37ac81b67c6da9a173bbfd50aca77c1f37dcff5a963e77c9553242b13bd9afc4

Analysis

max time kernel
1197s
max time network
1205s
platform
windows10-2004_x64
resource
win10v2004-20240319-en
resource tags

arch:x64arch:x86image:win10v2004-20240319-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 13:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

10KB
MD5

f1b8f244c4cfd6e61aabb5482062f49f
SHA1

1cbf118cd8a3da2c6a89fc294f39c9a818a71c6b
SHA256

37ac81b67c6da9a173bbfd50aca77c1f37dcff5a963e77c9553242b13bd9afc4
SHA512

66cc8f0bfaf5b4de4dc255607788435a6d308b66533738126312c4c1cbbd2a0f45359f75565d18ce22894c82b2bb54caaebbab2040cfe1e227e4b6be629a0931
SSDEEP

192:THdn1DA1r1+KR6NHJvAPOuO4CUymFRaydE8a4B95GvwwSC2h+CuW:T91GhfR6NHJvAP1PExC95GvwDR+CuW

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000\Control Panel\International\Geo\Nation	setup84334416.exe

Executes dropped EXE 3 IoCs

pid	Process
4672	setup84334416.exe
2332	setup84334416.exe
6636	OfferInstaller.exe

Loads dropped DLL 64 IoCs

pid	Process
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe
2332	setup84334416.exe

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup84334416.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup84334416.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup84334416.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup84334416.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup84334416.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup84334416.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup84334416.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup84334416.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
1324	timeout.exe
6176	timeout.exe
4664	timeout.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
4268	tasklist.exe
4584	tasklist.exe
6648	tasklist.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Opera GXStable	Roblox Evon Exploit V4 UWP_84334416.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	Roblox Evon Exploit V4 UWP_84334416.exe
Key created	\REGISTRY\USER\S-1-5-21-817259280-2658881748-983986378-1000_Classes\Local Settings	Roblox Evon Exploit V4 UWP_84334416.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd67707390b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b660537f000000010000000e000000300c060a2b0601040182370a03047e000000010000000800000000c001b39667d60168000000010000000800000000409120d035d901030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	setup84334416.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1368000000010000000800000000409120d035d9017e000000010000000800000000c001b39667d6017f000000010000000e000000300c060a2b0601040182370a03041d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589100b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000006200000001000000200000000687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739090000000100000042000000304006082b06010505070302060a2b0601040182370a030c060a2b0601040182370a030406082b0601050507030406082b0601050507030106082b060105050703080f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	setup84334416.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	setup84334416.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup84334416.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	setup84334416.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	setup84334416.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\How To use Evon.txt:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\How To use Evon(1).txt:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3812	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
4672	setup84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe

Suspicious use of AdjustPrivilegeToken 16 IoCs

description	pid	Process
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	4672	setup84334416.exe
Token: SeDebugPrivilege	6636	OfferInstaller.exe
Token: SeDebugPrivilege	6648	tasklist.exe
Token: SeDebugPrivilege	4268	tasklist.exe
Token: SeDebugPrivilege	4584	tasklist.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe
Token: SeDebugPrivilege	5236	firefox.exe

Suspicious use of FindShellTrayWindow 16 IoCs

pid	Process
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe

Suspicious use of SetWindowsHookEx 32 IoCs

pid	Process
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
3744	Roblox Evon Exploit V4 UWP_84334416.exe
4672	setup84334416.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe
5236	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5628 wrote to memory of 5236	5628	firefox.exe	164
PID 5236 wrote to memory of 1608	5236	firefox.exe	165
PID 5236 wrote to memory of 1608	5236	firefox.exe	165
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 3588	5236	firefox.exe	166
PID 5236 wrote to memory of 5916	5236	firefox.exe	167
PID 5236 wrote to memory of 5916	5236	firefox.exe	167
PID 5236 wrote to memory of 5916	5236	firefox.exe	167

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4944 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5716 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4620 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:1136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=4640 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:4804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6108 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:3116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4944 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5400 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6120 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=5524 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6216 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:2704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --mojo-platform-channel-handle=6468 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6488 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --mojo-platform-channel-handle=5444 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6844 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:5528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6972 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:5540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=5540 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --mojo-platform-channel-handle=6560 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --mojo-platform-channel-handle=6760 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --mojo-platform-channel-handle=6372 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --mojo-platform-channel-handle=7176 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --mojo-platform-channel-handle=6896 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --mojo-platform-channel-handle=6568 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --mojo-platform-channel-handle=6880 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=7292 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=3568 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:5236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=7652 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --mojo-platform-channel-handle=7856 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:1
1⤵
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --mojo-platform-channel-handle=8084 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=8504 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:5756

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5628
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.0.827704323\898595417" -parentBuildID 20221007134813 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81655d2c-448f-4a86-96c3-8c25b3b900ad} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 1992 1e27edd5e58 gpu
    3⤵
    PID:1608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.1.583309015\1410114905" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20707 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06d001d8-ef5d-4cc5-bb2c-c541ecc27f58} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 2380 1e27ed05358 socket
    3⤵
    PID:3588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.2.1812611290\229000921" -childID 1 -isForBrowser -prefsHandle 3104 -prefMapHandle 3272 -prefsLen 20745 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0369aa5-3e54-493c-8f43-fd81f703c0fc} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 3236 1e2057a4e58 tab
    3⤵
    PID:5916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.3.174634601\1033801497" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e2b9013-b6ae-4c40-a1b6-a1734fdcd7dc} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 3636 1e206695058 tab
    3⤵
    PID:4576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.4.2130679679\1078241283" -childID 3 -isForBrowser -prefsHandle 4044 -prefMapHandle 4040 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f20d52ac-45a8-4e68-a249-1d999af22189} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 4056 1e206bed158 tab
    3⤵
    PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.5.1477233542\1214110019" -childID 4 -isForBrowser -prefsHandle 4952 -prefMapHandle 4948 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d82847-f144-4422-8424-1d4ad5c8b920} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 4964 1e207779258 tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.6.288433158\2007431411" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e99a5f3-d9c1-4397-96ed-979f5f302f58} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 5100 1e20786eb58 tab
    3⤵
    PID:2668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.7.1622494334\1118108165" -childID 6 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {51a4675c-6d58-4ddb-86ae-541ca9e1684c} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 5300 1e20786f158 tab
    3⤵
    PID:1208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.8.533795943\958780003" -childID 7 -isForBrowser -prefsHandle 5888 -prefMapHandle 5864 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbe17544-03b7-4a69-99eb-dbf2dbe48ff9} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 5880 1e2095a2e58 tab
    3⤵
    PID:6556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.9.1679611674\197728436" -childID 8 -isForBrowser -prefsHandle 2920 -prefMapHandle 2924 -prefsLen 26487 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6e5fc18-7406-4efa-bda7-467221ab229b} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 3596 1e202f4dc58 tab
    3⤵
    PID:6504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.10.1180949531\466895443" -parentBuildID 20221007134813 -prefsHandle 8996 -prefMapHandle 4576 -prefsLen 26566 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a4083df-feab-4f88-b522-dfd7aef93144} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 8988 1e20a68f458 rdd
    3⤵
    PID:6312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.11.1658355949\511696041" -childID 9 -isForBrowser -prefsHandle 1732 -prefMapHandle 5824 -prefsLen 26566 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e19573c9-6431-4b53-b9eb-af6066c6abfc} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 9412 1e20abc2658 tab
    3⤵
    PID:3132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.12.1266537820\1285321057" -childID 10 -isForBrowser -prefsHandle 9304 -prefMapHandle 4272 -prefsLen 26624 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adada88a-1c68-4da0-925e-25dc89c3cd29} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 4284 1e207779858 tab
    3⤵
    PID:6836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.13.365011680\681586832" -childID 11 -isForBrowser -prefsHandle 3760 -prefMapHandle 7584 -prefsLen 26624 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0986c4a-5b81-4b1a-935f-d24b9739c3bb} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 6996 1e217f75858 tab
    3⤵
    PID:10700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.14.798656332\1387217540" -childID 12 -isForBrowser -prefsHandle 9824 -prefMapHandle 7596 -prefsLen 26624 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87c6751-5b75-4d3a-8449-9cd10d2292e8} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 6736 1e20ced6158 tab
    3⤵
    PID:6892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.15.1924562152\63204142" -childID 13 -isForBrowser -prefsHandle 9548 -prefMapHandle 6632 -prefsLen 26624 -prefMapSize 233414 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2478f8b-6ce9-49d0-847b-88859a1d5aad} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 6868 1e217eddd58 tab
    3⤵
    PID:7648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5236.16.675407091\1687977511" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 9664 -prefMapHandle 9600 -prefsLen 26624 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b54ec233-9cf3-4f1c-b36a-426b10eed930} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" 7928 1e21b57ee58 utility
    3⤵
    PID:1820
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\1ea295b8-7d80-4466-9b10-d3c86e0fe838.dmp"
    3⤵
    PID:9448
- - C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
    "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\1527904e-f538-4277-b2d2-73b1057a6683.dmp"
    3⤵
    PID:9360

C:\Users\Admin\Desktop\Roblox Evon Exploit V4 UWP_84334416.exe
"C:\Users\Admin\Desktop\Roblox Evon Exploit V4 UWP_84334416.exe"
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3744
- C:\Users\Admin\AppData\Local\setup84334416.exe
  C:\Users\Admin\AppData\Local\setup84334416.exe hhwnd=590338 hreturntoinstaller hextras=id:d8d090d10951db6-AU-8jA2z
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks for any installed AV software in registry
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4672
- - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:6636
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      PID:5316
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 6636" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4268
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "6636"
        5⤵
        
        PID:4872
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:6176
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 6636" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:4584
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "6636"
        5⤵
        
        PID:6196
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:4664
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
    3⤵
    PID:6744
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "PID eq 4672" /fo csv
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:6648
  - - C:\Windows\SysWOW64\find.exe
      find /I "4672"
      4⤵
      PID:6684
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5
      4⤵
      Delays execution with timeout.exe
      PID:1324
- C:\Users\Admin\AppData\Local\setup84334416.exe
  C:\Users\Admin\AppData\Local\setup84334416.exe hready
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2332
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3812

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\How To use Evon.txt
1⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=6004 --field-trial-handle=2268,i,4334050275411101233,11484630688883830558,262144 --variations-seed-version /prefetch:8
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\11412

Filesize
10KB

MD5
324d9b66d310712aeabf96dd814ec000

SHA1
5ad69997add69854d54d6f9573d0f85894bafdaa

SHA256
31043f982467c50f6b9b629043476bedab36843295e1e319aedf762c9bddd83d

SHA512
ae02f22037d6ec60834f33a84b2a6139058c02ef4ccca3201284f0a273eabbc2dcd358afea12a69a91534f59e5dfd27556782927a15f2ff2cd3db8d52c50bab2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\12059

Filesize
11KB

MD5
4053b961ce915f4ca872a469c4376fc0

SHA1
8d5826355387e8cccb6c1085094346252393c896

SHA256
f89cb91c9cf2555516d63f8369b21a932655f16862e9c869d7708da698a9cb1d

SHA512
b0636ee82b2f2e6ba702e8bbce337d8b91d5404c4dc1832a761ba77da3a49fbca920eb2d8f14aab4c45aacd6616a5126eff9afd80e017d86f81648c9653ad8af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\16009

Filesize
11KB

MD5
83d04199825ee78ddbc3bdea4098c48a

SHA1
5fa3c10cca2c31db569b78faf91be129ffe404f3

SHA256
d32a9f8682f8f762e144302b597b94cb458bdb69d50f26d39eefbc91c0103d5a

SHA512
9931e57032b7188bfca433b14e9b94237d6d8f6c550b73a58ec142347220f4e74644a66c730a33b409883fd47b09121656c16463dfc0fcc533b6a3a79999efec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\17012

Filesize
10KB

MD5
61d8b0d1427f2b2b747d309030c0b85e

SHA1
a59bfdcd2b904bdf675b99771e2cd33de25f769b

SHA256
e6d0137a60cc33bdedc95beb6e7dfc66a15a02a94848edcd03985af734dd4e7b

SHA512
2216fec6ec2681194299d6eddddf583f21b8975427a08f2dd787054af4f9f4b088f1eb8d5b1a2dd9c1178ac96b06a5e2a89249fe3046e7baed2970230dcfee94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\18727

Filesize
9KB

MD5
6dff54a57471628824a5e9c8898000ac

SHA1
37f5b163a3485c237aac7fcf25ec45435a0cc26d

SHA256
6618ad44fdf3c1fba93b8b8803d6d1b6e30a9de13a4257830f8ab799e08b8bb3

SHA512
bb61fa94af471482febd5857ac8c40426e6e88f3edfb58bccb46579b6e5852603af6661472580dc51ddf2d80f390407c6e94e772b04abfcd3f28f86b7a6dffa4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\22942

Filesize
9KB

MD5
a80ed1a0f2a98a1f68bb3f9aee5352e3

SHA1
c0bb487254b7ee53c6cf3527df9d741e3fabe0be

SHA256
05371fc38aba272cbb669b98633aeb2c38f547a6514144b434956e21ad96aa4f

SHA512
a63c010482fcd7e300c65320872545fbba6e68e097b0d8795e5d3ff081ee8859f6d003d7999d188f94101b21e406fc2e46f6613f2fd96e1ce477954587b0aec1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\doomed\29935

Filesize
10KB

MD5
495cc838ff95f3acc09be9647c6213a5

SHA1
19b8b109c640a65b0f4e8d59b380e241d6e059fe

SHA256
e9d01059ff24c301aab03bfee61a3f798ee7a9d9db16a45af538d6219d0a24dd

SHA512
6be7b4dec6cc6c974d7868875fdf11ba28b9b25a070557ee261dfa4f0f51c084267b6b090d5da4cd10df4acf8b6248ed2362b78c79065b41454626227f07455b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\entries\335599A97E83F3EA98572837F9C7B378F4E9A50C

Filesize
8KB

MD5
e2f5f5afb3f806f7cf835f57b9ec8680

SHA1
118214c6f60fb01ae50ff0565d1bf7d034918cd4

SHA256
2aa230476dc86e2a9ecfcac37a610c7845cdba4ca2dee601ecf4f281b220231c

SHA512
2ce89c07f867473e92d129e4b14485fcb7adf169e2d326c517c86a7ed4c3b8b80d921eabcecb3e71afbbdc1f1f66b1003b56a1bbdbe15dbd9714823d7046df44

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\entries\4EED77ABF2B13446DC47048EDC01C87DFC8AFFC2

Filesize
31KB

MD5
e6265209f066998be2df0dd130f61b4a

SHA1
9318b9f885ce074b86aec79b55d44d3333771a30

SHA256
d8d4600aab8624e03ef6a0dd021a786e0174a5882df5379b8e1963493ef329c8

SHA512
529dce1c443d9239e2ebd409823b207744e7c5a7002c9a41cc32bf474d801048bb15e058447653f62376c114cdf29fa5a50089398b07507a2f94e8c8b6b1a40e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\entries\A2CF9B5E9EB6A15FEF9EC8ABD31692561DA6882A

Filesize
2.3MB

MD5
3517453cc0ad3c5c1fbd8827b8307b0b

SHA1
172388bdfd725899e01e49a105412e6f41530c9a

SHA256
adbd7fe460bd0f6469fe346a48bbcc96327989b68780430f772e51ec86e2236b

SHA512
ed7b2424f52aeba745c52a38ccdc325afc0a8b992dc29a17a6e2e5375de3a696119b7afd3f3bffef7738ed66e2db4794eb5c5faaba36a229aec9724e508df4b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\entries\B070E766AEC062BC2188695BCB6AE1DCE8C8F763

Filesize
38KB

MD5
596cfddf9693ae2f165b724d69478216

SHA1
58cf196288bd0f967d9aaf49f1353aa16b3803ab

SHA256
9f182c6f4e38a83af0a5d83493d1a5cd363373b0e5d6d47577a8fa71d849c918

SHA512
c82e86a5de2726d810ede081e1e7eeff95395cbb8bd7a71ec5984b8bd25db143db1fbc5f4c2bbb823bd9f3d8968a25b9cdafa0abc0a92a64fc7d2a550c0aa078

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\entries\B8F8C357C1036D2AD04BA86AAC552981B80B66D0

Filesize
9KB

MD5
0fb799bd2c97e90cc91478ae9c83dde7

SHA1
586ae99161b1c3437258db62dc4765ec9b21f763

SHA256
711abac4e4c331e2ab051edf9dd5cc6ad31f91a335cc4f273802133415500552

SHA512
6c345a6d131f0cdc6f852f0bc37acff6fe894a13246fe21cec07384d8b104726273e39a58a2e7dcb297ae27aac6864221a400dd182bef68c9c4c5f8cc7cd3599

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s7sufels.default-release\cache2\index.tmp

Filesize
79KB

MD5
2a42b35f15895b312f2b531e73e320c0

SHA1
1912ee95f81057398a67f98f0a36c08cb7f9e1fc

SHA256
207e072d78105747f4ad7f4194369fcbcac97a54574b3d643abf725c05840074

SHA512
c1b31b45051d493dfc8d57cca3ac9fa7ad3dca3997edaa58726ca1e24dc2370ca051066bc5e153e0b5320fbcea9f9f9868bfd2373112e44d87f8143dacef304c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
5.7MB

MD5
38cc1b5c2a4c510b8d4930a3821d7e0b

SHA1
f06d1d695012ace0aef7a45e340b70981ca023ba

SHA256
c2ba8645c5c9507d422961ceaeaf422adf6d378c2a7c02199ed760fb37a727f2

SHA512
99170f8094f61109d08a6e7cf25e7fba49160b0009277d10e9f0b9dac6f022e7a52e3d822e9aee3f736c2d285c4c3f62a2e6eb3e70f827ac6e8b867eea77f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe

Filesize
26KB

MD5
cef027c3341afbcdb83c72080df7f002

SHA1
e538f1dd4aee8544d888a616a6ebe4aeecaf1661

SHA256
e87db511aa5b8144905cd24d9b425f0d9a7037fface3ca7824b7e23cfddbbbb7

SHA512
71ba423c761064937569922f1d1381bd11d23d1d2ed207fc0fead19e9111c1970f2a69b66e0d8a74497277ffc36e0fc119db146b5fd068f4a6b794dc54c5d4bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

Filesize
1KB

MD5
9ba0a91b564e22c876e58a8a5921b528

SHA1
8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

SHA256
2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

SHA512
38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\setup84334416.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
04f6c2b81609fbd238c7196e586f8d24

SHA1
aa75f071214ca060eb54eaa48c2ad1bb16b5341d

SHA256
f5db209613867c80eb9f95bec10f3f2198726ed1be30f2b7f41d91ada824bae7

SHA512
00249ffa735ce4f214989b59374d90fe153dc72465964fc5fef46a9ac9f1d445f6a41078d78e5f74788c098e74e54faee7ee2a9a0aea43eeddee7788950bc32b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
fa7fcbeabb500a0e4bf5b2285e5e09d7

SHA1
02a6ee173d42746f9d6dbcbdebb3f2767ef39159

SHA256
7388bc4ac3433379370d1203bf2b5ad78c69447c9e656dabfe4f1ef5b04db318

SHA512
6c670f976403abb59ea471cffdf44e9f9e9eeb434f97e3d39b2be4344b2078fd299e6b108b7899da231c98624eb63fd5ee3af8fd6fbf7947c92c9895b0497afe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
c2496cdd82c300ec4f1f24c1a5f4b6fd

SHA1
4feec45c64bda7d842d7d1fca71b40032b729c1a

SHA256
39596f7236785487de46f780a5e645c30fa3f22625f1bf8edcc8df2c67e0dcab

SHA512
0bb4609aa19f01e347615f729152e3e2b702920e27295ec467f8e54bc871d790faf0d28392babc4e8b7292bc8ed708abebc228e90c72761a6230f9dafaca4ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\SiteSecurityServiceState.txt

Filesize
1KB

MD5
f8ea76333ed50631e0c4c9fc363f9b7b

SHA1
1d9220f18d818905463df9f98dcee1eaecdeb9aa

SHA256
6977c74bf0c6f334383ecbc12064367d04db049efb29ffbfc98eda6e70bc64e2

SHA512
ecfc439ed20c10f7761bac6255c50a48108bf42f00cce68b4c9e1e57a4b702ca36337eb8af045c277aa2857fa18fb99359faa40d79cbec91d497315c0063bacf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\bookmarkbackups\bookmarks-2024-04-11_11_zL0bGnqsCiHwBiw8eIummw==.jsonlz4

Filesize
954B

MD5
c34a9c3309b532343e564aadd6a562f6

SHA1
92f11a89605c7eaa70a9d121c60f7b5140e5bdc9

SHA256
3b501f58051bdd00839ac84c0cd7ed829776ce938215268679e31581d3f3009f

SHA512
b46de5b156bd1996f439b962444e577850704400ab402afbb7e1c6c48c96bc00fa251da4b643d2b15730349edef16fbb97ee1c38272cb054855560b8b65b559b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\db\data.safe.bin

Filesize
4KB

MD5
3951c86855d799fdec68c2defbf450b5

SHA1
a14386d4a0f999dde2b9b14c2358806e7d7a9a44

SHA256
0d87a9a7ff5eb6a45d4d8eae1836d0aea8f677782f83ed2356732318bd6423c8

SHA512
415c9a4a7cc3e3c46269d2411d878ea18b9ce912e7adb312306f7921218bf72c011a03c1f9c3befc2281f8d346a7e5da9f6931890cbd50d48030062b656389da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1a2c574b851838bfd02ca9948c1769b0

SHA1
86e9bbf4895b0e0fcf238d9878cc4ab35e6b14d1

SHA256
79df6f184f77ad86c9a700ae6914290c5dd5a74bbdd7e5495ca7a74de0013101

SHA512
2a7f1e7ad42131ae5456a8105f38314e073ca8fdf54561bd0f2877354612e75eaa373b4bc11fc1b4ed4b5fdaa94640a0ea6064c176cf093bbf25d93c1889b941

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\pending_pings\74dd17ee-b0f2-4e4b-8d7b-9d6d37116a4e

Filesize
746B

MD5
4005dc82f2a4545ce49b7ec16a85102b

SHA1
918eb56051840533e7bc92e8bbc0d458a5ac96b6

SHA256
0e4e5e8a3da54e574d9dec76261f5605688eb74470521b81c81b58b91a50d5b8

SHA512
994a5fc804243f35de34e68f15fc8ec9bc6eb0d03158485b004c1042ce51f3d57fd3433a9b402b2d6ddc1191137624efd49eb2c16814ef1e25c29b17fd7cc1ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\pending_pings\8ac3b7b7-8a3f-4313-8fb5-7b141ad98832

Filesize
855B

MD5
49f47b10521c07db292a1534691960c2

SHA1
9cb87bfd9b06aa61fff9daf8bbe6c3e8b2ab710c

SHA256
eebd5901429e62737cc221dba9199fd335569c55e995032808dffa847f2d722b

SHA512
579c65ad743ad7892ca72649f81af5df1a5b17e93785e6ccb0df138b2b05713eef0afb39bfa8507322f5362a60286f061a428b9c3020dd413e5099de6169bf97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\pending_pings\928c69e0-89b9-4519-ad42-6d81b6ac78e3

Filesize
11KB

MD5
ad930de0cd901804ccbaeecd273f9828

SHA1
6327befbbe0eb90301a6c3b38e07de240a61e459

SHA256
1f28fb63997302b3aa9a46e270191f5cb3d6bd9cf9ff2b0aeb08475fe017c10b

SHA512
36a93b7119ef0e0792a1727c413e0556d22571c47b84a8eeb82bbf6c6ca296c33687fcb0685bbe1e8de8e6f43552397027e2c66be7b72794d5e21922bb950121

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\datareporting\glean\pending_pings\b58d27e4-46f0-4e67-9139-287694992cd6

Filesize
935B

MD5
ab749197d6fb2cd4f02540913a72ba95

SHA1
6b777068546e6fc654795f6fadac8ec09ea4bcf3

SHA256
3ada25376c3690455b57d933dfb6d233ee6edc8c18b241054635053c863f41c9

SHA512
1d8719ddcd7547e26bffff9b45fb09ced006193709dfa95d1be783ce884a9de80c0ce1ae89857fc1bc3a659683737cde8f68a61a6179191b3b5c0cdbe901c6aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\prefs-1.js

Filesize
6KB

MD5
83db4959f345b9094c06d7762c273e8b

SHA1
75a2ce76b33c7d0273e671b5ea4b8f2cffb36bf0

SHA256
60994e0f9ca7a2f856c606f584a49601879044fba3a2e287e47ac436d20ef270

SHA512
7bd4f9cb851d2c38d629e0b2647944022fe1e3e0713298f6b3e1ebb35530b953960ace50c4a74f1afa8ee10e7d7e0a312e475a61b8124a416471cbf41d3e6dd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\prefs-1.js

Filesize
6KB

MD5
0000f281f7a23caef2872e3598e82672

SHA1
0917706b7bdf3441e66856baee49d2d825b3405a

SHA256
fed1a0220caebf7f0af0e614899ff86e5156ffb418b937d67976501042b8dcf2

SHA512
a45e175a97c52e6ad781aa5422043c6a3ee173652f6aacb2d47d449672f65a79137e9c533aac5d4398bd891ad44cf35e6f8e2b9db2d8e686861b1261504a3283

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\prefs-1.js

Filesize
6KB

MD5
02b1f4c7d7ba1262a106ac060fe99185

SHA1
08fc86b84315abf9bb387c36d196660b26498cb0

SHA256
9e7ff3fca1895cd96bd91b866c46ec436bbe40e116769e2557a16d9e2081c07e

SHA512
5b42fd7c198869169e0f6877f6795dc7edca654b1ca8ae34caa8cda38a66644c791eb86fb04ed72266b6672a8da175abb2bc510cea3650396da07ced8f5d55d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\prefs-1.js

Filesize
7KB

MD5
100786e62f2c22743eebc7dcace97b74

SHA1
c994d7869fedfee3914f1bc2966a00a1e2042845

SHA256
a36e5ed27abdeef402f4347dcef2978451bbb81f16aeb743979dced1cc151a44

SHA512
8198925ce537e2784f0e44096ea38b9fe8ec708fc89f2145484d2a189f7856100ac4eb6c373860f701e370152038b06a1a4de371bf3816fede5ff03b0ccaa104

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
1ddb94a54ef1f7e9c7c55fdcd7e80e97

SHA1
f65c2271e220dca6c694f77f336baff170bb575f

SHA256
fdf393498d94be98c18e8c9b391212e4a972b914a8f03d9779cc9eac1e903537

SHA512
9b96ab527f726c2a08525eeaf78ea4293759d6c4385dea87eef6ad30d566192093286c2be7705984dc56915a512b47de7001fe13bf1203d34ffb8728525ab9f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
b868bc2bbd43de16479df1ae4d5e09b4

SHA1
e590a823d3639fc9d77993c3497916363f8999c2

SHA256
60c74bb2b5d5c15065a00efa4ae89d1d25d5385de7ebe44a665ade3edbfad161

SHA512
3292b278af92c4677d9d512e737e282626deff57adc39ab1f7b17a5c6921e67fb57d0136b653d1f91e411e0eface0e480c5aa800fa1bd6a73113d934436770a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
fb2af24937846583e62bf3afc09b0557

SHA1
cf3f0639b0b046805a9fa95ce229621a5a5e01d0

SHA256
64a73af39e5ff111e5e6d10d5f122d42d886d035b362cdeff382e52910225f3b

SHA512
b0097ca8edb58745f8da71a383ba1e332bbef8fe1fd97e2c5fd65d4cd1ffd4617c46d52884dbeba106d0c021b0d260c39120d7018587489cfcb31392085eebc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
7e74dd2705f08f20d89f05e5c984966d

SHA1
60436956113e48d89b18d392247692c696c966b4

SHA256
68cdb1c2a72132323fc47bb2386c8550902b71f362375030f24f884dfd21eb52

SHA512
30de02604acf24ee577082aaaa0faf7849363d91f305654a1618420867eb300df1b1efe6aa482589267ed5ba93ce3e85418b112b586c5fdeb9e46d708e7ea605

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
82438d4621ca74f4b39c2c880954b96e

SHA1
9cb271da5daa7df637d9ecbe9c722554c053d751

SHA256
6f855b55212c91ed89f35ce18a847b721720bcd77aa8c7c223b45dd90edbdf25

SHA512
d89bf03646859fa68fa8362756856acd797872271eb0fd484f9917e1db8e9dae741b91d733af1dfd32cfe3bbfe90034e223b778b386924465ce533b15e27597e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
5c1e2fc775604ce63b614f49d13a48cc

SHA1
e44eff7749ff6776a555b27c89f0c69e6de74ad5

SHA256
12b31f80f6286bcd559750edc842a2acaaa39b79e3a23ab040d8ece5ef8776bf

SHA512
69a6ab0e2bbe2170cf43f51cef4f7ee77b9f6857f0a54925ba53da271ba1ae36e8abd5cf3058197448926aa150276f90fb3dca787a3625419bdf05151a861534

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
40be4c6365be9750735755729646271b

SHA1
8fb7441673848f100b6d74a722c01abae208c89a

SHA256
5a46715c5837ffe55af3b0b47a3fd319800d26756441aa5c833213e9ab75396e

SHA512
cb2187c84d69deb9f312e1ce10981eb2983ca152951de6f324a01745a2af714ee2dea950956fea00a0cd8e308f81cca4358437b2789d7a9b18ad756efa6c47ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
c8847869afe04bd5dd2fff8a6935c913

SHA1
6574ad375a67e1445b2370d2f87dcc333d3478a4

SHA256
cbac58e4b2429f34b4169c78673eb177d240fa98eeaa5c84e89acc107a31ac09

SHA512
4811dbfe11509a0b206734425611393803e6cac70d56bd6bd0a50e72e9e6e3e02d57555b20b51ddb0f2b994a25aadfb5bd9e636d68f6b5b41aea14ff048f81d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1afd7c11520da6846e7b9cb169679641

SHA1
4c9285fd045517cef75f31d4e8de1b781b0cd6f8

SHA256
41b57e9d2ca3b780d1a66826d6b9284c9eba253be61173f7325fdabc1befe36d

SHA512
5bc5d65a086556be46c28f88f1ca6355de983753cc206ff786d63afb3b23634d5a994778b61fe2f49fa7c0c64c77b25cf1721a4afb39d32219a850b374aa920d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
08b0aa3d8a875f22d8ec2c6b9adbe4af

SHA1
ca4076fd7c1b58a0f178e0e06ef03ddefad4ad22

SHA256
396eb5568a61ab158686b5caafc997863ed91ec021310e5dd6252d6e7d1bdef2

SHA512
5837e4f846a320abfa28c55f7ca0dda63994ffd14144b825a4bc0eff27e2003aca47b7b43e8e1c3f459147e1e535ba864eaff9fd3c589c0ff06fd973a879c658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
07213d10850da50a21785ed0fa320cfa

SHA1
9a56e49514a12263eaf3f84a4dfe8512411a89fd

SHA256
6674169b01373417705ad4a90852fbf3e0eb29e859e440b4f4cfd56853770579

SHA512
9e1320a527ccb457bba34a66bdf1245af31e84170008848faf83824e4e60a29d58ff02fe5742097e476b7b9fa73962ead49aa39d0695d21e7b267b3b8f306e90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
59e83eb71b638007126d36d90de2ac38

SHA1
751e9f295bb9335ed266920df2b8a48fb1ef57e5

SHA256
5b1a9b3aceaf39198572cc11e570d219007741bb908ae91c64be32d629130e12

SHA512
7092d02b54a55fc958573758018aba709ff694d2a51cadf5c4c718ae4af8129cd1f76fb3f479dded4a96daf694d0264d29fae5859ce323b6112eaee8b88ad23f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
069702a806c3c265a482c33c943012a0

SHA1
cf7dfaed508f4bfec18cfa107c950a4fb3f98839

SHA256
1393b4d6b24be9d8047d851bf23661709fbcdaa370615f119b12f3a44fa90273

SHA512
317ed473ad82d3e012bb8ba230376feab101b86d61886761e1f0336c19a754e2ce78c47c9612da0080e1f227f5dbfccbb9565d17c5d297c04541c96fbad4c90d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
049afa70caea683ff4ad2f484bad645c

SHA1
38a33c39ca57ce7496c1601bef84175f545d93e8

SHA256
c347cd2d6acea1ded555c636e373e3f74d72f40430d8ab0929adaf9e6c39b19a

SHA512
99a28d23f108a4171beff260f7f0cad4d0400de1614294399723d95e34f67a73a1f8fded634897e2600d7512714652bc08d8ac9f3b1dafca9751e02db8511e1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
f0ae1c24ad1635de6dc47db0e499f2c2

SHA1
961f3d482edfba3b24484accecf1c36fe535716c

SHA256
a0ed479589c62cf0b20fca1bcea163896dd3906a555bb8c037a1201fe7b7c9f7

SHA512
498c728a7da5ab3dffe4924c0215bd8de751127901af6b4e63fe54e5d2c1b89d7c0b32c61a2fa1cb11e1e827771097be888d92fc32147ad6d0053be1b3c16069

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
59dc076f6dc05c92b6e54242fa730f13

SHA1
02e2f2890f87a198b315b090c349b83e9beae6fb

SHA256
9a0df49707d51a771051f065d631dee324578f26c2c94b9aaa73441c3ebe550f

SHA512
513a1b6fc26bbbb0921e24cca96a7e9ff85c1f9abb1c3e1afe8da1e3c62a105bfb83613820a3b00765460e1223e541cc72045f311d6c8242c600c7c0193e7726

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
4603ae65ece6053031a69ec1776d29e7

SHA1
a12a5cd2992128bf55e6e0a5fbf3b0cf6d3900f2

SHA256
75064ef345a321bfea8a15cb7de0f12618d6b0ab3cb2960beab2b4a985090365

SHA512
c1aef4e55c041c1d32ce4eac338ba7b12e79d067c827f03557b372b757e82f35ef57054bae73ece14cce1faf34b419a88d05e6c02b26048fcff03a2f2cf46bfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\storage\default\https+++www.roblox.com\ls\usage

Filesize
12B

MD5
cc9a2ab1b684a52abfe44b9913029602

SHA1
53c124967a691bd7076b465ab4724d319eec686e

SHA256
889d947a2d8fffad0e26405862e0054a7f73d18e234b8235221857c771710df7

SHA512
f15c68731b43024dd98b2ee2a3d814d0f4cbd955c06c45316e64da2917006aa18dc94335f0b283a6e835579293aff3075b6ef17e58bacb4f61cec54ecf941b1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
408KB

MD5
92ad9c1d4d153073d625d6836707e3db

SHA1
3e73b99aad3f633470966cbbe26a22d4ced806c6

SHA256
7c75784e593dc27582e0b90a1fcd4da38b73b5f4e68dee30a16672d7e6f627db

SHA512
787ee2a13cf4ac249c698285dd5ac118bf446108043bf79919944fc0c72a70021e6aa594fc02617f6b7c835f9ff550efc2130331e05b0e003ad9060808027497

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\targeting.snapshot.json

Filesize
3KB

MD5
5c68d9bd0938b1fe016a894451ead681

SHA1
6d442453e208019cf91bd91857c532ffb9dde768

SHA256
999bff181ee712599fcd81866be21af00a4e3a5b5059e73e195fbcc2b550e52e

SHA512
66233ff61dca95235dd693ad68fa05d7d4d76ba4b3dd5be7d8c7a8eb2e2b0abd87c94d80bad62239ddfb7ce8a3897f0ffcee71445932a5ba655f147470008226

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s7sufels.default-release\xulstore.json

Filesize
141B

MD5
fcc0a4014782f3927e71baeddd2dfe68

SHA1
af19885e5f719a6485066c6317361c6858d70fe4

SHA256
a4e0791db84036961904babe1a29dcf3698bdcd8b92389dda01c699f2ee52ecd

SHA512
338fbd72c9c4e657feb9ae548601e1bd1da1c4e1ec9b7e475b34fec1feace6af6161404cc91a2babe8d6aa758a460975d859d92915d6297f48e866a5653acbc8

Download Submit
C:\Users\Admin\Downloads\ST5E9e4F.txt.part

Filesize
205B

MD5
f9f39abb0e0a9c8953aef46733b24a23

SHA1
533799df62153dc93d3c3e48c20e00b4d8a1c65c

SHA256
e630fc474a3d55666a3757c84d9ac06d23d824d290e48b8cc369d032ccaeda51

SHA512
02bf96316f7181bfb1c23da73ea833134719d8c07000fbd8baeb2633979e9f7f44fafb092b24924227d31fb6f90b88365bce436ddf04ecd0f4b4b22a5a7d9ad8

Download Submit
memory/2332-1605-0x0000000005530000-0x0000000005540000-memory.dmp

Filesize
64KB

Download
memory/2332-1638-0x0000000071C00000-0x00000000723B0000-memory.dmp

Filesize
7.7MB

Download
memory/2332-1595-0x0000000071C00000-0x00000000723B0000-memory.dmp

Filesize
7.7MB

Download
memory/4672-1408-0x0000000003410000-0x0000000003424000-memory.dmp

Filesize
80KB

Download
memory/4672-1416-0x00000000059C0000-0x00000000059E4000-memory.dmp

Filesize
144KB

Download
memory/4672-1550-0x0000000007050000-0x000000000705C000-memory.dmp

Filesize
48KB

Download
memory/4672-1537-0x00000000068C0000-0x00000000068E2000-memory.dmp

Filesize
136KB

Download
memory/4672-1536-0x0000000005F70000-0x0000000005F7A000-memory.dmp

Filesize
40KB

Download
memory/4672-1531-0x0000000006950000-0x00000000069DC000-memory.dmp

Filesize
560KB

Download
memory/4672-1515-0x0000000006280000-0x0000000006292000-memory.dmp

Filesize
72KB

Download
memory/4672-1498-0x0000000005B70000-0x0000000005B8D000-memory.dmp

Filesize
116KB

Download
memory/4672-1464-0x0000000005B90000-0x0000000005BB4000-memory.dmp

Filesize
144KB

Download
memory/4672-1488-0x0000000005C10000-0x0000000005C3C000-memory.dmp

Filesize
176KB

Download
memory/4672-1556-0x0000000007630000-0x0000000007BD4000-memory.dmp

Filesize
5.6MB

Download
memory/4672-1480-0x0000000005BC0000-0x0000000005BC8000-memory.dmp

Filesize
32KB

Download
memory/4672-1472-0x0000000005AA0000-0x0000000005AAA000-memory.dmp

Filesize
40KB

Download
memory/4672-1456-0x0000000005AE0000-0x0000000005AFA000-memory.dmp

Filesize
104KB

Download
memory/4672-1448-0x0000000005B20000-0x0000000005B52000-memory.dmp

Filesize
200KB

Download
memory/4672-1541-0x0000000006B60000-0x0000000006EB4000-memory.dmp

Filesize
3.3MB

Download
memory/4672-1424-0x00000000059F0000-0x0000000005A18000-memory.dmp

Filesize
160KB

Download
memory/4672-1440-0x0000000005AB0000-0x0000000005AD8000-memory.dmp

Filesize
160KB

Download
memory/4672-1432-0x0000000005A50000-0x0000000005A7E000-memory.dmp

Filesize
184KB

Download
memory/4672-1563-0x00000000081A0000-0x0000000008754000-memory.dmp

Filesize
5.7MB

Download
memory/4672-1383-0x0000000005A40000-0x0000000005A50000-memory.dmp

Filesize
64KB

Download
memory/4672-1362-0x0000000071C00000-0x00000000723B0000-memory.dmp

Filesize
7.7MB

Download
memory/4672-1363-0x0000000000D30000-0x0000000001108000-memory.dmp

Filesize
3.8MB

Download
memory/4672-1664-0x0000000071C00000-0x00000000723B0000-memory.dmp

Filesize
7.7MB

Download
memory/4672-1693-0x0000000071C00000-0x00000000723B0000-memory.dmp

Filesize
7.7MB

Download
memory/4672-1668-0x0000000005A40000-0x0000000005A50000-memory.dmp

Filesize
64KB

Download
memory/4672-1624-0x0000000006FF0000-0x000000000701E000-memory.dmp

Filesize
184KB

Download
memory/4672-1579-0x00000000072B0000-0x0000000007342000-memory.dmp

Filesize
584KB

Download
memory/6636-1688-0x0000000000DE0000-0x0000000000DEC000-memory.dmp

Filesize
48KB

Download
memory/6636-1689-0x0000000071C00000-0x00000000723B0000-memory.dmp

Filesize
7.7MB

Download
memory/6636-1690-0x0000000005720000-0x0000000005730000-memory.dmp

Filesize
64KB

Download
memory/6636-1699-0x0000000071C00000-0x00000000723B0000-memory.dmp

Filesize
7.7MB

Download