discordrat | hxxps://youtube[.]com

Resubmissions

29-03-2024 11:57

240329-n4j88sgh75 1

28-03-2024 17:14

27-03-2024 09:26

26-03-2024 10:44

25-03-2024 13:29

Analysis

max time kernel
656s
max time network
642s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2024 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

10^/10

discordrat stealerium evasion persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwNDE2NTY4Njk3NzYyNjEyMg.GRhsTy.8H7CIfq-yp21uNxoK32TwO-EvLKKe8OdYxHSeY
server_id
1204166943272075375

Extracted

Family

stealerium

https://discord.com/api/webhooks/1198109936962523207/lCQU_FP9ZB1b0q8fk_yTE8P2eBnjZiVz3Zb0cBvBttRQhZqr3Q71JCUV-x38qBEwIjcp

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Stealerium
An open source info stealer written in C# first seen in May 2022.
stealer stealerium
Creates new service(s) 1 TTPs
persistence

Windows Service
T1543.003
Downloads MZ/PE file

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system32\drivers\etc\hosts	CS2Cheat_x64.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\Geo\Nation	CounterStrike2FCx86.exe

Executes dropped EXE 4 IoCs

pid	Process
1300	Counter-Strike-2-Free-Cheat-2024.exe
652	CounterStrike2FCx86.exe
4212	CS2Cheat_x64.exe
884	WindowsSystemTool22H2.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	CS2CheatInstaller.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	Counter-Strike-2-Free-Cheat-2024.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 21 IoCs

Web Service

T1102

flow	ioc
368	discord.com
536	discord.com
539	discord.com
294	discord.com
540	discord.com
548	discord.com
549	discord.com
547	discord.com
524	raw.githubusercontent.com
525	discord.com
534	raw.githubusercontent.com
538	discord.com
546	raw.githubusercontent.com
523	raw.githubusercontent.com
526	discord.com
535	discord.com
293	discord.com
298	discord.com
369	discord.com
494	discord.com
495	discord.com

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\MRT.exe	CS2Cheat_x64.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive	powershell.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log	powershell.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4212 set thread context of 1760	4212	CS2Cheat_x64.exe	206

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_4548_1856812235\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\eventpage_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4548_2058862209\_locales\si\messages.json	msedge.exe

Launches sc.exe 9 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3444	sc.exe
3040	sc.exe
5272	sc.exe
5676	sc.exe
1524	sc.exe
3416	sc.exe
1216	sc.exe
6008	sc.exe
1956	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 9 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
2832	timeout.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 1 IoCs

evasion

pid	Process
432	taskkill.exe

Modifies data under HKEY_USERS 46 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{15B757D8-0A22-4D1D-A040-9033E4B8C267}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1904519900-954640453-4250331663-1000\{FF64D100-9701-488D-AE57-F4DDB5B4E6B1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\[2024]-Counter-Strike-2-Free-Cheat-2024.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\HooxCheats-main.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4548	msedge.exe
4548	msedge.exe
3104	msedge.exe
3104	msedge.exe
5984	taskmgr.exe
5984	taskmgr.exe
5984	taskmgr.exe
5984	taskmgr.exe
5984	taskmgr.exe
5984	taskmgr.exe
5984	taskmgr.exe
5984	taskmgr.exe
652	CounterStrike2FCx86.exe
652	CounterStrike2FCx86.exe
4212	CS2Cheat_x64.exe
3424	powershell.exe
3424	powershell.exe
3424	powershell.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe
4212	CS2Cheat_x64.exe

Suspicious behavior: LoadsDriver 64 IoCs

pid	Process
3552	Process not Found
3944	Process not Found
4584	Process not Found
3320	Process not Found
1808	Process not Found
2488	Process not Found
3556	Process not Found
3772	Process not Found
1216	Process not Found
2832	Process not Found
4792	Process not Found
5716	Process not Found
5892	Process not Found
4712	Process not Found
5044	Process not Found
4800	Process not Found
4860	Process not Found
4500	Process not Found
2116	Process not Found
5040	Process not Found
5760	Process not Found
5676	Process not Found
4064	Process not Found
1696	Process not Found
644	Process not Found
1936	Process not Found
880	Process not Found
5852	Process not Found
4624	Process not Found
5360	Process not Found
5968	Process not Found
4052	Process not Found
2076	Process not Found
3024	Process not Found
3152	Process not Found
1120	Process not Found
5660	Process not Found
4896	Process not Found
456	Process not Found
3256	Process not Found
2752	Process not Found
4580	Process not Found
2580	Process not Found
3608	Process not Found
4668	Process not Found
2340	Process not Found
856	Process not Found
2824	Process not Found
5384	Process not Found
4572	Process not Found
388	Process not Found
6044	Process not Found
2484	Process not Found
1012	Process not Found
652	Process not Found
6132	Process not Found
2868	Process not Found
2936	Process not Found
3420	Process not Found
4544	Process not Found
3268	Process not Found
1436	Process not Found
1864	Process not Found
2172	Process not Found

Suspicious use of AdjustPrivilegeToken 41 IoCs

description	pid	Process
Token: 33	4272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4272	AUDIODG.EXE
Token: SeDebugPrivilege	4276	taskmgr.exe
Token: SeSystemProfilePrivilege	4276	taskmgr.exe
Token: SeCreateGlobalPrivilege	4276	taskmgr.exe
Token: 33	4276	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4276	taskmgr.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	4908	taskmgr.exe
Token: SeSystemProfilePrivilege	4908	taskmgr.exe
Token: SeCreateGlobalPrivilege	4908	taskmgr.exe
Token: 33	4908	taskmgr.exe
Token: SeIncBasePriorityPrivilege	4908	taskmgr.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	4852	fivemcheat.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	5984	taskmgr.exe
Token: SeSystemProfilePrivilege	5984	taskmgr.exe
Token: SeCreateGlobalPrivilege	5984	taskmgr.exe
Token: 33	5984	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5984	taskmgr.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	3144	firefox.exe
Token: SeDebugPrivilege	652	CounterStrike2FCx86.exe
Token: SeDebugPrivilege	432	taskkill.exe
Token: SeDebugPrivilege	3424	powershell.exe
Token: SeShutdownPrivilege	4812	powercfg.exe
Token: SeCreatePagefilePrivilege	4812	powercfg.exe
Token: SeShutdownPrivilege	712	powercfg.exe
Token: SeCreatePagefilePrivilege	712	powercfg.exe
Token: SeShutdownPrivilege	3920	powercfg.exe
Token: SeCreatePagefilePrivilege	3920	powercfg.exe
Token: SeShutdownPrivilege	3204	powercfg.exe
Token: SeCreatePagefilePrivilege	3204	powercfg.exe
Token: SeDebugPrivilege	1760	dialer.exe
Token: SeDebugPrivilege	1168	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
4276	taskmgr.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe
4908	taskmgr.exe

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
5976	OpenWith.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
3144	firefox.exe
2396	CS2CheatInstaller.exe
1300	Counter-Strike-2-Free-Cheat-2024.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 772	4548	msedge.exe	119
PID 4548 wrote to memory of 772	4548	msedge.exe	119
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 2064	4548	msedge.exe	120
PID 4548 wrote to memory of 4556	4548	msedge.exe	121
PID 4548 wrote to memory of 4556	4548	msedge.exe	121
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122
PID 4548 wrote to memory of 2908	4548	msedge.exe	122

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:628
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:60

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:968

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:428

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1152

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1200

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1236

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://youtube.com
1⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5336 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:1
1⤵
PID:4040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4724 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:1
1⤵
PID:3768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5760 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
1⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5988 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:1
1⤵
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6160 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:1
1⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5468 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
1⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
1⤵
PID:4656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2fc 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5508 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
1⤵
PID:1984

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6576 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
1⤵
- Modifies registry class
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6568 --field-trial-handle=2264,i,13734085038406049477,12426093271221802693,262144 --variations-seed-version /prefetch:8
1⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x24c,0x7ffb27152e98,0x7ffb27152ea4,0x7ffb27152eb0
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2260 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3368 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3380 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4424 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4488 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4488 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4744 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4772 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4476 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=760 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3776 --field-trial-handle=2264,i,2705827655151008642,756329750653199320,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:656
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.0.1769611181\1053033855" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0d597ef-819f-4b03-ab53-2302bb1981a3} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 1980 2b163bbb458 gpu
    3⤵
    PID:2896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.1.1644812217\1214821147" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7d3a564-254b-4214-9a86-fb5930fde622} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 2380 2b157070a58 socket
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.2.1959312836\105850930" -childID 1 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9536f150-a7e4-4236-a787-408fb08e144a} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 3504 2b167c80858 tab
    3⤵
    PID:5304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.3.812901100\1351686575" -childID 2 -isForBrowser -prefsHandle 3748 -prefMapHandle 3116 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75d856c0-5aeb-4dcf-be69-7e55efd33555} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 3684 2b157061058 tab
    3⤵
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.4.1733375788\969026335" -childID 3 -isForBrowser -prefsHandle 3260 -prefMapHandle 2984 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a0e5821d-b34c-4f87-8792-a83c132382c8} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 3940 2b157066258 tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.5.1144013474\1316023188" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 5016 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {125477b4-dc30-42a3-a4b9-bc71dbece215} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 5020 2b16972e258 tab
    3⤵
    PID:656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.6.205865459\562560040" -childID 5 -isForBrowser -prefsHandle 5156 -prefMapHandle 5160 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {472f0648-08fa-4ee1-872d-b330ffb78955} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 5144 2b169c8a658 tab
    3⤵
    PID:2004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.7.1304297551\1752972091" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28065ed7-0f91-439e-b532-70555f649df2} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 5344 2b169c20e58 tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.8.1532809772\262709194" -parentBuildID 20221007134813 -prefsHandle 5896 -prefMapHandle 5852 -prefsLen 26285 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea6cd827-9840-49ad-bcbb-9b39ff1e188d} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 5908 2b16ae54458 rdd
    3⤵
    PID:5844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.9.1467910157\1423677397" -childID 7 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0403e69e-c39e-4e11-98ec-18c37cc263a2} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 6084 2b164a3dd58 tab
    3⤵
    PID:3772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.10.1798257588\593720266" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3336 -prefMapHandle 4720 -prefsLen 27416 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {947e25dd-3768-4678-b668-c6a5e5f37802} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 4776 2b168c80d58 utility
    3⤵
    PID:5100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.11.730078708\665422979" -childID 8 -isForBrowser -prefsHandle 6808 -prefMapHandle 6796 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df0f808e-ccd3-4de2-919f-287c11aaa4a8} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 6824 2b16ad11458 tab
    3⤵
    PID:3796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.12.1601316588\1887200349" -childID 9 -isForBrowser -prefsHandle 6924 -prefMapHandle 6920 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04adcab8-18da-422f-b6a6-cfec08807003} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 6932 2b16c34fe58 tab
    3⤵
    PID:5748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.13.258917213\1448075347" -childID 10 -isForBrowser -prefsHandle 7284 -prefMapHandle 7084 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {269a6401-b75d-43bf-9324-b4b18b578b79} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 7340 2b15705e258 tab
    3⤵
    PID:3504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.14.1076395392\1539308771" -childID 11 -isForBrowser -prefsHandle 5236 -prefMapHandle 6856 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48c57509-a9c0-4a0d-94cc-19d942f8d55f} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 5308 2b168462558 tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.15.1245475203\915968427" -childID 12 -isForBrowser -prefsHandle 4524 -prefMapHandle 6744 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d8ed86f-92b6-4d48-8893-21d96f048aa3} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 6452 2b16905ab58 tab
    3⤵
    PID:1096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.16.1443221476\1705724030" -childID 13 -isForBrowser -prefsHandle 4208 -prefMapHandle 6096 -prefsLen 27474 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc5ab3f5-55dc-4f7d-8b8a-bb752100f320} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 6740 2b169c1e758 tab
    3⤵
    PID:1360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.17.1627040631\1184439759" -childID 14 -isForBrowser -prefsHandle 7752 -prefMapHandle 7756 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d340105d-4d20-4a13-b39b-607f6a3c9c60} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 7732 2b16c34fb58 tab
    3⤵
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.18.623491789\1695963367" -childID 15 -isForBrowser -prefsHandle 6640 -prefMapHandle 6644 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a11a5cb-8f42-4df3-80a6-ffdcb3b72e18} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 7708 2b16c34ef58 tab
    3⤵
    PID:496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.19.1492932192\655730143" -childID 16 -isForBrowser -prefsHandle 11572 -prefMapHandle 11596 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcef12f1-b3ad-44aa-b0b8-b16e2c4b1e6a} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 11560 2b16dffcd58 tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.20.1376028856\1597939481" -childID 17 -isForBrowser -prefsHandle 11368 -prefMapHandle 11364 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dec52ec9-2593-486a-9b34-2f90242479e8} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 11376 2b168464058 tab
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.21.846948430\832849911" -childID 18 -isForBrowser -prefsHandle 6804 -prefMapHandle 7712 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3445492-8fb3-4eca-bf55-ac5857399669} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 5288 2b16e395658 tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.22.415637108\278378731" -childID 19 -isForBrowser -prefsHandle 4764 -prefMapHandle 3212 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08662201-6f7a-42cc-b65d-093e8504189b} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 3220 2b16ac9b058 tab
    3⤵
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.23.1770649095\1141419888" -childID 20 -isForBrowser -prefsHandle 11392 -prefMapHandle 11404 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63405517-5403-4a62-b893-1731cacc9c74} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 5452 2b169c8be58 tab
    3⤵
    PID:960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3144.24.935596895\797932666" -childID 21 -isForBrowser -prefsHandle 4932 -prefMapHandle 4364 -prefsLen 27483 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba1af9e3-60a9-45cc-a5b1-1a244ca43f79} 3144 "\\.\pipe\gecko-crash-server-pipe.3144" 6988 2b16c3a1058 tab
    3⤵
    PID:4280

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4908

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3360

C:\Users\Admin\Desktop\HooxCheats-main\fivemcheat.exe
"C:\Users\Admin\Desktop\HooxCheats-main\fivemcheat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4852

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5984

C:\Users\Admin\Desktop\HooxCheats-main\[2024]-Counter-Strike-2-Free-Cheat-2024\CS2CheatInstaller.exe
"C:\Users\Admin\Desktop\HooxCheats-main\[2024]-Counter-Strike-2-Free-Cheat-2024\CS2CheatInstaller.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetWindowsHookEx
PID:2396
- C:\Windows\SYSTEM32\cmd.exe
  cmd /c move AimStar.exe %userprofile%\Desktop\AimStar.exe
  2⤵
  PID:1940
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Counter-Strike-2-Free-Cheat-2024.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Counter-Strike-2-Free-Cheat-2024.exe
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Suspicious use of SetWindowsHookEx
  PID:1300
- - C:\Windows\SYSTEM32\cmd.exe
    cmd /c mkdir %userprofile%\AppData\Local\Temp\275kwb4jogz & move CounterStrike2FCx86.exe %userprofile%\AppData\Local\Temp\275kwb4jogz\CounterStrike2FCx86.exe & %userprofile%\AppData\Local\Temp\275kwb4jogz\CounterStrike2FCx86.exe & CS2Cheat_x64.exe
    3⤵
    PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\275kwb4jogz\CounterStrike2FCx86.exe
      C:\Users\Admin\AppData\Local\Temp\275kwb4jogz\CounterStrike2FCx86.exe
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:652
    - - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C C:\Users\Admin\AppData\Local\Temp\tmpE6BF.tmp.bat
        5⤵
        
        PID:5888
      - C:\Windows\SysWOW64\chcp.com
        
        chcp 65001
        6⤵
        
        PID:1376
      - C:\Windows\SysWOW64\taskkill.exe
        
        TaskKill /F /IM 652
        6⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:432
      - C:\Windows\SysWOW64\timeout.exe
        
        Timeout /T 2 /Nobreak
        6⤵
        Delays execution with timeout.exe
        
        PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\CS2Cheat_x64.exe
      CS2Cheat_x64.exe
      4⤵
      Drops file in Drivers directory
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of SetThreadContext
      Suspicious behavior: EnumeratesProcesses
      PID:4212
    - - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3424
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        5⤵
        
        PID:4368
      - C:\Windows\system32\wusa.exe
        
        wusa /uninstall /kb:890830 /quiet /norestart
        6⤵
        
        PID:3232
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop UsoSvc
        5⤵
        Launches sc.exe
        
        PID:5676
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop WaaSMedicSvc
        5⤵
        Launches sc.exe
        
        PID:3444
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop wuauserv
        5⤵
        Launches sc.exe
        
        PID:3040
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop bits
        5⤵
        Launches sc.exe
        
        PID:1956
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop dosvc
        5⤵
        Launches sc.exe
        
        PID:1524
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4812
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3920
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:712
    - - C:\Windows\system32\powercfg.exe
        
        C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3204
    - - C:\Windows\system32\dialer.exe
        
        C:\Windows\system32\dialer.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1760
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe delete "JLEMVPHW"
        5⤵
        Launches sc.exe
        
        PID:3416
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe create "JLEMVPHW" binpath= "C:\ProgramData\WindowsSystemTool22H2.exe" start= "auto"
        5⤵
        Launches sc.exe
        
        PID:1216
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe stop eventlog
        5⤵
        Launches sc.exe
        
        PID:6008
    - - C:\Windows\system32\sc.exe
        
        C:\Windows\system32\sc.exe start "JLEMVPHW"
        5⤵
        Launches sc.exe
        
        PID:5272

C:\ProgramData\WindowsSystemTool22H2.exe
C:\ProgramData\WindowsSystemTool22H2.exe
1⤵
- Executes dropped EXE
PID:884
- C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
  C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of AdjustPrivilegeToken
  PID:1168

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2916

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:6068

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:5748

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3680

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3120

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:1176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
ae04df07282b6f1209a9f2456c65451d

SHA1
8edc4ff9a6575f75c0dcb4fc752ab783da3a9d8b

SHA256
ff5259d8609a3c63441cfa040d5eb6b6b9d7a7019553a9e8f0b3225a7fdeb5ef

SHA512
51860e1ffa024436c69c85d7bda23bfbaba5add759fd546bfa99ad3fc915e4b866a9c324b8864c5f34dd56d523eaad08e95aa84813363a5caf51de75c4828bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
74ebf82757f754b3c0aa0018a251e2a7

SHA1
00bb83c7746d578698ef61c04c921eff4c7f1aa5

SHA256
2e7623e9e2a9f4fe14961a14d493219a5121d74b33d31351abf93d208cc46379

SHA512
859a0b50bbdc8a87c36f9a3d37de92ca1476102b32250b2f7ea62f608728820c185e702725bfe7eb657d29be04697fb354b17b0ab1ea3f6a2fd43dd7b247999a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a9914c633b08cd9b68d9c7d3d1caeb64

SHA1
475f643bb4985ce0f3b7425357839c047949e347

SHA256
b818e8adece9d3c0520fa1e8fa130c397535ee079ea8c4c685d1ee1aea9f1ab4

SHA512
640fe6d1335fd8d91a077d68c08c3e11d36ae87c94ef5e0a000de58ee5626c905658a7f8448f8b2467b9eb61cd5e2f335ea7b57c4689d61268aedfb965557972

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e0b9cb15315450fa98cffd859fb441af

SHA1
34f11f852cb0960dcf6e46032557f30b64175783

SHA256
5f8e0dc665bc624197d4bc43097d395e111b2ce47e89c133f308557fbb8e1fbd

SHA512
9cb342b2085665356c452c528db7b41ce03d54ac774cd748fee74dd54f2ef55e9a84a3315c205ce71c2941a8a50c707664cc62bea2b49d31a496b2263134f395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
50929048e7ac8ca0085156cdd84e71eb

SHA1
333182725b1c04a6f014fc7b47872bda26488000

SHA256
4176b0f088de95ae1d4ddd54b0a5a35e8024d1ddb2e8e2a1ae62027167cbfefe

SHA512
460ac0f3665b59e9ab671a9dad5c07c1162c1405afbf8e17d67bd7cceb6e1c0da58ec7a5d2973994609a1ceafb20b0e268635f9787b8fe28b6c57caf6f2b574a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
a259af9b46912169987873f63a9af0f5

SHA1
f01d8d27a31709f726f7d8450916d1d513c4f07d

SHA256
849e9c231d1dca3b8472617805ab1551edf9da30df2b127c6f5debc008738ad6

SHA512
e35e5e3fc017fbbc9df178623993aeaf814a604427755ed28bb6453608a6b771ccb6b57b5bd86ca48ed4223b307540dd03772dc84907f0b453a9b0c08e3e4ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
62KB

MD5
fbe6d1e5ae3c6655bdf8e018d140e04a

SHA1
696a0ffb668aafafd308455cec2da3d1bd6c2775

SHA256
76ed1a5f6643b5a0f0bb6d03764a6c12a565072d1154272102ce5f65e548476e

SHA512
f964a623762242d7656c6163e8c13ba7059d084c1025d4b598b43db8955f6df13f64ffb394bf7726cc5387dbe17d296f74c05b95903776dff6678da346c46849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
71KB

MD5
95e3f61ca2c404424fe71456ede5f403

SHA1
2d660269de54c8ae2bc8742c87b0d92dab4167b7

SHA256
0c4a369ec6bf1ec2fbab3298182060d7b2e2586ebb327fd08a990504dfa4fe6b

SHA512
33bc72db47156d4ab9c5d145a1383f5710329d369332bb17cf18f9ab3c0af21cfcf29bf7db47d132f44fd4dbfd56a66607413ffe0a514def49914a466f47bf51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\13619

Filesize
10KB

MD5
23b61d84457f3bf7d2509338a90f024d

SHA1
704be3bd0afdc7db36c59259195bd91436bb309a

SHA256
e4a7a542957f3552fcdbe1d14aa58f20a84e39e028ab5f5c39beb4ce1a2af6fb

SHA512
ee3173b8e8cf5ebbaf77301b3c6a92845a0b203d8d91bf36cb6f01d14e82f72b656ef273a2f10e7ff45e1decd4a3c3953be4722c80ae92adc36338d806634d12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\16260

Filesize
10KB

MD5
909d599c23009861595c18e24c8d7b4f

SHA1
7cdb306e29f8e5f668c6d3000263e94d35f8cbd6

SHA256
a92859c8fe9ced6b3e918908e036152c9951fec8ba6c4c2f811fceb7ebb7a4ba

SHA512
17b46007eb8a16ac57a357bcb7f3ba1c3ff0e7a33aa19b1c206057dc27d8fff154d7e761dfb58baa05c0c6a02c247b285651cad60dc9e1077232edd459478e45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\16999

Filesize
10KB

MD5
565b702db0e2a55a58aec9e15041022b

SHA1
9b59d83641e74a14aa0ae14d432a94f05ce17540

SHA256
510b2189c581724a2a2164049f15ccc515ed4b5d4ced52fff061398c1ebeda99

SHA512
f3b3bfb5cb942db2ed1055f5d621883923ebffe19da069c5ea4332a1e9222b7be8562b536f99dc87b42ab299af4519136bb29ad4bda15f7a77ac27fdd54b4990

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\19343

Filesize
10KB

MD5
015faffd1af56856a6c1df777377d7e8

SHA1
5ea3d287dd166feb214b2647b4b90fb59356b041

SHA256
be27810e186d08d414081d71fb3a9c49604b068a91d5eb8849a8edda353ec05b

SHA512
a6a97ba7e9ae067f102d4ae1ad29b4db7e3c3a7aa2e51e011ff0b2525bd4e3524136596206414be05b616679b5c427ca1c41018d413e73f20f0ba5d45f8dcce1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\20554

Filesize
10KB

MD5
1e07625e8226e60e9130a3318fa73c4c

SHA1
a52cc8af3e8ee4d3c865abbaf904b69adbb7e46f

SHA256
6450d282249d93e39c43d4c97686fd5a8275b9c27b0084c3c3ea980f3b0f6019

SHA512
5c03b6277edfa045c28b04882b3638cd1335f30da6f778a6f112e90e947d1dcee3b335d9f62c051beb42ea323650f12dedd5b4107e83080915b97682f054530d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\22225

Filesize
10KB

MD5
3be8dd1ac537a5c37bf4412a4d060622

SHA1
4126c5d5eaa7a007ce7e1e0e0798b63a3b1f9055

SHA256
c0de490dae2ddd71cb179c647aa842a00fe50f8937c0959e764f2eb384414b29

SHA512
e75cfbd0f1b33a2769cd254f7a9efecd07fd98fc0d16f4e0d29a1712aa270f49c5ec3effda8a977956fc69de9371d27d1b66d6eb4beed232c2ac1369517795b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\24550

Filesize
10KB

MD5
0cca6c6d1b4fbef54ca81b19e0ac0d06

SHA1
4cd899acaf1ace5d0fe03b21fd00447422235916

SHA256
350643a0010ae138fbd6c7a3dc5acaaf6a7a46077739a1fbda49b0c4f1363bff

SHA512
c6ceb3d5b34804171079eb7682a976c6cb2c369e94a67e5d351dd8a6ecd021f293322396ddada0351c55df597ab7b5c1c1cad538f44e18d3e4d7394624bcb64a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\27167

Filesize
10KB

MD5
da4833f1007de5e0016808f70690aad5

SHA1
b64ed7b5bb4ebf831d985b2deda51baf2d743f20

SHA256
49deff1debd0d5198674f12b1be2266ba12e5c58cc6b4ed8f55c4ff3adbc8259

SHA512
2d43fd49cbff945ee8d922b6163b60c653528d19d1b81b882a0a092142ceccdd3dc491fcfd92d4a8a9c92b0e0de4e3ba4d5e5ac1a7162d0d48df4aec276a3dbf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\27808

Filesize
10KB

MD5
0d05f872a7b54a8e983bf08ce31d0598

SHA1
2d139d6e26a065e5b7f684de476be66b407a1ab3

SHA256
c0e8f9c1b19b1c4cac3bddd4ed09d4f9372582ea573312bad40b4212e2b5339b

SHA512
797a368b07ed84021b3c70a45be2d47fd90e07614659c6c3ee0d46a34d9a23f68555af96f1a2bdbe9acfcc3adcab4287f4b975ff11a330ac04b971300a0aaece

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\30084

Filesize
17KB

MD5
44ca801d46d8de5f7b87102fee0a9a9c

SHA1
37a8b2314b9ce85235f0f5735e38fbabebcd5457

SHA256
3d752b5175914e8b493e179d830a04dbdef9c327d48e45dbc98c729a979ed809

SHA512
62722cd31c96f67d0e861d2b1189d38dc0b0fb0f99ce0f21023c8cb5cdc9d9ffa6d7a56971d0cc92721739b07c978f68c13f92bc644a69668f11f080778fd586

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\31519

Filesize
57KB

MD5
09cedf8a7d706b1df0fa3cbe53b61e0d

SHA1
30ee5bcb060f975317d264ad4a15d749dfd3b9ae

SHA256
8d5d3c1c9988db609f245601329ad1b8cffa2d195e49ddef1ba5595322613414

SHA512
12b3441689a78a2074ea49f4be0b8310b440404373c050953edfd94ea2dcb40952749ad34cb50fed2b4fe7478b20af7d3a732ef719f27370413e3c10ef1ef666

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\5016

Filesize
14KB

MD5
04fe40dd573d53b20913d54e33efbfb8

SHA1
573fcc6e37c8875a09e087c113f9901def9137e1

SHA256
d9fcfce9822761df197c7d2d2e2d49f5e267ce804933c3fa58453018513b4e54

SHA512
09a9c63f1aba6c88e1db8234af265f968c485e53258dc76292eeeb66546321380f9acf790856e5c83dac2e90c63c121d126ec7a6724406ff0e7a946d90cd544f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\555

Filesize
55KB

MD5
3068bff42cd8cb81eb5daf851b663e87

SHA1
e77a4c7d1d1c782858c6acdcef5b21a532b12b0d

SHA256
2b9e1c0caaeec036a70dceaf22df9b4a8d62c9a1949a4d98e6d5272da9ad7aba

SHA512
b4def86bcfaca72f3a56ac54358397673e638473dda0c332b09a298a9e40c3268ef1bc2e9e2a38cbf4c0f5ad1aa69b19a02ec0cfa4b5e64f1e017caed7003380

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\9201

Filesize
10KB

MD5
f3bb3219f94df2ff036ef64223d718d1

SHA1
0d9841d17b2299b5fba5d1c59fa9609570f084a3

SHA256
100b13c13126808f5a3fb9b68990e71b6c353374b6cfad0afeef34c6e78dfed7

SHA512
1426d6cf5eb7b8c29868aee0a89f48ddee5cbe55bf6473afb87cb9a04fd79b382dba21cb5bcc5b175774558caa8392e791da962ed29f7baf33c109768bde87d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\doomed\9265

Filesize
12KB

MD5
fabc09f9eecdc33289930e3904daea84

SHA1
5beeede0631e7b2bcf231406130b70c7a783c69b

SHA256
b7f17a3527150663a4c22539cb83621edc6fb0ddd6a4482dd5fafdc80c8fd5d3

SHA512
5bd0240b327c38b084cb791290ffe374dc24a3900be6014a4582e002e9f057e007dcc49bcf5637091001eea4c31c4d88f0704abc92e3bfbcee81cd42eb2ea6e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\00131FCB99D0FD9C7C0564C4D612ECFBAE93496F

Filesize
96KB

MD5
dffea622b697b26dcfb14794ec5a2b07

SHA1
274d34f3133bc61086a3ee7b07e5c36825411f19

SHA256
8a1b62c2e59c1af44085a04869fa8fe66717cf0144b75c6652722719c04e6722

SHA512
7507c6e8e783a6406a41ad25731dd8cc2633f2ba8be0468a1a28a0e18be6f291145ae6997e9315de7a252fa498e139a4a1990a19b8b52a1dd7dd232f3d48909b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\01E7348AEFD115549BF05069070ACAA006B73600

Filesize
77KB

MD5
96a73af04f6035bc9460e72cb171b61f

SHA1
423e495033912abfe3386ab0ac01b194002ddab6

SHA256
8a528089cdbfa113c7e5da16d8f88aa8e61ed321bdd86a27e27281ca0ae961e3

SHA512
f2ff16be334b34c42b85f3edf06dc2ed616464d389dc803a3a28f387623ca272b2342c650e3466a6c0fbab50078990e741a4126cb26be04e8babec15be745c91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\030C5641F16F070F766AD012CF1AEE12CC84A8F4

Filesize
76KB

MD5
6cc14830eb6ed354cd5e0628ba50a5b5

SHA1
74c88bf1fd3361f0c5c74cacbb6a74cd984418f5

SHA256
abfd0e0d57bbaa2785c73ba3d54d3b90f6cada0db5b017a0e9fa4bbba97b834b

SHA512
a28b5561c59adccfb13fb00c33e5c07f53ddd52922c4c2e7e146b16ba1f5d5a41dfc7505b8f587200311b9ecfe4629a21f537129ba79cac227fb5870e88cd697

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\04D04413C9DBE160781AE5CEDA36B1A090E9F42A

Filesize
90KB

MD5
1f3e51ef9e22e47433c75b468434d8dc

SHA1
3bd4fac063f22ce6b935f5ccbd901b73a99315de

SHA256
d7546e0ed10b51349175834d1b1dd8eeff4f59f525fe9cbbb6565cbd63a076a7

SHA512
2dc30f5dea44147a15a6cd292aea32614f2601c957cf46bd0041d7215ccc0ae15ab4beb73e364f767e84cdf14929d66975ae052bb8ee0903a4cc02fd03023e01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\0CCBF644E78C5F185CBB71E317A7F0BDB372D77D

Filesize
91KB

MD5
b335674a04e71ecdd27ef9c2d27d1b5a

SHA1
aaa61e1c0f7388ab75dadd50552c46d317c498ab

SHA256
8ae149011054fc7e1ebb85c564532df5b0cd402ccc8d3578954ea30615d4c320

SHA512
671f7744040a1ca0e443fb96fd4d39205f78edb43d8758da05c7df30606db03c11f2e8809d764e4c0721ccdf10a825192d199fdf0107320713c473fc3f5f8edb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\0E0586C9AA116D445B996F7BD17C09851090AB78

Filesize
156KB

MD5
0b5fb744a9f1c03ac2154c85ffd1af3e

SHA1
4340ecc6770d0a2a133f3352842bda7986dc3600

SHA256
f690ce33f4581a52f67bb79d7506f0c9fdfded93c0438b494688afae517ab2eb

SHA512
1f5749bac3c7854ffa083ab8809bd33ed24f6f3355283e951a095e5940d5347a20b83be5e40d03d7ba428924dba6fdb449cbb26ed7f0914f3ff7730ba6ffb3e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\0E165839B840D79F2D49EF59907AEDA35A613311

Filesize
133KB

MD5
6240090fe8e59fd46d291016807ee8df

SHA1
2489ad0a5404a431d0ab06ceb8099a3c487943bc

SHA256
d2b15ab989bd7adb6515926e0cea6ff41f07fe2c138485ea44c1f2ced441a6e8

SHA512
8732cb7cc67e88524ab4b22fe29402a976dfe938e0ebaf538b151b3e70cdf187220b4e9f45955f56f7a38b0e9f1181c686285837f9b2607fe7b0588776894653

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\12E741D18A9AE1D97FCAB99A80724A9575BAE2D7

Filesize
128KB

MD5
0987f52d9e74878930d51af1e057ff44

SHA1
d7078b9b8589ebf940f89adb3235f7babd8be798

SHA256
5540b87ebb6cab4ee56fa386e75e20140db5573846e561ab0bf5d9d95e105559

SHA512
35e62926e9170fd9980f6f87e35d8ceab1ec4312c5e4bcfcf13d29a150b968007c37a64c25d18e657be76e79d13af6c0ca6cfb1db9f8dbe5ed10299c6565faa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\175FC1F27DF5030D57F8D0FF3A5E0CD7039CB332

Filesize
71KB

MD5
8b6b601ac5434163019a7ca4362b18f7

SHA1
a603ac501509834e0a5b77c92f2beb9667241e5d

SHA256
cb0b8c9554b0b7eb9cdbcaa85a1f59e9f9d0cffe9d8261e274c90b11bef6b142

SHA512
c856122a33b92fc98cf162f98bd094ca4a9c01c3109d1985057728d9c377b197e8c2c4ad1a40b851e973aca79855fd896aba9031ed6b88e1f42803d8b32eb620

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\1D587DBF621B9D27954D612F4D8D2C2034126800

Filesize
215KB

MD5
3077739c7837df07ca167d3905719162

SHA1
7b05a2956c87b3bd18c3db949c7d61e77d73fa31

SHA256
21d27fb9afd5084091f82b3f790e3c3c7a571f5a1245acf476850facb6f4dd17

SHA512
432275c73a3394f86cdca52ae1e02d5e82827425f702aca1a4d3e7245a42fdd76193e5ce7990bac4c774e4cad0b84ade35e912dbe4879c40a07ea4bc42486393

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\2167B505D934699C441A8E0A03DA105F9166E6A8

Filesize
136KB

MD5
71711b1bac33d204ce6f85a3b856279d

SHA1
085c7144fcbb86e5527b291cc8c675cc20fb7c17

SHA256
4f4845670d5bb2e04826cac8029f7b933d78979b801d357b938bd8a51ef6b241

SHA512
8fccc3c89c0c40e1c37d5cc5e562eff43469c5894f52fe2ab75ee2a70e473b15165f0668c29c17b7d388b511cc308e07a7a0b7528d3268bedb4544fb84272464

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\30516A4D72C70CE7C983531E948F2D743D7FB820

Filesize
396KB

MD5
799a66d565a2a9de1e73be8216969f5c

SHA1
622bbdce8b76f968d2b46a1ed56d1e08f49f477e

SHA256
ee2e28f46eeb412ad7294115185ef82409f7a4881123cb1359b8432454f5086f

SHA512
2daf40824603a94756f648005b2c65f21cff7c147ec22deb38af30508fa17c97822782747e894afaab0455196ce53dad15a88646419415554d775f835b92f6c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\3A7F7A91D463974315FCB94106B74F3032C9602B

Filesize
1.9MB

MD5
0352f89de7f6f2b3f191e4b2f9203cb2

SHA1
d49350d8da06c6e04d6dfe5606fdb4968e24087c

SHA256
3d3b3342208dccb50622ad4a16f9ee5b505cfc8d998e783e1383f99fdb73afed

SHA512
b4d2f54fb933b699dd71d05910613e013d36ad2c909685f287813d824e95f52fc97abca47a0793eb4023dc5036ffed55da68633e90a7b692d46582c989f5ec50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\41B785A16CE146153B6F9BE1583BE0D134B2663E

Filesize
171KB

MD5
673849b013a99616ab207d28868b92ee

SHA1
6e0641a1e7acddb812c28ba8f3c5a90392a72c81

SHA256
5e629e06b2e6eac6d333db135ce91f4cea40c0ae7b900af4bd4e8e144d79fe0c

SHA512
40a0841ca8073ac411ab06cab7daae70d3975e10c9803677e61525f805d625050d82e6e147a682aa42cf51dd1d348bbabc985e327f79e82d9f1473be36873cc1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\45722AE6FD12AFDC2A70A368BA642949293F7F4E

Filesize
76KB

MD5
b938a25f59285e7f2e39050e89e2ecb0

SHA1
22934b8f8a4038d735babd5a3faebc791771e684

SHA256
c649cb930d7d7b214e3da9e31dee3fc7bb7dd9f0c854654dc1aed457f56ec1e8

SHA512
e8df51439552a1fecdcff0cad8106e9ed587de15f7b0e7a7e686a9c575dbd62ca60910701357210a6e2d523814da74ae7da913c6a290874d201afead8e6fc09f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\4FDEAA4E2C190EE341A6D771CAADE14A20B91F43

Filesize
316KB

MD5
1de52f950783f64c42045e97fbb8c062

SHA1
e6aea6dfcd5e5fcb1bab7132621be11390dda746

SHA256
2cf7c3ddcc63a6945d944f740bcdba1e701e45b4b2b434879f7f6ec730709fc8

SHA512
6763182c430c67d22546f21b4f58984918b542006c535e302d5c84d56bc5af43966b3cf5d4fb8c6004f943559dc9404d416f62a55cf72be962aad49212d1339c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\500C70CE484EE2700730CC6F02248B47DAC0B77F

Filesize
67KB

MD5
056a776a90f29a0d601e404d993a75d6

SHA1
9a141038d1e39211a72a4abcaa23df62c1f30a29

SHA256
2aac4467fe64d1b9c798092d684aaabdb13b3f9d43ac21456d1cf41e629c6b0a

SHA512
0fbf84571768228e920178c0a54dd9bb2291aa0b982931b2cdb1059ee0c5997412b88d7008a81ee84a8f52e34db2b134625e3e86760b610aed90b2206b3ddd93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\58C3D6E661179ABD5F67C9C555C32FB9C4764972

Filesize
177KB

MD5
2bfa9ba2b1b56501de589ac4a3454aa3

SHA1
8e0bee56a1b60d745f67eb0ca18bed70a34b4dfb

SHA256
0d3b0d08ea6ef8715286cc67d8c8e8fec7252eff32087b96532610c390116e5b

SHA512
b2a1dee068afacb6a343181bcf9df4493f2fba47648b3766f4d3c852a7f2fe69eed90cb993e39621c63fc57de497ede64239a88ade7ae5ac73853d7495194464

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\599EB1AAB4980DFBC75515F606E8841BCFBC21C6

Filesize
106KB

MD5
fc6e7b9f0e3e10edf81c4d46f953f16c

SHA1
8e15d18724ea908a071bfc78ff9ad8bc09399a89

SHA256
cafde5cd45ffbe67dfe5e666b9770c1aca81e6e8e6d8bb4ab7a773391dd34a32

SHA512
8af97fcd487529af7f0a5b766c3882abd73bd573778f0bf42979ad219acc44a9773a54c9024b5dbb86727ec0dba0e35c6ff9a882b6915891e573f88174383869

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\6188E2403B4FECBCB27EDE289031E512291E3228

Filesize
87KB

MD5
20308e11ded122ded611a517db1c74ae

SHA1
e13aa2468c7f8405dfd3a16098669bad2f0529e6

SHA256
398cdbabaa3a4b5bdec8d8926bcb0894b882e1524e1ba19080d177861260480c

SHA512
97bc7fcb6fb7f3c444eefd7139d99dc011dcafb699d433202449c403d8360cae33e9df0f1d586ce9f19dd2374f45f39f50015528d45976169ab1182f5e768f31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\65FA5DA218E39CF25114D69923B4801A81E60F20

Filesize
54KB

MD5
8d0628932e86c461de90b66596dd4de9

SHA1
4518f6841f1fc116e2ab9af4169f30a9d85998d1

SHA256
527d1480169631aaa2023cffcb75288059112c41bf4d59a3d6cbb272b073ad2b

SHA512
64945e84bd00c47059bd4b929b403e7f5a6c0162772787e6d91e666e51a324869e098acf48dc8fc46181830406004dfd19c836116e09c16af2ec802009a3fbab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\6EF05984FF7FB7531741AFBDAA1210A9182844BE

Filesize
87KB

MD5
5ac60c2b786901c05bd27f442a28bf3c

SHA1
3c5e477cfae5dabaa70e8812e8d7a5383fe7b831

SHA256
bd82f4c5199f176b26c956b114464921c26ff77d6d0368cbc5cb52d72c072de7

SHA512
13045cadb0f3db5f3ea57b5706952988d9a3ec2622bd1d51fec021013eb8648b46c05d40ee3f858a406e249e7a88fc33b4498af3b30e44ef5993c02e250f1968

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\73E3196BC5E8B0BEC05D416EFD1DBA69948613A8

Filesize
28KB

MD5
f79322622a3a2c2a4867eb920a8faa9d

SHA1
3501772d198e9f65815c98aac99d86f5745176fb

SHA256
7e252f0c0fba663ff9b7d1cb8b5e73cd2a3c5c4941bacd1ae8e18c234aabe3cc

SHA512
a4207f6e2c191f71799a6af1ea2444a1bfa0d9883996407b18aeaf7de2a12d9cac532da67bb1cbbc74fba141ea0545d2dccdb41d415e71c4ac461f804b4f167f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\762366387409D18B1E2FDA7E9A804A10A08216ED

Filesize
61KB

MD5
8eae4e31b4cd7ef35b7d2f0f256b197a

SHA1
75b7acf5e87a52de8fe9d339190b3be787212f4e

SHA256
f13fdfba48fa6ad1718997aaad2fdd17aceb2aaea1c34abf3f13b757961bfd85

SHA512
1fcb79f709b7f7e06f76c21584c3cb9b5e70db6bca8af49c2c71347e659a7b07e46d8632226ab90008753268e6a42bdd1667147aa1cebff85d63c0cc1bd965a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\791B8A8DF70047BFA15B8104F2D15B0CB898389E

Filesize
85KB

MD5
0b1ef2fa06bd35c7ce1d13c406d154db

SHA1
e443072d194869e469f79f141427a01782a49c05

SHA256
1c74069abfa7ce9adfbec468cd7287986d5a16246bd11962c6c80980f1ddbc78

SHA512
786400a822a18918988767117191d864ca755a3c151f3e2ed5e4504a9d92bc3cb9e32c036bec9b5bc516de170c4584fd9d5190a899fd5ddfe6b85a52d291b1af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\7CFBD4857A71AFB16B02CC3BD4D3534FD96B1E07

Filesize
367KB

MD5
5e630d618f2d66739d4e75448773bc75

SHA1
380950bef4e3963f215faf37cfe482c43459abf6

SHA256
fcbff8795a85786ad65fcf128ca828b92b09d49e7faf73c57d2b6625d3864c80

SHA512
ade7617fc871bea02d44a7e62603001440fe0771f40a8df696330239a6a3cbc02c1fe0df2061c01b966d94315903942f5cbd6e866b4f5f14085d6c666f8087e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\823EA50ED6152C0E8838E1CC958183F9A8138A9B

Filesize
53KB

MD5
24f42367db561985fffb9e5961ae4dc6

SHA1
e8ce7b0b6c7e630c7f0c3474f1707877ffecbb5e

SHA256
d1f67f968be0fb3dccc896749d9280c2aef6ff42a00a77599279d2d71ecb5346

SHA512
6ac3954eba56aa0a5d8735eade695d5355f11cee9733af5af8386cc6094e19852f684fa64afd8b883bfefba879fa63888846775b824be4c1a0ea6a5426141f9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\83034475DCD175EA116CE1FF243C16C26D56582D

Filesize
176KB

MD5
dadcb4f2b6a933a153a704ca54a7da66

SHA1
2358e784778fed4466691057ca32f0253f06c811

SHA256
9a435dac1d1c1f759b39090c0d9adaf92820b65ac51f13bcaddccb2c7eb712d6

SHA512
a744ed6662646869513d6aacd1d52c52d9aec909450188a253e13534e2f523c3a49f8f753e3f53f770cf4a0c501bec5c03c3db1321bdca8bf9af1281513a0084

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\85713AFD7D0DFB2F9249788E67F7F86BCE1F8928

Filesize
15KB

MD5
11db5d4cf8f2737691373845b3bfe4f8

SHA1
ae347fea02bb5d43927a085c23cf8e032c0e2840

SHA256
27d616c438410763e8d1be0813ade95acb966aabdbfa354100448b59d1968b01

SHA512
27d821c640dc4342dbd828c3d3d801d0866fddd548769367e6baa7200ee8974b8da711a13a8459961363fef6ba36d6f404ed7384d4e3411aaa381a84a6594f87

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\89D423C9F6AC7B5D9FE83553C469846970EEFEB7

Filesize
75KB

MD5
da872fcc63b2a40dede08ce0c7d63c08

SHA1
84784f28aa71f29c5a8e7ce2c9b17ebb64b97ef3

SHA256
687876c9acfb870c89fc4100207ce9f1a8581f716e735ecaeb59f4a8ebb4b34e

SHA512
7c3782291dcf82ce61e549e6ebc768ba2c0d0791aa585b62a720eadfa87d018f1e4d8a7409add717adb728b426a651e782fa0e78efc976c5e241a1f1b24c0cc4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\8D74FD8604405935CF9CE5F6887EEF743FDD90F1

Filesize
74KB

MD5
b4394a100aa70a9adb55c78d0b567093

SHA1
b8c82a589389ff126cf26eac1be3dee886905175

SHA256
daae7e0c0cf6b5e0515f0bef3f106025c73203a6c5ae549f3349936f3c31d515

SHA512
fe8bbc05e267e11ca7e66a583ba536e64c51c390da91dc6703c66f1659954387df54b7da0dad62834fb990eeddf4e7bec8377785f76a978a206bab507b0fcb6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\8F26323DE924AA01ADF8A0F855785AB8CAA85946

Filesize
108KB

MD5
4bccb5a695aafd07c609983646b8d7ca

SHA1
b84f5e9520dd9f7111df5b01b9ae39b51721e805

SHA256
435367666330ce086f25ee4bd285a1dc07a18cc2560f5e80ea728d477e4e7e1b

SHA512
c2919eac16ef5c7ef8d3e57f419832816e969fa7eff6700bc24f5421f099ade47a7637fc9ee70558bcc0b49fafa5efcafe508ed6ef441d078cb3573aad2c9ad8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\901111992E1B419236806663541FDF50708DA6F7

Filesize
1.1MB

MD5
cc64616e1c7a109e5c543bf23a1fc8bd

SHA1
893a08f27c663be468f8ec3c080abaeb873a3c23

SHA256
e96aa59b4e7bc1333b2a466828e772c7be71a8d758e0916ca3eaebf989543e27

SHA512
6007200688828dedcba1ca382927ff5f4512759ce6099c5d87f615c7cc65782cdab6d7d265b461a59d473308beddf4be10bab8a3c2fb79c75dd108a54a525eb9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\95474C0C017D2D0146ADEBD4AC3226E661D63F55

Filesize
342KB

MD5
feb1a458dbc25ba21cf703cc295633b0

SHA1
8ef96ab62be0e35f9fc6aad749b93213241a29f6

SHA256
9962814e53a748260d9289f7f7c5058a1b32b4d8586725d4f7d83f2b1679f0d4

SHA512
890554353304f4b4bb41bf916421623e880755534ac56c2da3bfe061fc951d2ddd8a14d6b5de87bcc65d172af2a64086a22066a2a8d08e77450f37b7a7361e2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\99FDB5DD3335AC04376F83E9DE53AB5CAF9922B9

Filesize
135KB

MD5
21121cceae943f115eee17ead62f3801

SHA1
0bea2460c75e2c37f93046754d7bf641d0e92ecb

SHA256
41a77c54f944a382c3936f53dbc5d218e8fd32d82a079f2442bffd9dc19806c5

SHA512
70da851d78e72b564f77b2e89a30c9969c0b112b9e9dbd31c09d2811dfec6c31f6c599176e64347186cf720244156959b4ac8c8516f4ec9f72643b936a4261fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\9A70939723B615B22DB6A5F1327802E4058DBFE7

Filesize
27KB

MD5
b493280bc0f22ac62c4bf9276e2fbb4c

SHA1
8e6fb684103238812ff18c9f35426202a42f4f1e

SHA256
a72477c96724c5f10d0b014b7f7647aec761ed2e060fdb5741a6af0d5b7656d4

SHA512
7c0093fa226fef4f5090bd4164684166776c794565e8adbfd5690ffcb7c2f707db44bc92dd429fbbb697c45c3cc454b3be8bca2ba7da32922e413e1720fda829

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\9C2BBC7137762B4CA02A130A09A82F71C29112CE

Filesize
764KB

MD5
e8eeebec2e61a96d5e23e19975be096c

SHA1
c0ca8e4336ff6db4b9b8b2e2cf7424d30ca85dfb

SHA256
3c1a7381caab20da2eba0efa7b4a28c142c4e57776822cf113ee8e3539565208

SHA512
28f6c00da2d631ff247ed4146e35496740b85383ef2f9f35b0e8b69f7a57eee3becd0afa5ce2b8dd03851a9100c7cf28760b959e21c663e052b3a260e385cf2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\A03E71D163D42A487D82C9B7C61A4A800C62901C

Filesize
105KB

MD5
3674a76101f81f7f044d872d40fa06f0

SHA1
2ec47a9ca4d3dcfbcdccdcf4bb9921892974acea

SHA256
a9a713be74bd29ac3e13f74f5c93b748c7195119a2873ea199eafaf070aee873

SHA512
29991c2dd90979d2c5740ac618a49573996cd47e748d15971b99e911307048ac99109ecc1c45f2fdcfed4aa425eaf056c2b6ced24ba9abbf5c5754f9734de103

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\A18AB3FBE5FC5E1A527BA36FF698DF26A7C382BB

Filesize
13KB

MD5
039e5bfff5c86f05a5b8c14b1233e123

SHA1
778639dc12137bbe37ba242879036a0fc236e64d

SHA256
2e100ecc7883d4e9d1d36b5b360520b4114277b8851d9c36390a6b87f4f126b4

SHA512
c3c38052e22369ff3546f5b2d5da8c3711987ba82ec7680131b379be650799235563cfd26e7e69f2a7b217fac3125b9316e2a31e5c9fbd3cd4d670b139af0429

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\A204FE9A7B15065CEC4C1ACD03DD592E7EDC50D9

Filesize
28KB

MD5
83ed0bffafd98742d9cb43826a09a36a

SHA1
6311fdf626ac63c09e2b1d84d31804fd79a92dc8

SHA256
5ebbf3f5f4dd8da523f6a5f71d10d44652d2c6399251920d95df838846a73278

SHA512
79bd7fa3ff439d8fd95f214f0c49dfbfca69b050d2f39e7549d840deeb7634de9f3a73596d2ef914126f325f56e94575dc03b1967ef3ec7943c810b650490738

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\A23515FCE2CAE77C1ED6D30CA8BB089DAC0A97F6

Filesize
94KB

MD5
df506299e3d99a8a82d21c59fe5fb523

SHA1
55e9eff961e2e18585dfc58db56a35ec158596be

SHA256
5b6bf36a2f45c24b7f75d816f4ea65f0c9e2b1fa27347febe4fbae84ee83a9d2

SHA512
4a27958fa6f109e5147cc320933f0ee4a79cc3d77dbce2f82fd973d4f0f7b6fa8b56d1cc805994665fabfa9da4f15b4f5619c9bef1da2c1292b79b7692225936

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
39KB

MD5
35be45d4056757bbd651e8ba98772dd0

SHA1
eee67e1099e03d354078adb05b6aa5ae1be4cff8

SHA256
69f5f7687d5f6f12ba878382d872037ca82ecf78adfeba4e26d8acc39e42adbb

SHA512
7bfdd0f3e099893684421697e4c6129e735017663492793901b0dfc5eef5cc54a635719117ffeb7a977c1823fe66577993c2311c0a34e6ac928789b4b1a2e871

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\A92D534DCEE5CF26A604636A9A52912211D582F5

Filesize
96KB

MD5
4b12a4174f3ab9c3b18d8e96cb8491da

SHA1
0fc746ff7b067fe3da14284f14a629f0a5115e9f

SHA256
c903768ba42911b33c499198c847b86063581d16b1baacd6ade214480866a85c

SHA512
0fcbf622ecf5661182cc1fcb95232bdc09d1f39da1df12f3c368f66683259a81a78687336b442506daddfc0e1fb9a1c90d78b01201a14a764159f7a804be9a31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\A95F29A9219FEC69F50AF18906444691A39C0078

Filesize
54KB

MD5
c1902bbeabec60d21353100ad953f45c

SHA1
062789e17fd2883f54b13c4c8b648f49e49df010

SHA256
9f109febf96d70accd9a7284494437c4883fc21cb4623a0004759c52ea195231

SHA512
42134330f2b58fa5d2a1bf8414989ca8bc2cc815d2b190cd58e535c79c47250ba3911c79f0443212a1746885a0c0fc38c743e17da2b6a126d253697684ab259b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\B7C67F860E07DB159A00EECC00D6CD7E87968379

Filesize
101KB

MD5
3d98ac5a7517527a39f33bc34d3fc240

SHA1
d8e705af5ae5c9033555a2f2d75de129eea76fa5

SHA256
bee413dca03204b9035db6aab18f767e383ed364c1c4fc31bea2e9c61a14e2c1

SHA512
38e9139eee1a4c7f71178348522666646b6822ef4197f82947d951d9be13981df89ab47785427775935326d9789680afbea77589a248104bcc763422ae11bd60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\B8A8229906AC81B41B6EF46738669EC43CD0B7D5

Filesize
14KB

MD5
e4736306d20ab213ed2f080fffabb89b

SHA1
7475af61ca34e2b381619b0b66486cb26477a3ef

SHA256
97c533543e08286b2f0b8acc7c9293aa1a25bb03dd8645360afd3f91c0fabb48

SHA512
ba957c0b4bbf06c3f223e1afc045bd369125796f5d1b522e0c4812cd4a8706755dfb050837b4b6bad2ad9e03a82d2adb58a7c6cb4bf1b1e1136f6e9dd03fe13b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\BBD958D5D1B2696B058F510216BC1019BCACC3B2

Filesize
23KB

MD5
17efad4c6610d473aa927c2982819066

SHA1
b085baaac45c68e03da9a8a94c923e7ad357ef79

SHA256
03df9eed325fea50204576fa805d310267cdbb8e1b07da29989ff220f08a4594

SHA512
c05c3001b539dd418ab18628deccc96ecb106042120ac88f53e1a55022c178253ae704534e0f785445e7751971b7a5324aa11beee8e3e8cb8f355cd8c2c8a3bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\C3CFC2CA346F78A81E64082EF5AA0F29DC31AB88

Filesize
117KB

MD5
c48948ecffbfeae130703f94ecdbfcc0

SHA1
26515d9a74555cea08c011b0a77bf8d959867f76

SHA256
208450528b41a59a56d856ea88875ee739e9afef3ada1a552cd5f83284f75c99

SHA512
f3668160a7b131e9d61a5460c5c271f62e7cc3d9ea5e86d17bf760a0d172064bd8bd25e4de9f0a1360730712e35a11467576d264753a611d3a3df2d5b237e046

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\C40A671DDC0E0D1E51773C34A7BCCB0020C7FC14

Filesize
97KB

MD5
b85adc7aa426ef980c1b6d65ba174d51

SHA1
b746341a0bb9a42cc82faaf89dda9b5653617250

SHA256
6098f520128dc3375a64fef5038c8fc901f60401e2b689251249a835181d482d

SHA512
214a06b22d80899fee611b400b3b3b089a790abb97418e3ca6dd9646b13773ef71338409049dfd61f9b819d89bec61e4a6d2a6ce281c438153c6c961edd3e715

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\C797BD36F550D8507F2B89785CBDEC44E5F9C725

Filesize
89KB

MD5
83c25da6959ecd2c0a3eeb641bf9b1e1

SHA1
56d2c07bb8554e2ef6fd7b497d50bdb82383168c

SHA256
64e08bc2ff8af7d60b1ef5d1de664751ca447eef6b1b3743585a8c799ebcef73

SHA512
c3991a6b5a52a7dc0b59c4201cfc5e5343d0a255e58cc5b33a11b19b02914bd11f2d4273d0cd90d4e20a84d71e1c46083c05c696bb305deb0644634f9fa96695

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\C87EEDBAC7AE2BD65543C73EAFE54DB3CB93F050

Filesize
127KB

MD5
935830097ef6280841fdf25869d9f09e

SHA1
910e64f7fe47254a908be976995be33e037c3f0e

SHA256
24ab0f49f22179c00e600bac4fe121ff5925cc75a9ec23f79b841077a1891aec

SHA512
96509b852518a84e3ab8ed243f4ddaf045a2e67d5bb312d3669f361c6ea99575d3f3c882260c892475ec661ef497923dc245c36fc0cf689ac22b3c7a6856f07c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\C9D014A6411172E922B6D0585F0CCBBA2E85E671

Filesize
90KB

MD5
67b0480d29f957ed0f27d12754fa8b4d

SHA1
ba9d9710db6545ca720268d7a0c2b670dbb0879d

SHA256
b0c3b1a0e707262cbfd421210655a7496443a236eae39cc3075e38288f4efcbe

SHA512
8b13c87bfcc7fc95bd4a068aacc92cc83e0490e6793f4e8e29934975b8bbecc013865bb199a717f5b69097bba678a3f6d77a5cc0e420facbf2b034ada323964a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\CF965859B28A4F6611FAAA63B6F3F6C358EAE595

Filesize
188KB

MD5
22878ce97faf494bdfa4a14a057e124a

SHA1
8f7cfc7fe4e49f4af3471fbe2bb3040ccff8546d

SHA256
0f04c91383f92874f32fc463d241020822b0848590b5c9b809c9d7ebc7721bb5

SHA512
9de558ac29e006cba7d12bd2784d983c7e14186a40dc03b05aad1b9d86a4916c4d21958a98c1dda318cbed16c815e8188f49f32e17bb83a8147ac38c5849c1f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\D24726E545572AB717668187D26073AF90B9F750

Filesize
13KB

MD5
95d953f7790f7feadb683f8caf7b0c77

SHA1
1553c893eec0a14c89c1ab5202d26c808d75e3a2

SHA256
521e39cef5e619f67d51f1e0889890bb7c01723d56f604c7374b67e4af05bc5f

SHA512
27882943a0791d49ea23622fbe0cb056206b4424f66940f46df04f03b907a916fa373a4808662c437e13e7546bac65d21f675ab5212d565926bd65c3f2135fcd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\D6EB89B0724A8F8F99B3ACE36D690162D4138F34

Filesize
168KB

MD5
1234e29707f9f08d7d70283ad17f3399

SHA1
51ac73554a6b7d5f6605bc357cd9edbfe9b717be

SHA256
90e8c9e76ea6149adbb758eb6c2b89990ca7f0d14e725598434da965aa07c354

SHA512
edbab100df1d1ea028235b51aa91b9f4a3b3985789eb9d866d14ff5e51c62121ad0c0620fb90380edb48319eb8a1268bdef4f0b7a88038368a5711876b3f1f47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\D7D06EB44C33093B77B9E86C6D4778AA1E3514DD

Filesize
207KB

MD5
5f4c56d5f6de9b3de4893ee47530182f

SHA1
8555b1a7cc78e71bd478c91aee6ed5f4770ca6a2

SHA256
6a3dd07ce014d5649599d8122a26905d4c85332722ba98d47ef885583bd221d2

SHA512
0d190901c3f1ac69e9cc2d42070830ae3825d5c5ff5f5c3e8f4e0c3a71e0be4dc33c56a812ca18b86d61135a92c91205d78c93ad184462d0358e5378b5d14321

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\DB4313C22AD07CF0F2A846923BBFEE6B86793933

Filesize
91KB

MD5
44319530f6bac859ff3a31f2fcc21ec9

SHA1
4524c2a22ac15a19a9fabadf1a990f180a2d41be

SHA256
df861501cdc9e5038c84eebd2e07cd85df283c900243f9cf2603c408a8f6bda2

SHA512
fcb230d351472295c230d748113ab64418038e594ca29685a2aac751dc317110e3a67c42a4d9f917783bd1d95aa8e1e3d17efc85868f5f79d30305df4ffd9774

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\DE46EE04856B06593A3188BEC9AD0D09C978916B

Filesize
71KB

MD5
ed544b62ec7444359f4a9c6829b4d59c

SHA1
1852e3e64b903ebe292da7c51a06f631fb741c8f

SHA256
4049e83898db6bf520526f07cb982ef3b03ff7391362e8b957fd721fe3d5a965

SHA512
06e0e13b7af46617bddedba12cc3460f960d247ee754ed8826afe4da904279cefd160355dc10bb473858196b3bacee149c83235127d45ac2ac89480d0bd6460b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\E4B048B249F8A65BDBD03B0A94220E7635CB52C1

Filesize
340KB

MD5
1531df0c85cc072ff946d5c81548b6c7

SHA1
034fbf1820c83abd82bd220631779d9cd1e96332

SHA256
666e4750e4ce157d6e025e40cea77e78ffc6a89d33c8cb2fa7cc4e8ce328923a

SHA512
11f3d9357a8b91edf0361e7d2c6c23d3e36cab0d6fa318283cb628b1d5066ed25fbe72b7af4f8fa43df02e9f48f62d6feb05798bb324958b67037343d83287a5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\F3D5943B90A30B32E46D503F56CB6525BABAD14F

Filesize
61KB

MD5
6ed3ac716858c72f729289a40eb900ff

SHA1
b0a275e5e2852cfacb4710c1bc1bdcecbb5d8701

SHA256
91e641025ada96ba3f00bda4b37857a96e778069262d2c6a5d0e50a6ee73f7c4

SHA512
4ee7dfa41391c213515125febf08f26cf27c4d5648deba77f1759b8b612333cc6b2ccfec54ed4c8d4eb823d27f2ee1c208a7cfc5a80803f1a5bf8d96bbfbdbaa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\FAF7831283380F406773DEB9DBB542CE25BEBDF3

Filesize
72KB

MD5
9a72520a4266fc3f6f9298f405ab6c88

SHA1
9d015f82d2e15163887f49e96e8ca044032eb361

SHA256
3154d837c6b796f5e2c289bd8c916f6a015aab365201a5f0bb7e919cec2f4b46

SHA512
b20b016d1ff4f65270dc2a0c98be3d6b613e2497af313b77db2987906327730bee559586f9a2aa5e3f9ddf5802b31c451139d766314f51d208f5a62459ba1fce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\FC9460C698D228AA85DD40C0BD94A7AAFDE426A5

Filesize
194KB

MD5
6346733a169791692a76777879090f27

SHA1
4a5fc0911a2791f6448112167d64b3bf6802688b

SHA256
1e9640b89b4aaa4b584c142b25ba62523fcfda9f2afe80cbe37accc75b477ec4

SHA512
b502a744e58a8aadc84de24d45041217414dbac5e3c5c88864ccc6b3f930c26990260cc0a569302fa8c5231060ee0317fb110c1e62ae7875ee526926c51dd8bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\cache2\entries\FDECD354F658C2F4243CC7770BC9B8ED96D26750

Filesize
282KB

MD5
6b4b573b5a6646d390881dc17d457943

SHA1
6c4464309198e4e0c92b81509a54631059529811

SHA256
18401a871fcaca82d13996507891baa867723947feea8b2af5f271063d6c6c02

SHA512
62a1a8b79fe089e876e0138dd32fd39f62de14e1db199263b51a8c7df7fee87f262fd3ad4f738cf72242a378127c23c0331827dd4d3179b8f251f6f08404edd3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\f97d9gc7.default-release\jumpListCache\qxhg5MzhWLY+cT3NALc6JA==.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Temp\70f58989-9b92-4459-b122-7f126a2b8bc4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\AimStar.exe

Filesize
2.4MB

MD5
dc8c40c662080a243af9673d41fcde16

SHA1
fd07f5fddf8584f980877b4d6ebd592d97d98b16

SHA256
6cd3066fe38ab41cfb2e3afb01cdc62685c9610a407f506c459632579af6570b

SHA512
17b3505e6193422bf71538862ac849427ddec46e0f742ac33b4b7a54ba3bfea3c2b728eb78934fdb5e629863390728d15ff353938f9165a56699b7482aa0a11c

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Counter-Strike-2-Free-Cheat-2024.exe

Filesize
5.9MB

MD5
d8e64876a116bd462baa62f2794cebbf

SHA1
df92574598c9568a0daf0e96c6254545b5e03023

SHA256
dbeeab6160233247a84da76a9eb643377efea2a4c9e9e5261ccddbca4d6c5489

SHA512
a974f55e61714611be764d109ebfc7c0e8a67f3b0c96494bed75cae23f08154a84b8cc71f038283d3ea432589b587ca8599fb2864f2dadd37b8d22c6fe1fe2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\CS2Cheat_x64.exe

Filesize
5.4MB

MD5
547619372080e09d0dfc0259d141ea96

SHA1
fbafb1cc20a199303ed9b92bd3b2867a59acddca

SHA256
b08db8b865d26c69f89206efbe5f7b6aa03e115ae88c9216602ee857158604f8

SHA512
2762cdd5fe75a6c1a809a06e86c14cacb1bd4dfb540eb5985fb093648b1250876a0934748c0967892313bea629452d81a04eb49a1936225ee5345547d32e3f98

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\CounterStrike2FCx86.exe

Filesize
1.7MB

MD5
80238c7d7d8b6943bb35d004bb002e41

SHA1
fcd03db8844aa838729fa5917ee0c8ffb7344e60

SHA256
ff50d462f698a5f1aad7ac6ab5f56d5b82bdf6b09899ca3afd2006510747eb92

SHA512
cc20b128782f0b4f99f686030a84fca89d6de4ea346995c53ec5c155b8060a79c138dd934a8469618e64c8a67229543ebdeb29e6045306c0dd194e57e29bbe7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_kcy0002a.pnj.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpE6BF.tmp.bat

Filesize
56B

MD5
48502120d1a1a62d078ac85eab44ab96

SHA1
ebc7fc2b15d0329c3b24cf15157c3cbaf6a6bc84

SHA256
54721757ea806db304222acaa06642dd94472c82403df218ab58a8ab80549ed6

SHA512
83a85a3cfeadff14456050156faf58cf083883277d3a851fbfdb8a3cb37d7516653bb146630684dfbb6801ad9a307dbe07c69e5bb7f1e888abbf2cc99d036f6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
00b0507d0a7089a9a5fd33abc226047e

SHA1
9d9388f299a526760bf5261295bca85675137097

SHA256
5030662d2ebb11771403b95fa1843ba745d1116bbdc50a68e5c296e50f4fc069

SHA512
97344b1e338306573c573831d8fe78b8eea7fc90f05ecb106696542dcd9adf6dadc285b891f7be2fe22c8f04d539060001b5fbad6e7252dcaa4b74bd70505b04

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
b8ab1266a785eac28e9ff19b0508ab38

SHA1
6ae1a7305f853ef1b5ff171a340f2f6ded5cbdfd

SHA256
d96305a4d4c74a5307f79ec8e6718b60963d621ef3bb86ddd526594aa3c50dd3

SHA512
220afba67842cd2690075346923700b939c30dd7fd8cbdec02b572f98e2a6dd67e3c097317c1a43c98037c899e6e60849189154fccff267c00c65b2d94ee2c8a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
0e96b6bf9b586ea81c6276a2c6608dfa

SHA1
0923cbdd4e8e3133d2a6c8c106ff66b82662308c

SHA256
6daa225d95b5138b91487118bc799ef331b2db55d9914e7167bf8d5c0e760a1f

SHA512
912ec90ac4436310e061922eb638b865d7bc76f31df933736e7bae7b1d7ed1617b32a36db06a89a101f8e521791d727f2c12881ee18c8f66e340a18fa2814681

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
daa7998d0be2b5793c147906b1375d6d

SHA1
ee8dd6e6667216435472ae332af3fee8320ff172

SHA256
d4de9ad75b65f34503b28062d3d424b6290fe73042be330b3de4d8072ccd54ba

SHA512
1aa5f6b27b8545cb1c3ec953064a0bac35aa7ab7b56a7006f3f02a065367247539fde8a4849a44b770602d962f1b1fb3bc16c1ee703f54d4206a719a309b7760

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\pending_pings\90d884c4-ccd7-41d6-9e5f-831dce29685c

Filesize
11KB

MD5
a31f97d057ff83b5298523df9bf45274

SHA1
60315d84b5f3f85d96b06c7459114dfaf1f14ad1

SHA256
de985c68fa34e1b475f07370862bab57a9a6cf647805b7c391819902e7ff31d9

SHA512
bbe3c67fab3bf0f40103e21b8051dfd807843930f94bfcec1e77ff9c68c4f679ab6f78d6b24ec03f616366592a096f727f9cef034eb9bdd974fb76fe0a8fab24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\datareporting\glean\pending_pings\945b70d8-d205-4111-8b36-185d018a2eea

Filesize
746B

MD5
c7849d25a07d54dd988add3555d54aae

SHA1
abe973b92ebc2aa3059c06f7fac3272c1e43a422

SHA256
fc0dcdcdeb7ac154119cf88185d46dbf01f9107edb77d5c7b7d296083e38d58a

SHA512
d40fdb0fa6aad2814d990124655854c7f8427978d8df5244d67eb8affce15c47128d39ba7427580719ef9194649fd20a6bd4ca5073d9bfd6051d1c944ac390d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
6KB

MD5
57dc6f07db0e4f671a2a989ee980ca0e

SHA1
4b3fa5568a360b831c46a0672a554cf05e1a27e6

SHA256
b939f621fcd03a1eb041887473c43b42b4252fa99466506e1e9dfd4cb60b68f2

SHA512
96002e1bdf8dda80446bcc9ee7d1c746a98ef149c083ed6b50ecda3c31834f5f316a0fa725996f4ca2dabdd1b180baf01d3f68c15821c9730070471a15cfc46c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
7KB

MD5
389b74b3497e59e378acdc0bb49e3b4e

SHA1
ed8d33cc32000b6516f3e31439cf0a1cb0e716e8

SHA256
b79e6c7d8ebbd0d3373e55ad5bd86632fc27be7141985b7b4deeafaacfdde85e

SHA512
2d0d2c0428fe4d0d2c2487817c870422a97919305bd51c08fb02f81bad35d2db87ab2584eeceee263ba0e7925d3d0f699a0c1010a2e0b71ce798c93faf8382ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs-1.js

Filesize
6KB

MD5
9217b51de74d4631dbfbaccdc64cbd8b

SHA1
557f52ecceb6440d95378d341804548c14be1a64

SHA256
8c48e6b712073708126ee1423ad22028680f17a638e4d54d55805cbf790d9746

SHA512
c005f49aaaed893698062f3edde1eed193cb0c51189f920970ef5dbde86e4a42964bf7694b38972c0e36a4c7c2c41e759dcea08a4952a46d9fa8cbf0c10894bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\prefs.js

Filesize
6KB

MD5
900c3aae55ebfa55659655c21fe2352c

SHA1
bd3968ed73b7bcdc78a46fe43a74c435bc0b4501

SHA256
9b50c0407be1f13d3fde12874681df7c81cc894f05acca6d45d15107fdf828bf

SHA512
571d347eb49a1ae72c851f86e2e8f885a03238998f228f8d830634bcc2f549090cd767fe609ea12f1ea69acf4cb4a4446c06dd62781c75be0fa4ac493beb030c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
f545221efa4af2ab91341d6a144011e2

SHA1
ebfb6045a24820537bd4688db09abac621102496

SHA256
6284885007080665e3580c1c002f6e8cc7ad0612c4b3fb524bcb8184ffcbdb53

SHA512
76622710ed5feda02298830e96effc7b11b4527664d37f106759f3b45b0d550f639ace3666c1ebb7fbec9a13b02302af87ee499af5937cfd36b967490cd7e48e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
1825d0b1cd70ead74f02ca650e538735

SHA1
42ec6b2a1424c08d7d947067ac47132c75d1c5f4

SHA256
15319d4781b403d0f907adb98cf873a1927a025ef110ad2aa3d526dbbe4f2392

SHA512
a4f9c4e9124915de3ac7c64becf72aebc24054df83ef12a0045ed439c8f8ba31031f5a47a948f428a2f5ec35173e5f321332b232a3255c78b598001cb83c70db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
b8015298f6c7eb6e56174cba15e1dc62

SHA1
ce18c9b53f46c106ee17eb9ef0fe2dcde21a6828

SHA256
4b6d4c8fe0e6175785bc61a75c6940eb328aae1ec9374f48a764432e441c0422

SHA512
4d03f08967b24ead794b64cae45e5e91268c715634b6babd289e2e7412abdc8fa850217c0c6a8a09701a89bffd337b13778c40698ad0ac921fc0ef4a1493a898

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
788f1c9f8c78eea96449b64a040e6c15

SHA1
6ddc034b628076059220073c5cbee075848c5d82

SHA256
fdf259079bcce4c8022ffe0a9a509d6c028aa92395526743858552adfaa4c649

SHA512
2de89f21079009d95014f87208306df0b5d84c40f41ab548262432ccc76d6f1088e65c1fa53ab1cee9b420f66c3505a360130792d34575c2ca452a291e912031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
b98b83e890e3157968da72693d54751d

SHA1
d31bc34860c57a55e6a285a97ea9017f8db625ff

SHA256
8e545b44315e7a61394d5e0b9dd3ff770594b331c1225589f5322c982f3ab7da

SHA512
ad4949ccfecb636d1766da4b8e259aa813e6452047f9f489ad740fa07a92d357550916ba6a08be9b23ea54573b451d17dbd176e770cd2a2c1ee1b1b2f46f06cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
42fddf0998e35205aeb17a457d2880e2

SHA1
ce4274daad8d7cb8722aa04f135569c9009de60e

SHA256
e66f6e12d5f617298f3524b6e26d1a739c655a70208dc0bfc1521edb7517a403

SHA512
6e82d8da36f04f5d13c8963f55c99e7b631663ed2623e91dc3427277292589792580fff758b039da2f430791f89d7bee982814430eb8c23cc8f8e0214b8ccdde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
79a711e230d369d096932c50aebb1d9e

SHA1
f7f82ca75863b3fe7f09063cfede7510cd5f3a1c

SHA256
52c5f25fd3650356e9c16312288583dadb08fd577d12df27f767a595176f76ab

SHA512
74450e8f4ca7df6d24b144749adbbb888002e856860b9ea95a5f99c54a7fb903559fba4242465e0034f767b982e2a7f0b674c1df32b977a723ff4141c688c49a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
b5d00a0cc1c8a578445176f13493da5e

SHA1
1af3e992a7f29cc671dd4408af66d36fc33e1390

SHA256
c4724c9b14b0e4a0490814727d72b6f99323ce92e9a8fd9a69c1239e42b3749a

SHA512
8b2e7504aab4756a19b079f2cf83873ad2f9a73d8a895c1ccff7e3c21d29c22fb8de588399f6f4476d61336a9bf31c4d06ecb686ebdde9a368b7d1009ef5a4ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
175fc8ef8ba01e61f52e25da50dbfc9b

SHA1
a92cbe343db392c86da9745e4725b3df2364fccf

SHA256
f99729f1f62c8d07699238ca23a6a4fa8d8e98d5f95b3113b54bcbf5db1f61e0

SHA512
77fc7ce08dda5df385cd124477a44c3dad23f66ee8cc0d098dfce8848a5bbb33f5edc6c7fe6382a8bd2f1b61e26cc6c0420b617307350eab9069b92f867773f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
939a584f4fc561f0f070db76157cccd4

SHA1
1681b27577818e4ad772d3df771e28908b19c8f6

SHA256
f7bacb1959ca8ccc0782da4736d45b715a1d43d614c1ff82038518d459882c47

SHA512
517748181e008391526f78ae4d64c7866af5b46bbc17c0a266da270c088d7a30004b51def285f8a280ff8e62b5c12a187780e6eae3e5baee24ede3a06454981b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1c9a34fb99deb7cea0e0741f9515c581

SHA1
b804f060b0153582fe58573b474644ac1eb99c7e

SHA256
c80c447608c352f5b00aae23332d2845f3ae81629ac164a3efdc4167881e0116

SHA512
156d70c520c544b47e66c69afc9905eb712a7cf718e7eb7020e3557f0dda2f328ecdb9d52e17b25599da25eadcffb4a3d6d25dfc39df4a35c0238ef7f1716348

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
28KB

MD5
8edf2445e03e5018bf0ce51a72cb20ab

SHA1
d48f827cee0fc2a4db50a9280abdb4ab5a8ae019

SHA256
2d497461df699bd5cc231cb3130a662183802b2f484d88becb797622ddb719e4

SHA512
815acacfe8fe1cc55f881e1ec54dd6b095d474bc2f552107f66f1a6793506a6524c67f3872ba13d3d1bd4cd5723836012f25b9d3d9af337139ebe01ff90913d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
30KB

MD5
bc33e1ee645221469af4c254b1c107a4

SHA1
ddf77d12cab9ace1230cffa1f2db9f0c1a332a3b

SHA256
d2f5988666eef607b00eb24cf6f349150594a6468b579dd895fd02b3f295ff70

SHA512
f89945682f70e621fd6ad3299b58abce7dbda0838eaa8af1231a26193dd5ce84769109746124c0c5bc6e7d4bd8a8289df23107bd6074af31e64a364d05140a87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
59cb68c771a1496f4de643616206ca1f

SHA1
9bf18d6e6131ef96e93473ebc3282686dddd704b

SHA256
9faf7be5ff995082b804cb83fa1ec6e336d0604b4fbc664f2002941d49268776

SHA512
cdf12e4f97d3ad91120c6b9e62abcb7879e1ebd8183d63fd486f798b39b3dff30e39906f0c22236f4778db1ab0428185f2a4f34ad33223658676f8fce8ba2a51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
45edf164d6ee8dccbc42cfebfef01543

SHA1
e9805a7d7e89462aebf69239c743086e9e8ef816

SHA256
126ff83271f2f1f9fdfbb915f1bbc0e98e6855c6b746cd76406eeb098d69abab

SHA512
53dae7e47f02afc887ba9379fe1cd75f2e67d65034df23bb595099fa5401b4e319e595695e10fc55021207c7ebe5c6d27cf31a710ee968d056f8839c5a11b0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
208335937a3cb763b7e2475b2953eb1d

SHA1
42643f1e27b01f1f76534805d54e83aed3839983

SHA256
43a1d35fe40c3158d10a1e3486cc09ee611b831f0b0e07f67096ccb4d124e052

SHA512
869c7439b006729b6fd395cc82f75670005344c34b03f95aa030be9a6646368d49b927baae9f9f7aa9e43616d97e6d985075bc6e35f350d6728c87d3f23d8487

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
29KB

MD5
210b2fac94259cafdef5553f1db9c8bf

SHA1
64343f996c8e1f60120fffdc818d7da850be1cba

SHA256
06bd391000c3b8c8fde55e4d4604d332ff84aa879741062724e741a26fc1a62c

SHA512
a06814ff8787ce1ab3874690278cca3842e4306a5e032c77bf3ecd79206079da7bbf432b495022d7432efd547bbbb3553926eb0ca2421723e8e1e6880982714c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\f97d9gc7.default-release\storage\default\https+++dlgram.com\ls\usage

Filesize
12B

MD5
eb75ad87873e48bfe304bbf4355ab12a

SHA1
7fc2d0d5b1ca58da1d29dcfe80d023454ea4ab67

SHA256
c2c83fe26d49ea83e8f6ff6ed2ac5615703ff517e8a231cfadb5a778b2348dfa

SHA512
89edfedf8d530b33c9f5b868c9d460143468bd4f9d03980791a545540fbf1980df4bd97ebca197581e7e2b3b8bba925faeb5f49998413256331b777d04a64847

Download Submit
C:\Users\Admin\Downloads\HooxCheats-main.TSKc5vZt.zip.part

Filesize
28KB

MD5
3cd6fac7c2e435689b9551818072adc4

SHA1
73cabc3cc571de9d4781410dc94709c0f07f091d

SHA256
72a90b1838650c9e7f49e6cb06489db1ea81c7cd4de68a921ac611d68cca97c2

SHA512
3d78b4ed2ca3f0c2d95b2314b83d9baaea2f50c0a397528ac10d172bb5383948d0ddfb221aee6844884cfdc8ebc6dc0459225e49be5d2e18cfd534453d88b4a2

Download Submit
C:\Users\Admin\Downloads\[2024]-Counter-Strike-2-Free-Cheat-2024.050o9JCF.zip.part

Filesize
6.9MB

MD5
22dfa82c65851c0571c2cd401825a803

SHA1
33494788018c2b7080d51fe8278f9bfb09bd2af5

SHA256
8bcd0228067d37c4dad2062e686de65e5271e6b3419901f056bacf1b50dce22f

SHA512
484762b31815fbfa316cfca27971c019796b7dca2b4bf24a3a70dfccf8bf9f24cc5ee0acd8a80b96e408d8e386398209cdb550d77dc3d315f8b1b85b56219f28

Download Submit
C:\Windows\system32\drivers\etc\hosts

Filesize
3KB

MD5
77a256005c6af9fbaf6edefc284df6ef

SHA1
b19f34b87a7d90b43f52d76c6ec0b7d2bdd562a3

SHA256
66f535a7b320a8e8da9ffde510f57f7f98cc366ce5494df1cbca09bd3afbb3c5

SHA512
ebc1d41c14c713146f6c3ad27aae519b3d6c756321921975f40e61cc91eeadee36c010b43ca0c5864d47207af70a17e0a6e91b0ad7c8fd79ee046003a4bfea5f

Download Submit
memory/60-2457-0x000001A6D5B80000-0x000001A6D5BAB000-memory.dmp

Filesize
172KB

Download
memory/60-2446-0x000001A6D5B80000-0x000001A6D5BAB000-memory.dmp

Filesize
172KB

Download
memory/428-2452-0x000001E00E3A0000-0x000001E00E3CB000-memory.dmp

Filesize
172KB

Download
memory/428-2454-0x00007FFB101F0000-0x00007FFB10200000-memory.dmp

Filesize
64KB

Download
memory/428-2458-0x000001E00E3A0000-0x000001E00E3CB000-memory.dmp

Filesize
172KB

Download
memory/628-2443-0x00007FFB5020D000-0x00007FFB5020E000-memory.dmp

Filesize
4KB

Download
memory/628-2434-0x0000011B724A0000-0x0000011B724C4000-memory.dmp

Filesize
144KB

Download
memory/628-2437-0x0000011B724D0000-0x0000011B724FB000-memory.dmp

Filesize
172KB

Download
memory/628-2496-0x0000011B724D0000-0x0000011B724FB000-memory.dmp

Filesize
172KB

Download
memory/652-2372-0x0000000074ED0000-0x0000000075680000-memory.dmp

Filesize
7.7MB

Download
memory/652-2380-0x0000000005B40000-0x0000000005B66000-memory.dmp

Filesize
152KB

Download
memory/652-2379-0x0000000005AB0000-0x0000000005B42000-memory.dmp

Filesize
584KB

Download
memory/652-2381-0x0000000005240000-0x0000000005248000-memory.dmp

Filesize
32KB

Download
memory/652-2386-0x0000000074ED0000-0x0000000075680000-memory.dmp

Filesize
7.7MB

Download
memory/652-2375-0x0000000002AC0000-0x0000000002AD0000-memory.dmp

Filesize
64KB

Download
memory/652-2374-0x0000000005250000-0x00000000052B6000-memory.dmp

Filesize
408KB

Download
memory/652-2373-0x0000000000710000-0x00000000008CE000-memory.dmp

Filesize
1.7MB

Download
memory/680-2453-0x00007FFB5020C000-0x00007FFB5020D000-memory.dmp

Filesize
4KB

Download
memory/680-2515-0x000002A061180000-0x000002A0611AB000-memory.dmp

Filesize
172KB

Download
memory/680-2440-0x000002A061180000-0x000002A0611AB000-memory.dmp

Filesize
172KB

Download
memory/680-2441-0x00007FFB101F0000-0x00007FFB10200000-memory.dmp

Filesize
64KB

Download
memory/680-2448-0x00007FFB5020D000-0x00007FFB5020E000-memory.dmp

Filesize
4KB

Download
memory/680-2450-0x00007FFB5020F000-0x00007FFB50210000-memory.dmp

Filesize
4KB

Download
memory/964-2461-0x00000226592A0000-0x00000226592CB000-memory.dmp

Filesize
172KB

Download
memory/964-2463-0x00000226592A0000-0x00000226592CB000-memory.dmp

Filesize
172KB

Download
memory/964-2537-0x00000226592A0000-0x00000226592CB000-memory.dmp

Filesize
172KB

Download
memory/964-2462-0x00007FFB101F0000-0x00007FFB10200000-memory.dmp

Filesize
64KB

Download
memory/968-2455-0x000002855F900000-0x000002855F92B000-memory.dmp

Filesize
172KB

Download
memory/968-2445-0x000002855F900000-0x000002855F92B000-memory.dmp

Filesize
172KB

Download
memory/968-2449-0x00007FFB101F0000-0x00007FFB10200000-memory.dmp

Filesize
64KB

Download
memory/1052-2542-0x000001A583E60000-0x000001A583E8B000-memory.dmp

Filesize
172KB

Download
memory/1052-2468-0x000001A583E60000-0x000001A583E8B000-memory.dmp

Filesize
172KB

Download
memory/1052-2467-0x00007FFB101F0000-0x00007FFB10200000-memory.dmp

Filesize
64KB

Download
memory/1052-2466-0x000001A583E60000-0x000001A583E8B000-memory.dmp

Filesize
172KB

Download
memory/1068-2543-0x0000017313980000-0x00000173139AB000-memory.dmp

Filesize
172KB

Download
memory/1068-2475-0x0000017313980000-0x00000173139AB000-memory.dmp

Filesize
172KB

Download
memory/1152-2544-0x0000026D4EA60000-0x0000026D4EA8B000-memory.dmp

Filesize
172KB

Download
memory/1152-2478-0x0000026D4EA60000-0x0000026D4EA8B000-memory.dmp

Filesize
172KB

Download
memory/1168-2529-0x000002725F630000-0x000002725F6E5000-memory.dmp

Filesize
724KB

Download
memory/1168-2517-0x000002725F320000-0x000002725F330000-memory.dmp

Filesize
64KB

Download
memory/1168-2536-0x000002725F890000-0x000002725F89A000-memory.dmp

Filesize
40KB

Download
memory/1168-2538-0x000002725F320000-0x000002725F330000-memory.dmp

Filesize
64KB

Download
memory/1168-2534-0x000002725F850000-0x000002725F858000-memory.dmp

Filesize
32KB

Download
memory/1168-2533-0x000002725F8A0000-0x000002725F8BA000-memory.dmp

Filesize
104KB

Download
memory/1168-2532-0x000002725F840000-0x000002725F84A000-memory.dmp

Filesize
40KB

Download
memory/1168-2531-0x000002725F860000-0x000002725F87C000-memory.dmp

Filesize
112KB

Download
memory/1168-2530-0x000002725F6F0000-0x000002725F6FA000-memory.dmp

Filesize
40KB

Download
memory/1168-2541-0x00007FFB2D650000-0x00007FFB2E111000-memory.dmp

Filesize
10.8MB

Download
memory/1168-2518-0x00007FF4370D0000-0x00007FF4370E0000-memory.dmp

Filesize
64KB

Download
memory/1168-2528-0x000002725F300000-0x000002725F31C000-memory.dmp

Filesize
112KB

Download
memory/1168-2495-0x000002725F320000-0x000002725F330000-memory.dmp

Filesize
64KB

Download
memory/1168-2535-0x000002725F880000-0x000002725F886000-memory.dmp

Filesize
24KB

Download
memory/1168-2488-0x000002725F320000-0x000002725F330000-memory.dmp

Filesize
64KB

Download
memory/1168-2484-0x00007FFB2D650000-0x00007FFB2E111000-memory.dmp

Filesize
10.8MB

Download
memory/1200-2545-0x0000019ED5F00000-0x0000019ED5F2B000-memory.dmp

Filesize
172KB

Download
memory/1200-2499-0x0000019ED5F00000-0x0000019ED5F2B000-memory.dmp

Filesize
172KB

Download
memory/1236-2512-0x000001C10D280000-0x000001C10D2AB000-memory.dmp

Filesize
172KB

Download
memory/1760-2429-0x00007FFB50170000-0x00007FFB50365000-memory.dmp

Filesize
2.0MB

Download
memory/1760-2430-0x00007FFB4FE80000-0x00007FFB4FF3E000-memory.dmp

Filesize
760KB

Download
memory/1760-2428-0x0000000140000000-0x000000014002B000-memory.dmp

Filesize
172KB

Download
memory/1760-2431-0x0000000140000000-0x000000014002B000-memory.dmp

Filesize
172KB

Download
memory/1760-2426-0x0000000140000000-0x000000014002B000-memory.dmp

Filesize
172KB

Download
memory/1760-2424-0x0000000140000000-0x000000014002B000-memory.dmp

Filesize
172KB

Download
memory/1760-2423-0x0000000140000000-0x000000014002B000-memory.dmp

Filesize
172KB

Download
memory/1760-2425-0x0000000140000000-0x000000014002B000-memory.dmp

Filesize
172KB

Download
memory/3424-2406-0x00007FFB2D650000-0x00007FFB2E111000-memory.dmp

Filesize
10.8MB

Download
memory/3424-2402-0x00000143C9BA0000-0x00000143C9BC2000-memory.dmp

Filesize
136KB

Download
memory/3424-2407-0x00000143E20F0000-0x00000143E2100000-memory.dmp

Filesize
64KB

Download
memory/3424-2408-0x00000143E20F0000-0x00000143E2100000-memory.dmp

Filesize
64KB

Download
memory/3424-2411-0x00007FFB2D650000-0x00007FFB2E111000-memory.dmp

Filesize
10.8MB

Download
memory/4276-0-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-12-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-10-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-13-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-11-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-2-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-1-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-8-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-7-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4276-9-0x0000024E46970000-0x0000024E46971000-memory.dmp

Filesize
4KB

Download
memory/4852-2301-0x00000158FF200000-0x00000158FF21E000-memory.dmp

Filesize
120KB

Download
memory/4852-2299-0x00000159001D0000-0x0000015900246000-memory.dmp

Filesize
472KB

Download
memory/4852-2300-0x00000158994D0000-0x00000158994E2000-memory.dmp

Filesize
72KB

Download
memory/4852-2333-0x0000015899660000-0x000001589966E000-memory.dmp

Filesize
56KB

Download
memory/4852-1121-0x00000158FFD40000-0x00000158FFD50000-memory.dmp

Filesize
64KB

Download
memory/4852-2482-0x0000015899EE0000-0x000001589A1AA000-memory.dmp

Filesize
2.8MB

Download
memory/4852-1110-0x00007FFB2D650000-0x00007FFB2E111000-memory.dmp

Filesize
10.8MB

Download
memory/4852-1105-0x00000158999B0000-0x0000015899ED8000-memory.dmp

Filesize
5.2MB

Download
memory/4852-1104-0x00000158FFD40000-0x00000158FFD50000-memory.dmp

Filesize
64KB

Download
memory/4852-1103-0x00007FFB2D650000-0x00007FFB2E111000-memory.dmp

Filesize
10.8MB

Download
memory/4852-1102-0x0000015900000000-0x00000159001C2000-memory.dmp

Filesize
1.8MB

Download
memory/4852-2514-0x00007FFB2D650000-0x00007FFB2E111000-memory.dmp

Filesize
10.8MB

Download
memory/4852-1101-0x00000158FECC0000-0x00000158FECD8000-memory.dmp

Filesize
96KB

Download
memory/4908-234-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-252-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-253-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-254-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-255-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-256-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-251-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-236-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/4908-235-0x0000019E31700000-0x0000019E31701000-memory.dmp

Filesize
4KB

Download
memory/5984-1398-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1397-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1396-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1401-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1403-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1404-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1405-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1406-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download
memory/5984-1402-0x00000221A78D0000-0x00000221A78D1000-memory.dmp

Filesize
4KB

Download