55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047

Analysis

max time kernel
909s
max time network
1799s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
11-02-2024 16:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.0MB
MD5

a21768190f3b9feae33aaef660cb7a83
SHA1

24780657328783ef50ae0964b23288e68841a421
SHA256

55e4ce3fe726043070ecd7de5a74b2459ea8bed19ef2a36ce7884b2ab0863047
SHA512

ca6da822072cb0d3797221e578780b19c8953e4207729a002a64a00ced134059c0ed21b02572c43924e4ba3930c0e88cd2cdb309259e3d0dcfb0c282f1832d62
SSDEEP

98304:NzTZ3cINQscs0m++LNkT6OpwDGUUH57yvZ/49Mr8EO3QhA9Kq:Nzt3cINQscNmvLCwDkHEvZ/4R79x

Score

6^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
1289	raw.githubusercontent.com
1290	raw.githubusercontent.com
1291	raw.githubusercontent.com
1292	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Drops file in System32 directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1920.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\system32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_96.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide_alternate.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\4272278488\3302449443.pri	SecHealthUI.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MEMZ.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\4272278488\3302449443.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	taskmgr.exe

Executes dropped EXE 16 IoCs

pid	Process
6592	lively_setup_x86_full_v2074.exe
6688	lively_setup_x86_full_v2074.tmp
7400	MEMZ.exe
6508	MEMZ.exe
6696	MEMZ.exe
7608	MEMZ.exe
7204	MEMZ.exe
6900	MEMZ.exe
6160	MEMZ.exe
4856	MEMZ.exe
6660	MEMZ.exe
6568	MEMZ.exe
5252	MEMZ.exe
5752	MEMZ.exe
6208	MEMZ.exe
8124	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 23 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe

Checks processor information in registry 2 TTPs 17 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "2"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{B3690E58-E961-423B-B687-386EBFD83239}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0be0e07d095dda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{16265775-5516-48B1-A967-F2FFA8F04219} = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8936e67d095dda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7a47f66e095dda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "25"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-167039816-2868247564-2551780377-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\1674424797137599124.png:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\lively_setup_x86_full_v2074.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	firefox.exe

Runs regedit.exe 2 IoCs

pid	Process
8792	regedit.exe
13620	regedit.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
4004	AnyDesk.exe
6028	explorer.exe
6028	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5004	AnyDesk.exe
5004	AnyDesk.exe
5004	AnyDesk.exe
5004	AnyDesk.exe
5004	AnyDesk.exe
5004	AnyDesk.exe
3216	AnyDesk.exe
3216	AnyDesk.exe
6508	MEMZ.exe
6508	MEMZ.exe
6696	MEMZ.exe
6696	MEMZ.exe
7608	MEMZ.exe
7608	MEMZ.exe
6508	MEMZ.exe
6508	MEMZ.exe
6696	MEMZ.exe
6696	MEMZ.exe
7608	MEMZ.exe
7608	MEMZ.exe
6508	MEMZ.exe
6508	MEMZ.exe
6900	MEMZ.exe
6900	MEMZ.exe
7204	MEMZ.exe
7204	MEMZ.exe
6696	MEMZ.exe
7608	MEMZ.exe
7608	MEMZ.exe
6696	MEMZ.exe
6508	MEMZ.exe
6508	MEMZ.exe
7204	MEMZ.exe
7204	MEMZ.exe
6900	MEMZ.exe
6900	MEMZ.exe
6696	MEMZ.exe
6696	MEMZ.exe
7608	MEMZ.exe
7204	MEMZ.exe
7608	MEMZ.exe
7204	MEMZ.exe
6508	MEMZ.exe
6508	MEMZ.exe
6900	MEMZ.exe
6900	MEMZ.exe
6696	MEMZ.exe
6696	MEMZ.exe
7608	MEMZ.exe
7204	MEMZ.exe
7608	MEMZ.exe
7204	MEMZ.exe
6508	MEMZ.exe
6508	MEMZ.exe
6900	MEMZ.exe
6900	MEMZ.exe
6696	MEMZ.exe
6696	MEMZ.exe
7608	MEMZ.exe
7608	MEMZ.exe
6508	MEMZ.exe
6508	MEMZ.exe
7204	MEMZ.exe
7204	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
956	mmc.exe
4200	AnyDesk.exe

Suspicious behavior: MapViewOfSection 30 IoCs

pid	Process
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
6004	MicrosoftEdgeCP.exe
6004	MicrosoftEdgeCP.exe
7000	MicrosoftEdgeCP.exe
7000	MicrosoftEdgeCP.exe
7000	MicrosoftEdgeCP.exe
7000	MicrosoftEdgeCP.exe
6160	MicrosoftEdgeCP.exe
6160	MicrosoftEdgeCP.exe
7600	MicrosoftEdgeCP.exe
7600	MicrosoftEdgeCP.exe
7600	MicrosoftEdgeCP.exe
7600	MicrosoftEdgeCP.exe
1396	MicrosoftEdgeCP.exe
1396	MicrosoftEdgeCP.exe
5288	MicrosoftEdgeCP.exe
5288	MicrosoftEdgeCP.exe
5288	MicrosoftEdgeCP.exe
5288	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 55 IoCs

description	pid	Process
Token: SeDebugPrivilege	5004	AnyDesk.exe
Token: 33	4352	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4352	AUDIODG.EXE
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeShutdownPrivilege	6028	explorer.exe
Token: SeCreatePagefilePrivilege	6028	explorer.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeShutdownPrivilege	5844	control.exe
Token: SeCreatePagefilePrivilege	5844	control.exe
Token: 33	956	mmc.exe
Token: SeIncBasePriorityPrivilege	956	mmc.exe
Token: 33	956	mmc.exe
Token: SeIncBasePriorityPrivilege	956	mmc.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	7136	taskmgr.exe
Token: SeSystemProfilePrivilege	7136	taskmgr.exe
Token: SeCreateGlobalPrivilege	7136	taskmgr.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: 33	7136	taskmgr.exe
Token: SeIncBasePriorityPrivilege	7136	taskmgr.exe
Token: SeDebugPrivilege	1000	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1000	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1000	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1000	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5852	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	5852	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4180	MicrosoftEdge.exe
Token: SeDebugPrivilege	4180	MicrosoftEdge.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
4004	AnyDesk.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
4004	AnyDesk.exe
6028	explorer.exe
6028	explorer.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
4004	AnyDesk.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
4004	AnyDesk.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
4004	AnyDesk.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe
7136	taskmgr.exe

Suspicious use of SetWindowsHookEx 52 IoCs

pid	Process
4200	AnyDesk.exe
4200	AnyDesk.exe
2140	firefox.exe
956	mmc.exe
956	mmc.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
4020	SecHealthUI.exe
4180	MicrosoftEdge.exe
5540	MicrosoftEdgeCP.exe
1000	MicrosoftEdgeCP.exe
5540	MicrosoftEdgeCP.exe
5184	MicrosoftEdge.exe
6004	MicrosoftEdgeCP.exe
6004	MicrosoftEdgeCP.exe
2024	MicrosoftEdge.exe
7000	MicrosoftEdgeCP.exe
7000	MicrosoftEdgeCP.exe
7156	MicrosoftEdge.exe
7872	MicrosoftEdgeCP.exe
7872	MicrosoftEdgeCP.exe
392	MicrosoftEdge.exe
6160	MicrosoftEdgeCP.exe
6160	MicrosoftEdgeCP.exe
8028	MicrosoftEdge.exe
7600	MicrosoftEdgeCP.exe
7600	MicrosoftEdgeCP.exe
8124	MEMZ.exe
8016	MicrosoftEdge.exe
1396	MicrosoftEdgeCP.exe
1396	MicrosoftEdgeCP.exe
8124	MEMZ.exe
5524	MicrosoftEdgeCP.exe
2012	MicrosoftEdgeCP.exe
2012	MicrosoftEdgeCP.exe
7488	MicrosoftEdge.exe
5288	MicrosoftEdgeCP.exe
5288	MicrosoftEdgeCP.exe
8124	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 5004	3216	AnyDesk.exe	73
PID 3216 wrote to memory of 5004	3216	AnyDesk.exe	73
PID 3216 wrote to memory of 5004	3216	AnyDesk.exe	73
PID 3216 wrote to memory of 4004	3216	AnyDesk.exe	74
PID 3216 wrote to memory of 4004	3216	AnyDesk.exe	74
PID 3216 wrote to memory of 4004	3216	AnyDesk.exe	74
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 3112 wrote to memory of 2140	3112	firefox.exe	82
PID 2140 wrote to memory of 1516	2140	firefox.exe	83
PID 2140 wrote to memory of 1516	2140	firefox.exe	83
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84
PID 2140 wrote to memory of 2256	2140	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5004
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:4200
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x420
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3112
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.0.1002368688\1400665147" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cda730a-cee3-4953-b689-0c42b007fca8} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1796 1f7deecd158 gpu
    3⤵
    PID:1516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.1.19097622\2083057017" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef2647c3-c6b6-4d48-ad47-5c48d506e2cf} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 2156 1f7d3e72858 socket
    3⤵
    - Checks processor information in registry
    PID:2256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.2.1962241618\7452399" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2924 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78cd5902-e812-44d9-b07d-51aabb16d186} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 2736 1f7dee5e158 tab
    3⤵
    PID:3944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.3.1894316031\42106927" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d6063a5-bf5a-42ad-8a6d-0e657873f9c0} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3436 1f7e1908e58 tab
    3⤵
    PID:4848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.4.727846339\1103068036" -childID 3 -isForBrowser -prefsHandle 4264 -prefMapHandle 4260 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9a9ff2f-4f24-4283-9798-238bb3d0cb89} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 4276 1f7e505b558 tab
    3⤵
    PID:1840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.5.371654594\1169282535" -childID 4 -isForBrowser -prefsHandle 4824 -prefMapHandle 4812 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8803c730-f155-459c-8be6-181880612eb9} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 4988 1f7e36b6e58 tab
    3⤵
    PID:1360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.7.28908657\482802600" -childID 6 -isForBrowser -prefsHandle 5328 -prefMapHandle 5324 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd87a40-2829-4aac-a05b-eaecb446db0b} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5336 1f7e59f0b58 tab
    3⤵
    PID:2820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.6.667949763\1322479715" -childID 5 -isForBrowser -prefsHandle 5044 -prefMapHandle 5048 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e211337-bcf8-44b0-8169-0ee2303710d1} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5032 1f7e5268e58 tab
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.8.1646915193\1630450871" -childID 7 -isForBrowser -prefsHandle 5640 -prefMapHandle 5644 -prefsLen 26602 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd0d9e4-e951-4ed6-a05d-50a50be88755} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5672 1f7e2191b58 tab
    3⤵
    PID:5960

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" LanguagePackInstaller
1⤵
PID:3508

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" LanguagePackInstaller
1⤵
PID:4380

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6028
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" C:\Windows\system32\devmgmt.msc
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:956

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5172

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5848

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5844

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:6000

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5784
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.0.1129186932\308943375" -parentBuildID 20221007134813 -prefsHandle 1604 -prefMapHandle 1592 -prefsLen 21206 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b70801ae-837e-4354-8f91-88b6f74a9f7b} 860 "\\.\pipe\gecko-crash-server-pipe.860" 1696 21af68e6258 gpu
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.1.16916644\2051609277" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1988 -prefsLen 21251 -prefMapSize 233583 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf4062a4-bddf-4891-894c-365f6578a67d} 860 "\\.\pipe\gecko-crash-server-pipe.860" 2016 21aeabdb858 socket
    3⤵
    PID:5172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.2.1389447930\306775741" -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 2976 -prefsLen 21712 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {35e913b8-184a-4e36-a03a-1d310c4f720e} 860 "\\.\pipe\gecko-crash-server-pipe.860" 2676 21af99a1858 tab
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.3.1309966013\706817614" -childID 2 -isForBrowser -prefsHandle 3148 -prefMapHandle 3196 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6386ccfe-eab7-43b2-bcba-9334c564c60a} 860 "\\.\pipe\gecko-crash-server-pipe.860" 1028 21afb827258 tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.4.1936700057\610505485" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3684 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1605eb8-39e0-47e1-9237-1561d1c46739} 860 "\\.\pipe\gecko-crash-server-pipe.860" 3636 21afbdc5258 tab
    3⤵
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.5.1247934277\1464119076" -childID 4 -isForBrowser -prefsHandle 4388 -prefMapHandle 3344 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc861b45-ec54-43c3-87f1-c1d2e05ce7a3} 860 "\\.\pipe\gecko-crash-server-pipe.860" 4396 21afa605f58 tab
    3⤵
    PID:1064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.7.347023166\1207277344" -childID 6 -isForBrowser -prefsHandle 4528 -prefMapHandle 4524 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62531ad8-363b-4c2b-a3c0-23f451b121a6} 860 "\\.\pipe\gecko-crash-server-pipe.860" 4692 21afce84858 tab
    3⤵
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.6.357061591\1422014447" -childID 5 -isForBrowser -prefsHandle 4536 -prefMapHandle 4540 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7f49d99-571c-4866-9b70-61f4e30368ad} 860 "\\.\pipe\gecko-crash-server-pipe.860" 4392 21afce83058 tab
    3⤵
    PID:220
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.8.1377391378\163403874" -childID 7 -isForBrowser -prefsHandle 4088 -prefMapHandle 5100 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c092f52-7585-450a-8d41-92179e8d27f4} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5088 21af98f3258 tab
    3⤵
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.9.1188485873\100001815" -childID 8 -isForBrowser -prefsHandle 4240 -prefMapHandle 5548 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a62d5f1-bbd5-400d-b2bd-5ad6383441de} 860 "\\.\pipe\gecko-crash-server-pipe.860" 3244 21aeab5bb58 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.10.1055589116\559455620" -childID 9 -isForBrowser -prefsHandle 5832 -prefMapHandle 4144 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a55c058-9487-4907-b537-9e0504f666e2} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5724 21afece4f58 tab
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.12.622035357\1897598370" -childID 11 -isForBrowser -prefsHandle 9860 -prefMapHandle 9864 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a269850-8e2c-420a-bc84-105fafc10a50} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9852 21afeaaf058 tab
    3⤵
    PID:3208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.11.2140653069\1403531994" -childID 10 -isForBrowser -prefsHandle 9628 -prefMapHandle 9644 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8d02fc6-1270-4674-8890-9fabb93780e2} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5492 21afea18858 tab
    3⤵
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.13.2001128309\886365307" -childID 12 -isForBrowser -prefsHandle 10048 -prefMapHandle 10044 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {233fe2e4-bc93-416f-bd5d-a31ad9445fbf} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9836 21affdd9558 tab
    3⤵
    PID:520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.14.1859155824\109397026" -childID 13 -isForBrowser -prefsHandle 9428 -prefMapHandle 10188 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {531e7889-8881-417b-8eb6-2cf949c33428} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9468 21afccb1758 tab
    3⤵
    PID:5848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.15.2036633098\242235492" -childID 14 -isForBrowser -prefsHandle 9304 -prefMapHandle 9300 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {978e6200-5b2c-4551-bb76-c288f417d9ca} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9268 21aff03c758 tab
    3⤵
    PID:4336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.17.396238932\1495584117" -childID 16 -isForBrowser -prefsHandle 8988 -prefMapHandle 8992 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc754611-6fdf-411b-a12d-d25f0caf5e96} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8976 21b009cd158 tab
    3⤵
    PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.18.92356333\1160609827" -childID 17 -isForBrowser -prefsHandle 8644 -prefMapHandle 9072 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc52eed-1d65-432f-8c35-2a48cc210576} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8896 21aff03e858 tab
    3⤵
    PID:5100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.16.1425197929\1959161857" -childID 15 -isForBrowser -prefsHandle 9000 -prefMapHandle 9004 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d06ebef-52ef-46a9-a93d-4d9b0ab9fde2} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9064 21b009cc558 tab
    3⤵
    PID:6104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.21.857426165\1391863194" -childID 20 -isForBrowser -prefsHandle 8196 -prefMapHandle 8188 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {07548b77-465b-4664-834f-26e276c4b828} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8204 21b00ae3e58 tab
    3⤵
    PID:6256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.20.1051495964\881195493" -childID 19 -isForBrowser -prefsHandle 8296 -prefMapHandle 8300 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab440cb0-51c2-4cc0-9f14-2a73b29a5c2f} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8288 21b00ae6258 tab
    3⤵
    PID:6248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.19.1348975526\1853881183" -childID 18 -isForBrowser -prefsHandle 9072 -prefMapHandle 8676 -prefsLen 26890 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24b1d2b4-ccdc-426f-8dde-7b5909c1d9dc} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8684 21aeab57258 tab
    3⤵
    PID:6240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.24.1895283230\812512141" -childID 23 -isForBrowser -prefsHandle 7520 -prefMapHandle 7732 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a364095-dac8-4070-97a5-bea37011d5ac} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7536 21b0024d258 tab
    3⤵
    PID:6708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.23.74019406\61999552" -childID 22 -isForBrowser -prefsHandle 7972 -prefMapHandle 8104 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f3444ca-b321-40c4-a843-c64cf3d98a60} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7732 21b0024e758 tab
    3⤵
    PID:6696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.22.268061497\765232780" -childID 21 -isForBrowser -prefsHandle 7896 -prefMapHandle 7888 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dc3df5e-3170-447f-b759-631bfaa051a2} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7876 21affb29258 tab
    3⤵
    PID:6688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.25.1868951490\1834826902" -childID 24 -isForBrowser -prefsHandle 7508 -prefMapHandle 7332 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1486bd16-dac6-4f13-bd45-24adc64efd96} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7676 21b01d77858 tab
    3⤵
    PID:7032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.26.1947210583\1375099028" -childID 25 -isForBrowser -prefsHandle 7136 -prefMapHandle 9268 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a78b8514-2454-469a-94ae-1ee6d734fa15} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7684 21aeab62258 tab
    3⤵
    PID:6372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.27.886633151\1187471149" -childID 26 -isForBrowser -prefsHandle 7064 -prefMapHandle 7136 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a62e5e5-59e6-42ed-bb00-09aaa3610aee} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7684 21afefaab58 tab
    3⤵
    PID:6988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.28.102669540\1419647813" -childID 27 -isForBrowser -prefsHandle 6816 -prefMapHandle 6860 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48848894-6a58-4b4c-91ec-3cfb4b98230d} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6744 21b011d4e58 tab
    3⤵
    PID:7400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.29.1588418812\1210024168" -childID 28 -isForBrowser -prefsHandle 7552 -prefMapHandle 6504 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50db912a-772c-4456-97cb-c2a6f7a50e33} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6492 21b01d31f58 tab
    3⤵
    PID:8168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.30.78584827\1496912384" -parentBuildID 20221007134813 -prefsHandle 6576 -prefMapHandle 6604 -prefsLen 26899 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21bf854e-7f84-4f3f-b4af-d06d06c2a986} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6248 21b01d30758 rdd
    3⤵
    PID:7780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.31.16447691\2035482469" -childID 29 -isForBrowser -prefsHandle 6176 -prefMapHandle 8360 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3699160-4e75-476e-87ca-343d80cd431e} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6148 21b01d30458 tab
    3⤵
    PID:7796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.32.2074094653\392749079" -childID 30 -isForBrowser -prefsHandle 6916 -prefMapHandle 6516 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb901399-0ea1-487d-a461-6f6042d6f63c} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6332 21afe8fcc58 tab
    3⤵
    PID:956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.33.1532521799\1891159025" -childID 31 -isForBrowser -prefsHandle 7140 -prefMapHandle 7160 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea5dd867-1ad0-4d44-8d19-d5dcde0f46ab} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5812 21affddb058 tab
    3⤵
    PID:6832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.36.1338056646\2025940671" -childID 34 -isForBrowser -prefsHandle 8664 -prefMapHandle 7884 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9abf77b-b679-47c2-b9be-7ebb2f10a15f} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9696 21b0035bf58 tab
    3⤵
    PID:6620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.35.129605694\97437923" -childID 33 -isForBrowser -prefsHandle 6272 -prefMapHandle 8880 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3513f1d9-bb2f-48a0-a6f8-eb20b2a78c6e} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7288 21b00359858 tab
    3⤵
    PID:4404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.34.2042147589\1080448948" -childID 32 -isForBrowser -prefsHandle 9684 -prefMapHandle 6584 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {218cf76b-ab82-4926-83e7-eba3ff60d87d} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5484 21b00320b58 tab
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.37.1807267937\1161772763" -childID 35 -isForBrowser -prefsHandle 4740 -prefMapHandle 8512 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8348cedd-c71e-46f5-9568-35f9a96e9bd6} 860 "\\.\pipe\gecko-crash-server-pipe.860" 2416 21b001a5b58 tab
    3⤵
    PID:6428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.39.1433436995\497642887" -childID 37 -isForBrowser -prefsHandle 7936 -prefMapHandle 7356 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23e11d31-e45f-4693-aadd-8fb53cbada07} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8204 21b001a7358 tab
    3⤵
    PID:8116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.38.466352714\225822113" -childID 36 -isForBrowser -prefsHandle 8584 -prefMapHandle 8568 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5bba87b-1a1e-422f-b1b9-db08281761bd} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8596 21b001a8b58 tab
    3⤵
    PID:212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.40.1580118059\1826671" -childID 38 -isForBrowser -prefsHandle 6024 -prefMapHandle 6284 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58bbf48-5060-41c9-9573-8bce18e8b99d} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8836 21afff7e158 tab
    3⤵
    PID:7592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.41.1809646878\279350908" -childID 39 -isForBrowser -prefsHandle 8032 -prefMapHandle 8044 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5505fde2-ebb1-4db0-bdde-5f9dd486ee61} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8836 21affce1d58 tab
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.44.602310097\132914180" -childID 42 -isForBrowser -prefsHandle 6280 -prefMapHandle 5800 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46e10b7a-e3e9-4962-a18d-c67e015ecb67} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7940 21b0269e258 tab
    3⤵
    PID:6444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.43.652163696\275846118" -childID 41 -isForBrowser -prefsHandle 6872 -prefMapHandle 7016 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acc98761-8730-4d96-95ed-1e1352f37476} 860 "\\.\pipe\gecko-crash-server-pipe.860" 4608 21b0269f458 tab
    3⤵
    PID:6376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.42.1382236055\479961546" -childID 40 -isForBrowser -prefsHandle 6356 -prefMapHandle 4864 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8758288-8e42-4465-bcbb-a9e3411da6b9} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6364 21b0269f158 tab
    3⤵
    PID:6644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.45.1153559264\253131922" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6516 -prefMapHandle 8196 -prefsLen 26899 -prefMapSize 233583 -appDir "C:\Program Files\Mozilla Firefox\browser" - {682931f7-f9d5-434e-a61f-3f901f668964} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9024 21afe793258 utility
    3⤵
    PID:2952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.46.315705958\1957153612" -childID 43 -isForBrowser -prefsHandle 6824 -prefMapHandle 2616 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c242297-05bb-49f1-8146-a5d53c690d2b} 860 "\\.\pipe\gecko-crash-server-pipe.860" 520 21afe79f458 tab
    3⤵
    PID:6184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.47.1138917004\1139438056" -childID 44 -isForBrowser -prefsHandle 8324 -prefMapHandle 7964 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c61b03b-2577-41ed-87b0-5724b5863d86} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9352 21afea84758 tab
    3⤵
    PID:7028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.49.1076309628\1075449525" -childID 46 -isForBrowser -prefsHandle 6088 -prefMapHandle 5492 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e534bad-7734-424e-99e9-adccf241a57f} 860 "\\.\pipe\gecko-crash-server-pipe.860" 10192 21b0331b258 tab
    3⤵
    PID:2564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.48.1977771927\1572206092" -childID 45 -isForBrowser -prefsHandle 5728 -prefMapHandle 7980 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77363980-a2c1-4e26-950e-2d705b1b61bc} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6100 21afe795058 tab
    3⤵
    PID:4316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.50.1890543780\510172657" -childID 47 -isForBrowser -prefsHandle 7376 -prefMapHandle 7180 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f27b1f8-6faf-47df-87fd-e50683a5763d} 860 "\\.\pipe\gecko-crash-server-pipe.860" 8304 21b00184b58 tab
    3⤵
    PID:7196
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.51.2040366215\1917124828" -childID 48 -isForBrowser -prefsHandle 6112 -prefMapHandle 6020 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f6a7087-6f07-43d7-8067-fff99314945a} 860 "\\.\pipe\gecko-crash-server-pipe.860" 4832 21affe23558 tab
    3⤵
    PID:7204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.52.1106166005\684017067" -childID 49 -isForBrowser -prefsHandle 8176 -prefMapHandle 9564 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a41380e-b513-4df5-900d-b572ff41479c} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9716 21b02e0e058 tab
    3⤵
    PID:7588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.54.1460795706\1848130153" -childID 51 -isForBrowser -prefsHandle 4188 -prefMapHandle 4160 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a8d376b-0d08-4803-a257-c4cc29f15e14} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6176 21b02f74258 tab
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.53.245501562\1645491906" -childID 50 -isForBrowser -prefsHandle 9728 -prefMapHandle 9736 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {06240988-4cb7-454d-81ba-575c3922ba4d} 860 "\\.\pipe\gecko-crash-server-pipe.860" 7448 21b02f73058 tab
    3⤵
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.57.382207987\2124507263" -childID 54 -isForBrowser -prefsHandle 9272 -prefMapHandle 9940 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db82cd0c-d3e9-4d5c-9bbd-5cff6d738762} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5980 21afeae7858 tab
    3⤵
    PID:864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.56.814104898\1139358096" -childID 53 -isForBrowser -prefsHandle 7860 -prefMapHandle 6020 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a055707b-d3b4-4f6f-ad38-6a6f7a6baf55} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6852 21afeae7258 tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.55.1033699278\1157681616" -childID 52 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 26899 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1957969-1094-4d01-ba43-e06b48fc24d2} 860 "\\.\pipe\gecko-crash-server-pipe.860" 9736 21afffa7b58 tab
    3⤵
    PID:4488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.58.941512638\633449702" -childID 55 -isForBrowser -prefsHandle 6244 -prefMapHandle 8896 -prefsLen 26908 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f672a57f-931c-44b2-a612-6a95333bca79} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5132 21b0047dc58 tab
    3⤵
    PID:4592
- - C:\Users\Admin\Downloads\lively_setup_x86_full_v2074.exe
    "C:\Users\Admin\Downloads\lively_setup_x86_full_v2074.exe"
    3⤵
    - Executes dropped EXE
    PID:6592
  - - C:\Users\Admin\AppData\Local\Temp\is-TQ594.tmp\lively_setup_x86_full_v2074.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-TQ594.tmp\lively_setup_x86_full_v2074.tmp" /SL5="$7039E,260908006,814592,C:\Users\Admin\Downloads\lively_setup_x86_full_v2074.exe"
      4⤵
      Executes dropped EXE
      PID:6688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.59.729025922\1061363205" -childID 56 -isForBrowser -prefsHandle 9100 -prefMapHandle 7956 -prefsLen 26908 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {65bf96f4-1001-4a3b-b623-b420b02ab1fa} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6488 21b00e92058 tab
    3⤵
    PID:956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.60.34411446\79287776" -childID 57 -isForBrowser -prefsHandle 8208 -prefMapHandle 9936 -prefsLen 26908 -prefMapSize 233583 -jsInitHandle 1072 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6afa87f-8be5-45af-8614-8c4f4b0163ff} 860 "\\.\pipe\gecko-crash-server-pipe.860" 10228 21aeab57258 tab
    3⤵
    PID:216
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe"
    3⤵
    - Executes dropped EXE
    PID:7400
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:6508
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:7608
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:6900
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:7204
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /main
      4⤵
      Writes to the Master Boot Record (MBR)
      Executes dropped EXE
      PID:6160
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:6696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5124

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:7136

C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4020

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
PID:4856
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  PID:5252
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  PID:5752
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Checks computer location settings
  - Drops file in Windows directory
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:8124
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:6936
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    PID:6600
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:6484
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    PID:8252
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:8304
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:9168
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    PID:8820
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    PID:9704
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    PID:10848
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:8792
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    PID:3880
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:10812
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    PID:11900
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    PID:12596
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    PID:12404
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    PID:13944
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    PID:14184
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:13620
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    PID:14772
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    PID:15920
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      PID:16036
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    PID:13112
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    PID:15632
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    PID:17256
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    PID:16984
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:17052
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  PID:6208
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  PID:6568
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  PID:6660

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4180

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:7132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:5852

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6092

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4608

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5576

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5184

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:7728

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:6004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6912

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:7000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2584

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7156

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:7248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7872

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6716

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:392

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5064

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:6160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6752

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8028

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:8036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:7600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3768

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:8016

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1396

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6240

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5524

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6788

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5064

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7488

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5440

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6832

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6712

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5260

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:8116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3500

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5656

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6776

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7612

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5668

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8108

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7464

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4932

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4180

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7584

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1600

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7240

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6136

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3952

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1112

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3532

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8416

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8828

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7604

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9768

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8604

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9932

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8868

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:10964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11064

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10736

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8272

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10912

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11460

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11340

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9532

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12372

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13148

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13024

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13004

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8824

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13084

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13440

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:12536

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12084

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15032

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14972

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15180

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13508

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11740

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14884

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15752

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15388

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16116

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
1⤵
PID:14900

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:16184

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:17120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16576

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:15832

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16980

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16392

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16476

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VVCMQBFA\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\10472

Filesize
9KB

MD5
232f86475cfe652826e2329c0bbd2f05

SHA1
428d44e5c72b2e4066257b1178ab4347ac7d594c

SHA256
04b30762e8744d5274f9a8d8100530a5732d3602b420aa9469e17e6fc0cb2a04

SHA512
6cd13e8e14c045e5c289b3ef81c8425116562d815baea8380fe1783d210df543ddb629e2fa2914379dff10e5ce734f334832914c7330f51f8d5f466ff71723c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\11526

Filesize
17KB

MD5
9276e2c88aee0ed97872ec4692be12cf

SHA1
1e51f9404da0b3ec5100eaa3d4305ffbdad6563c

SHA256
e2867a276534a649b7023430338019bd8fcccab58a45a90565078dc61a911e7b

SHA512
a3a17e86855062af7604144e1d5045318331f8a516bc94570b03b5dec78adcd750250bb271ec56f0199ec25671f2622b0fad02a00b8c219de7df300dfc57c661

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\11639

Filesize
7KB

MD5
34a70c17d6057d8533b7cc03cdc19dec

SHA1
5bb0cc3b1db9de53ee86bae36eb45f96e30f64ed

SHA256
6f48f758232f1a912895aa21b89bd8b2a1dc91e311f7bafed25967f6ea052126

SHA512
1975fc75c36ef5fc23a2a2dab3c67120e6a864398ff03fe4343413c29537bfae8bdb572362ecc109a08c6c399ffda6e2ca5039964aa7827f5a7afd05a6ed515c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\11817

Filesize
21KB

MD5
35a197337abde21176ec965b74a2d62a

SHA1
6dfb29d47b3d06404dfbbf790bd5c386e02bdcac

SHA256
1d3056ae1181dba2320c6d706d611efbd1336239c72b18006b0f433f5978c30b

SHA512
ee2e893f8b58ced6177a9a381d29d1f26320ef8001ef8cf8d91f38c7a1f7b5476941a9a28e86ad36a52671156f84e333c37e4aa85dfcbae6c21dd2bd31014016

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\12143

Filesize
8KB

MD5
742f8eb76a8c5690ac09339dee16baf4

SHA1
7ead95d83fddb5f7782f80867b018280d8afcd0e

SHA256
5897d54428cbab2469ba1f76736f25986c9bd5a100e8c0259f23d0a124b60409

SHA512
ecec2f8a3b4b3e29ac5631b54b9c3cbe56ffcad39df96f16383fecabfe05ef32ed7da85200e5f10713a9fd4475fcf55e6baf8d457527ef3ae9b7a8f92191a019

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\12988

Filesize
8KB

MD5
672a298d33d8bc39d24d7497a0a028da

SHA1
fcc2570331cd8df6e4d31da6ac18502f0762cdb1

SHA256
50e01b87dd46c98e160736bf196fc0e3f60f9c3221356981a94e59d52818a96e

SHA512
7513465200ac9721654ecaf2d3ecb8425fe21b2132c76af39618c3268ff37376d80bd9107c4c8ebc8f0cfc80a425e01b082964ced644b9a825d966349cce21c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\13270

Filesize
7KB

MD5
a10b80056a0db5aa7bbb039f152acd1f

SHA1
4d5c4dafced9eb9fbbbbfa0eae686040c620254b

SHA256
cb6e125ae6e0a74be92df08d194796198b9137b283be791c65677da5783d4532

SHA512
13ca8a85648bc3c6376061ec34f86f0e004d7ef9629cf5db5357ec0b945a9d8f96e35b6690ee7cd3002dda6ff4b5d023020da1b912b84c40f7e7a03e4448b0ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\13997

Filesize
8KB

MD5
3dde2b3ac6dd803ba1c0e65ccfbe6098

SHA1
edb92583e11fbc486a3634b024d425f893124f7f

SHA256
2e4e33202013bfd9f900fe786641e2ccd5a0855ee0e6afaff90214ea1d340365

SHA512
e7649391cdef6a5d2490d87ac79236d79c66e7772fc2e0bf16621da0803cff929eb315fd594d732839d00a939585c78289d94baa5136a0d5e17c2c8754c0f180

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\14071

Filesize
15KB

MD5
a666a57782b81a93fc9df1ed61792fc0

SHA1
4b6b88ef52ba0b906ce664ec7701a622caf3d1ef

SHA256
5b2e11fdd1fb866e448a1facbb1786902f1d12deb0884e5c77fe1fa43b17a98a

SHA512
9c9e3ce383ea591c3a24e4da1ede48ba75592fab7847471915770fef0eb00736535872a0de1b64b0e37703346fac4efc3f9e57161faf79e7335edce23fedbdbd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\14998

Filesize
6KB

MD5
a33544ef22e898b59e03479d3dd2cc0c

SHA1
001aa17328c93ca5039940a5d2276516a0222366

SHA256
42ac2c44185baf464adbb69ce0efbc5bac49789cbe7bd43fa3fb4d564b558889

SHA512
d980772e3ec5120ef97847a14e256115ebc0511f1fee4eb9e4b053b5be80d59df2fc131a72ba05f60616e05e28823860a9948aba6a2b1a574b8be9903eee4dff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\15881

Filesize
8KB

MD5
89fa7f0ff12bd1e2db5f4b8dd77fcf63

SHA1
77efbe77b9ae2ee2a8f75920b576882ff5e78655

SHA256
0080d5904d4b176c79e405c3773192d03e38a7d72f16df9f1f51c708fe417347

SHA512
457a54a376ca826179ba4e18b40864ee8198b3638e4a53e2d73cfbbac05d9aa641656c5829304493bd8ed102eba39ffb0016226019548c2d02122475786b823e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\15895

Filesize
8KB

MD5
5e86199e418c70d13353092028440280

SHA1
e585fab07771a6a659b4f19c25c67fb2c061363d

SHA256
601e1851912cf055f03b853f628bdf61af07053bacdffa8355f62c5ce3d9c808

SHA512
d96e3ba4a6045058329345eb1d23965ca31e9c581c4f3527efb8eaa434224a32f3d7afce625a99f22bcb424d79a633d92056207e455243ce82118537af9fdd92

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\16643

Filesize
9KB

MD5
4ea79c61e19891e9a6412e96f655d45f

SHA1
806f68eb1e159d9d2d7af7894e44b633cec91f1a

SHA256
d8f1ba302bd08912b4ca5eac3767627da471399ca92a5f26852d45d7005fb5f1

SHA512
b09961a504502fd52169bbd5377f58232d6424ecdd2d8677d5473c7713af55f9887b181b734b5377d97dee6629b46330b9e7aa37354cd09cd6a677c394012957

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\1668

Filesize
10KB

MD5
244a162e5fec9c6c2151fd08b85a7e95

SHA1
0b887905fac36623840afde0c940f46e2c3ac9b3

SHA256
02f5883e9f7f883dc7ba84bbec5c131c5afb80d1de4e5813c65109cd8aefd41b

SHA512
7fc48d5ddbe991040d891c1de9881f76ba413e6dda556aadaec72c4446ac65f0ce092edb4d8eba18035dc3e66253bcf82e390d2ec0d006009a1b8e94ebec4805

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\16739

Filesize
8KB

MD5
b4a52bfe32aa492a89dd0d622a41cafd

SHA1
75c9cb8ec05b348fa39373e200bd06d5644179b8

SHA256
832e6f00e0655e19bcfa8d331a7718fbccfa79be25be68f880e63069bf722452

SHA512
da0c076c7d37ff5e73eb2a7dfd2631d012e326033f7d9ce3f12fd8fbed79cd4acfda10949ebb64fcdcc933fa63d02c17e0ebc5749a1bdf355b7a037551923970

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\1812

Filesize
8KB

MD5
bc55fd2cc13c3369e0ba81092a97cf24

SHA1
54efe4fff0a3726834839695912286e8c1a585b6

SHA256
bc47f0fbe601774e52b1a09bcaa92f6b37cfe5aca7db81392a3b851dd295db35

SHA512
524f401a64e7e1adb694cffd24be9564d6b9bfcd55df33483f0698ab8d460d52d956df03e20cda5c215ab746cba9ea21e2a85bfc05701d626d62b55ca3c80dfd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\18241

Filesize
8KB

MD5
6f4d69dd168f05a1068c373ee1d316a1

SHA1
cc6f98e067be39da5c66b8c49d8a1c12ddee204a

SHA256
a4e0d168a9a5336dbaca4eb8d8094968dcd1420bc53d33dd740ebc57d3f98d28

SHA512
4c3aff33986b0d88d88dfb63236408c6ba303133fa343a758fc0be20d63c4fa9b731c1c5167328609ca1d24e558505f67d198f7b08e4580801849f3828a764a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\19083

Filesize
8KB

MD5
821351b78112c9063fc2627f2d591653

SHA1
a9ce64c48027e0485821a61d8aded661c80398d1

SHA256
1a7dca497fe73731f0658af9583e718841a5c009d98b3e3c104d0911f4703444

SHA512
55465bff5d1371dd028d713abeb39662afb9144cffea4b983943914f7ce052c96c5d4cc4b52648851cbd0cd6c508662c80825bb7ea7f569f7fb1c710358cb4bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\19151

Filesize
21KB

MD5
3967bfabf108f5779915fdd0714c670e

SHA1
51a5ba82fadff53bed494eed8eb6db7c4cc2bfa1

SHA256
bf1e6ab80c3fdf413ff6c5954e4b77ea939970ba9cc7a70ff685d29acc749d2b

SHA512
4245dd6153a207adf036fe82b040ebc83f8f19dc13b0100ea7976db4250f5c4c0c3699d2e69d0d3eb2d299a9c14dcc080d09b102e9451069972c93118bd3b959

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\20207

Filesize
8KB

MD5
1b4fc036ed296df68c7710c83beb5872

SHA1
d3e980517008368dd228e596d88b8b07eb84fee5

SHA256
1323744e718f21a95dba90ee4f87e010882192a5a018266118d01e7f14abfc95

SHA512
34be02727b399deb6b060586453091babf1822ece8baf80e4d24bd4da5b575155d6cf5ffbeb80596e0f47eea205da347298d98ae205e4709e746e3b6007ebd41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\20213

Filesize
15KB

MD5
a4d85680e3b157a7f5ae50aa7a4cf38e

SHA1
1847fbad518cf44b7f46cc51204b5a3bb1ec9447

SHA256
c6942b80c9f4d9ec352373225338e9e113061c5b4820bdebb4ae84c0e8ed5689

SHA512
87b5be82fe603271b0fdd15edd6fdf52194e79f82b5e58731eff95432b25b2f40a12a43bc0d7771bc7e3f36c34d809b11230235021459d58ae021eb461235237

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\20283

Filesize
9KB

MD5
285809f869681a810e54038122d2e0cf

SHA1
1ebcf709b1a5eb36e3ac1dedf3381e663c93150d

SHA256
9ffcc4de2880d94a34803c51b7709d6790891a50726324176e4d8f59d2e2d571

SHA512
4859a135b13ddbfd062b86f21411a29c34f05b41d6b5e89e1cf89a67aa4510d699a4c63d240fe8a66886be8fdc96fe68719cbc0f1aa345c7ebcf424f90d07609

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\20659

Filesize
13KB

MD5
9f618c5cc929242f0ecac0cf55a7757d

SHA1
d9d673491697e1696c8776a17648a3468e0e5281

SHA256
bcf7648425912b661c9630ac733d5dc7e51540f5e9d0bdfb26fdf34a3ffd622d

SHA512
6d87ce8261500197c1af102fd123c8f8c3f7819e1880a9f1ec5f52348e43cd56662de8077dae05b03c13d7d5e8f8f877b5e4b0f0eba6061bf85a5c88af45cb33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\20930

Filesize
8KB

MD5
41e06e3d8dd9d53de3155a10c1a4faeb

SHA1
ca258f13aa6f5244e41999108450a60bae218725

SHA256
f0025ac16a7cf0e08ece71381ed740eb335b03466009ad20e8b614683f35f024

SHA512
30dd59eb1fe74c881d9e7c454871c9f22da05c1b27f582fb120b077fba3749f49053f05d80a68cb3ada1e7c0c0f8b80c4717d2ac67275a0e062b0a3096a748c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\21217

Filesize
8KB

MD5
f924821a047efe007670e81f1f2f2bb5

SHA1
15d28a96a6142492917dd8d67326b6862e807fdf

SHA256
b79e60744639ecda375779b8e14fe040d82b75e6666f47d3ee7e862f022611e1

SHA512
f7e3885d1f5e081073b26aa89f2ed6b95783aa08cc95d60d484c9f23114a7fd1f5288f55779b8f931bb053a3d94356af57a53b6ba293e82d874fc393be6ab26f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\21597

Filesize
21KB

MD5
a99a8a65d29ede419e260dbb736adbb1

SHA1
8cf59c46c9e7aeee2c37250814a9821042725df6

SHA256
ea84a4e63363600dd9a1a11d778fc9656edafcd4efc055c9457e8dfea90d75b8

SHA512
17683ea0b9c44ca14453be763c7523dc0713d7a81da6a1fae12d44d6c1770db89cfae9027901b68d6340d8bb7dc1bca744381a046bceebe54256f918e703586c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\21603

Filesize
8KB

MD5
4f201f4338322b49faf094feb1c3233b

SHA1
b8320f334f0f88b392656ddfffe0c01b716d2092

SHA256
2e401aa6ea8767d822f22dd3520325523d865fb471af9ac77a51bf4ceeaf38b1

SHA512
92e4c3cde816db8851f9bd5446d0963829fa9e894e3b2eba67b6088b5546486ffb45a651a8ef18c3a733c5c0c847f157a8a898a91675deb621fa161c954c2f1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\21715

Filesize
10KB

MD5
2bc8f9e2dbf4ae9898c37015dd3efb81

SHA1
4403b13d57c640bdb3b1400e24ddd108436ab7f6

SHA256
6fc387e950eaf82ca054c1346177651b843ec6f084fc89a98f7ba654d83957d0

SHA512
28456ffe47be2d57b6b9f7a5fa8c0b0b08f113a135fba20c3add1945bc07cab92c0dbbfd200f301eb000f1269a50d097d9ca5498220280120148979c2d928f3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\22406

Filesize
11KB

MD5
05f0a2c658875cd330b47f9c5a44f98b

SHA1
f64ed1195fb70d140eab5818bf06ad54606a66d5

SHA256
c11940f605eed3d16ae682a4fb839a67ed465e0886a919a918335bf07aa6c5f7

SHA512
e73ec1fcbf777935213a8fe3f82380b24c7201192851927897690d993dd89228e2cb23ddb55f75641efda302b6b8ed68e7fcb3c0eef4c8aec05e669b45937cb7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\23085

Filesize
8KB

MD5
3bd39cccb2b3c07846a34085aa5f416e

SHA1
823c7f1de6b70d83c9394ddbf3cdb31cc4703435

SHA256
c2afb493436c64c9f509ec8b0e4c5ba8dd6e020a5042632914addea7382cd070

SHA512
05913fa3a6e4547bb44724d1a31024ead837b60789b6bcaced4b400b597e04ce35c52df6b0897cb5baea16f09da79106dd5970a9698b84b929ffd47c83ca5ded

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\23559

Filesize
26KB

MD5
3ae5646d606f67b336f3c1d239343b08

SHA1
25c6d325e8b2726b0781c226d91fd7306f999d8f

SHA256
93d374194247c97b9e04e2b4ba33cd0c7b368a679241760a8a501410385ccbd1

SHA512
ab2b0078a9e9f6a7e6ef514ffc0e3778c219875d80b0ca290ca6520f4738ac4c0bca00316f66c7961207ae9734cec96157d62c15dd56fd275d86b9c00387a803

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\24196

Filesize
9KB

MD5
a6841041266e63858477dcbea0940f9e

SHA1
268f17850477d60ece87379e75f1c2395c3a7ba4

SHA256
11684a45234ee932a405848240c97d84ba7de36978ec7027f49cfb7ee3efa8fe

SHA512
24863b0b8e35e3dba1b16783af6981e63aac22991651e0309febc4677fc385c2fef775fdb4f1f0444416428ebfc74a954cbb6faa1342470c9afa4445ce3adb62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\24981

Filesize
9KB

MD5
b77551182c69c2876603dd19b6d3c044

SHA1
6d021aa4f15c5f71e2fb5415a2f3f23b90d6eef9

SHA256
6f28d45f6c409cd38ce884c48bd8b3bf25b7d2e023b8bfbb7bda8cad260d4bc0

SHA512
aa983559a92d42d6979b7d9c99ab42c340604834b6b63df16b1ed9995c73812a3fbd6bf8dc27742c9119677591aa590ae4ce1c27db7edca2b2b006b06939cf3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\2501

Filesize
8KB

MD5
1f7a2ae926e44b80cd6d51a448a69d71

SHA1
75555399b1a44904333a859f45f84bc72d67b494

SHA256
2717cd8b78c32c0b06555ee6535f9f7da97618c4fb7eee4092d3b4f4d0f19e87

SHA512
ff0cf6e62c2b7d75cddff6a3a59736b93136839f54e65281f126c950a0145f388257fc1d4d9d0439bb98533aa043207e13f9a8405968c411cac9f39c219fa9b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\26590

Filesize
8KB

MD5
06958cdc430b1f3f42d5d39b76241679

SHA1
6061721fbfdb4a54264694a71c677dd1e6bb357e

SHA256
bb9f906bf77107a04ad15d047429f080317f3211f39e741ceafc308cf320bc66

SHA512
a3ab0932251ed99f885f39c42f98b8c1eab370696e812166068edeac26aca4e430fee43ac93d9a58a7ca0ab42c40e60e73aedd40266f96ba480c9fc587059206

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\27098

Filesize
13KB

MD5
0b9aea1cebd2f843137337acbd84b602

SHA1
edf6d6ed66c4fdab69871ddec81569f815816951

SHA256
b43c9a09de2de24e3eb1b47c68275f4e1abcd56af984c56a71cec5b7aee94093

SHA512
f10eed21c998739f4b3ca14e67f3d995f3e144269c04293125b71b6ddb525ed313cc14f57e9921088b95d7c8e81b06318faa7ac8cf8d571c1b450c9089e40a0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\27253

Filesize
7KB

MD5
55e9bbacf2e603f49ad3e3da2231c47a

SHA1
7af286f96c1d9b19c9f9338c4a9dffd26c3f84f9

SHA256
0583680f650713bb8b237bf855efb66e608a4940290af3948be915dcf5abfd9f

SHA512
db9c406366b8e7030671184bced51dfbcc69f51d06d1ee2c7866b8351eb777f041af17abec20cac02f72287be540f7cbba10d819a5aa107911768b4c8167e8b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\27333

Filesize
9KB

MD5
f02d8ba57c8f0dcc7cbab469f9598816

SHA1
7ee5e88d599a74688851ad904daa0845b8d4af44

SHA256
19e9488fef7c73d1e1a9fa5c899583b4095ef267a77af90515bb0d64a28485b1

SHA512
868d33e7bb2bdf079c35565c1fb376fd83e2906705d55ecd10c4ddb617114f326fc1bb93cfed15bd397a77aa22fc85e0db3f880c6fef57b00f9a9451d8ed52e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\29178

Filesize
8KB

MD5
db9314ca98fe1085f16d8dda44129e7a

SHA1
f686d40c8f578e8d452007d2c17857865d79988e

SHA256
821e64f794f9e9677c33309f7fa5632565f4bd70588acb8f1479c3ee32ebcfb7

SHA512
0cdf4cb3cb5a069aae817c75ee418a093a8cb0bd94a2c1074d5b2e06048835a2fee7d3ce87cc452e01788d7b2d5247272d88731725b2ebf37aa03cae98c7ce48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\29605

Filesize
9KB

MD5
e5790f85804c72d97a0e1ad52566b7f7

SHA1
42b944cf6dfbb5f57cefa1618799b57a4585250a

SHA256
c5bed9736d03cdd95ae1bf967789c9154af0a11e5cfbad12834c1fc7f005c4f0

SHA512
342e82453d9447b15dc14aab5433c0816510829d31b1828d86f37423a572507bef218993483e1883cbfaafc0001db5d1d6ebb1d67ef9054f3be5e52bf3906b36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\29842

Filesize
13KB

MD5
9f3e89730a4b6ec6c950c9d5731e1630

SHA1
6380196e8a78e7278456d2b64188167f1ae89d9d

SHA256
b58416b36ddb7a18cdb6d11abe0ea0f27be1c86d2b1febb858e210dbfeaba395

SHA512
201581948c50919312e9983522f83fb98e8bd6772f785fe5899fc59777a9405bb64d9d3b5df7df1e310b7d6fa3fe1c01661541c682cdb7dfe0532bc72c26d980

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\29921

Filesize
20KB

MD5
6b2b2fc2be4f0c5ebc9060ecaf7c3614

SHA1
93e6a5b8ebe13249bed006cb14f27d901cfa81ee

SHA256
b40746674a22c0200d226e08392e70f20a3d52c37a7e40c8d24ad04a213ea79f

SHA512
66745ea2bea81fa04a16b772b5e9af2196404dd63da113d85a5a4b08af084c3fcee2191c01f012f1d90a637d7407b754678b83cdc5590ccc56124ffa1b0aeebf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\30537

Filesize
7KB

MD5
9e7d34569e3ccc8e6fe68238d0fe37b7

SHA1
d354d4701864453e485199e7c8c398315e95fb29

SHA256
5e9b16b8e93faa0e6236ee7598b61422bc0dd7fecaf7d5a4f3a4f4c3d630d195

SHA512
357b6aa66d2e657926db8813b9470ca056f5c08e155d684be203ac3e61cb0cecdd3aefbb923dc4a6aa500b4948ad2336929c9e6743de81719cdff8b9e86564ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\30825

Filesize
9KB

MD5
bbbd0f7c7718e3b24bdc88d2973c5dff

SHA1
c0968111b5df7ea09632f826b96481fe0c063895

SHA256
9e9cc50ac7f6cf195bdcdddcbbf23a225902d293bcc70792bf9747eb128e9d82

SHA512
655cf6fc9aa80bf097faa463f0e58151aeaf112f1bd833dcb636fa6895da74568091a6426e2c9784ccb7c42c0d1ceba23a298a6d9426d1b9437bfd5a8706d017

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\32129

Filesize
8KB

MD5
3dcc491e1f383df44e40a5f34ded1b5d

SHA1
a8655059383bcca6faa1c6e004a616daf973ed76

SHA256
b2c8a3cc5ac6d64651e0ff5460d9411ab599fa1ed4df9a99dbddc495c45d672d

SHA512
19e84cc08dc6fa92141b5bfed541fabeaad6090f665ca3b0481abfec3fb991f0c30611d0ed6463d2d17fd316c42346d50b021b05b11c4dcb46b96a3602d83568

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\32169

Filesize
8KB

MD5
375ac04a024e78a57c470927ded2099a

SHA1
cf5e02d474a8ed4ae30c54482aea378643c65bf6

SHA256
65a9319f6919a3421611fc34e72f624927a4bfbf359c94f7289bbcaad866356f

SHA512
cb9663461c90d38a9448355a3fb5138c910633658be9e35c1aa4d3cc813be8f68f51baa676de03df580fb9258bbe075d6b6456f7718d6eff66e9f0da0a568df3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\3725

Filesize
16KB

MD5
44f55ee2d3a6b958e5fb362140fd767a

SHA1
8244e10fc75b322f570cc5d1eedcd846ea9117ce

SHA256
cf8a17a4452c27a2a6517c1447b8ba5a30aab4783deca04ad6b9c9234f80806e

SHA512
9393d86b72150ca49e5789958bc1921ae61dd69bd4b16d58d8cca783f80a4d2751ced93fd4e9512ff945710f09cbeeee236baf2b858d4e4c9f60a789ff67b1d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\5044

Filesize
8KB

MD5
7aafe7064106164ba7bf64e12661f751

SHA1
27ad04bdb7cff1fc173bcee517919d4422f34ac0

SHA256
19abd3c018507b015dff846b02b903a2a6ca2dff3c67ee43e0051e576bb68090

SHA512
b542bbb28ba876521787fef437fd58c869c3165eb6a32f8f58ed84f93866a8ddace04da4f3249f5d1e7cbb3f97ab9b0426e8920d0e360e06d8d37a1544eec2e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\5442

Filesize
21KB

MD5
433dea8581517453af3b3f60ba719afb

SHA1
edaa361e7afe49450059df000917d7d8327e6776

SHA256
5ae1e8e87f247ec6e1d79a97eaac364e05ade75e0cdfbb1f285bc4f2c134e3ef

SHA512
8c643f484de239a5a559919813e57f1c9406d14df17c3e55be839c0561597414b3c6b834a7c7b6683382fc82d7e438c4bf5689a3cf3500e79face3df01c2409e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\5448

Filesize
13KB

MD5
54f11740423ce2c97d682f3d9d60c848

SHA1
22298a93a4262cffb25fcff6c7563602e94b3aaf

SHA256
e61fb83ff7d4cac6d6b5065394527b5b45f73c1c014476af6e95e224f6108dec

SHA512
09516d81b5f520a3ea93902a3d493467633072c1a912063a804933882b6821e057069de64401390e409b894ee31ac1522e4bb04a30bdbfa4e12b319c03cf49d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\6618

Filesize
7KB

MD5
9533a5fe145e094b7dd87a2a9584da6d

SHA1
3ca4d706a452df28fa9403a3524a0b4b1685e006

SHA256
6c2349a7122b1a2086e5b250c417b541dfc883dc3e30a1eccde70569188bd3f9

SHA512
15974de472213900300e65108a79fbaa9285317869fe21b58dc4f3e3a4f6ec9499d8326dbc3ffa787464ac7c9d2423d356b64c02ccb160bb52aa4b5e375ede8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\7519

Filesize
8KB

MD5
86f74f51536f1c4fec70cacc7dfe8757

SHA1
0069b8202d8b347968217d111e1882fc744a19b0

SHA256
3d7b973604db8be77121c4b1e7461de2e038e2fc2dcfac51d88057a0e15b986a

SHA512
f4fb1838897a5a1781138a76d95ef8a3ea28c4cf6b35b6e5a35a7e6aefb6270452be253b929a41d09ebfb2bc7b6cd2efde720e8bb49623caa872863c308732ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\7670

Filesize
10KB

MD5
79015938cbe3703af2da38697bd409e0

SHA1
31cb06ab8a43320631af2fdad664ea368bbfbc24

SHA256
6bb927eb609627a89ae48525b019ddda15e4cbed861fe118adb4c1da6d5d14f4

SHA512
e4a35634cc821fae711ef55b8d6b9766e28d3c4f4a939e98ab2efeab6587bf0c01189112fea6b8234d949147bb911cf96ccd67a1cb2c9c221c72a7dd58258bf3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\8231

Filesize
9KB

MD5
3361f467127151899b18cc8c8dc5c620

SHA1
b7daf8fe1d5c8ee45d5db3c4216a5fb28fdaf661

SHA256
a4f241c17656faa230ebcec8213ef7598f694cbd14ca140d16e0ab84ca619d56

SHA512
20efea0c158362ead50710f0e59e5a63cba817ab93dc1be969b69e4887095850490bc0e6c362da208e763adb22f2f1a21b0e3d8ca2930e3ab1194579ace3bcdb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\8552

Filesize
9KB

MD5
a566ce8325b3fb540aa8fd140450cf2c

SHA1
9201bd8361b28714c6061d71572f1875d4278ba5

SHA256
41e1ff669498cd03878d7ffc2ad46db9cc39967776dddad6f699b2c406193a48

SHA512
60c4dd436abf5e9f1789702620fdb53ff4a5a242cc7c6bd49827e6c87406b4b3bde90566cc96a5dbf2ac35136236496afa27d3688e89de0b6d27fd7f085c1d5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\8641

Filesize
8KB

MD5
76114cb5eed03a9931f72c9054e9b5f6

SHA1
bd9c2c98a61ca53d37ef0658ecc2e094c0e98599

SHA256
693969a5559e406990cbe5ad43ceb38680a230bfba1bd7ffaa9b9240503215f3

SHA512
88281b4960184a08bc008fa4430b654197837e204ddb2d5724787d9b660d19778b84bce7fd3b840943ffa4a35d30e96ff4ae2c7152242367d3ee02f9fe0328e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\9244

Filesize
10KB

MD5
082903a36c66793412a410774ee441ae

SHA1
6e3b09465f131be038a33c5f5c64cf48d34114fe

SHA256
0952d7d585420a3ba6ee0cb6b9651368f7dd45b5a786d9ee034a118d5046f706

SHA512
384c765809054a3e9f5582294e60ab5ae02fa128c62dced8e21a10407beebd56e88ce2895e791d989f47669587ee89c6480fbdda1290b0f4a7732858b2ad1db1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\doomed\994

Filesize
27KB

MD5
12c1676aa35d5d9005e0a314f395eeaf

SHA1
15c6bc5cc2ab4000658e8227d63e9d6aaa26ac83

SHA256
c540033fd455d45f317cc47881648f9e02ce6e34862f7b0d309b204b2cb3808f

SHA512
164197e9048b452b1d2070841fb70ed057795cb101d2c54f17d04fa9aa1fa99a7b89ca0b2c37085e7aebd520cbc89d9cf89da5debcad6a469cd50d6c17710df4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\02CE4C8FEAB6873FF657A6EDCFC4C3F9525CD5D1

Filesize
256KB

MD5
68d8ef6a8aabc1d88b6ab68f0a10a63a

SHA1
70801d2ca6ce169e2633ce2e0a30305e34c53d81

SHA256
918765651ee60b6f83da170051f38975bec272d4cab7370d2690f6c534eaadb1

SHA512
c7f8776e579ad1634400e23ea3d85b080409b9619aad9b9392aa2ab1400f1150d6d4b2bbf22a3f3e59646fefc58f69ed25260f146aafcb1cb5962ddb20eee4c7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\03917DE066844A0B95DCC41D32E066EA7277523E

Filesize
25KB

MD5
3816058e8f41f867a2b75ab8e6d45472

SHA1
db56cfa2b8a5aed40758766548f837bde53ee600

SHA256
75bf5060c5d938473e835a0e4d913a89032fc7e5667898c4cb3bce2c52582656

SHA512
66fe4e8a26488797c726fd9705b9aebf9b66e0ded664e56e1b10d2a7ac31588a0faa89f36a19d7852f6563fd8e9637f0530cbfdc9f29b13bb76bffab59f62931

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\0731F6F38176030019CADDB4D961D67C36425503

Filesize
121KB

MD5
eeb53b60a69b2e30f25148da32498f96

SHA1
f3438a475eb1d5dfebafa04809a458b707e3b35a

SHA256
1aa23351f53d32916dd87f2e4ff011510f6c9e607caee740a9f548ee663c0ef1

SHA512
1e3493f8c7b1cd0d8d3c5e9d718f6283fa5dd9d97ace34a595b25889bc63d096d0e0a1fa98560daa74fd16488da0d79258d4f7550e74c690fd91fdfded5a6e06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\11C04DE57428944158D7945EF8ACD2A26D7193D1

Filesize
33KB

MD5
fe8628ead6a474835113e1b386a44067

SHA1
1a1fd0d3ce00e97fdc6b4585160866726e7af238

SHA256
cd843a6b7fff07da57601ec6102f84357dfecac7c784a79a2480de45b461399d

SHA512
d241ad89d200d00922ecc8ec22550099e9b9a4dfd16f1e36bb0a8e4fac00d2290090dcc94bce1a3202c4a3bd54def6e8cbc51add9977c9e384678c72a4432f2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\1237E7E63DB16A8F243DAD6C914160AB17AB35F8

Filesize
2.6MB

MD5
ec458b975969ca8f7d0f87233ea14303

SHA1
a2aa74d7467f4fce1fea2cd9564d55871a6d19ba

SHA256
83ab21f6b7812b99e303c9b7e8e16109916b411464ab6bd0f1222de205abfd0c

SHA512
e73bd6507e67a461b305abf9b124319f588743e34e5daf0dbef33dc2c53751ecaeda2c06a43019e3a6e2665c1899389f81209c01a6443cbc1803a67803c7f5aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\152009827BEFDDDC8036CF3B2300467DC12C130F

Filesize
56KB

MD5
e0dab9766567e36397d97399ae4eb8f5

SHA1
dcf9fba635f39f3009fecdbe9e7bed647c3eb10e

SHA256
554902cec2ebae2b61ca5866e944630574d7a96eb0e2046d9a389df384f0b97e

SHA512
fc5f64dd9b1dad8bd70957fdc9277bb2ff46ee89357618d99b0388a107b60ae6146009f56c16a5685bf6c46d8c60dd925ea144249d21b650febe2f2bd2dc1fee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\158294EBD97733ECAED0DEDE26143F177D6E666F

Filesize
22KB

MD5
7dac6cf5028c6ed8f3d3150ba7290a3a

SHA1
f298188e0b60aff6b1724828362210d2bf493748

SHA256
e35c93e3da0d28fb7c303713bd751016a4b8391ed83c2a6f195db224f83933b3

SHA512
bc570797b05a5b6a36e6de27809f19c8e838fecccf41fcffbdd8e06c9985d95bd318c6c5bb943a1766c09c27ac2d002e2745c35639cfe0ddd1ea5e2e1c9a0295

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\158EEC8268B98F6E5C7764B3658BC96E9F7B9747

Filesize
2.0MB

MD5
d36929c5a4e1fd87f57073ea3a090d35

SHA1
d0eb4a95cf70e2ef24f79b6f37e7bb66b29cbe0c

SHA256
8de6b398aca7a0bed645632c0de54e496e5871c68cebfcebff158e26c48beeef

SHA512
9fd0b8673b990f81ae45dd6a4c9772ecbba539be3f848ab5bcec68751d2822269d2f74c461bb970d732796411024bf3a9a176a89ae37f5c3f1d1e58a05b71b98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\19AA57B401A94E00662CD1E7507D93C9D6AB4A19

Filesize
59KB

MD5
d5e68dfc7b2fd804465bfd5dec9f4944

SHA1
be0b39589797259c9f586c40fc1d41118058e49f

SHA256
39efa30957f16bc822115cf930c1cccdd21373907ffc5cb9c884744b90119546

SHA512
2125784cd8cb39cbdf26a004c7e8779976ecf336bdcc6b17a95170d522dbf67f559fbe7f20e4cbb98d7161d5d75eaf1dbb18da91a35a68594c1d795f3e3307a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\22557FAE4162EDD39A63F0315F8E031AB21B5B9A

Filesize
204KB

MD5
6a2a82905c0a60ab79305cc3cfe3efba

SHA1
80e7b162aa858fb70038023122a5f86ecbfefcfc

SHA256
6deb1c3e35c081e73e5b183a982a0f4b8911e275c5e306e4018b6fad0ba42929

SHA512
09aebbe4132f61bef32ae127b3394a6457e7d694e84f3a1f31e1e3241e3374e773d5670f105909a6af509d3fd92eee57e36b277ca60aa26544bdb1173709452a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\3466086799AF07879F518E0F9D3D8B2BDABEB019

Filesize
95KB

MD5
92ee25e74b3b8a70fb12021d094f3171

SHA1
b68ae6f26c454f439d5f4b220d52030f7972c0d5

SHA256
3ba8cb48ff4af9a388788503295593a0a7236125b66a5ba71493220958db2398

SHA512
02d5377c5afd6fabef9fae8321614c8c654d1a345dcf28c43c67d2f211744d82a157443f193a730ba5aeb14f13990dae8f76eea291e08306c64b9b9f05d1ba7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\382B5B3827B4DDFA378A655D1BD82EE2B5E279A6

Filesize
79KB

MD5
73567911d36ab195a626d6a663027a48

SHA1
22c0971a96010708697a3502fe271ce3e1f06629

SHA256
564b84292a21c41b88e937978677f9e1613cb283faf91390df9e57966ba6699d

SHA512
2c26fc9000b6fb1410174e7e10c8dd69817192fb7423ca832464887d4452e940d2f34bd4d2a9ed697114e6fd144a6e0f2fad77c7a02943c943bc3d3b64f9cae9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\476A1D4953C9FC61D5FA9157279BE01FDBF1156E

Filesize
34KB

MD5
54eadbca2682ebf90ccb9d405244ad04

SHA1
49400e9b69fbc70a56ae6d7b7fcaf11f4cc05abe

SHA256
ccb1ca34e3c8e9d3a37358be016c08e3290c33c1fec5e44ff291da8fa9f0fd5e

SHA512
e206d75ee28ef20f900bf58fda583d19c7c3111074dd7527fc9c6a365b2a33215757900288700c0d0fbc5d55c4dbb6cf74defc9f9e739574a467e745f62925f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\582549D7C32B9E16D3E8A6065867131330DE736D

Filesize
1.9MB

MD5
881590154b5b29aa4474a31665db51b7

SHA1
539c30a101fa13a3a1a91f82055de988f16afda2

SHA256
222997463ad9983acbb97deca650017b97b3eaba3594257509bbf785bce558b1

SHA512
aebe07f1dbf6be13d1dece7b4ab386241bd45907d469b30bbe81f08cbb4311bde3acd084679c5549ce3f93dd95182a747991e44f8b446f56fc3e96b14bfaf6ab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\5DD57D727712F8627D94E0A7DF8B221527D7F551

Filesize
144KB

MD5
e916b761db52fd10b78eeda053a210f4

SHA1
a4d49bd011b0b312e3a7bcb5894a7fe88e781dfe

SHA256
50a251847edf500c8c29e60e1704d8a24d0fe6066acde2d43b73f999e90e5e3e

SHA512
9e8d2b5f54be5a88c51fde4c356fe187c1b53e7a7e4fced213cd2fd5e2ab561a9e344a658ee757ec9ee4521731f2850be4fb3f591d13d0ad15f7bd6ca4494eee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\757C6B62B15524FBEEF1068C2E99AC89C95962B9

Filesize
22KB

MD5
b4cd771a56eb9cc7ce09b4ac9ce1610a

SHA1
a8c485a4b7aad3d61a172a40c54a68f6879e41ff

SHA256
e0f34252e149077bf266c535d2b38f60cfec0773856ba560d32d87c16940299c

SHA512
2096afae84d0a9b9b39eb382a7d4e3f464eb8474394190fbe8fce2d3da6d96ccb3cc07355832f555222ae9f37678fead690834f5f9d63f21be02a51a0d9ce8ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\7A80E441AABF2DC1CCC724C7DE4B91A9F4B2600D

Filesize
107KB

MD5
3abc0197bdc4d7268938b14d38be682a

SHA1
b8f72dddc59b0c2487ce85d50d3ad3f8123390fd

SHA256
a8a0de7349d9fba4d0d958634c8d4d034e19c93ca551e8ee8714c03e01724ca7

SHA512
86cea8b125c8fc97a4ae803c0ce108c4720265f7e3e041e28f9915c3ba38485f95301801b0ba1d363191554c6da74617a6528228c7588d780baad9777e7b5166

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\7F0AD8D89C4745183FAE37D657243F4EAD373B25

Filesize
24KB

MD5
fa6f1d310c085caa5eb4db1d816c229f

SHA1
23204a7c043a38874017495bf58ba8d55e8f058e

SHA256
8a1b9fbe2ddcbdf50696eb1eadff19de77cf7952307594c5ec7d3eb8c4179128

SHA512
2e65b87b4b434afbd20c60fb95c4b586379cfb9e00560ac82ecc14ed0ff86c5c784c1e1c0dbaefbce19483f8a37916805d07574e14ab3e6ac43026fbe00126fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\85785397F39EC3F1CD8DE89BF5D5DFF622540C7B

Filesize
26KB

MD5
dc0e32466d0146ae09a1f308642db7c4

SHA1
4410f2b054db3e9c9f66f0e43575c1efdb84fc7b

SHA256
7af196f2fdfe546a9aeeca06b72e9d74be40fe1158f6cc0139314ab44c1c5748

SHA512
e671c2d591431739d2c66348bf90799c09845af12ab2c8f3c9052b1ed49e682a07412db94aa31e5860b236626c8d00b49ccd2283633eaa072b77f854fe3cd706

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\9166DFB190D3EC7ED07C8D0A9507C31A88313E9E

Filesize
30KB

MD5
3c4422373ba107f9c2591ecc0f41e8c5

SHA1
8a10d13f1fba376124ae46e07724aea9c4fee458

SHA256
2ffb63d0962219529373ba8d444c189effdd0c8fc973815f95f7b67f4baec19a

SHA512
03e01af990e16f4b590fb59eb6f16ccf53747b780c79dccbfa9f98cba8643e5d3b5ed04f92eb1b64f3aa6e7717e6c3a52e47cf9ec88574af78802c7212654d69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\9D255A3F68D08385FEE9376BD3F9E6012250C7FE

Filesize
31KB

MD5
95bdf3e3be3ac32c7d18c112b44236a8

SHA1
4c46ff85a1fe5914e24dfffa31ac6a40a2bf45e5

SHA256
4e5d5e01878cdf85b57c76480440be0c5fe241b0c2d83a5a9366386bcec34bca

SHA512
8c3f853d66b22611ff6600ee94056915055d228e10a29a094f9aa83c08928001a06e91aad253cffce5d223d7744f63cd188b950e6044989748daba12d64e0e3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\9F72320EFB9CD3E5C8ABD411D06CAA9BCA3ACBE2

Filesize
948KB

MD5
a80b15c3ff83d41e1bf1e2978b8596c1

SHA1
5e9c6accb723d2736dc87630dbb973879aa94151

SHA256
4c40413c444b5f8921eae6af9cca19b915455fdb74425c5fa02dcfd6c1c1379e

SHA512
ee671186776a5321c993ea8c68690ec3a83c73af59b452d836edbd4430484e6a4f95383ab4c40108b9f361e55bb7bc742eb7dcf14a55edbf96b51104de428537

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\A009B44A1B9BCC076D111F06397947E57CA5F58C

Filesize
38KB

MD5
6df6bfa10a57de1a0841f7a464bab462

SHA1
d0b9c052940be403a718cbf1abf3c29e11d527a8

SHA256
aa516ac8be8de0ba9dc6f4fa2b81aed3ed1159046d66f83612226503afbcbcea

SHA512
8a6cf4da62d6029f279b9232fa11d4045755202a44b76e36e7b7be83aea12ee0bb96f328bfcdde9b81ad0ce6decc4c572e80f28321a67e82dd00bb3160761308

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\A67CEF06273BA809B296CC04C0FEC393B865883B

Filesize
67KB

MD5
6abdab10516c3e918c3d0b84e706ca87

SHA1
a66e1cd20f9f629f223b8dc31f5fdaf91b03bed3

SHA256
c9be66681bba7db939127f09d693ec501bb48964abce799d2003172e10ca87b7

SHA512
bfd210b936e92a823319f493368ee69e532829811add09bf3f540095943206c8136656e2f3f6ac1b514fed584103f8b7ceda94c90c964ba9034c78be614f4531

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\AA5654EC575DF7D190BA3F20D2698EA32B9501B3

Filesize
13KB

MD5
4b05150f7f5821a5bfc141338a45dbc9

SHA1
17c0b3b03d1b847ce2d2e76435b6722e33be5220

SHA256
fb1b957b7f1a8a37e1fae8868c98d7ff5ef2a7c4c21d0647abbe844994b85ee2

SHA512
62c376f2c3aac9480310f559b842cc34ad67aa0f38544623e9d59f053fd9198c1a830b74a805f13a39635a888b43b1af0900662bc93e2d9c18b2c84315a17b3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\AD08285CE2A0C4C278413898F60F6EE6FD73F2DD

Filesize
52KB

MD5
f6dd983beeba5df1aabdbc2ae432c182

SHA1
3e36a5303d7e3271f52a7245416423a630442ca4

SHA256
4d0128dc1e162e094d2c194d15fa6a8bbebcf3f1dcb086d70a29a951575e6052

SHA512
04ecff63709a8fa74f6eed3005f9a2b4e9cae1980860fab838c9e2b1bf0c4a9ca6431fce3fa53d1eceb0948a9e9c18e66bf58c8f6ce99e225390e0939f393f91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\B65D918B29A17BC137BE8D321374C6A6762EC06B

Filesize
24KB

MD5
65fa5a50c13319e4b85bd0582c17b0af

SHA1
777a727041b7b06222c2e63112ea28c02f8b2f31

SHA256
268255ca0c2cbe218161fb0a3b9e332eace6b42d3ee8061b255b9497336fa22e

SHA512
edff1387d00d2b0bd3cc3ff55507e14b8e1b29e45e5be3125da0d1cc64ac044615055a6db245580ab197c9d920404bb253d3cd53b6a9d43e8c15ce6ab3c45fbd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\B7DFAA48376B6DD216B282CA105E159891C17C90

Filesize
24KB

MD5
e4dbe770b36ddee18719a73f2df6d615

SHA1
69cd4e6fe524bb42678553f9f2194b52ff2ab3bb

SHA256
f8c78e38f2539b2cad422a0794c25a4b336246c730d067b19a0892bf4fa15e7b

SHA512
1a542a86dbe4b37eccf5eb804d9fc22883b340cd553b58123ec3b11e12e6f8488a4336f6bbb0441e3f91289443c462aef938550f2b17af4f514f5f2be231a9dc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\B7E4E569F6FC80B2DCDD41ABAEF99CD24BEDFB5C

Filesize
110KB

MD5
e733fa9b7ed1142f8ab48dac8938a28c

SHA1
548bdccbaca9aa8bb43b3e720e16225d7150f195

SHA256
23cd05fe2e2fb8197bcba662c04c520d7be135e7e6a202dc4aa72c46d0a0225a

SHA512
a6590d85c8baa163c382d7ce2ae58aea58adbc0b70f57fa7c29260d6a118517a1bac605e8a23d0c033aeaf4cf08ac35d512e11e65de3723460674b2d5762ecd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\BA5991AADE1FDC82E5E28937ABE31B3EA6A9021A

Filesize
238KB

MD5
117b851626fd426dc24a95505b83093a

SHA1
4456b8aa9266fcd1482d869f012708b3f593821c

SHA256
3233f6b8e1b28c53b9285d40c9d7323de4c2d7a77cd38ce363c0d7eda3d22fed

SHA512
9013cef916257d5f9ea0d0f61a7746e4b60cfc91467fd91fb09ae26a323078434e19923536c5da3a70f9d9716e8911231ef0b80082ec95ca816cea9d7d9a8a48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\BD4CA1D4B4266D61825709642FCA56121B4B4D98

Filesize
56KB

MD5
3bb5ebec2043a98e5b432fd8a9c8829b

SHA1
fca03d85387bb7d86287134215fdbac960af8eb2

SHA256
3aae2957892b27a87dbc811ca2fa494cd4205d4a42a46a2f3bf5fe10b4221957

SHA512
8cf3fcc7c95420e7f1bfbbb787ba6d2e2034767460749b97a89eec11e5d7f4e779fab4c279fa79d74b5ec11f25f274c23369864aae1d7bed939f5ed5a237da14

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\BF5DB281F2B48D894B2C2D7BCB25A4F25EE86AF1

Filesize
355KB

MD5
0508409fc552946796e1d6823580be77

SHA1
3a9a947cbfc7aea9a3fe3236762f34bc28b25bdc

SHA256
5c36b584b0b428048c5d7a6011031f13373013dae0b1248115e22908f810ce7b

SHA512
64321d857e91257f249ef5af46e1a1b2b64dc6be5d512d20f9fc95fc43e26e85db4d530dfa9b392d6aae6ca029d383e6368ee7554f82e10060574d0bbfe24237

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\C82A77679266F2BDDB9D217ABFB8BA143706B61C

Filesize
251KB

MD5
10a18cc2c19a2ffb969b13827dc7dc28

SHA1
a6be173e58a7974e75b30123b53da8c5d62e1350

SHA256
b13592f8ae89bf6af0c54144b9a60541c02a3b0c97d888369a7a6ac0844da6d7

SHA512
d88bb64822934a1fb385796bf4325bbb5e7fa0fe70c3bb6aec638557fe7fffaf13f506c33aac8917d072f075c5574cbbccc9e5bfaa8afd64ea52473e5b602127

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\CD18BF5BACD10FA6C8063CC251A314926232D7FE

Filesize
84KB

MD5
5e1adb39cca5c20bed17938cec033d05

SHA1
e07f43affbd23ab043700dbbc08f024fe4952e55

SHA256
652ab2039db91b0ae1cc120c2613ec1e5a22542dd279257a6e80f88c632b878f

SHA512
8bdd70c81dfe816fa91fb1c133b9b774e84f6a27b61435b55c05bd932e88a501684eae20abf8bef5efd3013d6a5ec081e9e736ab0f62d1dffc7041862532b149

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\CEF68508EB9B66B0E81E2EEF96312CAEC849D4FD

Filesize
26KB

MD5
7e49f90bfe972869da96b84c7a4d2bf5

SHA1
9eda7278a81e74ac0688260cb815f6d6d34965ca

SHA256
9820321c1206fb08341c58e2e393ec3c4f19fd3ede273d197d23aac3ad049e61

SHA512
f4ba58a6b0070b5e1333c683f5b4b6b7711fe083a4d82d231661f618737f0dc4f4b8a9df43945a1d600547be61268bbf71c100ae500467bdd63d6e209af120b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\D2EF2EA23714260BED0C31F765D6FC7A15DFC578

Filesize
69KB

MD5
ea3bc6a66eaeffdeccf873675b039cc2

SHA1
6a2a83cd85e0c3e01fbad98d6a273387fdc8eab1

SHA256
2b09a262aedec8c89d1475cacfb74d29a732f4d3d2914bccca1d49726d8d1780

SHA512
1616dc1ece5230a0d0557ea7dcd7a3d905ce7e0b1b47606d7275783907c120024980d9c596d429af275e2fc8bf1379cc8af68567176b6c57657596cd2416766b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\D5AA3A2894729A8BD264ECE9438C93C8DC7BAA02

Filesize
82KB

MD5
f5bc85c0b0235a00b92c4eb8e8debf52

SHA1
0ac2645c995ad1b8b9e248d85bbb911944ad4bf7

SHA256
fb84f9d74a3b8c4f97c9c4dfa15d8862ca1014971fd97d18ab941e48e211cfb8

SHA512
965388459fad91208eb0deb407b824d355f4792b33c456f372b77b6357c87dcef53c05c67de4317866e394e7e6bd6394c42e2be947accc57c0c05b4a5c52eaca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\DBD78B5F0DD5928F802E6B4677A914D2D6B73B75

Filesize
70KB

MD5
4a6db4427fd35065540bc92bbbe89132

SHA1
80dcc031bea770a5f2d6609e3c7a6dc43a012032

SHA256
7dcdf1a44dc933d52742634ad65367059ab09d5995c8f0e9998b2d480e833191

SHA512
19b44ec2e301ac390c76a304b98fa316754a4e986cd585084610915379e99bc998f423fe08918aad8083943ea7c2367049c085af5bbc1d68bc7491064b9d53db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\DD2DAA68B7092660BC67630490CA5B70AFFB6531

Filesize
122KB

MD5
098ec142df52e2ee7f1d6ead1fb1b569

SHA1
cb144dfb0c0b5358a7fe3f6ff5f8c092494a56bd

SHA256
0caac2ef775083b99942156380e61df6c04f8903c696f87c18851d289b85c622

SHA512
73a7cb2cb3fd9af3ce0c9540bc37906cfc28a8eeae44ff733f3c7b2bdc864359d9fabf11a732e06a2089702b78004d65e006f2c8d8dced7522c6f2ed659b0934

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\DE6410D7D10A034A4B6C7DF000528E7D2955C71E

Filesize
134KB

MD5
3d4eb9395735ae954a53b2f0143ed03d

SHA1
4d2dae6c07c485227eb61adaf6ea1fcb80c744e2

SHA256
f9d0b7b276b4080b33cf05ddcbb93b81e789707b81f21331bd97f510956c89e7

SHA512
538b12ea8a54d94522f784af9907b54f2c6c1ae8d215efdd50400b94ab8c07c87ad2a6268f23e28472095ed50206beea1617cf0c14045f8f3eedaa476feeb708

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\EBB599B7BD1F8F2501C4BEC68150A038F9FDC821

Filesize
110KB

MD5
b70c4b88b3cd10ecfd7f47cead0a6906

SHA1
8cf7d597e8e86c16fb28c8d95d8dda37f82b3605

SHA256
b2184c74e893f0a0c4cc98837b2291eaea6dca4f8a565ed6a5d9cf97ecaa49b8

SHA512
86a10e9307dee53baa02cee79b20a5271593f40b3c21373d5a6f263089280c73af90ef77198f559d074f9ed45cb53e3c2fcc4fbb6eec75990d40fff6ab01acee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\EEFE6F94EE3532D6DAED4D54CC20795BDF32F079

Filesize
49KB

MD5
e1b192b7a6dee7167ffc9d5d3ebdf2b6

SHA1
cd8634e53f283ab72f4c437fd65f61b944efea80

SHA256
510b79e731dfcdc7b84c4ccfacedcad276fe74693499c8959361d1059edaab94

SHA512
d16da98a2a1aad8a9f29b5aa4764a8ff0824c55fd60a3994f90dac8481de94f23dd0a2b898f3df83909d14f572a1eb0d58b29a3e776ff5645162eae0f2b6be09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\EF8A35B1D75CEEA40B6CA52F98A55E4CEB88906E

Filesize
24KB

MD5
52dca7691cf03496ab62a9bb1bdbdd13

SHA1
ff186635def998461c18bdf772cc6390c23d420f

SHA256
6f83da830fcbbe8d7b2fadc3d8c4b5a43e20884e987aafa9a2d5de57857b7bec

SHA512
4f53998dcff091aee90f52e0daa280009d827c4e00bbc26bfd05165b5875e7d2ddbaf8b1ca9009b49d106e8eb8ab0a601771d18ccaf68d75aed0e7c2dc4daaab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\F884B417DE2A596726379F94AE3819DBCE9F9B00

Filesize
29KB

MD5
88003b3266dd555c40195e891cceda96

SHA1
e42a6d127a5ab6bd9cce29a9ca347c7b498f2dca

SHA256
fe5342ca5ca851ef25a59dd33bd3ea0b4600620b7ae7aaee295a6d0470ced7e9

SHA512
acbd14d10e63d61fdf15be4b27d11e809339e888fbc3a8e5860f7d4ff2cae739d8449cbf51560b692d4e374cce6d34ab753c48d670bc6508f2bbf99e41b80d17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\F8BE9D499518F26DA2C974465152FF993B4E53BE

Filesize
95KB

MD5
ca0bf0e2d4f5854b1c7ad8fd87ff1a75

SHA1
95a6a791fcdd58e8d984dcab5df3c99a5577a1ad

SHA256
47b604881a35fb6e01557a77bd5cd715a94b11565da8ff336ce7c277ddee7ce1

SHA512
81e833c9ab4d185a3be6ab87f53eba1bb54282be808edc1651306b7d6df2d5987419ada3a1fe7e007f759e605db701a9ffb3854bca361b738e2a742c12280c33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\F96A1A8368D3C3DD1FA81D170326E6C1C65D342F

Filesize
30KB

MD5
c4e5377c13ba8c40fd6254b658248312

SHA1
923dd8cdf3a7d1618bd73b34b362556dbf6aef13

SHA256
fb8a2c6ef73b47c1392e59f75d4adeaed25612b3fc58d2262fd275403bbd534f

SHA512
2544c78146c4d90cac6664047cb18ee0509bfc796501613abaf8f6e2fadb28803395076cfa659586b043c8340f1dc7c6917740bc00e7097c02196f3eb1849af7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\cache2\entries\FA42EBEC97E7BC4BD8596DD821DBD04B2CFE6838

Filesize
1.1MB

MD5
041a2256f6508602d12bd80d2d8b9872

SHA1
039c713ce65d0c2bea586375a14419b6c6bbf984

SHA256
79ed971b066fa442f40e6711c166f4eed564bfb35a859fbcb054b4071a21ddb6

SHA512
59717b41a45cbb4022eb47d8e7c3ff1624e790af5bf295ffc4b7b0f25ce99f581ce950fa926d30f8200d067616cb8a33cde0cf642827891ae528d5005bb65afb

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IR31NHP\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2

Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IR31NHP\api[2].js

Filesize
850B

MD5
5ec634a148678c7bcb139847343ee42c

SHA1
4e2b4520d6bdd4b85f5de3cd9d0b1c9d7cdec924

SHA256
fcad7f192757d57d9b27f5568bd440e59cabf8dd6f1c7ab56e95d6b13cd1fe3d

SHA512
dc952f83efaf3d103c75f5a25d93b74c02711ee7be7334206d6c879fb78d8f8fe1b1c0a1ede2e1103cc41d5158bbf8cbdfaad4acebbe0e5df5cd58cce362e18b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\9IR31NHP\webworker[2].js

Filesize
102B

MD5
987939f6563c8d52d53c80001e86b785

SHA1
25b74de17bdc9928aac2506fb319c8d59a48c374

SHA256
3b918b6cef39462c9fed66b7ce89d8fd5fe04984c12f689e88327a703d738a0a

SHA512
9936479d8187c2e53df7bd32150a6bbada499a6cb52aa0d7991dcebe8fee36b55c834848c650edf29c8a60c14456e24967a93bf54c3c7b121263cc5889e8092d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JRSLF5UO\be7cb1[1].woff2

Filesize
16KB

MD5
68c477c4c76baab3a8d1ef6a55aa986f

SHA1
4af50379e13514558dd53d123db8ea101ec5e24c

SHA256
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac

SHA512
92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JRSLF5UO\recaptcha__en[1].js

Filesize
489KB

MD5
ca50556eed6c3ec820e1e84b8b8c4c89

SHA1
94b412b047930720ea1cf6e26279821859f6a666

SHA256
5aa02ad9ec4550065de8002ea1108be5d10bbb1173d2f3447f88ce1af317d4bd

SHA512
acf6180697b349825c18ec7372c894a455c44683a72c7416fe2abee46873a585bdba99b0167dbe77bca6582928de4f01a41a79899f61f5b30e3974b8c159e1b8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LE31SNEO\anchor[3].htm

Filesize
46KB

MD5
21bc17e417c5e8cade9fdc6f9f919699

SHA1
92961e14d914a6e46991fc298ee2d4c968c9f310

SHA256
81a4736b473661bfdbee9eca2511c083d593d91b38df43a113f7a893a2e53e73

SHA512
2ce3543d01e1403debac52e71bc98597a04ab362a27861a4884b4fef76ed4cb6922474595bd4f802f0a83b9a22fdcbe42085760d050dc3ff4ae5c38295872855

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LE31SNEO\bframe[2].htm

Filesize
7KB

MD5
303e016027ff6c0525b6b21907e240b8

SHA1
000be8202411f04bb5297ff3aa6fe7d34614cb87

SHA256
7c4cb73b09790d658c07ac3d2bad291eb68a608fd8153931804abc5583838164

SHA512
595553ef8f5d2b4fcea79c6965154749e86570bfd1b55f2d137ddb452c7f715c31c9c6ee7a9f9aa1675b85aa6d7dc458d6aa46655829083ed6af8798b83e02c1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LE31SNEO\c72c72[1].woff2

Filesize
17KB

MD5
0627ec86dfad171ba217bbc765326ed7

SHA1
d83f8aac9cb272a8825602735e3766f4975d5c68

SHA256
d53336707c39d1ec20a2b1f7399ca9f183c45592e215a42fd596dfa2dbb8ad7a

SHA512
a64bb605c4c4a1d3a3905155e9f52b4c59abb95fffc61aa1405d6d4e4687ac308ef4104f897770ad8c7001e40f91f68eb35041d693367a970aab2a86e80150e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LE31SNEO\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QIK5N7S7\MxL-5nwwlOXLnw48P5Qma8MW4lQG7Q2rhXcL3r2wtjE[1].js

Filesize
16KB

MD5
4c5dcede87ab4202bd311c5b685ec11c

SHA1
dd3509ff8109a2d790a68defa045c9449843fcb1

SHA256
3312fee67c3094e5cb9f0e3c3f94266bc316e25406ed0dab85770bdebdb0b631

SHA512
bae69ece3f5e5bd93b33dd16259cf2d63676dfcfe3fa7ac281b8632b0a651ad6b2e50e7b6967fcb2a0b4b41225ea1a7c8be974615405dee342558478f9d88656

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\09C7PC93\answers.microsoft[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\D0OCG1PA\www.youtube[1].xml

Filesize
229B

MD5
357ac79a59511d6af7575d82f600ed76

SHA1
5ba503c43462cac7e839b89e32f0c216d882c8aa

SHA256
2b9137d19c690675f207f6962d89a9a9f6adf405835c6042c7dc5870b319609b

SHA512
748d38ded7294da5b5232eb49eb15583ad8e2b60d4da2360e2e82207bd8cbdce0efb23f0f0099b468b79014653dff50b96648558454f14c52077111330420eb4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\L1Z159FX\www.google[1].xml

Filesize
99B

MD5
61b02d4c2f5c8fc1f3650b822de0a884

SHA1
0d31301be99418a30adb33639ae548732cb35667

SHA256
6366c3086cd9ecb63d556e0d0ba6ef0ea39c67bf4e552e85b68cd81d482ded0f

SHA512
bd45fcbf965077b7adf827771b84e739efa18f462adae31b96faf1abc3eef490b3f52ca7f85c754e54b9b5c0dc153f2121813c67b2702e6306d81c1609b74d02

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\LX9O27TP\www.vice[1].xml

Filesize
7KB

MD5
be5ea88cb965ebaa2e24e9a315f8da4e

SHA1
cd437655b2e0bad9aa650d92b0b3cf9c9dbc3912

SHA256
2f2f65fff1353d8883c62cd175272575e41fdc33f71e50d64c0ae059c34cbe78

SHA512
3b54bc4633e84c4bfc3c47f85b1a5ce6434243fb1b4e9ec44921c936eae05d68b4578f795153c016a5b92fd4871f826b010d158285f8f88ce6c6069be490f1dd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\329C03A4966B136B54FB137DCA798EB7

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\329C03A4966B136B54FB137DCA798EB7

Filesize
426B

MD5
c24cfb6f18bb17850079426ef0fc54ef

SHA1
650b4a3e00facf7bd073e847a9383ee619ed5202

SHA256
a1329f96c8553aa2a9b7a9e5ad39c9973756dec982e38a0a02f112ff30428ad2

SHA512
de1be5bec8cb0cc78d55e0e473517219980a8c6093b44ea1f7f0fe08e01822d97dac37e3d7b8db2a369245bcf5f033bc17174f3834a9a880467c87cbebcd2e94

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\41PX94G7\coast-228x228[1].png

Filesize
5KB

MD5
b17926bfca4f7d534be63b7b48aa8d44

SHA1
baa8dbac0587dccdd18516fa7ed789f886c42114

SHA256
885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6

SHA512
a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\41PX94G7\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\59VFDUBD\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AKXBCETV\b80692[1].ico

Filesize
1KB

MD5
ac0cd867e03ed914827807d4715bdfe7

SHA1
4051a8c23756c10d9cc00fcde6f7215c780fdf6f

SHA256
b50546da121186fbffd2aec430249cb21c7c2e2c85e561a393a9df9abfc4477c

SHA512
fa11d1d76c39719c218b4ffa34de8dd44d398bdcbb236a666f0be6eeee96bcbe4da9ac65a89441ad284c0de21788c135dc4fd21f6f82c7039f00c8a7c705c8e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ICOG0V0J\PCOP[1].ico

Filesize
6KB

MD5
6303f12d8874cff180eecf8f113f75e9

SHA1
f68c3b96b039a05a77657a76f4330482877dc047

SHA256
cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e

SHA512
6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ICOG0V0J\favicon[1].ico

Filesize
4KB

MD5
b939aee911231447cbd2e3ff044b3cce

SHA1
0f79060358bea92b93ded65860ffbc9ecae3dc14

SHA256
f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c

SHA512
8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
ec2f3960a57aa107c4e3da5f52ed2e40

SHA1
4a277ad00842e6f30b346e77758a595331395058

SHA256
66409ef63ee2c6b1246b95377e0a665f34bd8f34e3c1eb81a0ff0f772d8e49d1

SHA512
55177efe4df64603a68419276e48a681161275857eb80e57dc2349b8b0a7aa0a366de9fe746036998162a7cf6f07af7dedb871032bfecb496696a64ae389c286

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\476zaa8\imagestore.dat

Filesize
23KB

MD5
cb4a984e64c8fc6bfc5b618df3336606

SHA1
79437835128bce2cb4c6bb91a870317084921fc9

SHA256
dc46484beca3b894acf2783dedc8a475b2bd3eff463577ff76a1ae8b7beba8df

SHA512
580f57b60eebf6fb32d12b2ed5d390cf800e40ed8e77b0ea47bd9523d9303a76acd7860d1a759b2192121afe096402ebd6854f6205967a447488fec78aadeccd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\329C03A4966B136B54FB137DCA798EB7

Filesize
426B

MD5
e634199cc72f2a08c1d4d00d7b09151d

SHA1
999e86818a131d926e3cf2f2c19e4de6b8dbe42d

SHA256
c86604e2e00480c45f8cd23698a2c9e4e36e797780362e0dd2ee4276ac5ecffd

SHA512
9f9827959054da62249dbdf26396f292617146a14c0b2b49ffe0df0c93c744e94851022e7fee32001fa15a6f6a39535dd68b029bb89aa95c190928e2f73be53b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF4586BF2ED67B8142.TMP

Filesize
60KB

MD5
1f064e39827db46813bb0ba7c776bf16

SHA1
a4468a089eeb61f6c815212becac3157f816e7bc

SHA256
058cc48a6ce8629c26345f054549ea9340e41ba96d375406f0e027e01fe30aa1

SHA512
8d50db5615873f1ac385345884390ebfae5019f4198ae467acc039c5dc84aaab540d14b32a418a2213a334722d539d66f0a298b8cd53e61742f01f8ebb64bbd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
3.0MB

MD5
ee9515c7cdc49a175222c7f3d94efcc5

SHA1
eb7330a0eb5d86832708b52d44cea6685e20567f

SHA256
1b20db5d01b20a10c5f832f0b287a57afe7f91d63e165c636512ab7525317a58

SHA512
6d8f8a44f5d1a05938c4262ccc7aac619c7b9072b3675f45eb6ce6e5ed00f566e0f5a38b3a5bb9b53ea9076c8aeb9f9abc9ca910af746ca61c7a3095882d7a71

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
4d6fbe3a5c28b94b713c81d231e2093e

SHA1
bbbdc905c77fdbe207be43ba894a629bb6087487

SHA256
1ee2d9bea66c6daab792c9cf838a29487885452c8114d9bd78c88581acef72d3

SHA512
02d4285f562fd96b4dbbf3147f13ebc7fbd50b14c16bf64159cd8115946cb443224b38177658778ef374bd3ce784745aa0ce43d542d342fd928003256432e3d4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
38KB

MD5
3c93fd872a6cc9ecc1cf58da26655a28

SHA1
fb509db4749f06e8f2475b3036172cb1c71f9572

SHA256
ab21168f215846355e4444d1815c525c9c29675a64eba52cba82c3c0007465b7

SHA512
971c1678aed4bfe3367048093352923442c4e404fd04fac3c49f7ec648e84ed64fd0ce582cd6dc2f55186738a43274ee6a0ad8ecea7965520e492228fd3a2a17

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
9KB

MD5
76635c2ecd466f236d9d244ad0255ddb

SHA1
2e138c7e182cee07e7ab3e75da592a2612c2d9fb

SHA256
a237ac76614b86142ac7f22d33b2831bfcec875784254f7fda2de3b3c2360845

SHA512
755782aa1d6b44d35991e11c7c3f39499779a98d722f1ada3c306a5cfcf8a0b81068d773cf60af72205ef0c43cbca9752feb8d78a49247c496c05d1bc64bbcf8

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
a8b7293524d9e4207dca67df8fe0ebe8

SHA1
f39d633f6696b608f093abea6399b3f1e13bcbb3

SHA256
959794400e5e843509668dc0f69c2a472a930b667f18ee5c338ba5fdc4cfd85d

SHA512
f8ee460ceb2979b292043b27c716e66cd9007f41f2ecec3a9d23867ef655c7bea41535c8691000652488ff31608e816b4a75764eb837ccb0a9f21244be4a4796

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
946950e2b8cb173e841bf3ba817aa7fe

SHA1
2d0aa6ccb8fba5534a0a5d5b9802a4484e45b1e8

SHA256
5c0b12944fdf52e1241b022312cb50c0e3de1e5f2ac9a86a4166e6b8575a60e1

SHA512
7ebdaa17523f4f1ecd2e3489199d6c6530ea38f551662380730d076bab0e34b7ab29fc3642d0eba7408f78d6e1e51cb71697151dadc7a5dff268355c45918de4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
681B

MD5
02910cf6d726fcf5470dde1466975752

SHA1
638a025d4a197e9171d4a991349bbe18554bdcef

SHA256
33a1e720336c828e77de41a41022015282387efd3e0c924a323c3597a310e77e

SHA512
0111ddcc1f24459544693ab549eda9641e89a9c86cb73958a1aa377c6bf425a7d07274c810ef71b292973e6dd27b794d7009bd1e64fa4c8b831237c32e70bb71

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
802B

MD5
4cea0472eed7be7c90585b8db49c3d1c

SHA1
9ec564c26866025cbb832718840f5ef0162ae2fd

SHA256
d785fce18373a9346a5c478ba6b8fb4e614c88940778af9a5d2ec0df20cd1a43

SHA512
ff0450c8f29cc86638ff7552a5a384b91989acf0ab04193cf5601a367cb9d4a017ad08cd84321c494799257523416a49e24757dfc606a0d9495048bfe5c0f42b

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
cc84183005eec6f33814d232415d6f66

SHA1
b52f4676a3dc0ba24855a9b51a56653d46850f73

SHA256
201854376047b57a693f534566182ad061db42279b90bce9e1dd710d2bca35b0

SHA512
f0e4d2912858342d1881a762c218a0c345e2ff91c740e504eda77ec6c2dcff4a08e068f5ac03bf128919327cf20b12381b7b5ad1595f6bed752cd1e4c36f0a87

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
857049b38530f0eade5428a544d1afc3

SHA1
ff6b39356a3e9c04ca502d590a5b406c2aa9bf44

SHA256
10478323a8efdf079b64e8053f8354f1070df21e47e714c2bd51c9a84946c3f7

SHA512
564832c1984040a080c9f507303a5f9818a9b5f856936e9a496b5ad480002d1f3fc43d9b9e5dedab9adb687d0bb6041adce2572f4e03648f9dffb535f856abcb

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
e0957e6f151c16782b80a09d69a300c2

SHA1
509b0b63ab67286a18a7a4b9bc21836bea3a1561

SHA256
172bd45c2196769900d579daee241bf2dcc911662f0d005e09a0bfe9acca9164

SHA512
77bed56d6281ef2795d2ce5362d6345658355a1768e558e0613f290b050051074c56dbe357a8a96e018659b40f77a11f2e9447cdc89d23b0e076ab7a02a9e180

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
2KB

MD5
8aeb367286d3c7f1c312870713dccfd1

SHA1
73a310940f3ba3d0c1678017310049181d853f39

SHA256
6f59a326a785482297aac5d515321f5ceb8f21c0ee49bf12311d806cb1987b0d

SHA512
8a725864dd252b503a736cebb908f4efab11cdd4e0e6eff40192b78d48b4be2106689274ffeaf1007765db07db7e00cad0baa8aab71f160804310266f04605a4

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
f5554e9d883c5e680ab9f181ee1b079c

SHA1
3d87e409a93a547de0398d3899a238d2831879c2

SHA256
1bca5565ff9649716dbc6573bc9e9c86375be9222f71598156e59daf541ccc2c

SHA512
588b50667506cfb09bdad0d8d594e7fbb0b55ebe10d684427116fc32e3302bb578b638a19e726c323665de110b8b50171308882d157ddb4eb5ee9896099b51ee

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
9c28bcff79776ed32f4ce6d9a17e6880

SHA1
91ca0f2a653b271735528a81b4f54b486ee33191

SHA256
7e8197c336eaada10153d1cfafefc8f8f50401732f583c24809bc94f0f88a6cc

SHA512
ecabf27ffbae1e067822a763d81cdcf5c607af51da9f87e99e685b89c8030022015ab3dbe4ef20a65b5f01703eb83d826592020f4930a53f5341512dfe093576

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
442f08e880e996a944c25d3e2b7be31e

SHA1
2bc3f7b854122d3c5cfdfaa79d2d2d5baaf1c6e3

SHA256
53b85b4761c8419e11fda6ee16113c2b41a36ac7b8219e64f18267bef636b2c6

SHA512
28b07f153834bedd115af039e406fb28bfcf5d2fb09cc67d838dce6c5daa8854eaa73838b597cc4c89859d3ac8fb160e434ed2666e92de07ca56e07dca587314

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
a7e64ed92fb0cd3fa0624fd0671019c0

SHA1
44ad16d90a8fd1a53da8f219ded93100f8aef30c

SHA256
59188cd421707c8aa899516ccb66a6f91d51b1c63603b1b08c0404f8a969681a

SHA512
ea1ba04456e2c3b25bbd230c4a810ae1a4c8343b720d81211e7e6fb09f749f5052eaffb0e9df5439d52ee47580809ba5112115bd23c45c37903be9e16294cc34

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
3KB

MD5
29b823cc4ca1999ac7700e4de8e15814

SHA1
4383ec416e3cdb34707fb36f47ecc15e6f928b1d

SHA256
f66a5da8f5880d1a4c90a9169db149cfcdfc4442341cc1178604cf2d0ca50115

SHA512
be019efe3cb033cfd396c81c63c80b998bdea9118232e197032370f4dbc08dc7df755a2e552e6cf44fe7c3ea3e44991990cb1d95d366e4d91f2dd260133d7348

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
c270e2bf0213eb90e358246dcb17ecf0

SHA1
a563151edd8c24d5d5dcb6116b0b76928e6afc0a

SHA256
8f2b3de89624b08b1f102df94d1e92c3132da106932ca5def2df8f999792c81c

SHA512
bca5015f6211d31a442bbc8a870f060a7ef68883e15dfd2ee48e9ccbb23b3df2964c829436f7452ff562be96741737212bf440c8b9376a4f4bf38ee8d6073fe3

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
fb46f10d59232d2bfab59795908800eb

SHA1
fb91d021df642abc46dbf9f522456b003efc1af5

SHA256
bb55b8bcb2a9932fb3211a23bfa57d8a22268f50848a5bd0666f520f7f0da1ea

SHA512
93ea749fe575db1531d4637c0e582b591027660c1ef36375c488b07899db078b5a9c2400e6a325d0c56a18b375264ab9d085fcb9564657106fb17deb3fb65c31

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
f825099bb97745f5608342d8e37cae26

SHA1
3e2f0062f33f263d4e4db7f4baedf1d9c23a182f

SHA256
1c5d42a5ff88fe35c332debf6cf81962e7a50108740340e7561d0ddd4729da92

SHA512
d60102156135c36139a1dfb3daa6ddb6b6518eb1dcc90de7dde4f9b9951e9c8e50e6188fc536ea8091df3e0cf9d2b75a20c7c9d9a09651cba3d400500ca400ce

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
1a4b675e6c8dd8da15d851b27139d214

SHA1
c9fc2a472203168cfe318225639535806ece4818

SHA256
be62dfb77fa6b854c016e0d8d97ee6109e6aad6a7a705e0ed4319ef0e013fedf

SHA512
ddeaf1db0744e1d4d74b7a7709b8367b396df796a3f89fa5e4d5dbbd2e2583615d44bafa49be8c965a4a72b2ddb9507bbddccdb0a6175c2ebd95d282d8ba7f66

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
30b49800a77a8c15e75ca1f858adf18e

SHA1
7817dc60172608f3ae6d5e0619155cca7dfa9ee9

SHA256
f1438e7edbc9682cb37178ec2fcd8a1b1393fe9e7c0575b4cdf45325686f5702

SHA512
20b89f1d200b3fa8fe2ed9cd9721bce2f24e762faf8a87897796cf0a26f189dca159b2d6ca5f979eac58ab71ea174c830cc889752b4d82d66da73a9ebe5beffe

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
1b2f5f92e527a63ba7a6bbf781f80367

SHA1
b9f1954a6556708b99f7caa54b1e7a537862819d

SHA256
6ce4313ff4b8cf52f0b09ebaa6b90d308449e484d0628d47d9df62f372bde819

SHA512
52dd9b3e5af11f342ffaef72956dc2af372dd9ef2def8e045c2d24f5eb1222a294b67efe16c75e7a62044e1fd02cd3e333db953f09659126fdc650586586df3f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
79fbb41499b904acba99e54c0dde9644

SHA1
719f0963570142567eff1a606522f3e736e311d7

SHA256
9d5edcce512eb119e714c44f804786d91b56bdd7d091d40000506b92581f4d43

SHA512
80e81d705e3a063bf458330e22d7f59f55d02f4984fd19dff365d6f761efc753f213a29d6eb9918d462ac4b9705449787fe3fd94a54212256fe86fbb4868b1cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
1ba2503b8513fc33b1229aac47cccbda

SHA1
d136bb5da5974aef5ef2b96f0a46426c0ebcab1d

SHA256
707ca773ff3402631452fa9a34a5ecccbbcbd25530359462a964fdc9c243ce06

SHA512
40e78fbaea48d2f4d682e9bd7fb512969d90345cb00f5294c3422dd7cbf51d9e4a64012ae3420f99792f10857ba8498c0ab87a776d490f1e63a4ebad28f56daa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
14KB

MD5
96d07d2850b33ac9defe549db4a233b0

SHA1
5f4d5a3dc4b7134a4438f3b5173293ee6a93bce8

SHA256
caa6758e7672c3f7aa7fbfcb02fb917ccd82e405be1da742199c92c4cd528b9c

SHA512
591145557f93c7ce05604ff56dca111b3431359c1cda425c114f341a900087cc1bbaf1c70570fc0cfcb66ab203369c2db20819783664a62f7faa5ad1020e41ae

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
73c1356181e82a74978fe72387dda6cc

SHA1
a003af0a560dced76cf55f7e223a9a49259d1bab

SHA256
451e87ade88402082771874dff669b37a9d0023ef61b46043381afeec1c8fadc

SHA512
5c44e3d56dfe7636804d0a656873ab706bfc6d986cee8480ef21602cd8404920264f7661660bb284e09f5f3514c2831e36b09d520fd2945e4e9d40b896d8de24

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
46a41ef0a78bebddcbda8a8385bee7b3

SHA1
9ff2099e9690003333bf68e8f38ac826bbe509c9

SHA256
6c0a9af53457b06d52949a434ae101a14a1366bbe763878648facc54b7cc2c6b

SHA512
3006ea884322a06fe744f98d03595695807857fba0f9595d56b0e5e5990b48c8cbed655dca566dcaebb0837f1ddc1180461b8159e218892d93796e10793ee42f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
16c2972b52941cd2d05becaeeff03430

SHA1
59acda16e5bf2a14a2f8bb05873e161e12e2ebd8

SHA256
0f3aea13a04eb5f1063efe082fafe18fdb2f4ef0582c53f295f3c25fb53d2b51

SHA512
65e21a2cac1c9c7cf2b97a4f4334be357980b87dcb6277176b7377ea8fcec0f654b3d7b7e422103c43d1787de8903ae4ca966efc44c542942f137966a2be5aac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
1473f07f5acb4a715837eead26ad0194

SHA1
fa82791f22c47c3bcd4213fc6f64aba70217861a

SHA256
734176ae7dd23757202244cde69129b042835e1c45c2070a127ee6c1c4ab78bc

SHA512
ad3cafb2274aa8129f3fb1a5ea22b4738cefa35a253818b1d18b0039e7ce4f72672da2137a59a760bbfa868225a3b1051cf105c7c79345d37472880eab7b744c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\crashes\store.json.mozlz4.tmp

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\db\data.safe.bin

Filesize
5KB

MD5
fee8e6ca68daa9af2f331b509157098e

SHA1
38da10a71db9ea62a31111e1c9877dcb0bcf19fa

SHA256
4c33c86e33a054354b091159cfa93ea43563878205a7fc28a2dc74bc95daa647

SHA512
a989f34f69171140012e366e8169c8bae84b9bdec045b3a081f6b429ee804ccdd68bc09e32171af5e8a630a636b5623b49bb75715bee3e35759fdbb04425f005

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d795bd3dd4057c8eec052d7bb0b7a30a

SHA1
6087a220c7d9fd96d9a1b616f145dfb33a34830c

SHA256
b776f01c44e1d1885077487bc0e5dff4ab089f53e2820f0af747c8c6245ddb3f

SHA512
7b10e9950c4cc296f8d4c2eb0e4e1a2f1f4f58ffcbe7ac4a9e7c7d2044166b02032ab80c60cdd2f60986079e4f07594a370aefe814a47c989609f61b7b59d2ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\pending_pings\2493bf7a-b6c5-49d3-967b-e0bb6b6ada3a

Filesize
790B

MD5
cfd9680d4f66931014d4a55e27efcead

SHA1
2bb9ade87f2fea44ee63d21e20b7ea031b130433

SHA256
2b5fc029951c122382b742aa907e2eb71c7846cf89a3a4bf88feb3f9e81a21d6

SHA512
d10cee545dd474ab995a6982dbe72816e23d0c3abde16a1424dcd3945f5cf6b10a6e9495969793bb19a464a6832b1cedee33ebdd3ef25727cc50c8869b6bd732

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\pending_pings\37f8b152-ecc0-4971-bdc1-b61e6d32a02f

Filesize
746B

MD5
9177e5e8141fc4f8ed3d6f107c024438

SHA1
9af7aa7059d946453300d8ce7b86aa745d5c988e

SHA256
abfeb21a7359fb34b2f9af9ad73c59a9c079025eded9933fac549bb14a98a2c4

SHA512
da5be39c402d18285b55ed4e82b3732d16bd91a867159b6c8b9d7783f6d9ec58419e87e5aba7bbeffb5339538411993d51de5ce41cc391a9b8fb7e82fd48fc45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\pending_pings\bbd54d99-9837-424d-b544-a30da8bf7a6b

Filesize
1KB

MD5
6ebe253c3c1d95a6fab2042fe7c222b6

SHA1
a26b7b74bbeb10ff083c280ed4a9271bf07cb375

SHA256
0e182a5b3be248a2a973d83f2920eeed16c26314db27634e121fe6cff3176af4

SHA512
8424f24627cb76653cb2d45f4abaf807cf0abdbc9204b67541d73133678f34a310bd1fb0be27851de93b0395196347ffc173fa14d16a0c1c74ed713fc4f37d87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\datareporting\glean\pending_pings\c64c5f9b-ca3a-4b0f-92d3-5d16b4e127dc

Filesize
10KB

MD5
b02a7c39dde0b8e7d5cd110dae38ceab

SHA1
0c3ed9d9e6b5bab312db3014c9d6e98544dbd757

SHA256
03944e8416632070d5a587216ac619a4cd72845ade4ac9d06b1aeb6d32f3641a

SHA512
98b8bbd833c0a4ace4a630cb5b846f6e08215b77cdc91c6c83bd34c32aacde42f2ecf5d668f8ff90611d81954911cc6249f1924a5e3187807586ccb03458a868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
3.3MB

MD5
dd7a51a72f070edf67ff9080489865fb

SHA1
1127e38a192becde0c05973bc154bd2e20263c51

SHA256
f6161bd93be0b4479898d8d264a14e51ce8a18de875ca6432eb5e8753b2f2274

SHA512
68a56ced53b43d04745dc00bc7f0b29676e9bf59847df61e7d10aabe268568847474751cceb5c20fcfd8bf7130607244ece3052dad7d663b562cfaae7ca82353

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

Filesize
6KB

MD5
970ed355323cb6eb22c95a934d87cb3e

SHA1
51b14de02b5f7ad02c46c241d5f987f1097aa7cf

SHA256
a72d6ba847e222c5c5c5648f82ed8654abb8fe312ff5f9f40b86aab9da327c99

SHA512
5dd86fa2f6ef44e563051ff7f020ad66987bfc13b8118da2eb795b9049db0e25c31b4de0ecd94fbe428d18c7ab27de3f3d95c8091b4c02217be02b77abf5c375

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

Filesize
6KB

MD5
8059f60643bf751462fb9349563b6206

SHA1
2ebb43c8881e754ca3e53195cd7daa3db1804e05

SHA256
7cc54704c72ef56ef8ca5693a2b87b246d48beef9d4d6ff9b0d387e517256344

SHA512
1f39dfb9060bf63d928dfd4a5c605b374ceeb19b51b8b7ec4706f9f72f4db19f0ff42a0e0c3fa0a691f7b1f2c2c9fd884266bad40a8451226078b73ab0ce31bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

Filesize
6KB

MD5
fb519ee1f0ba6dd0d6dd067cea81f5da

SHA1
1e4812b04cff1492ec34c8082375718c70d3822a

SHA256
b8ce6ff11e3e93841af98fcd22f813aad43958ec3c2a10cb9f7c0052f74043da

SHA512
30af13ce511d1d86ca0a1c5aff9842251a569b22d71305676accf00e624d52e0c7a534d2681d8408643eb431a8b01029f710324d45cf46cf8c986a20c2c2bc28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

Filesize
7KB

MD5
2ff1fdebf46e78a8f002b29bd762e1e2

SHA1
bd2f4a8c1efc76aa339df88f91918fc6ab774ec6

SHA256
c37f8019848a6f1881a5ce697b38855b956b43c43740e1dac7e77dd5444ae870

SHA512
ce02f04a43b975f8eb4921197bdf8637bf28c8ecacb587ae96318239785f1b3a9f441fde46aee149da0d5783da75ef27fc290fa5bdb31ef6ac34876bf71b382d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

Filesize
6KB

MD5
402d4f5f857ed4563c7bc8fe2c58736d

SHA1
131af216800d477427b67ffb4c6136429e8e7c37

SHA256
9396128d9c385acfe405be114f9188826cbd136282eba5c3ef838d6972b8c69a

SHA512
4512c8886407e25a4fc47ccda35a660b4e217ae654aa6f6a96ba9469199f4fe0dd0d769c9445864ac2660b5b2bf80ee8672389eea4223535c039102e323a33ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs-1.js

Filesize
7KB

MD5
29cd4872f58360ec47b5c0eab9abc073

SHA1
08303a66b657125984c2ffde1ab88c40cb108b73

SHA256
c9d7dc5822d09fb1ede1307fbffef8ecf9b260945b4080ad8da1ee3416c7cf06

SHA512
fbf525565f295d59618f0dfd5d59d747124469e7e6ec3c72104c4e3241478b54c2250c6f49dea3beee4c38cfb734fa15f88a67e9951443509e100f977a4b2316

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs.js

Filesize
6KB

MD5
9f9cfd8e97a20a0e84cb65ad8969a5c6

SHA1
a11a6dc05269f996453fa5fbc167279be1399b50

SHA256
53a2c4ab32eed66e99bf9d84508e044f96ca0a2b7f997e72788f8aff1f7d3189

SHA512
76515a84e2e65177412c50fe6e22a353904195f2800cdba6bc7813adb511f8925cf1e287d28fc473135835b9fc52a430f45a06b9155ffcbfa9d60a1c1177280e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs.js

Filesize
6KB

MD5
fffb5b5dd4d12b3d38359489de38dfc3

SHA1
d49285fb197698a4532e72dac23c53ce461ace80

SHA256
62ddcbbafc6f4c7ec8b37a38bd721cbde4aa57ab74bb3a917c0d55c962b4d7f8

SHA512
3facd5946f158877349c51e952631d69012e640da5b19715d13489daa2daa4a63fd614154c92dda448f80c2f15e3ecb03a4011d8bcd2ab63bb87c272534f0fc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs.js

Filesize
7KB

MD5
d47001be25f19eb3a5cad1ba5924379d

SHA1
9b6c8b070d9a44d02848c50412189791d30a64d4

SHA256
c608132088763ceb6a8a79661c6df9142c17042cff3252f1d52182d743647d10

SHA512
aa8c6c536f69210c2ba0fba0c7b72ca4093262774e99e8d073f9b5992570084488c459e20f1cac86b82024baf6e43bad19cb6b15394d1247d1761f4255339daa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\prefs.js

Filesize
6KB

MD5
aca7d4161ff4c49eda2b510c0f1bf721

SHA1
c82d178e32e4ad638c3220d66294a816ca40733e

SHA256
d6ce8907720f80b9d45b250471f8da6d3838a85031b0c2b22d2ad3f5e76efdee

SHA512
91fde6eb140b8c4652dc5e8a3dfb5a747cb99d209325b6b3b5ef5c5ffb1f8957008e27586b9fb2427a8168101347cc2c774b55153752dcaea37bcbc854b7c438

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bf8c757e9f155733c8b8aa21543f35a2

SHA1
584d95afa852c24c0ae93d45a6fde2fae30dc3ec

SHA256
d61e0de4d80369ccca19e6d17acf4bf263255364eab803e2681e9c68842f8378

SHA512
3f651115e2456a45b9900102d13286da2fb6d829fc4bbed9fe63018c28f8054e9dc5825742a3ae0c6fc3781288ef68f50e57baa77046010ac6198929270468bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9e34843155081f8d8ab0cb5b3fb898fd

SHA1
f50a39d5912ac1426f5a5d6db5866c3cfe01b03d

SHA256
5b606292ef45ce28318f7a1dff8a85076ffddd171356ae6a39edb158ec379df8

SHA512
c493b7662c5308e8a25e83dcee9f39b27232f6d42936ebeb125a930d5b8b7bca1c59dd2d4ced69de18611c7ff6718d50804b048853f10badb08e441fa000da80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
0ae81fa9a1481b9eb58ccce3912d84e4

SHA1
c204ac660153305b270f5ab3afdaee713c7e71e1

SHA256
0a66baca3a874fa2a5ba31ddc44c3300a46718740bd5a4396d0748494398e923

SHA512
6e8fcba333afdcc0ee9a975b655b31a248a03401e8b476fd551182fec7cade415be9b8c7f65a1f721268ae9811fca76d7cab61c4caff04010ded2fcbf73e3eaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
48916e1fc95d28dbf8f4438812cf260a

SHA1
bd8fcd457f9bd34bdf7ab7024b8b30971507d1ea

SHA256
f0a3ece27e5d2211ab358b5f89e2f5893f226479b8e5c610174739bd215b625c

SHA512
197dda4ba910d8e04ad9d63d60be5a16cf039f1ad2d7dc11745b8b45fa2ec4688c7b9fa917227c630a011ca2fed77524376eb13838ca78f2089bced82475a095

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
27a7c79cca59e435382ba8dc84cda6ac

SHA1
a95e62feddead486e8951fff8707264726c5536a

SHA256
45af7f410be0500a77493152614113ba0b42ea39203f1a5021cbf359d2b968b9

SHA512
26ba6707bd9a6c01c2bf1ef6740bd8bf739cc930858b0e5ba95535f85255b8068993f42dbc5f4af59e6477694c7e9c8f21a491154fc71bba538e7ada0fa0d285

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
67d043188b554a361b1869b82beee6a3

SHA1
28d0b3a7f185edace3a25bb34d853912ddf84b2f

SHA256
22f805fa09e414ccb52dfe3085be86cd741c285ddbde6240f855e4828d527682

SHA512
4c6057c23f95caaa36c6303ccad62c704fe350fa014ea2c6f3e5319fd0a8b55692ee2331d75496d94b05e02db9599e039a285a991d9b0c03b562cc083d23cc9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a19a4f596a0703ed5f18b28afb66f888

SHA1
1c7156641c7851688c9629dc2285b0a1c70d4199

SHA256
7af2909835a5775a316f780cc78ff933df3a2446303baf255e4ce95c713d5c2c

SHA512
3b092b7733a940b37931b759ce38fe43821e33b251e943cb90a020cda851d3408c05ad270acc9b7595b694663545813bb8b7e342202795b57e6b3f7c2f31755a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
ba7ae04a57f51fdb340a7bbb01669140

SHA1
76c1560a0fd456746c9d5956bbe09f252b1f7dea

SHA256
4cf2209c0ea9bdee27c762e066a696ee84d49d4df6f9b2cd3bb4a1863d66c0f1

SHA512
e9c19b70d6b453fc3768ad09eaa95be1f750bcca2544e7db27446dd11109f3016e392885c823a2f34e82c908f3cc6fd63f4deeb3dc3e0729a0c0fd85c1b15276

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
ef9dd67b99a21d1ae5f720e7c5e8ed51

SHA1
6174b1e7a76e62bc5fc22ac1c21812432bb28cff

SHA256
e0009a1558e472040311c38ebd3626a318c7abbb2f0c60ffa2efc734f4740846

SHA512
bb2deeae6706e5a94a46fede50cf3347308919f7fba428d501abf7d34ffd6448525c64f8010e9dcb183551a89006eb40e5817983087a0a813b787030f8cfd321

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
1ebc6175fb278947294f44bd66b0f619

SHA1
4815304e7de8379ac2e85506d824de48518c6f51

SHA256
1ca820790243971584f62063a487422e6313e3b366e277a9157e6c87ca0bb9f7

SHA512
884e99e239df8effb05fd76b9e8e815193c1623b7e4ab15d4569c7cd2bce6e4c7903d14a8c112a8306a5a4087bb82ebb7d8ea1fb1b8169403cdd3300a7b8c23e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a6c275e5405cc1fe92e0874f0cf41fcc

SHA1
70d494791846016e063179bc207135d95fc129bf

SHA256
8ff31bbb6bc28ee42683c6cac9bf8cb2fdc3f7f4a33f1fccd4cd423228110d5f

SHA512
ca5fc4f3e763cec32bca21bf56b230ff4cfafc4656b249c064452698b96c1f8f244715b7fb136470f315e29d13ea21c9d49feb5424abcfc1b9601221b16968f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
a66a52820f2669eed8d7423242d17689

SHA1
f497741bfbc91cb718d3302acaaf099a388cfc22

SHA256
8792280164031936fe40fa365bc19a871634947e4a84120b0190f13ae176b086

SHA512
0de829b027a424b7b60cc9a4d82a5130e0859afe5c9ec082ecec5b403f2e5e80db85d89e7f0c5522e0b0c11db8c14dcfa55771e143b1be82c704a67008d80fa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
2bbf8c2f391546a8d7fe389bd45dea97

SHA1
a13b2435cd1e5fc02562e129abeb4a87cb57935e

SHA256
5959251f5ccd34ed99ad880ca5a07e8e1377a1e18afccfda1dda30589566bfde

SHA512
0c406253927518f899e03a5fa6a279c7bc02646621f172022de04bf0509e78984f83313ef6466af6f7359a26d60574a6d596c932216b3d7d8e6e2420a655abc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1f8bd3bf9c5542b0c089cc6650237786

SHA1
27f8f382f8460668c82e785776787bb82fa440d3

SHA256
134ef3b422ebe8365d07ef515ca5d059cfb479896024164c24259d67b77fabc1

SHA512
1690f6f7b1ee2c92f12997d5b240c4734bee46941800103baed94d11b202c6d75209cf9f06614fa5dc794f8027d67eb503283e34f823f6802fb47ec636b6aaa3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
27KB

MD5
4f824ac70c92a05ecb16aed99f5e7f34

SHA1
12e91c757e9f500279472a492606ac6334dee413

SHA256
b63099f11a12d5c7cf037a0895043e093823d16a2fbc2fc52cadedb415394ce7

SHA512
a3d44e2bfd8db1fb5880cc0401a8ba2ec43ca4c9aecd9d39e51ec748b9aeacfb8d5041497d42180b27a88de197e8ad6ecb9a9348961d4ff4f9232fbbb59869fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
26KB

MD5
6ac00b3ccb93bd58ee18b9c14bd6b7aa

SHA1
ae176a72bdc1617c00a7ff1948620fb17ed51f9c

SHA256
e2c83f83552b4afcc27b296dbc264430ca6a022c86ef9dabd5599440ca04a323

SHA512
6a6994e75d5e565e0ab250a69dd7273c470044e14cd93e7db73489253d687a48015dda953c7e85cd3cbe80cf3382a02c8bb31f662f2a7b3637b22e44e1384725

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
437ec36d9d4b792fb1bbf5869dacf104

SHA1
9d65be655add743b93c63dafa0f771635629b08f

SHA256
11c2d0c14c34c5ee48f236f7acb14e663b0abea1e7c4e9481f11ba095e521499

SHA512
539ddb84278dfee452a305ea6689a88c3c16b2fa12afe5354c872435c3cfac0e52e5eacab4fe4b75726911c25f8c85d0267c608a9705102ba80358dfcbde5fa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
27KB

MD5
ec79e0182915097d7fc07e218a08f4f3

SHA1
40a8dcb9249e4ed87fd7fb14477db1f372cef2f2

SHA256
d5c9b0b32c95a012e64a74d55457a2ce840ed95c14536970ca56668a4203e11b

SHA512
a9a9af2c14b0a0ce825cf20744be79f0e8a3dbcf8fe6b9488a67f7455853a7568edc4a09a5333f643aabdd1ce0056f44f5ab75a38b50ee0dd8ed27a43ed48c66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
30KB

MD5
a0be735e2a6aa5bb51533678abfb3552

SHA1
82817f64135084ba3d998bfda09a8cd828d01b52

SHA256
3903d628b5d45acda549091264e970a438fd1792ddc5cf983cc5560e070caf89

SHA512
e7ef58ee72591ee5046656c9f6c382c76e41f533a1b2d8e60e0a5b59814d1e7f5317ef1dc12fe78751a23f5a241dd75af59b533c88a0401012df8dff70be2e03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
29KB

MD5
85a3037fbfedf2c2b03bd51b7c894a6a

SHA1
783b73fdbe1048203d2f35fc15691c8dfa1602ef

SHA256
d66163f9eaa12ec612e6176574e1ae347f26e109cc6129d8f0f9fc46b2b02d6b

SHA512
8da8d1425e2bbb64ffad3ef79618890341b65a2923dcab0cf7364c4ecb8e84bcdcf0ee1be4abeea61bf281c071ba7bc54c6e229dc110f83b49f5233cb71fde69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
30KB

MD5
8ae5a78db6ba2c67b9e2f1f8358d80de

SHA1
cd8ad9a9d5439392ee154bb4e7ef2191aef91d8b

SHA256
d439134e7117e865fc03aa2733122953f4cd788fcde2765ad8b518c307c4f628

SHA512
03b19be5f5d45013238015d84d7131538896b28680bc404fa4b90470adc5051d0405b2a41695ea58cc1ddcd14d61912811176b9a775de6c09fa2350aa6502975

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\sessionstore.jsonlz4

Filesize
10KB

MD5
760955376f295822412c477169e18208

SHA1
a8b712da3bf4c9d31cca51cead830ba54d5804ab

SHA256
0ac4ce901ea0673b6cac0f991746012818ca2c04eee987503b811eccf3ad85cf

SHA512
13202c07fca8aae4e07a18f810d73cc231d10c54f48447a7b277a2ed8800d1ffe6de94ea4a3db72939475836abb1402b92a719d761eb8398e530aa53c12679d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\default\https+++en.softonic.com\idb\556220133rrae_su.sqlite

Filesize
48KB

MD5
31f9793128cf279e06b295a0c9695a32

SHA1
95340150c1bdec524b9a6e5ad16171f5397d5c84

SHA256
30dcad8096dcb778c5ac854d11ba41a489be966f9b6d60bbf0da69ab7e884021

SHA512
03ec8a3c26c7d229a4c5a301e4d22e377e0815fb5ab18338d5fe195dde68999d20d7d4ccfcf01c8fc8e9c947725d751ba7ba05020172c44b4548d14e5e3ad851

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fxdqvyvj.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
4886dc7b3764ae9d033ff05a296cc346

SHA1
e7b4b938c8db408c0be4c3469546b0b63e1a5e9d

SHA256
8a41ffe10b741de55355ada5a501348f062463bf2b50058e26b70f0486818adf

SHA512
85e40690ab4d2a340509506a8acafa5765fa1239bd1520703d0d40ea8a7e005b3e2596ff5f3e4cbe3e4dc8b40dfe565da2e5ec82d33d7b42d03ac614cd8eee27

Download Submit
C:\Users\Admin\Desktop\ClearCompress.mpp

Filesize
391KB

MD5
57e8a5e7cb6b32d940c37e7d5e2ef1be

SHA1
829c40bcc54eefd3fe4c3a8898e6eda6abdb0c35

SHA256
66d76be5e814e9a05dfbcab014e5d47eedbb1c3dbc31d0ddb7c071c878271c0c

SHA512
6ec32f156f9715228ea1023c3302319f711c519825995b93b51207cea1c1e057bb638b3206235ae05c89241d31bc270b3d27d843d77a1e17e37aaf61b2b6360c

Download Submit
C:\Users\Admin\Desktop\CompareUnpublish.vbs

Filesize
345KB

MD5
b6e74aa1f7a5f4241e60624f116ac680

SHA1
ea34b454c25f09cd86af3f5f50e550ddad98e7ea

SHA256
3e5d5b32776df15e40c4a2d6788cc0cd42aec784464d03e89860393bf41ec8ad

SHA512
b28df3dd0d516a36d9cc2517a6f2e8ce23cd558806d2d54c731e69ea116794fd600584d1cce5685c870ca507baaaf4648f6d11a85e7ef517e32a743561f8cb49

Download Submit
C:\Users\Admin\Desktop\ConvertConnect.vdw

Filesize
368KB

MD5
edd7bcf16babbf0983c69e239aaed7b2

SHA1
b3a8f94767bc68068b2450a245dc3eff81809697

SHA256
d9a5f2d9e5c85baf6eaecb77931b5d057b0f92b6f8b3790021277af6e02cca2e

SHA512
0a52f5734f02dacff308d34e58b912bf6a074c334a124aa74b84caa2b723d0386e173ad202c66e67d896f325f1d7192549407ea3cd2b6b33734a93f5882205ef

Download Submit
C:\Users\Admin\Desktop\CopyConfirm.cr2

Filesize
599KB

MD5
db2221ef7ac57799f4b996337c4950db

SHA1
5a6704327c68655c9e3cefe866fca33be4c054c6

SHA256
7392d3e8a5d73b3fe172e51bfd1e6448caa3cf792a919ef6c10ae3ab529a87bc

SHA512
52f17384881352fd2bf368e3e630ce6b6c711e22c71798deeca85c906cd640688d496400b302e263bbd9e711a11d5da269d94645529b2bbf64aa1d1ff1e4556a

Download Submit
C:\Users\Admin\Desktop\EnableProtect.xla

Filesize
322KB

MD5
55f59271853d07485369f71b391ea329

SHA1
9a2378a404677490864c69289c18b0e360bff087

SHA256
79a95141f6db8872a6d1c832e9528ecf5d766bab1180af73554902c5d37f72e5

SHA512
a4e071f0cfef1856030dfe3f7482e0f76cc9212fafc82b739205f5f99c56fe99cfd88de1a248335fc2ba4d4ea611bb81869cd89340131b327cd712f5d25e8fff

Download Submit
C:\Users\Admin\Desktop\EnterSubmit.jpeg

Filesize
414KB

MD5
6f8eacaa2093283c85bd87a3badd19da

SHA1
42b02d461f32790ac7aa5104a504a82b960ca592

SHA256
5edefa56b3fbe7a68fcd41982cc8cacf003d0ede85e6d7b921118fd7a280bc39

SHA512
673644ef663ee32ae31e495f18c3af5133ff9d1a872637a4eeeb16ca5e63631c6b741c0010708f211cf7816a63705059dff07425ee0982289d23c3c00cf574f6

Download Submit
C:\Users\Admin\Desktop\ExpandUpdate.svgz

Filesize
576KB

MD5
84bfbb89cee6af009ffd26265bfba8a8

SHA1
9587629ddb123cb30ea4cd1a035a50974e248dc3

SHA256
13696f31462be2ab2ae527b960db6ef93dea3b4e8ff8abbaff2404800e912e8e

SHA512
a280d2296185400d827cfbdf72858b3d91c7b4419b773caafb2d57b28dc19182d962d98b2683a0e06f5b7acf599d4e886390fa3edb58e1cfede39384a83e43d6

Download Submit
C:\Users\Admin\Desktop\GroupGet.jfif

Filesize
645KB

MD5
6ad886db01500d6e70ee681e8350fb5b

SHA1
ea41e27875736dd891995c3617aa851d3259881a

SHA256
287dc935f9bb7e948ea1d205d249d026a7b8661be0943c1cfe3ad119f24d292b

SHA512
d35e8f2f36444ddcce236c98707376bc0227d3999b4808bb07ea32bf2f8be89bfbc3c09c2300920b393b36a63b61bf19f91c3cf502854d47012b66d41a5e1dcf

Download Submit
C:\Users\Admin\Desktop\HideWrite.3gp2

Filesize
506KB

MD5
d96cf057704ee733052b77a3915a77d7

SHA1
a8c0cf62fbabb077e088d82a2d667a09f905b392

SHA256
a22678551625ecd578d3d2e399c7d18714a84baa205baf0051f0192d8448bfd3

SHA512
df46c9a1ff7aec046be777a9f7d3795e8cb029f100d001bc899fb827a41dd15f2b4692d73a71648b221839418d2ee40b645bffd3b16655baf6e8ca752feaee23

Download Submit
C:\Users\Admin\Desktop\ImportSave.pcx

Filesize
299KB

MD5
8531acbcbbf8c581385ca95d481a8c78

SHA1
ec2f66ddf30de2482a45624e54593f2965bc8d3e

SHA256
dd68eb2b9c7f9562bc374e3679e1e7fb14e920090d068e51e2013cf612b817e5

SHA512
059021764d6a462ec09e025a54a4a99e4472d8696597a96a5477f77b5426c29053450c10a5f4d983a94b9688df646aada48ba68ca9c4a38dd4e300b94b8eea6c

Download Submit
C:\Users\Admin\Desktop\InstallReset.raw

Filesize
230KB

MD5
07f4eed568ea651b35486c24ca358e5c

SHA1
c6f6fb9201408caec2c08119b490ab2771449e06

SHA256
d3e4bedcc5a2d318d7e794e486ffba028418aa5f9cbdcad343cc5587cf2ba6e5

SHA512
95a3a5361a326e909dee366fbb407c18b12f773cb9d3d85692aae431878c869ace9324ae3ccdd1f1385d9cfac60b74580c07e2f1ab243c9fff1d1bf69c1bb39d

Download Submit
C:\Users\Admin\Desktop\MeasureShow.aifc

Filesize
529KB

MD5
e13bbd16b4eca727b4702efb46369bd1

SHA1
519d4ca537e4d3bf803501076eb8586b92df691f

SHA256
c794e7fc27abf36ad78de3ea087e2c4c206086351e5317304d1dcc4cfecc3bb2

SHA512
12e134fd16fc3e387747ed47234d4386a98e8706ffdb530adc5a671cece230d71a7018eca31f2b11fd432f3c78504b10d0d281f85073e3683b135949b3eb6bd2

Download Submit
C:\Users\Admin\Desktop\MountConnect.ogg

Filesize
276KB

MD5
16ad0a06660eced11dac23dccec10139

SHA1
078753400819635e7815173fe25d07823228e72a

SHA256
90fb62d4e485100e9397c3f6c3c10948c015c009c163a4af0ec7c094cdbc48eb

SHA512
630cfdc871ab2ac4229520a7e50a32371204da9228ab8d5554a3aef2b3248ef7d72c698676ab5bca01b1e1fa5447f05efd0f86c0730179992ef24c4f3de94a66

Download Submit
C:\Users\Admin\Desktop\OpenSwitch.au3

Filesize
622KB

MD5
a483dde0321941b6d78ca126a2f965ec

SHA1
80f88a6ac80b5620bfad2413593ca75b9358f2d6

SHA256
1a1c7037ad4535eeb2ce8ec75ee1c395f97b0dca8b51efaa37c7bd3fa97adcc1

SHA512
7ec0afb8b0c2c2cef92ee3ca693ac7e98c07a7acd1b209a1f8feb2d0790853cd26693ea7f76dd5f4cafd03d6679d574e0362ae52c49f3118e6f965da09bc2ea7

Download Submit
C:\Users\Admin\Desktop\RegisterEnter.gif

Filesize
898KB

MD5
9dbc2f711ee22ed1838c917b95a40c81

SHA1
94982c8062f8709f413cc3051877907413c35a4c

SHA256
3cf959ce2bb7f6e17c1d2e8b6f7a047e241551105bebcfbe9ee0800a5fe074ae

SHA512
e33719217d704987a3e3ab2db2d112062a8b1be42a2bef37170dfa257752aa7065239e65a3129cf4cfe395b766da7c814032a63a0ab2309ecb3630d17a7450b6

Download Submit
C:\Users\Admin\Desktop\SuspendMerge.dot

Filesize
460KB

MD5
cd74ed057fa9a385a8f9c2124ae0f78a

SHA1
3f74705aecb31f2034d6ccc5fddec3fa11a72825

SHA256
dde4254d755d8484b7e7ad707327e5844ebc73614f50f4e33a82932c66aaf2b6

SHA512
d520a6d7f92510ce9e244e1f0dc505d00204e06840571d5181e89dcf0ed6b7e8d5dfad2ac3cdb6812422dc7cbbac83dd5464e582ab2885d9bbf5c695f5b5eb93

Download Submit
C:\Users\Admin\Desktop\UnprotectPop.vbs

Filesize
253KB

MD5
3c602565edee6d0a3c066bf881b185d8

SHA1
703fbfd2d76df319e153193f9cadb938e2c815a5

SHA256
81e7e2f08a049707856863a54e1a0f00711538136f65e3a2811696b10bc8ace6

SHA512
b75087ed8924d6ff9e34565d60525eec59d309c2cfe1ebe6dd9dcf880707017d58a6e85691b52ca2de2aee46dc56501a17170e60ff80994a8f0021dc9e99f632

Download Submit
C:\Users\Admin\Desktop\UnregisterDisable.rm

Filesize
552KB

MD5
35249985beba0283c0a448ecb73bdee1

SHA1
5cdd9820f036399a54ba81a8bc5bfc7f9bf8709c

SHA256
a1c8e03fc8fddeb04285fbfe21188248667588c58e961e96562084be1509e866

SHA512
e436411e860801eac5f6ea0bdf35e99edaa5a89677d16daa8eaf0b62d4e330687a0b120f03db60a828020b93023f8cc53be597fa58e88f8f6242effd112d76a0

Download Submit
C:\Users\Admin\Desktop\UpdateSkip.vssm

Filesize
437KB

MD5
1170388e0847be7d315e9c77f2f56e65

SHA1
35eba2474158dd82dac1e9b2d2fa6ac85551b501

SHA256
693bc62ebad98a8d9cd6116cfa16bf6ae1f685141420072685cefe130d1ba1c9

SHA512
f725d41d882add4276a5a46e16ff534d72ffee9ced1e77e27f628b61f326131f8d419ffdca38ce735c2e952382114da67e52c63fc7226f95d6134ea1cdc2f2f1

Download Submit
C:\Users\Admin\Downloads\1674424797137599124.png

Filesize
2.2MB

MD5
d19e5bdf839d5547bab77162fe068e80

SHA1
ea0193230e108426bbad15c4a275f63c01c60504

SHA256
72c6ad6c66a3f5ec1510ca6626e71b9201dd663c53d6edc41df2d74a6be519f4

SHA512
e4716397b10762c15f3ebcd280c50d1eab89908380e92038d227c047bde82a60ec8f51f78c779daf3e0271ed6be41edda71e858ac1d2d9f667c25fdaa67f86e4

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\lively_setup_x86_full_v2074.exe

Filesize
10.6MB

MD5
481c31753bb7e78bbb9b57532d1df9b2

SHA1
750434802cad43b74b5dcc81caadfa281cfcd9f1

SHA256
2f7444ed39c10622027dfee7bbeab5f2140ce6bdc5861038b66bdd70609f2a5b

SHA512
80206921f1ad4e5e58c504dae4630eae4420d0714294ac68a51951213cd9c6f137f62970714d9eea68763f103aa43ebe8b3557c03cbf0a7b72808b30e6d63d92

Download Submit
memory/3216-322-0x0000000000A20000-0x0000000000A21000-memory.dmp

Filesize
4KB

Download
memory/3216-23-0x0000000005880000-0x0000000005881000-memory.dmp

Filesize
4KB

Download
memory/3216-1-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3216-0-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3216-228-0x0000000006EF0000-0x0000000006EF1000-memory.dmp

Filesize
4KB

Download
memory/3216-239-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3216-83-0x0000000006EE0000-0x0000000006EE1000-memory.dmp

Filesize
4KB

Download
memory/3216-323-0x0000000000A30000-0x0000000000A31000-memory.dmp

Filesize
4KB

Download
memory/3216-321-0x0000000000990000-0x0000000000991000-memory.dmp

Filesize
4KB

Download
memory/3216-21-0x0000000005870000-0x0000000005871000-memory.dmp

Filesize
4KB

Download
memory/3216-82-0x0000000007D30000-0x0000000007D31000-memory.dmp

Filesize
4KB

Download
memory/3216-324-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3216-320-0x0000000000A00000-0x0000000000A01000-memory.dmp

Filesize
4KB

Download
memory/3216-365-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/3216-4-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/4004-241-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4004-481-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4004-12-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4004-304-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4004-289-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4004-11625-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4004-32-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/4200-270-0x0000000005940000-0x0000000005941000-memory.dmp

Filesize
4KB

Download
memory/4200-275-0x0000000005990000-0x0000000005991000-memory.dmp

Filesize
4KB

Download
memory/4200-261-0x0000000005890000-0x0000000005891000-memory.dmp

Filesize
4KB

Download
memory/4200-262-0x00000000058A0000-0x00000000058A1000-memory.dmp

Filesize
4KB

Download
memory/4200-260-0x0000000005880000-0x0000000005881000-memory.dmp

Filesize
4KB

Download
memory/4200-263-0x00000000056A0000-0x00000000056A1000-memory.dmp

Filesize
4KB

Download
memory/4200-264-0x00000000058C0000-0x00000000058C1000-memory.dmp

Filesize
4KB

Download
memory/4200-265-0x00000000058D0000-0x00000000058D1000-memory.dmp

Filesize
4KB

Download
memory/4200-266-0x00000000058E0000-0x00000000058E1000-memory.dmp

Filesize
4KB

Download
memory/4200-267-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/4200-268-0x0000000005900000-0x0000000005901000-memory.dmp

Filesize
4KB

Download
memory/4200-271-0x0000000005950000-0x0000000005951000-memory.dmp

Filesize
4KB

Download
memory/4200-256-0x0000000005680000-0x0000000005681000-memory.dmp

Filesize
4KB

Download
memory/4200-272-0x0000000005960000-0x0000000005961000-memory.dmp

Filesize
4KB

Download
memory/4200-269-0x0000000005910000-0x0000000005911000-memory.dmp

Filesize
4KB

Download
memory/4200-273-0x0000000005970000-0x0000000005971000-memory.dmp

Filesize
4KB

Download
memory/4200-274-0x0000000005980000-0x0000000005981000-memory.dmp

Filesize
4KB

Download
memory/4200-372-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-276-0x00000000059A0000-0x00000000059A1000-memory.dmp

Filesize
4KB

Download
memory/4200-277-0x00000000059B0000-0x00000000059B1000-memory.dmp

Filesize
4KB

Download
memory/4200-278-0x0000000005920000-0x0000000005921000-memory.dmp

Filesize
4KB

Download
memory/4200-259-0x0000000005860000-0x0000000005861000-memory.dmp

Filesize
4KB

Download
memory/4200-279-0x0000000005930000-0x0000000005931000-memory.dmp

Filesize
4KB

Download
memory/4200-285-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-257-0x00000000056C0000-0x00000000056C1000-memory.dmp

Filesize
4KB

Download
memory/4200-287-0x00000000081D0000-0x00000000081D1000-memory.dmp

Filesize
4KB

Download
memory/4200-245-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-258-0x0000000005850000-0x0000000005851000-memory.dmp

Filesize
4KB

Download
memory/4200-292-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-368-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-249-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/4200-11303-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-482-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-247-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/4200-369-0x0000000000C80000-0x0000000000C81000-memory.dmp

Filesize
4KB

Download
memory/4200-469-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-11-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-472-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-11583-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-303-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-366-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-288-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-19-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-240-0x0000000000CB0000-0x00000000023E7000-memory.dmp

Filesize
23.2MB

Download
memory/5004-31-0x0000000000C90000-0x0000000000C91000-memory.dmp

Filesize
4KB

Download
memory/6592-3583-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/6592-3548-0x0000000000400000-0x00000000004D4000-memory.dmp

Filesize
848KB

Download
memory/6688-3552-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download