9850df5ba0198f803b65e577716510777136135b935e1c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\doomed\9474

Filesize
15KB

MD5
06533d1adf0b3f3dd41dc36ab1df1b6e

SHA1
78ad469ebb99d6df34464b4ab69422f42fcd35ed

SHA256
659affdfbfa2ed4c43a015a8f30a5cfc5fe61fe2a2e4cacc9f14cbcabb64c101

SHA512
c6662fb6ac017d935873d4b222e0c6d24d25e14a2935dc83056ed5d8000d3136eab3398afda3c99f511f2eb9c9195f0cab6a54e32d1e0584c63eb0b8d482aa86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\entries\2B8B71B60D84DE7ACAE035ADAAECC8D02BD899A5

Filesize
195KB

MD5
b215a6dfbbe860d97959956cd2fb2ed1

SHA1
12cb049f29e13109813c272011c483e3a3efd335

SHA256
9ae455ffd5025c5d04380e5a621ce366b583634519f8b222f1948b126c86afe0

SHA512
248f13d03b99aad432e9b948456818d220284ecb91ed6f30ab990750e79dff05cdb47a7be105bf177a0388ef3c8630224daee60bfb3dc4296a83cef104017946

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\entries\39ED4EBD222CF7B53B02F2F899F297DFDE343F51

Filesize
1015KB

MD5
c94cb3692e092d8428927ff08880ab37

SHA1
226ec98be77abcab47fa2d002f2d7a01c518164f

SHA256
78c8901c5a7f718d216ab17309b36cc13db4b02798f263c0d81c6770c778b91a

SHA512
d6453b11e2851a6591796f08d3a8a0b65746b06cf7e71586e31bffe63809ea52831ceb2dac35b550e9b1b3bbaa55614ab4174dc149430e8c70f53b63a186674f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\entries\577A586685F8D27BD5B926CE96132B84424D8EA4

Filesize
13KB

MD5
63a6ba26be4c8f93833f4470fed07745

SHA1
63ac7582eedca330df355ec829e40be760ed5db1

SHA256
735c85be3e9221f8599713bc457f2cd141145e769ec25d3223f3583235100c4f

SHA512
b2aa0721541971b834a5eabc902b6e0e4f3f3f638395f67a6424c2dd0311a0b06fbd8a22432f7b5d92ede80acf77b973494f23b9b187b6e89c13067b037cc7cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\entries\812402BDB0B527931FFA4CDBEED82520297D2E1F

Filesize
122KB

MD5
d114cf59df627b1bc88ccd1c28a5aa4d

SHA1
c71b8ff66931cf33fd96233aece317855aff43e9

SHA256
1f15f8b145879d75422de0b243aeaa1c1b4c3328ea6726b0b0373960508103a3

SHA512
19b461fc88c3b4a862574c0186507540d9584398d990591ece49a35c7347d3d184435f34a70571e19448b6299fe00a50b27ba5c0b5e8c6513c04417f53c12096

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f3zxqty5.default-release\cache2\entries\EB2662A44994F28AB334768204124B278BE9529E

Filesize
37KB

MD5
77d91a019258a66208851f52b5525889

SHA1
1b1c2075ea77b235eab5c8fa701220da5b214897

SHA256
63ca8c9eec3b4b9a92fe339410276963d3452e6d32ffc4414457b4078cadd3d6

SHA512
1cde43396862b9c19770930bc9b270b4b66c500500c6be95e0868bb56f38b5524154aeff41528e6505213edb2b2b6386cfd6b2717e3ef797872a1899c613dc3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-82TQ4.tmp\CrystalDiskInfo9_2_1.tmp

Filesize
3.1MB

MD5
a005fd3b593ea8376d270309b338c1ae

SHA1
55928130043465601052fe7b46b404ea78fe9862

SHA256
a995450f68aea92eff52849b416f5c39de43b488b2dec23fd2eb7c7a3890edd6

SHA512
7c07cd209ab6937361838175351f98705da801a29e83e4786209c048d1122bb4b2c5fa4b9ece7bd5730b1eb39d1d41a7d4da5d6791d38d214a27f0fd71e4321b

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-82TQ4.tmp\CrystalDiskInfo9_2_1.tmp

Filesize
3.1MB

MD5
a005fd3b593ea8376d270309b338c1ae

SHA1
55928130043465601052fe7b46b404ea78fe9862

SHA256
a995450f68aea92eff52849b416f5c39de43b488b2dec23fd2eb7c7a3890edd6

SHA512
7c07cd209ab6937361838175351f98705da801a29e83e4786209c048d1122bb4b2c5fa4b9ece7bd5730b1eb39d1d41a7d4da5d6791d38d214a27f0fd71e4321b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
75bfbf6719772ed0fb4af12a3ae2da9f

SHA1
c2e88671556ab407497eb32ac444a0da4a0865c3

SHA256
a98735b07c08f88de6390cf6179c6aa2ef0ead2a3050a817b0d141b692a8e346

SHA512
9225971d3cc98531d9a1a0bd3f11b86fdfe15125f711e36419ccdc87e8db406908da374864c17d8251b39caa480299c8212f58681ba29dc794285738dac63e09

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
80759e7be4c5430e3a7c890901fbabfc

SHA1
438bbf927dd99b80c9e6bcce416cdd2a2b6fec07

SHA256
71a3285cffffc9c0891f64b837e1efad83a267c9ec694092524a0277b3fe5d81

SHA512
8cfd2970c35624a9530de500eb32b919591303661297163c2b23468b299c248895270500489d0ec0b35efa8baf3af78099cbd1ab896ad12d240d62c60d86047a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
824173475aff41a256ed87b42903d365

SHA1
88e71edd2a0fa03303fca778f10213e6681a3a44

SHA256
709921530a953c515c3a6110fe6d7471b79a109a742c900c2ee6925d49c39668

SHA512
8ee6d4e2beb678647d9107fbf3d352e73563c11393563fcc9cf1d26c3209aca4b1ed7e4c87a276056c4114c1667e0f919d6637e1e2f1f17793721b79caff9e73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\18c8c9be-044c-49de-a68a-dd516daee3e5.dmp

Filesize
207KB

MD5
c2df26abdde61525ef854fe6f84266dd

SHA1
39b937e842f7c312bc8128b6753df94767b63d34

SHA256
5d5e95d524ff07553a55b7c18f361e7bb482e25c5136525a3dd2b64125e1dd1d

SHA512
6d8210d7f9c734175b1201f54cd763def4024ab17426d49c5757155611ff51055849ec4c5916c23e608d9cecb1391ae4cca5607ddac9aec58dc9336b163b07c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\18c8c9be-044c-49de-a68a-dd516daee3e5.extra

Filesize
14KB

MD5
b18a52b653f8648d808eb0424776513e

SHA1
b6da00c32184b794a17ac1ccf28097bf2aa85c43

SHA256
d6a5c32919d7ad6e0e9ac4502538fad5a9b7f15980f5e1d8d1c7e71d36eb52ef

SHA512
621b0715a994d7383be9a5bcf86c03bb27fa879a4ef6a862885fc886f3cb7e5419761b3e323b39705efd742aa00cb43d301a1f89d351a34881f698a08a5f7265

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\18c8c9be-044c-49de-a68a-dd516daee3e5.extra

Filesize
14KB

MD5
b18a52b653f8648d808eb0424776513e

SHA1
b6da00c32184b794a17ac1ccf28097bf2aa85c43

SHA256
d6a5c32919d7ad6e0e9ac4502538fad5a9b7f15980f5e1d8d1c7e71d36eb52ef

SHA512
621b0715a994d7383be9a5bcf86c03bb27fa879a4ef6a862885fc886f3cb7e5419761b3e323b39705efd742aa00cb43d301a1f89d351a34881f698a08a5f7265

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\crashes\store.json.mozlz4.tmp

Filesize
6KB

MD5
7f060b14789617a97328cd8810af5728

SHA1
f014c92cb78a3ea6833b0ed2cb8a2dbfede15547

SHA256
10bcb5516a98e0ca1e48f27ad0ba1c7d61af553db9d9eb2b055621cf1e5d520b

SHA512
de88019f23ff26d7d152c3fdabe7738fe467e6998d478557f23905bf1890b936053f98a47086ebb0de0c99d42f4df3e1928b614079548d53d60e414bbef60a95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs-1.js

Filesize
6KB

MD5
62f517bd8022ceccd6cb8d80a008a555

SHA1
91f70008f08e12c1bf0382f8e51eebe9d0e1189f

SHA256
dcdfedaa76c8bd3af3d477d373102f07ab858b5289784648c797b7ccd11b8189

SHA512
a8059202b2c4e0adc6063b48bd118af4054c41e6524973ac2b25e186d5a426375c01536cf2ef1e6019ebbb2a11f8cd32ab293e4bc7578e4ca0214d6bea7fdb24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs-1.js

Filesize
7KB

MD5
d2701a9275ecf77935b401269a450768

SHA1
6852835b4aa4d2f6f441d74594803989ebfc46a9

SHA256
77876672ecf0cac42a330bda71083fb3cc590a00d31b41acf6b004e316ad41ba

SHA512
5a26df28eb666dccfd6a18db986f83a7e72580c8756eef2ec6e71487286d63c1555cc7211fa7a78dc0ce566e8c383c2ebd150e2de272d8c26e8619489627648b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs-1.js

Filesize
8KB

MD5
7fb2f32a083a5be570529a46a12de234

SHA1
ada67c3fcce2e794775835c7f4f5c10347305dbe

SHA256
422bb831b5bf5d33d8bc6b80ef45fe121a748588b29dbd8c54333325bd104204

SHA512
4242131d3319dab26906bf3860df5bb09515a5096fd2ed738c926ca5aeb809d2802546bfda6315aa8e75a5aa56e600a91d702f4fa1ba576d735dd05a299f226b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs.js

Filesize
6KB

MD5
ea5fe02304a4461fcb73b42937f53c9f

SHA1
0e274258233303e4b0c069ae6aa1db878657c043

SHA256
1753601a303e9f0c710dbfa92069a00d8927b5415c02f219587e85712a3e8322

SHA512
3fc1b371fa39fe7b3914939dbfda27cb98ad3d6369e4be3371d40778d233fa34caeb0f4d850bb49b586c770dad3e21a6bbc11390884cd9da45108019048020ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\prefs.js

Filesize
6KB

MD5
589fbfc3f7b9e1aedaca0296b6cb2b1f

SHA1
d30f20bbb477ed52137f7ea0b5596b5c3031ed4f

SHA256
ba7b7748b0331b7f28dd45d4d0d7f039685c7da5ede35f4c2f98b959349fe4fa

SHA512
ed49c6175b64b282566757d6ca52bd4352573b5b56fe802d91264dab283f30bb467cadad281d300f9da8640101e385061bf465f66b3539acde9528433641bba3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
f7d72f43b3340daf5d9e3ff7758db7c2

SHA1
5aeb440817c3e5a26eae341cb7c1fdcc3a775ddc

SHA256
13b982cb297fb310bee493cd866fe7fa1e5355f87e07509d500d94e6d3746e13

SHA512
65d9f0ae537a85d291000ce2735efe3972f4a7450f1facbc7a66fcc6f5da6bad9b1b4c069fff4cf0e430de4c3956c12f5b1a1217246d739d03b8af6f6439785d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
2374b0142fbdb68ffb8a2c242a43df6d

SHA1
709ed69aca75ce48c90a53db95b8d977070cef66

SHA256
d343f4fe6bab961d9a91845f87be564045b6153ac334f57f59e997d12021dd87

SHA512
0b12d31bdba6309bee2bee290341b823487ebac05de9b9551141dfa55f7bdad1838246393ba9b36c382d530efc03743cad362931a36a64fd94facbdc689b3974

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
25KB

MD5
23c097f5265e20a61bc19f8530bed27f

SHA1
57f8119eddaac7568431f857182cd5eb1bfc1c3e

SHA256
6488e12ebafc1b000d18cc0738c9482409b0f1552bddaa029692075f95e6b7ad

SHA512
9b4aa0bc60507085350cf93576a44498dd4b1b9b877d628b8aa463645344678d500d543ff025f357ae7ec55288d3fdcec3716e7160c832c6a498aca3869da4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b9ed8dc047e4fedad003b9c8e57cf4b9

SHA1
19857bd6c94b14f9a7d9c02db5992ba65c3f11b4

SHA256
5a5291ecb03dcdba3f5ba8fcf03edf9088648c86078a33646baf3cb2d31a8da4

SHA512
a870294cc660e80c6035fa640be387f04934b9f209a16fa018ff6a9aa0a8e1b1c66ba9cb97f6b2169f1fafa4dea2ac8f40df76ca2193b3351b0bb0a73f8aeed4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
cbae17d3e27685c99a2c26fd60eec98e

SHA1
0684f1bbae096537e31bed59590873dc75184d7d

SHA256
5afc54ece8cec57c739b9088c35e5502ab52250c2613dce865c76584628cb0de

SHA512
2b4b63b372d39b2710b439c14ac451a560d8794e9d09922e4cb07c61140ef55817ca8889168500782b4ff4903fd77a55d86f03bb25e3858474bde5cb2447f249

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
5106c76afc96406b8652f1dd11794928

SHA1
338e891ea5f5d37966b2e2720c9ae77d047feafb

SHA256
d72473d8c9ec2de74600953f79f1fb77a0ee117385cae0ae2cb4dd39cd632c8e

SHA512
5e459930c30ee332a508b4caf9870a326a6a45ad4f9e81528c728debb6ee819df56dc0f2b4f15f11896db2a3e29989458069d79ba4a79d5ef9f00dcdf3a56f85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
176KB

MD5
5593ee1f30b4cd17a343265dfeebfef5

SHA1
ddab2bc8f7741bc9d6eee85f7ca516e05c2c7709

SHA256
f7c8e9bd943043928729a3cca4e042d64c1f2f1b5ef12ae75206dd0b361f27c0

SHA512
c34a6f97e709881c929b4714bbd923637dff422534c3ee1658b159d4d6361d5feb863a6c3b4841032f1a00152dacfef84dcd203e209ac71a7db5bc2fce33a845

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f3zxqty5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
416KB

MD5
84d9c2c8f4fcd3ac8b48c45a3e7c96a5

SHA1
9354dd1fa02b6cfe33f3148e18d5d4edb4d385a0

SHA256
ab67ee829ae980f33df5bebad75f7252de2e3ec31c7cd4850827c37c09529146

SHA512
83dfa1e9161ac7096086e7c6fe11d7e87a41eae8cd30833f8750ef8492820043e731bfd5febb758c9cf2cb792f8a43850317688f71d2b48641271d59c959f23f

Download Submit
C:\Users\Admin\Desktop\Updater.txt

Filesize
4KB

MD5
3c1a560654ca635b582c1e44361ccc73

SHA1
16a18fcf40f0ff4643214f5812f409610935f814

SHA256
d27ee8619ca32de55d04ab23f1f2f9583b8a6ce2024221e7c4012be591d6469c

SHA512
4de8d781cf65cd1ab332d6f230c1c45b8bb27f89e52b9a1de22ed1e0a92882c0d9770712712a3f1a2e63d88ba49a34ad82a26f19312f7edab4a8ebebf51021f8

Download Submit
C:\Users\Admin\Desktop\Updater.txt

Filesize
4KB

MD5
3c1a560654ca635b582c1e44361ccc73

SHA1
16a18fcf40f0ff4643214f5812f409610935f814

SHA256
d27ee8619ca32de55d04ab23f1f2f9583b8a6ce2024221e7c4012be591d6469c

SHA512
4de8d781cf65cd1ab332d6f230c1c45b8bb27f89e52b9a1de22ed1e0a92882c0d9770712712a3f1a2e63d88ba49a34ad82a26f19312f7edab4a8ebebf51021f8

Download Submit
C:\Users\Admin\Desktop\Updater.txt

Filesize
568B

MD5
35b6a90a453f0f3a2398a9242103964b

SHA1
af403a91ab6ca5087127b37939b3340f6b956681

SHA256
e4b7892374246bac8e2991f14bffe1797070b69ade93ce380021556b71bacf33

SHA512
451ae5ec0662c1d39d0283a756bcb1576375c18e0c643e2fd03a6ff9b8ae374c57188d18aabfc6b38153ae29178eefef90500568ac150653626ab3295525611a

Download Submit
C:\Users\Admin\Desktop\Updater.txt

Filesize
5KB

MD5
d520aefc68438321b326d9ad725de589

SHA1
4b1fadf98b5046da225f47b5609aba63ea24a612

SHA256
c5bad2badce530e25a1b8384155dae954884251dedf1a6181d15364a135c5661

SHA512
86019089f4284e95322e1f62cba53b12ad83a27861325f2f814999d74d2bd0f0883b3fef972db58f84b60ebbb6a54dfbe8e2a50c08b6e71137dda51e34e72d6e

Download Submit
C:\Users\Admin\Desktop\Updater.txt

Filesize
5KB

MD5
d520aefc68438321b326d9ad725de589

SHA1
4b1fadf98b5046da225f47b5609aba63ea24a612

SHA256
c5bad2badce530e25a1b8384155dae954884251dedf1a6181d15364a135c5661

SHA512
86019089f4284e95322e1f62cba53b12ad83a27861325f2f814999d74d2bd0f0883b3fef972db58f84b60ebbb6a54dfbe8e2a50c08b6e71137dda51e34e72d6e

Download Submit
C:\Users\Admin\Desktop\Updater.txt

Filesize
5KB

MD5
d520aefc68438321b326d9ad725de589

SHA1
4b1fadf98b5046da225f47b5609aba63ea24a612

SHA256
c5bad2badce530e25a1b8384155dae954884251dedf1a6181d15364a135c5661

SHA512
86019089f4284e95322e1f62cba53b12ad83a27861325f2f814999d74d2bd0f0883b3fef972db58f84b60ebbb6a54dfbe8e2a50c08b6e71137dda51e34e72d6e

Download Submit
C:\Users\Admin\Desktop\Updater.txt

Filesize
5KB

MD5
d520aefc68438321b326d9ad725de589

SHA1
4b1fadf98b5046da225f47b5609aba63ea24a612

SHA256
c5bad2badce530e25a1b8384155dae954884251dedf1a6181d15364a135c5661

SHA512
86019089f4284e95322e1f62cba53b12ad83a27861325f2f814999d74d2bd0f0883b3fef972db58f84b60ebbb6a54dfbe8e2a50c08b6e71137dda51e34e72d6e

Download Submit
C:\Users\Admin\Desktop\res\SMART.xml

Filesize
1KB

MD5
de38c3dafdd55318e78fdd8a610e3cc8

SHA1
abb0b551dba221a2b9b7b493cb857e2d072ad5ff

SHA256
29281c6af4370a3739a174cb1e0ab3d24349772daf4b4b8a5cfbe71ca8e79bb5

SHA512
7a8aed344349d0c1600b48dd902c0fc7f65472531dc63d9cd49a98dca1a74b648488adbe497d411542e66ce5e445072262fccb6727e0a057bd3d66d19ad581a9

Download Submit
C:\Users\Admin\Desktop\update.xml

Filesize
933B

MD5
fc94505a18eef11831920a6197780915

SHA1
c5a88f64a679e0be841516cc9fa569563d5b386f

SHA256
e2150bd4f1097e26e7411526ac41f707d19ea136b9238d603cd06795a81c6b2c

SHA512
76efc273cac79f18a826d072765134634815dd2b7a7e0612ffadf5051d4a7a8ef2297c39bdb345eef40801cd537175669e7abb5754e10c08fde5e37492eb2f06

Download Submit
C:\Users\Admin\Downloads\CrystalDiskInfo9_2_1.O9H97m2F.exe.part

Filesize
5.5MB

MD5
4d4f43b6d081128cda7fb2cb4d2cb384

SHA1
8d83fef0fed0ff20d77173219b25a263366816d9

SHA256
03f0542a463e7f372b5d8e7082604e4fdb5ae07f4c949e5e7fc5791a9bfbcf22

SHA512
999f47e7d73697663615e96a7003c0e41aa323e9c1db50b2c3853fd182796291b98c1452d3f3804c0346897dc81177dde2723b1254b0c6eb0fe96cd94f0494a0

Download Submit
C:\Users\Admin\Downloads\CrystalDiskInfo9_2_1.exe

Filesize
5.5MB

MD5
4d4f43b6d081128cda7fb2cb4d2cb384

SHA1
8d83fef0fed0ff20d77173219b25a263366816d9

SHA256
03f0542a463e7f372b5d8e7082604e4fdb5ae07f4c949e5e7fc5791a9bfbcf22

SHA512
999f47e7d73697663615e96a7003c0e41aa323e9c1db50b2c3853fd182796291b98c1452d3f3804c0346897dc81177dde2723b1254b0c6eb0fe96cd94f0494a0

Download Submit
C:\Users\Admin\Downloads\CrystalDiskInfo9_2_1.exe

Filesize
5.5MB

MD5
4d4f43b6d081128cda7fb2cb4d2cb384

SHA1
8d83fef0fed0ff20d77173219b25a263366816d9

SHA256
03f0542a463e7f372b5d8e7082604e4fdb5ae07f4c949e5e7fc5791a9bfbcf22

SHA512
999f47e7d73697663615e96a7003c0e41aa323e9c1db50b2c3853fd182796291b98c1452d3f3804c0346897dc81177dde2723b1254b0c6eb0fe96cd94f0494a0

Download Submit
C:\Users\Admin\Downloads\HDDScan.zip

Filesize
3.7MB

MD5
86c2471e6b1db628caf48b1a6ea1d70c

SHA1
ce98d12702e26947739bd5b507c933d4c51a4c8f

SHA256
8f392fc0c2dbb5b75848b7f791c105da28d5f1260e3d324b2f9ea9c72122657c

SHA512
f04a77864f9904516bd334c3f46a667cb867e7ed8f459c8805b773ee3b0a0ae954aac185d347c8dd07a6fe0701747b1939e9fc23dacc4dcf6081380f8ff1c598

Download Submit
C:\Users\Admin\Downloads\HeavyLoad-x64-Setup.exe

Filesize
17.4MB

MD5
38d92bacc85f345bb43001deb3a803b7

SHA1
77fe5ebd7a740540ddcb5e3309c7b5acc4e804c7

SHA256
fe0a89c7312550f205447dce8adfdf658a6f65e387cd66ae90df372d39421373

SHA512
e5cfa9960cb0e952c7a875bc1227c5c1fd6628ea45876aa1d414db60d081bef8d413ddced75db6a6e14a12441ab6b3a8e3c2f09750216e55ca4037eb15571e88

Download Submit
C:\Users\Admin\Downloads\hdsentinel_pro_setup.zip

Filesize
35.3MB

MD5
279e55f6e8313d1077db4e0b762cd27b

SHA1
21d6dfeb948afcc365a5d5a3f9f645dd018d3930

SHA256
d262b99f70426949b4db0b23e82ba17f8d6d549cd2db2848266a59da69baac4d

SHA512
e0b1d02012481151af1df342513dfa856686ec5e4dbbdafefd11a8715062570feeb92ea3405e9b3fdc85384e8db9837216f8269c9695a1e47b3623dc58e57b19

Download Submit
memory/1304-3607-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1304-3952-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1304-3960-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/1304-3962-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/1304-3969-0x0000000000400000-0x00000000004C0000-memory.dmp

Filesize
768KB

Download
memory/2940-778-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2940-2002-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/2940-2108-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/3460-3326-0x0000000000400000-0x0000000000701000-memory.dmp

Filesize
3.0MB

Download
memory/3460-3282-0x0000000000400000-0x0000000000701000-memory.dmp

Filesize
3.0MB

Download
memory/3460-3223-0x0000000000810000-0x0000000000811000-memory.dmp

Filesize
4KB

Download
memory/3896-3324-0x0000023807D00000-0x0000023807D01000-memory.dmp

Filesize
4KB

Download
memory/3896-3330-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3439-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3408-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3496-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3583-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3562-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3355-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3356-0x0000023807D00000-0x0000023807D01000-memory.dmp

Filesize
4KB

Download
memory/3896-3331-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3366-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3367-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3383-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3384-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/3896-3386-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/4028-3961-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4028-3963-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/4028-3965-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/4780-3957-0x0000000001900000-0x0000000001901000-memory.dmp

Filesize
4KB

Download
memory/4780-4122-0x0000000006670000-0x0000000006671000-memory.dmp

Filesize
4KB

Download
memory/4780-4108-0x0000000001900000-0x0000000001901000-memory.dmp

Filesize
4KB

Download
memory/4780-3985-0x0000000000400000-0x00000000016EF000-memory.dmp

Filesize
18.9MB

Download
memory/4780-3973-0x0000000006670000-0x0000000006671000-memory.dmp

Filesize
4KB

Download
memory/4780-3300-0x0000022B3F9D0000-0x0000022B3F9D1000-memory.dmp

Filesize
4KB

Download
memory/4780-3301-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download
memory/5696-3602-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5696-3970-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5696-3951-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/5696-3604-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/6016-2107-0x0000000000400000-0x0000000000719000-memory.dmp

Filesize
3.1MB

Download
memory/6016-795-0x0000000002810000-0x0000000002811000-memory.dmp

Filesize
4KB

Download
memory/6204-3059-0x0000000000400000-0x0000000000ADB000-memory.dmp

Filesize
6.9MB

Download
memory/6204-2968-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/6204-3055-0x0000000000400000-0x0000000000ADB000-memory.dmp

Filesize
6.9MB

Download
memory/6204-3038-0x0000000000400000-0x0000000000ADB000-memory.dmp

Filesize
6.9MB

Download
memory/6204-2967-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/6204-3053-0x0000000002750000-0x0000000002751000-memory.dmp

Filesize
4KB

Download
memory/6204-3054-0x0000000000400000-0x0000000000ADB000-memory.dmp

Filesize
6.9MB

Download
memory/6204-3048-0x0000000000400000-0x0000000000ADB000-memory.dmp

Filesize
6.9MB

Download
memory/6268-3281-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/6268-3219-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/6268-3327-0x0000000000400000-0x00000000004DF000-memory.dmp

Filesize
892KB

Download
memory/6360-2815-0x0000000003760000-0x0000000003761000-memory.dmp

Filesize
4KB

Download
memory/6360-2937-0x0000000000400000-0x0000000000ADB000-memory.dmp

Filesize
6.9MB

Download
memory/6360-2953-0x0000000000400000-0x0000000000ADB000-memory.dmp

Filesize
6.9MB

Download
memory/6360-2806-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/6360-2954-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/6756-3354-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3350-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3352-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3351-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3348-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3349-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3353-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3342-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3344-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6756-3343-0x000001F8CE340000-0x000001F8CE341000-memory.dmp

Filesize
4KB

Download
memory/6936-3302-0x000002A115F80000-0x000002A115F81000-memory.dmp

Filesize
4KB

Download
memory/6936-3305-0x0000000000250000-0x0000000001FB4000-memory.dmp

Filesize
29.4MB

Download