5bf2d564fdf510152de7de42aa84e19ebf9b5133706f9dc886ad7914168530cd

Analysis

max time kernel
839s
max time network
847s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20/04/2024, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnthemScore_installer_windows_x86_64.exe
Size

20.6MB
MD5

746560ad63c2f2ccd5d7f2d43fe005ae
SHA1

299a29a2e5f2e2fa144a4a779bbc3698cf044e31
SHA256

5bf2d564fdf510152de7de42aa84e19ebf9b5133706f9dc886ad7914168530cd
SHA512

24d362371cad5dbb9dc4f841e036fbded40b9a14a41dbc51673127736b3993cc4b7714ac8abad2b70a75a1acd7be871099d23965bc3aae31156de3443f5c128e
SSDEEP

393216:icG3VLZOTokEXS9QSFhgPvKIi5Jsv6tWKFdu9CSW3:mLZOJES9rhgPiKW3

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation	AnthemScore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation	QtWebEngineProcess.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_68.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_33.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\maintenancetool.dat.new	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\ru.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\installerResources\lunaverus.anthemscore.windows_qt_libs\1.13.0resources.txt	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_4.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_63.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_29.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_16.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\avutil-58.dll	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\qmltooling\qmldbg_server.dll	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\InstallationLog.txt	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\fr.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\hu.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_15.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\languages\Español.json	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qt_zh_CN.qm	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_57.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qt_he.qm	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\hr.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\msvcp140_atomic_wait.dll	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\multimedia\ffmpegmediaplugin.dll	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_52.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_86.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\viewer\opensheetmusicdisplay.min.js	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qt_de.qm	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\gu.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_77.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_34.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_20.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\installerResources\lunaverus.anthemscore.windows_x86_64\5.0.10AS_resources.txt	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\Qt6Gui.dll	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_21.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_75.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_61.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_42.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qt_da.qm	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_3.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_8.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_12.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\maintenancetool.exe.new	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\installerResources\lunaverus.anthemscore.windows_qt_libs\1.13.0content.txt	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\sv.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\styles	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\sr.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\iconengines	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\networkinformation	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\languages\简体中文.json	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\components.xml	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AnthemScore.exe	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qt_nn.qm	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\pt-PT.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_0.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\Qt6Qml.dll	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qt_uk.qm	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_79.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\installer.dat	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\es-419.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_78.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\translations\qtwebengine_locales\hi.pak	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_55.ogg	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Program Files\AnthemScore\AS_resources\piano_key_80.ogg	AnthemScore_installer_windows_x86_64.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	AnthemScore.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe

Executes dropped EXE 3 IoCs

pid	Process
5828	AnthemScore.exe
4460	QtWebEngineProcess.exe
6020	QtWebEngineProcess.exe

Loads dropped DLL 64 IoCs

pid	Process
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
4460	QtWebEngineProcess.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 7 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	AnthemScore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 19002f433a5c000000000000000000000000000000000000000000	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	7zG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	7zG.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	AnthemScore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	AnthemScore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "5"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	AnthemScore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	7zG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AnthemScore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\MRUListEx = 00000000ffffffff	7zG.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	AnthemScore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	AnthemScore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0\MRUListEx = ffffffff	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0	7zG.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	7zG.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	7zG.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	AnthemScore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	AnthemScore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AnthemScore.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	7zG.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	7zG.exe

NTFS ADS 21 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\qmltooling	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\resources	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\AS_resources	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\Downloads\drifting-home-by-dan-phillipson-meditation-music-peace-1UoAWfqAURw.pdf:Zone.Identifier	AnthemScore.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Users\Admin\AppData\Local\Temp\remoterepo-MKApOL\lunaverus.anthemscore.windows_x86_64	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\networkinformation	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\platforms	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\translations\qtwebengine_locales	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\AnthemScore-eNgUSz\output.pdf:Zone.Identifier	AnthemScore.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\AS_resources\viewer	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\languages	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\generic	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\iconengines	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\imageformats	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\styles	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\tls	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\translations	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\multimedia	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\position	AnthemScore_installer_windows_x86_64.exe
File opened for modification	C:\Users\Admin\AppData\Local\Temp\C:\Program Files\AnthemScore\qml	AnthemScore_installer_windows_x86_64.exe
File created	C:\Users\Admin\Downloads\drifting-home-by-dan-phillipson-meditation-music-peace-1UoAWfqAURw.mp3:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2176	AnthemScore_installer_windows_x86_64.exe
5828	AnthemScore.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5828	AnthemScore.exe
5828	AnthemScore.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
2176	AnthemScore_installer_windows_x86_64.exe
5828	AnthemScore.exe
3516	taskmgr.exe
4540	7zG.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1176	firefox.exe
Token: SeDebugPrivilege	1176	firefox.exe
Token: 33	5568	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5568	AUDIODG.EXE
Token: SeDebugPrivilege	1176	firefox.exe
Token: SeDebugPrivilege	1176	firefox.exe
Token: SeDebugPrivilege	1176	firefox.exe
Token: SeDebugPrivilege	1176	firefox.exe
Token: SeDebugPrivilege	1176	firefox.exe
Token: SeDebugPrivilege	3516	taskmgr.exe
Token: SeSystemProfilePrivilege	3516	taskmgr.exe
Token: SeCreateGlobalPrivilege	3516	taskmgr.exe
Token: SeDebugPrivilege	1176	firefox.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe
Token: SeCreatePagefilePrivilege	5828	AnthemScore.exe
Token: SeShutdownPrivilege	5828	AnthemScore.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe
3516	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
1176	firefox.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
2176	AnthemScore_installer_windows_x86_64.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
2176	AnthemScore_installer_windows_x86_64.exe
1176	firefox.exe
1176	firefox.exe
1176	firefox.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe
5828	AnthemScore.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1004 wrote to memory of 1176	1004	firefox.exe	75
PID 1176 wrote to memory of 840	1176	firefox.exe	76
PID 1176 wrote to memory of 840	1176	firefox.exe	76
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 4980	1176	firefox.exe	77
PID 1176 wrote to memory of 2376	1176	firefox.exe	78
PID 1176 wrote to memory of 2376	1176	firefox.exe	78
PID 1176 wrote to memory of 2376	1176	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnthemScore_installer_windows_x86_64.exe
"C:\Users\Admin\AppData\Local\Temp\AnthemScore_installer_windows_x86_64.exe"
1⤵
- Drops file in Program Files directory
- NTFS ADS
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:2176
- C:\Windows\SysWOW64\cscript.exe
  cscript //Nologo C:\Users\Admin\AppData\Local\Temp\deferredrenameAefwTC.vbs
  2⤵
  PID:4200
- C:\Windows\SysWOW64\cscript.exe
  cscript //Nologo C:\Users\Admin\AppData\Local\Temp\deferredrenameDDjPeJ.vbs
  2⤵
  PID:2948
- C:\Program Files\AnthemScore\AnthemScore.exe
  "C:\Program Files\AnthemScore\AnthemScore"
  2⤵
  - Checks computer location settings
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5828
- - C:\Program Files\AnthemScore\QtWebEngineProcess.exe
    "C:\Program Files\AnthemScore\QtWebEngineProcess.exe" --type=renderer --webengine-schemes=qrc:sV --first-renderer-process --disable-speech-api --enable-threaded-compositing --disable-databases --disable-gpu-compositing --disable-blink-features=EyeDropperAPI --lang=en --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=3 --mojo-platform-channel-handle=4492 --enable-features=NetworkServiceInProcess2,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,EyeDropper,InstalledApp,WebOTP,WebPayments,WebUSB /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4460
- - C:\Program Files\AnthemScore\QtWebEngineProcess.exe
    "C:\Program Files\AnthemScore\QtWebEngineProcess.exe" --type=renderer --webengine-schemes=qrc:sV --disable-speech-api --enable-threaded-compositing --disable-databases --disable-gpu-compositing --disable-blink-features=EyeDropperAPI --lang=en --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=5596 --enable-features=NetworkServiceInProcess2,TracingServiceInProcess --disable-features=BackgroundFetch,ConsolidatedMovementXY,EyeDropper,InstalledApp,WebOTP,WebPayments,WebUSB /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:6020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.0.1544022702\813847821" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84c8a123-f16a-407b-92e8-37d99ac31ecd} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 1780 257bfbd6358 gpu
    3⤵
    PID:840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.1.2029383800\699154957" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2cf88ed-38c6-4c0b-89e7-eabcca3a521d} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 2136 257b496f258 socket
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.2.1649670412\1863002246" -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2852 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d101007d-df3c-4952-a36c-272d19606331} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 2868 257bfb5e158 tab
    3⤵
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.3.1882925759\949376760" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84945e7f-4e90-4890-8bbf-1050c8efe345} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 3504 257b4967858 tab
    3⤵
    PID:3292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.4.278602046\1194535331" -childID 3 -isForBrowser -prefsHandle 4204 -prefMapHandle 4200 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b3c07bc-dcca-4c76-bc8c-72972b05e97d} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 4216 257c52b7c58 tab
    3⤵
    PID:4132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.5.1699838481\30297132" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 4952 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5682153d-5bc8-40e0-8ab9-5901520d202a} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 4964 257c5ec5158 tab
    3⤵
    PID:940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.6.567255845\1372311802" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5104 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e28dbdc-e3fa-43fc-9bce-50f4f2627926} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 5116 257c5ec5758 tab
    3⤵
    PID:3800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.7.1182951861\403813596" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e73b1f5-2502-4d62-b15c-9b4c786b564a} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 5216 257c5ec6058 tab
    3⤵
    PID:3960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.8.378794324\1341728182" -childID 7 -isForBrowser -prefsHandle 4452 -prefMapHandle 4456 -prefsLen 27208 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {286a5410-2b85-4d18-85af-1219f811f4d1} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 5552 257bfedd258 tab
    3⤵
    PID:2280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.9.2030538005\426842241" -childID 8 -isForBrowser -prefsHandle 5820 -prefMapHandle 5856 -prefsLen 28995 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c62a0518-9e8b-4ad4-837e-5a8ec8bdc613} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 5752 257c490fb58 tab
    3⤵
    PID:1836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.10.1334548638\801510150" -childID 9 -isForBrowser -prefsHandle 6060 -prefMapHandle 6028 -prefsLen 29226 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dd46a56-3c8f-4b4e-8f94-ee86bc018725} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 5856 257c95fca58 tab
    3⤵
    PID:5160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.11.682137646\47071639" -parentBuildID 20221007134813 -prefsHandle 6344 -prefMapHandle 6332 -prefsLen 29603 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c570442-62fd-48ab-a690-1d937da5f91f} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6352 257c8ffde58 rdd
    3⤵
    PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.12.1634332799\2064195920" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6360 -prefMapHandle 6364 -prefsLen 29603 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {26725435-7de1-42d1-ba50-be1d2b8047a2} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 4792 257c8ffbd58 utility
    3⤵
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.13.1824194538\2128707850" -childID 10 -isForBrowser -prefsHandle 6676 -prefMapHandle 6688 -prefsLen 29603 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e42776dc-ac8d-41d6-b81a-2a3660a71802} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6712 257c9491858 tab
    3⤵
    PID:5752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.14.918182665\214192292" -childID 11 -isForBrowser -prefsHandle 7100 -prefMapHandle 7104 -prefsLen 29815 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2045d19-f266-420e-af79-6d56239bea9c} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6996 257caf38a58 tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.15.2086264537\418877152" -childID 12 -isForBrowser -prefsHandle 5304 -prefMapHandle 6664 -prefsLen 29815 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7eb420d-2594-4b36-8991-74b2eb2219b9} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 11036 257cd884858 tab
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.16.1435089193\1408616987" -childID 13 -isForBrowser -prefsHandle 6248 -prefMapHandle 6296 -prefsLen 29815 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa739c02-490b-4105-90ee-f612f1dcf92d} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6240 257c913fe58 tab
    3⤵
    PID:5240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.17.157093981\569713491" -childID 14 -isForBrowser -prefsHandle 6112 -prefMapHandle 6164 -prefsLen 29815 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b20d7e79-45fb-42cd-acae-f537eddaccad} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6172 257c7980e58 tab
    3⤵
    PID:1448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.18.1669215230\1885986486" -childID 15 -isForBrowser -prefsHandle 5576 -prefMapHandle 6112 -prefsLen 29815 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cf4ff41-c6ec-446f-98f0-03f7ff965d77} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 4452 257c7963558 tab
    3⤵
    PID:3648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.19.1276572473\878149906" -childID 16 -isForBrowser -prefsHandle 10780 -prefMapHandle 10776 -prefsLen 29815 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7c4f7de-1145-4e3f-9b4c-f72576f1ccb4} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7012 257c8f5a258 tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.20.1120246051\1508703898" -childID 17 -isForBrowser -prefsHandle 5924 -prefMapHandle 5868 -prefsLen 29815 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {81c7c045-0bc9-4b76-89ad-5b4b28625585} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 5580 257c8ffd258 tab
    3⤵
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.21.1635318364\777408972" -childID 18 -isForBrowser -prefsHandle 4452 -prefMapHandle 1568 -prefsLen 29887 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20bffbd2-8a4b-4d6b-83dd-414d87f11786} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6616 257c7963558 tab
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.22.2134611834\509571501" -childID 19 -isForBrowser -prefsHandle 6344 -prefMapHandle 6232 -prefsLen 29887 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6f37606-0e3d-450b-9054-b8b3c03914f4} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7184 257c5e54858 tab
    3⤵
    PID:5608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.23.238104499\788915545" -childID 20 -isForBrowser -prefsHandle 5876 -prefMapHandle 6296 -prefsLen 30061 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {080a7f18-b62e-4c81-b8fe-ce5af3539070} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6228 257bfedae58 tab
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.24.1755033580\2030634477" -childID 21 -isForBrowser -prefsHandle 10684 -prefMapHandle 1316 -prefsLen 30061 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9706d600-f948-4f1f-b053-0338e51aa3e0} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 5932 257c5c27c58 tab
    3⤵
    PID:1400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.25.2141445682\163623283" -childID 22 -isForBrowser -prefsHandle 4896 -prefMapHandle 4488 -prefsLen 30184 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {865a073f-4c9a-41e7-943e-29501122e3f9} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 4036 257c4912b58 tab
    3⤵
    PID:3744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.26.575392424\151274439" -childID 23 -isForBrowser -prefsHandle 9420 -prefMapHandle 9408 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa773f93-06d7-4d88-aaa0-2a8b53d08460} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 4536 257cba96d58 tab
    3⤵
    PID:5376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.27.1121944044\1546665965" -childID 24 -isForBrowser -prefsHandle 9136 -prefMapHandle 9132 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a48c5fed-98ab-41fd-9a45-002d52de8d34} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 10944 257cbd54658 tab
    3⤵
    PID:5980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.28.1596318212\436013220" -childID 25 -isForBrowser -prefsHandle 9680 -prefMapHandle 9860 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34801426-9e9a-4495-a906-01faba1c191c} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 9596 257cd0e5158 tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.29.2007552318\1959260063" -childID 26 -isForBrowser -prefsHandle 10020 -prefMapHandle 10016 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6667175-dac2-491f-89a4-e1337e98b083} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 10260 257cca66158 tab
    3⤵
    PID:5992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.30.986049969\333210410" -childID 27 -isForBrowser -prefsHandle 9892 -prefMapHandle 9496 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {69dee0f1-bce9-425b-8180-2b8f42f96eca} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 10260 257cddd7f58 tab
    3⤵
    PID:6124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.31.1695181228\1402457356" -childID 28 -isForBrowser -prefsHandle 9408 -prefMapHandle 9420 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f6a1a75-95f0-448c-a5fe-8eda50abd11f} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 9108 257cfc47158 tab
    3⤵
    PID:836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.32.1118736922\595016655" -childID 29 -isForBrowser -prefsHandle 8656 -prefMapHandle 8660 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {522d960c-6bea-4c4e-9cb6-0042fce43181} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 8648 257cd8f4f58 tab
    3⤵
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.33.1521603953\1244410507" -childID 30 -isForBrowser -prefsHandle 8356 -prefMapHandle 8360 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {263ac1f7-cdd6-4a79-9d98-dcf36998e75a} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 9924 257ccdca858 tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.34.682453278\1812660546" -childID 31 -isForBrowser -prefsHandle 8472 -prefMapHandle 8096 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9800210d-c27e-4809-8294-801a18bc996f} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 9496 257d14fae58 tab
    3⤵
    PID:6848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.35.1497404759\889642714" -childID 32 -isForBrowser -prefsHandle 8704 -prefMapHandle 8700 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {889161a8-b2b6-4e73-9bb8-878d44181103} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 10472 257cb1df858 tab
    3⤵
    PID:6880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.36.1995680605\1423981001" -childID 33 -isForBrowser -prefsHandle 7920 -prefMapHandle 7912 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a46f7c7-26df-4eb0-8600-3398dd189e38} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 8420 257d1ed0458 tab
    3⤵
    PID:6708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.37.1125240834\1024365724" -childID 34 -isForBrowser -prefsHandle 9680 -prefMapHandle 7916 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c06aaea9-9362-445d-89dc-8b42d29e8c7c} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7932 257d1ed0758 tab
    3⤵
    PID:6656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.38.1960718343\1869456483" -childID 35 -isForBrowser -prefsHandle 7752 -prefMapHandle 7748 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50dcd337-f117-4f02-afc3-0f526e1bfdf7} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7664 257d146fa58 tab
    3⤵
    PID:6752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.39.8592453\1639037263" -childID 36 -isForBrowser -prefsHandle 7552 -prefMapHandle 7548 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a73d617-8143-4f09-98e6-99ac1171947e} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7228 257d1588058 tab
    3⤵
    PID:6776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.40.1422735403\410702293" -childID 37 -isForBrowser -prefsHandle 8628 -prefMapHandle 8416 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60cd2487-5b04-4e2a-b658-656ee6877d4a} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 6884 257d2650758 tab
    3⤵
    PID:7844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.41.527193952\591201189" -childID 38 -isForBrowser -prefsHandle 7956 -prefMapHandle 9320 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14634b47-3224-4bbc-88ba-90ce1b99fab8} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7540 257ccd92d58 tab
    3⤵
    PID:7980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.42.1770843053\1795830163" -childID 39 -isForBrowser -prefsHandle 7024 -prefMapHandle 7272 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2263f3d4-965e-49b4-8638-87b69300814b} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7036 257d120f558 tab
    3⤵
    PID:7396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.43.1497297777\1129088586" -childID 40 -isForBrowser -prefsHandle 7380 -prefMapHandle 7244 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a755e592-351d-4f4f-ac53-9f59d24cba95} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 3980 257d256bb58 tab
    3⤵
    PID:8072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.44.517202386\2043439808" -childID 41 -isForBrowser -prefsHandle 10768 -prefMapHandle 9724 -prefsLen 30193 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd6933ac-2849-4d3a-9e23-b31e5d9fb73a} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 10408 257d1b66c58 tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.45.740222140\360501145" -childID 42 -isForBrowser -prefsHandle 7800 -prefMapHandle 7784 -prefsLen 30345 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab7c0f10-89ab-4610-b281-d0957fab509f} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 8472 257cafbff58 tab
    3⤵
    PID:5496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.46.1969170816\1422185546" -childID 43 -isForBrowser -prefsHandle 7652 -prefMapHandle 9332 -prefsLen 30345 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3961071-0594-429d-8e1b-6d44d1667e0c} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 9652 257cfbf1058 tab
    3⤵
    PID:4352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.47.214514483\265314158" -childID 44 -isForBrowser -prefsHandle 10628 -prefMapHandle 6876 -prefsLen 30345 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93dcefc1-0eec-429a-b691-953c42563e17} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 11000 257c7944c58 tab
    3⤵
    PID:6600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.48.1241159497\1908733978" -childID 45 -isForBrowser -prefsHandle 9380 -prefMapHandle 11112 -prefsLen 30345 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c75c51a-b832-4226-8543-bda226740dee} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 9772 257cca6a158 tab
    3⤵
    PID:7284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1176.49.153014415\617192467" -childID 46 -isForBrowser -prefsHandle 7480 -prefMapHandle 9776 -prefsLen 30345 -prefMapSize 233444 -jsInitHandle 1300 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ed53af6-311d-4dcd-96c1-5f8bb65e8dbe} 1176 "\\.\pipe\gecko-crash-server-pipe.1176" 7532 257d12bad58 tab
    3⤵
    PID:7636

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3a8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5568

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3516

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3216

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap400:588:7zEvent7445 -seml. -ad -saa -- "Downloads"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:4540

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:3716
- C:\Windows\system32\dashost.exe
  dashost.exe {5088e65c-4d07-4f79-a855708be8361509}
  2⤵
  PID:4412

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap23432:588:7zEvent31617 -t7z -sae -- "C:\Users\Admin\Downloads\Downloads.7z"
1⤵
PID:5936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\AnthemScore\AnthemScore.exe

Filesize
26.1MB

MD5
ced983a5dc061e1d5afb25042f0b6307

SHA1
214e35bd176ab0aa67f18cf0ad9297580b475820

SHA256
8eae01f6ed8d9ca0c96f233f43cd391e6e03e89659cefa86652773b723e1a600

SHA512
232cdcd3a4b480ae1151790c69f75237cfbee6db30e425235c4f0764ae8a11d6f9c539593f9a9190463b3df3c8c9093b84901355e89ada8f9c32ce691e969b06

Download Submit
C:\Program Files\AnthemScore\Qt6Positioning.dll

Filesize
507KB

MD5
2c3a56e3d8ac6b51509cc8ce7527041a

SHA1
22decf81144d8ed814305ed5d67b13db38b295f3

SHA256
0de7080d921cf92cb6602d03712d406ede81d5174725ab2115dc5430b871a7d1

SHA512
c3f7c72308b4710bdaded287a87b05a9a21244187c427fdfefef4bd055801f5feb2ebb2270a909d0aaba5aea8fe6c97e213503575cf77b28aa2d36c94b98f8b7

Download Submit
C:\Program Files\AnthemScore\Qt6WebChannel.dll

Filesize
245KB

MD5
024272a8f376559bcdaee8f7cf9013ab

SHA1
69cac060d1d865f9affd8dca7b2cae014cc2f3c0

SHA256
a27e6bf4eedf09061821b067decb894435caf37bc0864c25c8f4d52481470a60

SHA512
b0a3367dcf1b0dcc2e61ae4fc8104815ccf8fab8ab9b671d58e80e7ea184847080b73e6057bfa4339c5f281b9ea61ab98f8136042d4d1f16d6441635cc5577e0

Download Submit
C:\Program Files\AnthemScore\QtWebEngineProcess.exe

Filesize
570KB

MD5
36200abe679fb0c41aacb543ebb83af3

SHA1
77768d5cad2e73a63cb486dc1131f163b3393062

SHA256
b32623faeda460add4fb6ee73a0e7c288e8eb33e28f4ce0d9b748867ff4f7508

SHA512
736af4fd157d3eb8498c1fd1ffa74b0b581ddf72745038249ce0fb5579694df3e1e23067858bc9e4b008a4b76a904db79ad19275d8bb3802ca57e4311e4ed10b

Download Submit
C:\Program Files\AnthemScore\fluidlite.dll

Filesize
807KB

MD5
e683d267ddedec3aedba0ca14bf7023c

SHA1
55b3ec8cba939f7587145e265c6a744eced18934

SHA256
1e840e0e23fc8287b31ef031f6278528fe963cf452678a0a2fe4c27e9e698e58

SHA512
4f03c87f3ac392b1b2483f3f0c486ea8656449a7f915eea2869b92e7de85c1aaf1105a269f52a0a4e64e0f5688fbc2c5a5076c3378edb383ac5b6ac643960e32

Download Submit
C:\Program Files\AnthemScore\iconengines\qsvgicon.dll

Filesize
69KB

MD5
b57d0218475b81560454e6c0a1a6d9c8

SHA1
21206763e7121d4792bbf24075c6f6e27c2c11db

SHA256
8ab3b526b35a0dec08b4042da70f942b3b5f4d413ad4035c691f972b2008778e

SHA512
83464c21073edddcd77dc0978257bf13554ef01825672b60081d9d4ee5caefffe9ed6fbefda0bc7bdc413925b9265981a994195700190cd81cf6b1c93810e891

Download Submit
C:\Program Files\AnthemScore\imageformats\qgif.dll

Filesize
47KB

MD5
000b3771b3dcf0d7eb72750edd80a192

SHA1
35506ee878b8ad21dbd35876baaf586c30152b71

SHA256
6ff0b57822dae5132e1640afe4f8fd6b75e21cf3f1eae53d70373c25a5506581

SHA512
4472089f5524172fcfd8d2f8acbf67a3f22b08f788b52d8f42d2736d050cecb87215a9b8d706baca12d5916d3ff79bf57420766746c2484981d679239b3f2924

Download Submit
C:\Program Files\AnthemScore\imageformats\qico.dll

Filesize
46KB

MD5
c64789dba4e2aa3bddf17bfa89e7ab59

SHA1
d5914f9eede38dda3e16c4299fce8016799b28d3

SHA256
bceee911a3ffc1ed7b09a9d79374053fa813a04a22c40b0a4984b845582e3e8f

SHA512
31e5a009284867a591ac9dbce92bddbd8b914133bb03b327984edfc4c3f4329a08238b1a239e7408d8efc715ff23acfa91723720879ab8fd4a2619e948ab5683

Download Submit
C:\Program Files\AnthemScore\languages\English.json

Filesize
19KB

MD5
bd8b5d201ba7f8c62dd627d0c3f68a6e

SHA1
0d385528bfea44474fd90625958e1b8adf6a1bf1

SHA256
330de7f6abbd4d30a78ab214557514d09dde07058f20b2662f3d246c2adf2e83

SHA512
e0ff049a4cf5e8e7444eea07a7adc74070d491699aa4cef5a80acff5f0c17f1102c42fd0f34482775e3d66c4e88c07f9203a53b02af137ed4bb2afb369eff78b

Download Submit
C:\Program Files\AnthemScore\maintenancetool.dat.new

Filesize
138KB

MD5
2d96c3f0340d4b6738f452669987f5c3

SHA1
efe5fe3fed3bb072535436cf45c0676b95e49a71

SHA256
420cc4e22ff3dc33e2ded542d9e487c83749d5443ee398e2d68c0d9bd0fae465

SHA512
4abd5fb1dd358db52975d4bc84d4c16ff848585c0172375ea64b6b3680f184b4a5206ee948cdae66118e414fe3a416a27ace45282ef9a313a109e65ce51ad27d

Download Submit
C:\Program Files\AnthemScore\maintenancetool.ini

Filesize
4KB

MD5
783451c936fe92eb2e47585e2fb53cfc

SHA1
002f3bc642e33e05aab1187aa927e72d5a4381ad

SHA256
4863165ad43e7dce03755d0fdc9edd4fa64195891a73bbd014f4f07da4716cb9

SHA512
63dbd9a147c6869db6c671c921cce3474a2d01530ac2b29b71e601b0dcdbd62f348dffbd299693e2b417f88b2cba444a81effa4be38e67aaf0cbebbb066dfc4a

Download Submit
C:\Program Files\AnthemScore\onnxruntime.dll.tmpUpdate

Filesize
9.5MB

MD5
cbf1441f6678c2a4d94e83e5e087adf3

SHA1
1fe599c69bf46fac151368ff5b99d0c02ef70edf

SHA256
11b44104fdb643cddcdc1ff54a17d8e6e4d06671cf32cdf1b151ebff31ea6b5f

SHA512
a8654441ee64a1f9912fe8bc191e370a138fcfb5da6a94e70ac8f9ba7223d857d573c454a2fac53296a2605a143ddf32017a77b139e7b56b7e9e530533ea49fc

Download Submit
C:\Program Files\AnthemScore\onnxruntime_providers_shared.dll.tmpUpdate

Filesize
21KB

MD5
9370fc6765dca5aeeac03c37c7212ae3

SHA1
94b85eb82edaef96def79d6237d7ae0c2a0ed93f

SHA256
27da853e1799e4cc2e2accae4682838f5bb3390325aaf8469788a5a96c57a79a

SHA512
4f7543105834cd48dab32e18922f5f8d275fe84396f1214e2b31de8d223d7ead909909492731434140405dacc7fb2c9564575c339aa92706643d061d1d0c907d

Download Submit
C:\Users\Admin\AppData\Local\AnthemScore\Preferences.ini

Filesize
3KB

MD5
3694a67c6c1ea56b1a76c7c035ef16e7

SHA1
12353d8000be6bc0e7fad38debe51a6b8493abb3

SHA256
c8abba59c05c3bc590ae1929cc47bff04efd854363c680b324620583ac687e2c

SHA512
da22c2fa343fd441c80e2b756774b5d1634cc7a6bea07f3d9527412f80edb5b0d5e00e4b819ac8a98b88c34f684d5e2f692fda39ee0250337048cd829841e15b

Download Submit
C:\Users\Admin\AppData\Local\AnthemScore\Preferences.ini.lock

Filesize
64B

MD5
b7720fdfebdc4f3369707f31ec740183

SHA1
1fa07f1e12e535fd9e92174246e1bd0d71be9ff2

SHA256
69f1c7c1d3f9c128edc08bee7789e1fbafb19c209780f94d57d631b33fc95785

SHA512
d6e0082f197508b82cf31921d3471b97c8d40a169f7a2253e203e0fd27dc9aabd6e9a45ab96880e57d2db6e045ee562b751e7df7c5a191e5c94b8a01bd0eaef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
28KB

MD5
fb89167324ddef424abcdfad183a2eb9

SHA1
e45ad4cf4fc1748f144d64858cc9c19dcc428c87

SHA256
26ee7494709261e65c3a8be5e81e8c1da1580d1dae126d04734280ddb9556e1b

SHA512
a22a444672349b58a41784f81f2ce956c2a44fdb0d59b74d4b8c4043871c9b047952bc5ae452b27e4bacf7d5317f1ecf8bcc8d368f37eda49d4da880276d8d30

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\13710

Filesize
15KB

MD5
c5173857c54510c424c43fcda34537f8

SHA1
2826b483514f297eda7efebf57077b102a9601a4

SHA256
08e5916d77715b521e730e3fa866dc76c67570f4064e35043a0e8991b1a77fe8

SHA512
39db748f51e4384cdf6989242cbd3f79757bd662ab045ef4d81a90892f5bd4d1c4111e3d5619565d26da08ac021574e25a198e468e2ca20b222536a2de016573

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\13822

Filesize
15KB

MD5
a67e0889bc56e04617b94206ff45a1be

SHA1
82db24b205f2c58b5f643e6388a076cd311b6380

SHA256
fced07c85bfa0ae3b58f0c91f47d6d4e06070ca91d7a3d8e3b6017f0af755ce0

SHA512
844caf843e44193354f89476950bc4654cf11271ff7b57940ffe48cdb4b374880f018a75f7bb1b95de1380844b7cc00e9f91d61588c302fc1187c517c158723b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\13835

Filesize
15KB

MD5
4e78df7770b62ffb547fe4302cea50d8

SHA1
be312f69dbb90f05c3e32eff2d56b4046ce51873

SHA256
4128cb4b5946fa15faf773e5983feba8b77b9f7484f2acac07c9f606271af4e9

SHA512
4ef1a51fba409fffbdcb639a0b1cd43f66afaff9a5cf8cf7eb5bf0f972f9eecd9f8f347616c416c6178a5c71b9d706352f92020dd0d0b9a0fe562fa2de4cb157

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\15275

Filesize
15KB

MD5
18272056b5cff2bad82c48aa98ba3d28

SHA1
e8703ff045137f976400a07bb64d5fdf99e98ed9

SHA256
f3d12f35ad416f280be2ffe0b4a7b8146b1d554e2f1c42b12156bc9d3e5b0dd1

SHA512
c4d76e2600349de8c21ea0394b53a7b442ade4cb602098c98498817ea9e64d827d0a22c76faac5764e0144aaee2ee9f13bddb49b35438a751411ff0cede37f4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\16322

Filesize
21KB

MD5
5f8ab8f5ce4d01e5f395509018787399

SHA1
6c2691396150c45695cd83f78235e9ac610c9b2a

SHA256
d5f7edf42706ecd56e896b97da44cf1bacba47d82e105660e6b798b369b924e6

SHA512
17ca44072aa3b42ba1f1ded9eb409f0167802fdefd1d6b6e4e050a0b034374fbb8af56d707bcaad241bbd0082e343b27c34256f3dd92653de441c69521b76460

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\16681

Filesize
8KB

MD5
0d05754ba65c777038ec9fe8337dbed4

SHA1
b2cc73d725ec5828498f451349aedc336c838816

SHA256
effcc06ccf7def2a8c61d220e81cc04171b516f0a114e4f9bee3482cd0af071f

SHA512
619a95dda488709a9237820d04b764d04fffd404e695b06ba8b0c9979a6e3fef58e4ce6b7552c67925feac12ef56004b9182310c64c64b741bde5cd353ffb8e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\16998

Filesize
15KB

MD5
adb8009dd376a1ebca6547fc76e0cd43

SHA1
cf7556c3513a56efa6473998783a329757f9cbcd

SHA256
8ed2587ccfe6d9f15da3456136048ea540d4d9c56a488280987439cd86961d5b

SHA512
fba609102c6395d5f57e17abc5057ccb7207a02c01ef54bb6113d00c452bdf5cda3d2a2b7ceca57f0e4aa9df227e463e3e12cd6aa6f20c49bfb65fa304ceee68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\1700

Filesize
15KB

MD5
0fd328f2c8e18c1526ec72d58d71993a

SHA1
9640306a5eb5531e191d5bcf2e03dcd8e04da2d4

SHA256
8fe27ed575cbc04938624041edf1cfc820fa03a083b50d90519cc0ba3c6e2a8c

SHA512
fe56be89abae691b5af74eb96b597d1d60d1481bb0b350a444cd573f054f9f67acb2b95d920bc49a29a377700c4770f60ee38ccd92e7b9e241ab38e70fe20e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\17088

Filesize
15KB

MD5
8e3cb1a81b1861b9dc31f9399e43e9a5

SHA1
d9c8fd2802228db518445f3e8d8f5ae009c8d3ad

SHA256
4edea4ff024631606169ea6fdc7eb4b230a782823ce48141fea7cc026b0265db

SHA512
0a376cefc97a54adf043c055946dd24a7e9797254c14819315d22046fa5b899a5190b67afbcc12391a8524b625009d4d9225d67ff88b134fa941da0f7466463e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\18492

Filesize
16KB

MD5
eb70cb5fcf7b365f2879d2cdb17ff671

SHA1
bd95b8b47ef1a4d4cdeba7c35bddca1bd04b6b73

SHA256
0929484f179659a0ee3b22cfaa4bb65323e2dc7496a4770e95d9f867ae9267cc

SHA512
89744d69e7a6336a6f1ba7117fa97322c49ed315f2d209a4ae0ceb97e0b49ba3428c383a745d6b6278ef164622716d869139c125bf164e3af78b17c68ad128c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\1927

Filesize
8KB

MD5
5cd2775a3ecc6d22faaf99ad02b5556a

SHA1
0c06baa0c292a15412f40cf339a26650614c6d60

SHA256
bf2e76b98865f8a0555fcb4be493bcc9938448187f190e532775dcc1a87222ad

SHA512
579e3057ab706fbc531c7c70f921e6d52b430d3842ddc968432f23bb7b9684d720259ad92335a6f74129083f6cd5dcb4d05635b703c8154d314e721b489d30fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\20353

Filesize
15KB

MD5
2fb530b2f41a9d275f973d4cdc4671ff

SHA1
ff3ffe9bd4a59c03d0619411b2dfebdab3b8714f

SHA256
c9307097f13f5193529ff4c66d579cac60529856fabd65cc48ac668e783ff132

SHA512
99c77db7d6387344c359b499408b63903ff692922a42adca628decde54f377f668874ce2d32ab625d115bcd5ed5eef84fb02c08723847ef02b39b4412fbb0164

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\2052

Filesize
16KB

MD5
2f60c6bec10719f749c6e03bacd9690a

SHA1
fa0373db12146354585b1699af61498842ce867b

SHA256
5f0ee310f3006252087119dd9489b7db9bb3789804c468f88ee579668172460a

SHA512
03834fe30080c35207e3a9a11c2f055d7f6bb6da9ede59e22a2b922b7e1b279cc3d90a3f60dccf1325f368084eba332ecbcf3f6d673cf6466ba4fc72b68c96fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\20918

Filesize
15KB

MD5
af7ca04671c98eb60c19d02451cf9b40

SHA1
272c5aed756640afc1f8a1184a05840fe9a8a4c5

SHA256
f50e0bdab1a780598be82166cb702be5a8b3bdd0ae9295eced70b4c77b9c0e4c

SHA512
ac4d3815a01c5dce99603dde8e45a652c499751dda679f30c317cd82e7c5733f8a8b1998fe40d7105859649e94ee2d5ef8fd214529ba2b7d67cfba080c8d4e0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\2210

Filesize
15KB

MD5
f36dc9c7d11773a0c1fac56fad91355a

SHA1
76984b366be433ed2c5b5f7280f17101ba3b3ba8

SHA256
7fbde008db226305b50951a5b8dd02cd6744870f9b2eeaf43da5fdc271c8f4c1

SHA512
668716915f6c7b780066ffb696fb900c4bbf07333445740b71827daf8401ed1f2bb6c39675b083e7f76f8b96ef2b06b7d82936dccbd9ea3e79719685030cee3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\22837

Filesize
15KB

MD5
3ae084e3839aa57b0ab620c14c3aa4aa

SHA1
67c1eb221ed919790dc0f2739ce49121225d8d4a

SHA256
c54799527c86ee77bd49404014f23ed59b4b3d79870cb5344a067903ceb2b03b

SHA512
60adb5bba774f04ba5bf3b679578b88f292bc1f7eb637a716cdd411e221bc2eb5d9913712beae00fd0ab3344cf4836e88d8920947834fdf21a0cf462d515b1ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\23092

Filesize
15KB

MD5
2d8547d8961a38e4a74961f02dcafa12

SHA1
f87bdec9b373a8446b046ba707d1ca14151a02d5

SHA256
188c883e29398b520a0c678d3107f62be56c363e81784643c08ec0689262feb7

SHA512
aafdd39ea33ae47f6401b7d6bbd8a5b2b519e25f6bd23c10c775c6a2cca30918a3fc6fb8fb3c5c822db9153f18795e58dd2ee16f6077486a46b3130c8988956b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\23174

Filesize
15KB

MD5
2a437d4b6b107fcb732e689b44ffba0c

SHA1
b444ae7bbef696f4e99304230b485a2bd50e3853

SHA256
a24efbece8a37178a2bf1676ab15f783459d1bb43e43afb5a0c516a07319907a

SHA512
2ff0ccd0d8fdd5ccd6b69f4cb676af8842d829f5447f1952dc186ba700faf737819287108bfc3b9652bbec666227aeb7faa779dfafa38df756c42c184669cb66

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\23529

Filesize
15KB

MD5
96b1d7a70490a8e3339ba6e55bf681db

SHA1
ffe853df8f20413dfed7b002d28efbb1e74e3da7

SHA256
52c90dfaa7b09bb1faef0f03144b37f9d7ff2ec4ee6f9ec60cf63c11af150b76

SHA512
e9e05b2a0c1f0bbaa8655a28e1e179fd81d17c6761417a4cb151314735e649bc32f7b9f003e74055bc144c3e4180969d45800eefd393d161381dc36b84722c5b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\2398

Filesize
7KB

MD5
caa972d23cc97a4ee027256d3bfdc3bb

SHA1
9cb6c20330b4d15566f7c81ea45a19dbce232814

SHA256
044eed16dabd94a53a49152a93e76dd5a0aedc9d0c9d852f94dcac8f798cb558

SHA512
afbe263db9faebfcc060a478409cd24775a9bc70f044402f90b5108764940346a6547c844633237c5649384cd64ef442f58bf7b25f8869bb330c414ec9b28890

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\24400

Filesize
9KB

MD5
d4d07461d83b2865054eeca5f1d5ef39

SHA1
6d4ee6490f843e18da811abf5dfaabc36b6ead58

SHA256
10aff800388680ea8d520a82d22c71d9f0be3e9e94d856f101b8ca79a91ecfcc

SHA512
de50ae32eb0cf93fe85baacea7e1e2180c661769ab9562842e5a1c5560b49f21ae5ce5694fb447a1dd77a087440c052c42eb45eb9eb2caedf2030c4ca9f46f81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\25072

Filesize
21KB

MD5
6d9436f3f3b82d6d8fb2d1e81104e52e

SHA1
df5f80e54bd76909c4dea5e03b52a4c2ba3f6d15

SHA256
30b50b45a11edcb52026040def9b317ed1aeab029206c49d828135b28bc5b831

SHA512
469ef520bc2434aeebbd53c7cb966bed45196dbf18189972a92198be9b2c6aac1588bb14723b81ada462d84a948096f4348688cfd2501e05b9df1dafea069a61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\25406

Filesize
15KB

MD5
7c6285830f98d3781ff61d55372ae1fe

SHA1
240fa3b34607655902cd213bd52458413db44027

SHA256
03f1d0839636077db5fc280b063ad33271fbb32b7227c5609bac4c919f5aa99c

SHA512
bdd0205fb643a8788a31e810ff79a64122225bedb7ced61b0113b5ec9c8f8bc6c9a03a3fb28f94fd85dfbac447fd5e9089594a75310a740ed9e975d46818f172

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\25569

Filesize
15KB

MD5
d0c24f6bbf2f10e841ff4402b9c33f1a

SHA1
b6c86969782c7c8ee493a4fdeb2a877ea35cad6d

SHA256
596c591ad5eb5b38e7e97d99b9631ea2a14a03b20dd5a4c73ada5908f6e2b485

SHA512
b2571f54369534a8ff7049c6d1a624ecfb9bcb38e7e4050b65c7f7c63b8d6e1bcc9fefb152111923a8334e38499fb30f8d1ba94c4a1efb13f80c281f34daf267

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\25608

Filesize
16KB

MD5
19ff5847e887875d3c211bc2588a7b34

SHA1
2585810fef47db85ecd10f062b181fe8d2f7169f

SHA256
3c3b22c04ae53570faee7449fd48603f4cb851dc4b320cd9b5cecd69a4b3cbec

SHA512
7b2ab1edd4a91583721a476eba7510aebc38f76d04e90745de90c7458889070e08c7452d6fcb0d7b5cd6ecf4fe0738d56bfa0e38f9d609a8ba8bf5c2dc5e9fea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\25832

Filesize
16KB

MD5
2397719a5f6e8aa905dfaa2bd4fa8a66

SHA1
f840b495ff35bb32bdf7b052f4d448cb2cb02b14

SHA256
46fe3e77d64b0afd82ad0444e9c339bc415fcc0ceabe133cb7cb9603f895257d

SHA512
0d8c52c3d356ed8eaf8543f7e58488ecae5e4adbd6d8fb53d76a150589777a04c6ea134d78b64a2c01430b9734f3111d650660c96b103db9ffa8fac6099dabef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\27067

Filesize
16KB

MD5
d6e23499e6225bd0ddefe6a621f97bc1

SHA1
2b1a3e56e0a017fc4dbf317a57b993ebc4c27427

SHA256
988fa46bc9781a6bbd47b31408ad4fded98719e857f2b321e4d64809d8f3cad6

SHA512
476b9cb09abb674c290934d38744067cd23725d35be834de590e6d21aadbbccd52f85b1456be8b0185391d79fd26f8c3c914ea4f701a3404162579b08d1a78fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\29631

Filesize
15KB

MD5
7c2c3a326023c13a349a23cda139e2eb

SHA1
a9e387cb70f521d4d93308ada47b72d7ebe84bed

SHA256
dfcea5af3ac6059ad159ba78d7511c8d4c1c3a819d61a42694bc7d6ad97e3d97

SHA512
af68bea76b61ea0fc864bab41b3fd5582c8833dfeffd0e6157a43f92b83a23f572e6d34fb0bec48ff84a941229f1fb2b530e72e2bc5b822cc19a9461640be8f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\30948

Filesize
15KB

MD5
5cab29333ecff8af17ca55e38084ad44

SHA1
45e88cc826dfc4771db29d07d9a42ace1b45b02e

SHA256
4ef6d25cc7a4383bfa9bda5b67e4a93aadce103d49c48029439b337339cc53c9

SHA512
b7f5c6bb69432128782a08ad4d3c998ab46856869e95a5c2dfc5133ba5b8d0d846779a5efb5946cfb127e57876470197a6f352a6d4a90254f68942ef95cd7a21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\31937

Filesize
15KB

MD5
9394e99b062eed54ab8a2967756f7b6b

SHA1
a3390f13cef84313a65797dffebfc903f8bd12b0

SHA256
6dfafe68d16f31e7e3a63599c3400f1d0f3f25114d3e70704c111ac29d96e708

SHA512
30e22bd806e1ce9b5bd2ffb5874c302634ebc2a9ba37d296d8c8674224a4bf582cd493b9eee1e4f1a00938b3cb8625b9b146732394313c76002d89337a51d28e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\32575

Filesize
10KB

MD5
f06168afbb00a3ee273b17800e7cdfd6

SHA1
f6dc751ae0beed4cd9bb0ee34a0d1c5a7218f3c3

SHA256
47c9a3d8c30a6262de74f214598258abdf8a22f7919bb5fc5aee9fb23099b070

SHA512
c2fb009ca8ddde2dcc79f81fcb89f072439d3991a7fafdf0c11a44e7ac6da34f3364963c73660d62a8e4ec5636e64411c8c41ffa9e2a5fb7842c376240794f31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\3921

Filesize
8KB

MD5
7e572ec4950658fa6fcfef29a5b61907

SHA1
5f9793e73f9421beabb71bca12ca6f59bb306d40

SHA256
430530b89399192bee5e2abc97bac84a81e2f457037d0334b061cc8db299d807

SHA512
750f65ac4b8ce28ced2d6e3cd3542f60dbe97ee3ae8c61e3669236f4cc542765ab86496566bd6d0b7f357069e6e281fa65161d14d96c68b378291416e65c06aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\4936

Filesize
15KB

MD5
c1de551eed0a814587f06b550dd0b4ac

SHA1
73861493fc82f88286e9eb001e6c6fb2f5e7f509

SHA256
a97058a564c68c461a4febfd3f18933f13feb6808e46213b387ace5e9b75006b

SHA512
d3f9447e327cbb4a80b361e5ffb156b8a590c47dadf36c51acdbf0882f6725e051ff77c0de10975c6017b109c7575269480baee79299032914be7860a8d8a645

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\5414

Filesize
9KB

MD5
7274f4930deca8e673bfd389a5a6c6b8

SHA1
dbd0bce2c670a66115fc5266bbcaf346d34fbcfe

SHA256
8a3dc6b7d39cdda935e72cf870b2396abc5a20a350f66754991f71c7d362e631

SHA512
7a1f84e6a673d0b5764a73aa4be6e9775c70c317aec31fe32ecfd520f5da6773ffe508b78edca1d7f75ba372cec74d9b9d4b45bd53ac7274986ff4806f3e2777

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\7267

Filesize
15KB

MD5
5de12716822465c30dd05c8b4693744d

SHA1
476f84b7ccc4897a8f3f6580f99575a7a1e7ce5a

SHA256
7f3d2bd348d91cf507cd975883f0cc4171b1712ad4949d65bdba1db2c38f0573

SHA512
22b87fe44ceed9f73c0d696567a8b2c43c7305b7fb9815c8435e6d05815572ca4cba2d5b92b1ebdd6a3f0dcfdcf8d6bfafde7b5ca9ec9e2ff001758116ba3d4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\7291

Filesize
21KB

MD5
aa8a160db332ea0fef8f26e0530e55e7

SHA1
9d1083762dc40b32568d2870fe85c028323937ca

SHA256
873ae5f289d391322e0b65da5ab372b5822f558b19d6bd4b59ca46f721d57471

SHA512
338f745663d0b1ac592596aa69b9fd71fa90499a808640a35a6fa446d7992edc1fc24d38cbefdb71a6b31f2631d1c2de713a3d35c0786af7a10ff44c3d0dfa2c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\8231

Filesize
15KB

MD5
b5b15377c75fd208093b55dbfb1999b0

SHA1
c8665779d73fd40b3c3b4da05615f93439c5cebd

SHA256
bf0180ff556ed0f92888d416d98ef6ae2639443230918c09c4d64583c5e37319

SHA512
847a27ecddd395038f6eaa6df3426f9746311c79dfc03cb3d80ba1f91cb386a98c7858c97a59fa8890cb1ca27dd4caa788b2d90a4e1208d494d12c0106a014b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\doomed\8583

Filesize
16KB

MD5
db0c06b68236bc69daa0b6dce330a05f

SHA1
b9c88b18615b9fe33b94befc51c4d2fa9593da99

SHA256
f4b40046567ccb674c7afa374bbf2868a87731b024361958f38eca89aed1c30e

SHA512
42fb079f430930d3d8df46a5b00bb03ef5e64d0dcb852570ad2ef12502d27f4a0e60b8b07afd14cd1b8acfe2bb7c7ccddab625fec2281134620928bfd3a86d83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\0008D25D8BAC606FAE758BF25062CAB35C20F586

Filesize
4.7MB

MD5
136a6abfcb196a8110b9210f6d9245cd

SHA1
5378cbe54f4c5dd75017cfe9ae9d490864726cab

SHA256
6dc9028b2f4b991c821b62e763812d146a736af089023ee462e7af90016c1f20

SHA512
634d9230db055950b71752f39d6e060837b0ec1aff2f7b0ac154de6171cba8617a973c923ac1101227964c799290ce7990ca967543b604d843392f108c0d9c1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\204295016D468449238D1550905841750CCF2000

Filesize
29KB

MD5
ad3ac25fe201dac7d98a90c4675a503d

SHA1
9a07259cebdeaecabdf9dec71fb8029b6b8421f8

SHA256
dda6ad82742c9ff2a2d4a6fbcf7b8ee304168d5d7e6e39abca2b152b11738259

SHA512
643ae478d8dde03ccc4147f0b2e9b351c5eef6d5d709258c60a9c48ec5d8c3daaaa53efa1ae40bcf08afbdc44600d019207d03c034a926ea00dfb9a48d503320

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\3BE6ED845EB36528ED54B8097DA8C6052718DA03

Filesize
253KB

MD5
0dcffedceea75122ebc66a0549f49685

SHA1
71b802a2e4d821edb21bb2276b172b9ef947a6e7

SHA256
fc5cfda4ed0b6903ca8a2ea86490ad5f45b1485a9dbbef0216223017ca7a6127

SHA512
5b2932aeac589b539713232b486cb531c40627644a91643478a768e30154228e409ebd867b35cd86efb61ef3ac773042f0ab7c18a35eb35c8faeafe6483bdc4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
33KB

MD5
751b35c464e03462ad0321e4aaf65847

SHA1
2c722bd8333afc0a1fd4255e3982560cca5a536b

SHA256
f62f10d370d29ef85dc5e46efb08d29054edeeaf0814a0eeb84fc947fbefe89e

SHA512
2940ab2b4ce13ea800e32370140df4d2e28194d6a790f0d4641fd530f219488c8a57c86ef529feb458508f29fdc45c8c4e26b9bec3cb8d64b0212aa80fd589a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\A92676F1ED8461114C2682809FB189235FDD63DA

Filesize
8.1MB

MD5
2461e96012bbe5a666d05031fd99bb91

SHA1
23e9b60102c7bce61e5a624edf1158e7613acb6f

SHA256
18f467ed200183f187f21c931d4c17684fdaf991db3b517f969db41f445e7dda

SHA512
fe83b1cae6bd7b90a90beaefd198158d7e2cbf5b8522326a9a4ae4ab094b32eb6c8ea767b82fd94d66df8f686f9532bfb318606a2fc0e9394f26c3d31f76043c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\C2995AC72A1C82CA460CD55984A64498CDFD69A6

Filesize
960KB

MD5
6c1e4086702edb05693546780a95b5d2

SHA1
00139671fb447c1237a4a6f92958c278dee30a1c

SHA256
f16bd80aae9b278aa69ae069f56356700218d14bf027edce15cede8fd1aa0af2

SHA512
26a2f7f21a6769911f800e369e499aa496cb4b38673d275246ec38d0406dd53e8c1d71a167e4440e0e08bdc06bc547bd10791098f7009356c2f58ab5f8900b6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
c338c671be8040c6e5d70055a6c78e62

SHA1
f27abe3e8c0a3b568cdd62a11c975fd34d30b866

SHA256
83267cd8ac98ba5ada689ddf7e49b4e3b8128a9cdd6c31131fa1c476e4216978

SHA512
c9e176ca2b78acbe32a6e5ff2f8f2f71b48a574900919026fe59f23880e8e5da48311991100a0bfcf2afc4a15c4321405b28b512f62787a4406c254f9262e1c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\D28DE22FAC14939817047CA347A8530A61AE9CDA

Filesize
25KB

MD5
ca24e66d0db3c027360badf9a3dfa2ce

SHA1
8e835c39ef68a222fb658a724a919e840cde0028

SHA256
5733f1126af4b7f11b296b9ce980e0ba6abb9e55c0748f2cf377145242e176fe

SHA512
b763ef66766eb54f681063471969570e59b33b5a91b28d585e3962b75e85c11fe970e0f25cc03365307e843f51dc3cc6ab33bcb43da0cf42d288967f9a33ee8e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E61BF19A775AFB382130B39436E54A1B998E7401

Filesize
2.1MB

MD5
cfd4c072171c55d80030037304c32b71

SHA1
00e6b0adfb6b4de4df106a07152679c98de60cc8

SHA256
24bc0029557556bae3501fc054b3ecb025fe794e4fbfbd616f4b6cb9b4176559

SHA512
814b09d55abcd3ec51af8909acbfd1ad4475c92c402d08e6835876f7cd361ba05ab5e911dafeb3b71aa5cb4eb51e8912050fd78de98691bd3c4aae3f818aa94b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\E7977F6E10AFB3B4A8B829A51A5BF2749364C136

Filesize
134KB

MD5
1c5a10ee16f24a128ad24ea6f9c33668

SHA1
fa7a9b0e1fe58beae70dcdc9b4713d4a84ecf813

SHA256
4efaeffc7e821a193bb2b5c34df0a745e5e3ebef96a64cea571a7c12a21913ca

SHA512
43e30380e7b091acaee0858e8d75b93ba2579ff2d8a020010899bc7529344bc09311216c49390bd163dec760851555037f9903d01682d15b5c0890db08640ed9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\F7C4D2F38DEF9D8AEC9B14389C95F920264A8622

Filesize
78KB

MD5
1602461f65288ab147699ba98364c7ae

SHA1
674e3fb58ddb1e56ae98428df7279422e87aea7c

SHA256
69c9fbda1a1c17d09a7f005c1d89de2761ac1fe4819daa549b260461c8ea96a7

SHA512
efbecc9dfb361cee487614c4695ae7619b159aeb91e8205a476e41747405e114988e264c2034268286ea86dbc44b16dfc15e0609eb12fa35c2d18441bfebf310

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\F83306352212E41B08FAA04AC2CF06A2B81FA95D

Filesize
61KB

MD5
a278a2f629473080ffcce7695b9b880b

SHA1
2ad4b0177d59035048ccf8be615b713d3e19c470

SHA256
e992e7f6127b9637f40282ba9d22e59af68ae893becae572d0cee3ea6dfc7598

SHA512
e0c98716ed9e90bd0c961d703ab793687546a97d241d22dd25d8f013c2df8d38b569e589c512edb11dabf07aeadf37f23044eb54415bc57096956cd6a21a7f15

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\FA2083489969D30038DCF1A73D2A1DE76CE5D9FC

Filesize
192KB

MD5
119fcd05d550b1f3ea3fd40af03f7330

SHA1
bc0f472ca3d982014c64cd8f1e93111473800469

SHA256
270b20b4e47c4684109f999f57d316eb7f3bcc6b1ff530b4137d478836468e3a

SHA512
18835b5e5aad034e815a89bc49b49dd5492e41f08c96720a30036fcbcca9190261e1b849a695593d651d4fcfa990f9eeac7257061ca96e90d9d4bae06a98bfd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\AnthemScore-eNgUSz\output.pdf

Filesize
4.5MB

MD5
c7aad0f2b96542dd7eabb36d19ac7bf0

SHA1
4b26e567a1fa850b3e3dffc55062779d93b4c02b

SHA256
2c6b265656d1df6e025d64e1834fd5eb98e05ab8364f74c23c76dab5dab5ec75

SHA512
c01abe672e979d09ff345a75f0bae947b4f88cd332cca4e759e5beb2dec1287f42c261f828cb296a367ad169a1326a9d7ff432fb6c4b0f65a4710942eab811bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\AnthemScore-eNgUSz\temp.musicxml

Filesize
282KB

MD5
2adc564041fa87ef86fd772356a3fd29

SHA1
40802fb526b1407f7b32c8e5443fe33657d480a9

SHA256
8a33fee2d6bcbe360ff72cb91707928dd2515ed44516a26acef049ca16f6b134

SHA512
2325c8787f0308821718307959ac2863b6525913c78ba7ec5447127fdf7b0937466ecf3930b714e34c07b44463d60998f1533bd13e4f53819bbf075d39a31ad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\AnthemScore_installer_windows_x86_64.vZmbUB

Filesize
20.6MB

MD5
642d6f1949238754aa2fba635c68e08a

SHA1
a35d29a04e9d4a67191b743487acce98a3edf12e

SHA256
290c6a6f111ea03588874c8d73155efc37f8ff2e4b790768a214c7e6ce3d7476

SHA512
fd2fc9a0662871a831ccad6a60525e08186f3c12fa4b9145daaa21c82d57854681b6d74f36a411ab2fb9c67d43b4895c8e0b3c7b882a8d350306860b54ad84bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\deferredrenameAefwTC.vbs

Filesize
764B

MD5
2ef610ba2f4f2fdfba287f86f14e8e0c

SHA1
b3342338315e8618d6dbe374c51839ecfab3c8d7

SHA256
31aec6a581e55a480e95e23537668aadcd452984a4abf27417cb9fbe4d079bdd

SHA512
2f57a2a6ce302c7f5ce303359499b164e113a0be6ddf40b5760195aab845d543e0bf279618428c3d6931414a0cf399ae8e91a9df5c03183c4c3cb31bfb239b91

Download Submit
C:\Users\Admin\AppData\Local\Temp\deferredrenameDDjPeJ.vbs

Filesize
764B

MD5
20db0466bf5f17b67c7dfef9594bc690

SHA1
7af4d7eb6ca33f5125082effcbab4113fe599f5b

SHA256
458420174b335cbcd2688a77701441de06c4dbfa7cd8643edcf77c316ba83e80

SHA512
d99d37b4eccfade8350ef55790fdfebfa7eec37205cd302ffbec82302903cc00ec647b8494d16c66ade7012cb7c3ddbc90d394f532a1f1c121483f789cebec5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
15.6MB

MD5
a8ef83a9c7dcfeafd18aa510c1fc0917

SHA1
b5f0075caf93160359732aa1fc8b1438a43a0201

SHA256
85e871f208331d3133f4397fff01d737f89c464b071ca390405e6bbc67c626e8

SHA512
acfed9cd3c3826e964364c0d38235ea44d069b1b2e8c4c63bb9e6b82232398e80966fe282a5458ae533983be4d713a1087d1dee6917448452218050790f6634a

Download Submit
C:\Users\Admin\AppData\Local\Temp\remoterepo-MKApOL\Updates.xml

Filesize
2KB

MD5
0b9ba9c5c7e0bc7c965ce166289c0b16

SHA1
8f9af00ccc39c288eee852828ed36dd93511c1bb

SHA256
62b91552566784d544093073b7d751e77ab9cf67103cd04ee481645591629df8

SHA512
9a14f164c401e5a9986bc1729ecf52b4f3482bf113e63a6970ff2fd463f3803d8d47db0ece4a365a3360c4d9514bd935e263a29b67cfab9e3c21f4b03eda2b96

Download Submit
C:\Users\Admin\AppData\Local\Temp\remoterepo-MKApOL\lunaverus.anthemscore.windows_x86_64\installscript.qs

Filesize
1KB

MD5
c3b80d7298d7a0839a8d9e2e3beac645

SHA1
7769e61f492d59dce858af72ed1fbcf9d2a460a3

SHA256
519822d59ca89311a4082575aef86a380e5fb7230b1c01922b96daefea716459

SHA512
85d30c02311be8da4e2effa3bfd1f075200e734afd3b15f372282b5b77356df28ebbfb5842844792fc1d11ec1d19c8da4d8bd537e4d0079981f16acd723ec612

Download Submit
C:\Users\Admin\AppData\Local\Temp\remoterepo-MKApOL\lunaverus.anthemscore.windows_x86_64\launch_when_done.ui

Filesize
782B

MD5
b9e702755f5e9863aabbc8d9a85199b9

SHA1
60c22871eec56d41039f01859b46e3b92d41c9d3

SHA256
d7a148035f8deca3fcfcab29df033935b8998b9124a8f5ea7cf82c260c249d05

SHA512
d501a35ba5c9e9394d9393efb37851798a06c180fa405c215781e31462e64137cbdcca1f6c27f21241ea0768ded359e2762c6b81bb841e03f2b2394830e14411

Download Submit
C:\Users\Admin\AppData\Local\Temp\remoterepo-MKApOL\lunaverus.anthemscore.windows_x86_64\license.txt

Filesize
47KB

MD5
a4ca7c940209bb3d494198175e40c47b

SHA1
e975942e9a04964760f10366932333e2a296b332

SHA256
a6f24214d9b4477159443cfb48e4c74acb5085ef5b0bc1478f632ee973d7920a

SHA512
8df7742f7d3de39989d184a0dbf3ae38467961f1c6c2841d0e040c74ab0111db216fc009bd1044987297a093a9f43afdbc90e8ed596376dbe16a2ded95ab26f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
e632439c4b31b50eb6fe742d4c2c21de

SHA1
98cf4057973f42c49ca8fadd308d2d039f39d2c5

SHA256
f24aa895515509400a2f036e57e530d88218b6203bf452a7ef4f148e521fe268

SHA512
0e82c2eea3a485c32951cde834c569c8cf9e9888f440ef5c80dd136c346a01d56c195addaeb561705811d1895178f89d3e0b30ba3923d9332a10baf72ae89f64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\AlternateServices.txt

Filesize
8KB

MD5
48f4c4e9ef4ba5632e021c5e3b7194aa

SHA1
5d93e8d863234d6c4609d09fbae6497d41a406a9

SHA256
49617d27afca0fe6b5f8a8ed7e433a938704cd949ec519317b0325874a8020dd

SHA512
602655e4f85bf549164a52cd7e1ccb756508db93bb119a2712fb35a907db16b151910d3448299f291dd67a1d25f144e26afc1fe160197dd4a9bda9d1e47c6492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

Filesize
19KB

MD5
d149c68703eec37c67a998ad389eaa47

SHA1
f4d0d22ce5333f02cc297caeb2b6ae93564b5c45

SHA256
e534df011d3131e72b7ff4c31afd827297d965fb293c94f3cb770d7b4ae30fe7

SHA512
602c67b237cfe86c3e11f8d0d90d2bd7fbe2ba3f7d21a295839114d14476682b26decd18606c3a6cdbe74a3e8c77f1ce2376e9e2e5ca43b9c169d2b46ca13ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b62bc4b5562669703a98a37cbb76f4e8

SHA1
60856fccc69edc973440630927c4a43d4243eda8

SHA256
1cff33da100f4b788b66e37d0e039c6a91c3b3d0c59c9602fefaaca0f3bf3836

SHA512
85a81da403cd68f7e70c68bc2a4f6a5690f9ae0bd0edb6936a74dec5004713a576f0967e28a6fa62476321e4f17da12e2364665d149a6cca3c8baa21fb4d6b97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\027e405c-88cd-46fb-9806-bfc76b027c62

Filesize
1KB

MD5
cf2e58b51a5c7b7b1a14febc73bd4b80

SHA1
315fec1c98a975527245df268a4fd46cc9be4a89

SHA256
5372585e4055ad7f461ea29810c979b4e7f8730c8e7a60b6780487375dc0a18a

SHA512
869304bd76b9326709b20178f0cdd222da2c59c662eaec56cca6a220104cc2777d4adce8bba4724819835ae1c3fb7b504a927a552a1711207faf0dcd0262bc8a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\17d51930-bd36-4097-bbb0-c005a35cd824

Filesize
856B

MD5
ee12a31fa28554d7fad857df6f4fc612

SHA1
afa1419d617f5da70fbf6b633abc35767e3f50eb

SHA256
02729eecfa3c5efabba32e6af0c4914f917b02fd7512d14fa45c0fdbeb35e169

SHA512
986ce6521a46706513d8b8f8d1f15156a3e794153eaed337dd6acfb0f75e71aeb251a640110942d4178691a68b284b05fe7277b73a5a125a2be037349bee2e84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\8be3167d-22ba-4c3c-bd18-9af47400e7d2

Filesize
746B

MD5
660302490e4ad0751593218410263300

SHA1
51d7e607fafd42546be5e4b2bc13d3924086b816

SHA256
8ec8edca0bced3b3334532f21920f698352ce5f0f56e77684f9b91f6dfe8dfa0

SHA512
d405b876a984bf0e9f884786ce0b6c6161bd31bf561e790f89c51d02e582bed31566120554fde868557618aad89226bdf3bf409c0d83599351f869458b304f7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\e5012775-9f94-4270-8e8d-b7ded9616411

Filesize
10KB

MD5
471868b5f5e78f1b43209188e3e3a442

SHA1
2df468df64f5401a3b7d1f7fa1de9d4e78734a84

SHA256
d0b96fcec61489a15d1eb22e95752b5b6c42984ac811cd6bf53eeeac3914a70e

SHA512
2f2a88728b8fc31485ba5cda305a8316597048a58df36d4df68864ed4063face757c0bbe947d9fe746645ae31874971ce498224dbd2223a9a9c694da1da0ae30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
10KB

MD5
259e1b628b5caa41015674e13b054594

SHA1
fb1af996781ade394f88c0f719b78d3b3b62dc3f

SHA256
08cdec62cef1f453bfc5cb313f0f418a657fb68c34d7fcaee3deb27365f119bb

SHA512
7647a7b0f5da6144af74567d9cbb61bde664e9a710036ff2d15c0ea2e702292f7113b5f2ca5532af9d886b2857f5347fb95ca03549ab19f21b901544b8cc41e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
10KB

MD5
a5a24d88a96d3252d563c0ea9ac7dd2e

SHA1
00f95d567196355f34342792c57c0097cb65398a

SHA256
4ca2aa9c89918732da2a7760705d090d63e6273a4afac7da9f3ddea4974e609c

SHA512
a384055088bed293370cf503d70cc880a34bdb9e6591c0d9beac620226832f70f595089df57e481a20ff8788bec15a87d5c187ec9c230bea978c0a1839913c3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
7KB

MD5
c911701c50816e05b33976d97fb93798

SHA1
67bbfa5a9e533a0db441b600c1b2cb70e340defb

SHA256
9a8efdc6f9a28559d797618959cd96120fc5801d45b36be33be2ed3c5dfb60f2

SHA512
65b9969cf0385a9c498ede7617bdc719c1582b30da90dc4a2b14fa1e14d653054bbc0bf9a72a707595fa956300a22f2d790493527d5faed0f23d319c3906d013

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
6KB

MD5
8f6ae7d32cf11d45663c14e64cae8706

SHA1
42b05159758d31f47792dd18632b7d98e0dd6294

SHA256
39fba39bbef67330e344d528bf418202f94351ba2b1279c8e46a698fc319bec3

SHA512
39d9a68b19e43e9f47cf80240247a6ed37907cbc9f06652baa5378ddb85ba7cefd3f363645b73fca02033b49ff72529213ca439f70b04b8b15b51287e4bc8200

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs-1.js

Filesize
6KB

MD5
3f1adfd800f0d5b1d84b5d898655c731

SHA1
163281bb2c0068d0aa27eef5845dcf7b4d3bd4fd

SHA256
1876632d7623c562176c5db33bf4e05da954658531c7ddcb2a1bcb9a7aced8f2

SHA512
7c2c8393800f5cacce3624b9e13e68c5eb53d7bff2d03f2d0e00b12757abf04667c355c5604b3a336351816bfab59861b1e0b94a0ee5e23f7dbf076ac267c6d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\prefs.js

Filesize
10KB

MD5
75d4a5cfda62f57fb4faa540ee0f3a9d

SHA1
d7ad1aad0d0200c3ddf5ed71a35d7be97750fee3

SHA256
fe23a1d7c2a8d135f95caf024aaa612e446a4cfcf5d1c38e81ea7154508b7118

SHA512
a794c5f2f4942cee7d7c1637df49593ce15cdf64dc82027151881e03c5c296de5cf1bcd83399cdcc594a703a56f8e77148456e96051a37bce5aab5d7b07a6da1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
526acde3b5c6020d13f2f6880a8c7adc

SHA1
8551b15359b2cf93f20c1b2d347b011a07713fbe

SHA256
3f2ccb44efcc042abf76def2bbb4a3daaf7f09ba9ad96c4a1214441844494e2f

SHA512
78374f3435f639ee69dd13724f7b517eca3684ae9fb456c0287d5c8edddae02915275d5fefae45fe6590bb330460e4687c5fce2f8ef76e6c6831185311a46d98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
6df94bfc16c41d53aaae1c051e8843ff

SHA1
204f7ed2b731fdb145ba0221e4c828eb5e86702a

SHA256
e1a001e9b48d3b66ff87f4d1487935634456c993d365c2ce0558f16ec20db3c6

SHA512
125433dd050ece50eae145f624ccc13e6e4887783e3a9ed03a55d7719c02d2fc784663fc24882f40690bada73b0c192713393e2d85fd91ecf7f560b947c3acb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b10e0e0260a3dd59adaa42076f1596d0

SHA1
ea410b58e230239dedf901dffb413b921fa51bbd

SHA256
46328ee94cbc15c0622162ac38408ee66037f3bd8466202b296226852eb101ed

SHA512
52671c6fbbc56b2dd1b5002eb83e6183e1fba4f372d1d9f2d05cd0903c10c2a0554c756294f2bb8ef24b1d03f9944793871e382f7203ab0635ceaedcb3b75309

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
de70b92390f08371cb1f1955c8ee42ec

SHA1
06f13f482e8d0964de8485eeef49fe337a42278b

SHA256
89ded626084f645c88076251644d002f1ed89b1b28f8c8a1c2b3d01bcad4db5e

SHA512
098c330aad5fcf52d165b70aab5907d9547da53c027aca20e3cb22c42fed4df49fa15ce86484df3c7b241534eb08b6f5c34956d0a66b87406732059743e74441

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
5334502aabd51d3d2109fe573d850fcc

SHA1
ddb7ab951b58f2151cb933960b5690f37ca14d00

SHA256
cdd6eae389710e1319b41a4a9aca21895354d556850ea3f1d85f306c9f8fd29f

SHA512
db0fcd9edf114bbf4bb4f3986d29c8e70ec9916fc475951b7cde82541ea57ece885ab6103472d676547c429c65eff631f5ad993e27f3f4ef2c5beea264fbb512

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
c34cc3e89ece1675c6db1862020f7df7

SHA1
8bd962b5fdc60ef38fd18e66159bf2e614826b67

SHA256
256cb8e3cf7074968bf09a7ca40d7592c2f710cda382387b6d6586be71ddc4c5

SHA512
f9cf5f2080aa04e7c4fb8a2e73b92b7b183fa1dcff994faf06014d227c5ac98f6bd0ab32216e4b2f8e99cc41fe7df0ba42337a63ac1d85f6821e3b0b6c25144f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
4cda491d2ee1bc369e2f404432ea1fbe

SHA1
562543b3fb4a1b741394abd2c7e48e5e7c26b0b2

SHA256
e6016bde9481e5984a3febf10496aa11ac1efc682c7bc8379be4be9146cc179b

SHA512
73958220052636c29e5fecf96ed312274602d30f40d80f19d295b352593735c1e7dbc08b6b621efb0eb3fff3a5db5a9b6fc22640cdd86ae584e7a752ca285289

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
2a6b4136a9f3388c77d627a12c6d79c8

SHA1
9e4c649bddb09a9c80acbb7972ab146c447df658

SHA256
98c8e0c3191bfd4b2f8fcaba9d73bbb16f37ad5387a1e7390131aae858583084

SHA512
04f0e273409dc2e069fb566350a7cc592ce2a28df6f3613d8a4228646b4fe85fdc247e0c8bbefbd8c3d14378b04319459a7cf7e7260cc65072122d415e9b9a59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
51d0efb78cddc394ef2e9ce13331485c

SHA1
ff77aa24bcd47ec4304a6bbe040b80607fcfba13

SHA256
4cdfc145e6afb92b7031344c2a005ef8b360ed27478c4ba3ce71dc3edb7c1207

SHA512
e7f6ea10e93242d5b0d0482b9149c1de86631200e0ebaa203ba891aa08f5dac66f6ddee47df5ff1a6e0e494489dde8f5a43525465f1a7fce0c0626d7b75edb1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
28f1869a08a970b9bc27dce7422e4124

SHA1
1271237be52e469e6021ddd628fc21cb1c8ede20

SHA256
3e2b496b8ff8c386ee1566f1b3e765dd07ef7839f1d56ac72147203e07523866

SHA512
26c4f110c7f32ab2b16f9895a53b078a994a38d1af75d6d9163a4cdf5909725d0377748a25a1fce46185ae438471d55dcc09a35953f210af8c485ec423ea64ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
aaa12703d32a58f281364cf5d0c32052

SHA1
73899a6ffb6e726feea53ee85c6e038ab52c02d5

SHA256
1cb7ff58a705a85482be6a18870ba4b220cad4a1926463baaa8fe75d67c40bea

SHA512
2702c301dd9148ecf9e70cc66e72bcd9071ad84e39eb689ea0e1111390e2e11d8ecd686853c85ab0da97dedf669a8b06019a6185920aab6b03e566727cbec225

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
6e3574f3d2bbc80507a3dd7d0e8e6ecd

SHA1
4ee327e715025395de1cd2001ba77ab6b4cd8667

SHA256
74102cb0249fc0879c750d1282826853c21c7faf906c79474aff271507b62e72

SHA512
08bab10f405e3819b7c94fff7d3e78ff104a704bb8b2306867b9af88a2889659e1e7b6b5db36e97928ab359b9b03ff7f1e2853c89e3ff4d9b55f9050eb0bd058

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
5b3a2093597e8d08cb6f4bd3eaf8333e

SHA1
5b807abacd9a1d0490c149b08993c49ac582a80c

SHA256
321164a69c6ee2002d339bb21c41f256b4f169351f99bf747dca63efc8c1cdad

SHA512
082e80b210a62097f759d39ffb783aa97ccbf88ba779791c28b43fa73c8135a0097f87e15fea02af13e4b7ab5c5985e995404e1268baab53c142e92d7b7c38b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
0f2645b56065e933b431aa8c69355f01

SHA1
af8dc46885efd6113f8780033c60eb9961adcaf1

SHA256
6401901a74d3dbd0cd087df062e0fed64cd507b7db32721975253df3a4ff4390

SHA512
dfaed6c59a13e067b8967f8416864bfa0a4309cf82f1227e91afc36da86e5b83a230be8cf06e97348ef9c82ffd4424eddd844f0ec393fd3941fa4ffa91b35c98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
e68ac903156ccd15bb5a344d1a0e6b32

SHA1
3592476bcc5c91eda71601aa5d67b5cfbeebe942

SHA256
956d0556671b64559d942a77b0cfcdfd7b185a8c38146a3eaec31e80f7ba8f79

SHA512
b5874c31bf4fd04f7841c37090faf72d69967edbb74837d98a0aeddc0dfae39f322cc15a63e80278c9c3df4261dda050abf6333e3498053df03a1c89f0642e94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
a1b79a25045aa62922f641a6321aa761

SHA1
5a956edf7d8131d9b91240450757be6a01425115

SHA256
791d1601860a0d3e57d22ee144bc8896958a11bb298712861d69d688debd298a

SHA512
f199b4bb08bf41a97d16badab347892319b659129f801f4196c02a7ce7fa8de80b994de07a883105c53f40e8b578c720ba074ec204c32cc4c9aba345908bd557

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
312d726d45bc63f16fbd7766381cc22a

SHA1
ec7e5115f34170b794d798c4b039d4f08b2c003f

SHA256
775a13dc8903f24a11f8f696e8696c8116782cddcfd5675a26525238d5c3409b

SHA512
200e22663b0130ccd37623c9053147fde7dd5be8dee626bef3f0de4dad1edc270892a91abeeb1f1905c9bd67621de61cb4c939569fcccef788b7110e9df0d8fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
4aec0f6fb949113a676d26abd1dc3868

SHA1
f3164d9f8836e73990525d07a6f14383204f7722

SHA256
79532501aa725c9bafdc3e35810d974efcb50390a0310e89c3bdbf951f14ecc9

SHA512
c4b06655edf96088bb8ed78f1382450125330b0ba3fb6ff05841ab996f06fd565aa07d03700336fd21cb9b1b2f3d32550b9d71cc2eb7eb121c414f421310202d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
54013e392ad5b1e91054bd35e65cf67e

SHA1
03f5c2231f931b426c5f0d4b39370189aeeab0b5

SHA256
15960a11dbda1350dc2ab9882505097d53962ef2ae4c4944d9b232b97006f816

SHA512
306bd7eac70d70a5f96aa863039691ca939f07177649c724a8af2142cde3ecaade53a6ec97d0bfea2df23d5c7e68b48090a32c69e4e03d72f11d63901b8df7cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
05f8e5df6458fbf05b087916db481278

SHA1
71e90763a1913d24779f6238cbec65787a87981d

SHA256
e82953754053fd4290058cf78877eba145909dc1cab740ddf60e7270a943e904

SHA512
f59c95ea6fd3bb0868bfdd0900a50a734a5b0d3ac737a4bfc8332ff307935e4fe72d99eed5159377dc786b0db8985f1465fe3f1b52b4d299386b01cf4d1efc00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
20c53cd091f7c58e86a0824fbd7883d5

SHA1
d1856c4a61448e2d845a18bbcdd02defb839877f

SHA256
4f27a0413a1bddc2068db9e053fbe76b87f0117d133aad7c2c5c4038fdc09d3c

SHA512
23c034f4f3e851c2cb49ccb7ac3b182450e2ae910660603181231a34063552c8b35b5512a7b49ba944e2fc061f1f9dfc939dfacb29b9422f0e19a5190f55d4b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
e8d32fbb3794596832b56c1a6d3af6c3

SHA1
9c25a610725b32e810b4e1341eaa67cd90aca637

SHA256
d035f55d7de0129b4319b1e06ee183cc39fb0910bb2793e43255f6834672c493

SHA512
3c7da562b2d5620f367c5d22b610c4602ac85644b6ae51d918b44fd63422836af2a334eb12b6f5a9d7104a536a6185609657f033e988f923cabec2f605a64dc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
f0d021f96ea398d33418443dfb1a5e2b

SHA1
4919244e78ed6e3f2191b19830f4bae462b758a0

SHA256
2667b9633082368bd984ac5338ce649417e962d8a42bfc489079c34e7603f89f

SHA512
75f454acbd938babf2de85b5da814b1a9cc8ff3921458367878ffee31c4b92cf5b6b65adbd8ba14b7ef4781690e6c492fee347c4fc57bf0e3e52bfda83625d1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.file.io\ls\usage

Filesize
12B

MD5
126757befd668304dda19d3a445fe79f

SHA1
2fbdfed21065190a76f950ec024d7130071918a1

SHA256
29c40f51fcdb2fa57e4d157918bd6bc6434bcfef09db92968ef36c72bbbf15d7

SHA512
ac65e4de7cc735ae507d01597efce8226795d0d5af5c28daea27bbf08a32bdc113bc860bf6893e875296d69515ea1902303dd47919134a8943c22cec9a4a9360

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.file.io\ls\usage

Filesize
12B

MD5
70fa91680c0bf2e9f6f9fb65d5c48e68

SHA1
8f300e961f1a3bf194181ad8bb79a1822d1fbff0

SHA256
07aaa54727111cfed8dd99678212e87c9218123471c1a3a1246e6bf52ffb6d12

SHA512
fee845e74928ec63a0919dc75ad7bb3be717e5da4777763785413ee10c67a8ee1f08d86ff93980a62692f6461d0b42de4bb905f4f79c2b0e96046cea800145fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\cache\morgue\145\{6a0822d4-2fcb-4ea5-90b6-ae2e1cdee591}.final

Filesize
4KB

MD5
8e09b67d81433dc4c3c395e7459953ca

SHA1
f9f8958bb3ac013d6527d8f19114b0e31338aaf0

SHA256
712af6d331d597064f988ced6a27d9cb2b4065916ad7eaaf0058f214060cbeec

SHA512
765d0e5494927bc641c838de057b55c73f790c97ce8cb8e68b6a4c6ee94495d107a0f33825ad13bdd6006716e230b2003fd1526032fa514db2f7f0ddd9de6064

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\cache\morgue\170\{e2c202c6-2755-4332-aa5d-07737834d5aa}.final

Filesize
78KB

MD5
707a39f3107b60c93c36ede3f5b19168

SHA1
c0da2d5953518682eca0d8e25456edbdb6876752

SHA256
780714b8e53c7f6889478ac83bd894453f3afbf5a551e7b62ddc8399bb0eac43

SHA512
7ce2a2982df85b330080ba28ba60eba1af36ada9f43ef32550dba15cb284d703ef5010e55cebd9e54f067ffadf39f0749aa679ffb384aaa9012cf8833a7b0ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite

Filesize
48KB

MD5
b4638fbee06924e423bb42611650b54b

SHA1
ef4d783d71134752bf08595ca34a1d3b2a60f5cc

SHA256
9c1c88b3f44c3eef938c9fefbdca3553ee3bc7ce7308a8af602ea02de5733e8c

SHA512
ef8cbbf31e8ecc8d45802bd13cfcd395e8593ecbac22cc544d31c761027302d7d565ee28bfcdf2af988a3d206450fed5ff41117524e543f22d8f3aea07dd2759

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
03608b3c8c607b28b64fe9f15ef96066

SHA1
cdb57aae5cbc2e84b2842d0884e2bb8f29de6c0b

SHA256
148c982634cabe54f7a85935837098926a0f3e874f3437810bc9fbf0156fe711

SHA512
b51fdb77dd290300c2728c0d07c9667819f2b748f02dcdfb217801c0c0c8670a5b6b044c416614b3ca7016cd56447ddd4b10a29d1fbecd4b8c6c57c67223e5a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
fae0ec9b93ae50d8a87c1ff9cb8eaca6

SHA1
17725190e6a6f9bf1402b9d34395d1f429582c75

SHA256
0172725787e63b9d3874671e95501e3c7fa478ea4429ba2c07fd10f48256f568

SHA512
e14327c2921bc5d6d982cab33ffe8d39f210cf35864354f6781bd64909de18e9dca81595214a0493da8a58bb012eb68d67284c6415a0c6b333f4e0c5a48c39cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.7MB

MD5
aff388a508e5dc6bedbb4e12b8d41401

SHA1
15c0d8ccdd5d7263de1570151978a86b085af1af

SHA256
cb30f3099b714112c09477bf27b43dbfd9913f735b014fe73f44b61fc4e7d44a

SHA512
978f5c1f18f3e13b3b37abfaedb34b0db0e989e4c0595abe2f0262414e2f237ffbe3bb3287b6404c2fc7b059aac219a319d90556e73886fe28308b853d2e0cf5

Download Submit
C:\Users\Admin\Downloads\drifting-home-by-dan-phillipson-meditation-music-peace-1UoAWfqAURw.EVGk3Jhi.mp3.part

Filesize
2.7MB

MD5
4643691812c44365ad269b8e0f560156

SHA1
b3c8fa2322125609ee2977f3cd0554cbb1fd6957

SHA256
eaa0f1f90efdd0c03ad71d159036e87413dd1041922de7a61ed9c22c07e8b0e9

SHA512
0478ac3968fc3334bb031a47620064dedfef51fe65caa002357871742bf888bf839df857a29834823564816aa4ba1ed739b8bbf18ba905b4675e82b0147601c0

Download Submit
\Program Files\AnthemScore\Qt6Core.dll

Filesize
6.0MB

MD5
46a0dbd38cb28d8e79c80c9a033f6ae9

SHA1
1be5f3e78485f9b08e32346f13155a94001de50e

SHA256
225bd38093416c825f2e3220213f64e1079e9ab20f4738decc0fc6eb992e8a9e

SHA512
3fb62bce7b1d5129237914269aa3dd9a24f9e797927f2f4f937a0a291d357a40ec51b9c829094dc0bae1edcd6c580f1c9a03ca2c84d5526599c3608246f00bd0

Download Submit
\Program Files\AnthemScore\Qt6Gui.dll

Filesize
8.5MB

MD5
7875aad0d0d426e9d1b132a35266de32

SHA1
8b7656e3412ae546153d2d3df91a6ff506d64749

SHA256
fc2464f62d7915ddeaebb5490bee6d60e7b42ad5a223d5812f0993c27c35be19

SHA512
9fa16c5c628f2e9b242323aed4c1aa70f093cee9f341ac61640287ff9be8663658f502769e037a8409943d3c9ab826bb1c6f88532f0fbacdaea28b2353cdfba9

Download Submit
\Program Files\AnthemScore\Qt6Multimedia.dll

Filesize
833KB

MD5
e8fa5ba349752d18f6302434658229f4

SHA1
1e7696e1ae887734f017e7c4e521ff648e090508

SHA256
7b2aaffd8bd1b042d1d028b071d4fbb42420f52d04f45de06c4a80315b9f1b29

SHA512
771a41622b045724604568c18e5df00f99b3da3fa67d25f5a60024db34b01b7b70cd0aa9bb39c53cab4eef7a6059e5855fb205e83d131580626a4b43505bf621

Download Submit
\Program Files\AnthemScore\Qt6Network.dll

Filesize
1.4MB

MD5
960f50470059381c65833145036fef29

SHA1
270e230bfc9248e5ecff9ea8dfbc5f1066df02ee

SHA256
1071f4f88c65317401bf93a2ffb55e661adcbb84f05911879ab21a6656521a68

SHA512
cb0a0d63aaae1b9646dad722759b1c53b36ed13a4231a30b054f6124bcc69e7285c5777ab6bbbb8296756d6c31fc94e735db42c5155db35274e0ec25c1406582

Download Submit
\Program Files\AnthemScore\Qt6OpenGL.dll

Filesize
1.9MB

MD5
2a2a628e23cada5d2eba63dee642438e

SHA1
73cbc92073eaedde3f2fc432edda0677e7a49c9d

SHA256
054b0a8d87fc735aa2eb281e5078f8d28bd1c395b7e32de13ef64a8bbc10bb04

SHA512
ca87b5e95ba9c3b1268b14a6587305ea52512224e9ba48e73e64b292713df295e9d64587f446fd28f0e2788d7cb78ca460d962f06cf43ccde53fe45ae65cbe90

Download Submit
\Program Files\AnthemScore\Qt6PrintSupport.dll

Filesize
396KB

MD5
f5d5de6ba102162bea70eae6016af754

SHA1
a654794fb16ff1a42af0d7b6e29a3f5a8a72db14

SHA256
34099d6c1aa4836fa49a01acbfeec106fb766dbac0e1d42dfc6fcc0c4901afa1

SHA512
7be4a2e4bb98a94200f3d2a3dde76aa12db6b32851a916d38178500a99e195ff205979fa98427ed8fbe4435d2d50781c02ca43a6d6600e1e05a7187030166676

Download Submit
\Program Files\AnthemScore\Qt6Qml.dll

Filesize
4.8MB

MD5
6404ca802e99e8520d6229982e382cf0

SHA1
204e0446b4989ef2df2c71a4ef7482240039da45

SHA256
477747d49a8b7f51c408fe7a49cc3dcfa99078040d3059c5586c77d9b04d1a0d

SHA512
90998283c98eb7002cb0342b664a9f03902a6ee8141781ab03f723fddfb925d0a0e450e3c89589eebec41b95f1e73ec298808857151782b3c00b6c3fecf17df0

Download Submit
\Program Files\AnthemScore\Qt6QmlModels.dll

Filesize
708KB

MD5
623c7740fc301a398c40dc9504d04fd6

SHA1
fb0e711c49c2ff488c7d3be9daebe2779bd42157

SHA256
4ae023a87636f5c70c08dbd787e47eecfa0ac15ff741677db323d70bd70a36a1

SHA512
2343081e57448e3922eeb86bcedb861ed8fde1dc51ab0e42e7930cf07834e9fcfe41a9b1d64a89341037abee421d242d4ece91dec8a8b26a0a552989e130fc34

Download Submit
\Program Files\AnthemScore\Qt6Quick.dll

Filesize
5.3MB

MD5
e739a7f0e54081125d1381a42eb7c226

SHA1
20ef3724f878bfe7773e006c29de3ff4e6e8a8c3

SHA256
35e8842051211a1654d6717b8786357e7a93b21a004f941151e7a4af23e16a84

SHA512
fde9db1793eec6fe1a0818af1b24c8399c941280982bbbb456332aa2768d0950da0caa7bd21e1cbbe81770358cdcdd3a6b199c71df1432170506dadc718d88e1

Download Submit
\Program Files\AnthemScore\Qt6QuickWidgets.dll

Filesize
116KB

MD5
40ba15e0a7ce0ed1f81c4b7f4f5853f7

SHA1
4f8055864831f231dec3f95d1b99e18b3b75c1e5

SHA256
827c85b5267f76cb58baefeacfda286a50d72ee92de42587f6823ce8f8d6d802

SHA512
d444d15ca6e5fe5e1211a319347b29fe54eab79eb2d5e5c5693aeceb68f71d17595a66e7b771329f44a49c34e2719829786851c32cb8304c13c8b693debc7d20

Download Submit
\Program Files\AnthemScore\Qt6WebEngineCore.dll

Filesize
136.5MB

MD5
ce80133e64f0b958d8b60cae5fac9b22

SHA1
7881a5c79989bc609df22fc175369b363e9968d1

SHA256
eb9e99c15dcb3b077752d74213fd40e2e1c187f0500ef70edd0cad4ad52cdc76

SHA512
93b61246ac06bdbdb6d1f4c683a7a86ee518208f0697481b29741098e062a7eaf80a970580b79c5812df1d44245941caa5f69f54f0126e8d7d78decb98fd7489

Download Submit
\Program Files\AnthemScore\Qt6WebEngineWidgets.dll

Filesize
178KB

MD5
07f232a1af29862a497e1f936c440cf0

SHA1
45bd251dccd1584222300965f06dd1b547d010da

SHA256
02deb3a59a9d60e0912f7de4f5641a7df1c6384f54da22db06b60988063500ae

SHA512
16fbcaff5b18c19f547f29f38c4674befc12116e41212b0afdf3b9a30b6233669a0606055f6f3c31ee9f4479429ce414b080b9a6b211e2c6958b29d600553f5d

Download Submit
\Program Files\AnthemScore\Qt6Widgets.dll

Filesize
6.2MB

MD5
34abb42b63e71b09b72b48cf5b1dba53

SHA1
9f3111aab57a5f28a4ce9bf82ea208fa3eadb9a6

SHA256
c71e65b882a84f47114590784a256f14ba19202ec30b218ce4841b2c7256060b

SHA512
06acab5a04a5d3e6834ddc95229758d4adc7a7f0ef003c80e8d59a8241e295b196aceacce20c88879e1676405a2538d032ec6ac543258538e686878fb29f77f1

Download Submit
\Program Files\AnthemScore\msvcp140.dll

Filesize
553KB

MD5
6da7f4530edb350cf9d967d969ccecf8

SHA1
3e2681ea91f60a7a9ef2407399d13c1ca6aa71e9

SHA256
9fee6f36547d6f6ea7ca0338655555dba6bb0f798bc60334d29b94d1547da4da

SHA512
1f77f900215a4966f7f4e5d23b4aaad203136cb8561f4e36f03f13659fe1ff4b81caa75fef557c890e108f28f0484ad2baa825559114c0daa588cf1de6c1afab

Download Submit
\Program Files\AnthemScore\msvcp140_1.dll

Filesize
23KB

MD5
0832532fab0d5c949aa0c65169aa9d61

SHA1
26f1bee679b7a6289b663c4fa4e65eba33a234e8

SHA256
8731a93e519c2595c9fd489e6d9ac07e964448c0da1c8ee9ee500a7989482617

SHA512
03147a59ee35fb3d2752d4c40741a39674ccd4474a575746bc574d2b2fae1fd04f5ab9c2e02b0dc6268fc6aee8fbb46dc4bf5ff23b5fcc4a0e9b847f57ca79d0

Download Submit
\Program Files\AnthemScore\msvcp140_2.dll

Filesize
182KB

MD5
e35261e9f4478aabe736bb2269c20b59

SHA1
f17330804c159418d4acf7a803662b8c1f7686fd

SHA256
366af8e071f004da5d95a832a46b2e8821a8e0294340a93f7c95cf48c441067e

SHA512
2694d21431e9b72a9591c4658dc3ade5795a52fcf2bc8631928181a7aeee49184cf741d50e28581b96d439360d21cb176c6bb011db4fa742a2fc64afa38baaf9

Download Submit
\Program Files\AnthemScore\networkinformation\qnetworklistmanager.dll

Filesize
70KB

MD5
30370973211fc61df9f75e7d93f03803

SHA1
35701b73bb8493d1213c1b940f571ea7879f48e5

SHA256
826e61c18b5ef4f63ed5fc2dde0eb1479b9c7032345b41d67e34c9e7a640ee53

SHA512
b8bf76a4dfcdd42aa385e6d12f2e5ba9d38af83c77b731b45a9b6c994f845eca577dcc7bd3b3c93c002f675775734336c069c1a702cec5fde45c8d9731426f76

Download Submit
\Program Files\AnthemScore\opengl32sw.dll

Filesize
19.7MB

MD5
83bbecf92fb68795a620b395998b131b

SHA1
026f9e87a5623fe9370c2eedef24c765f7312800

SHA256
b04de4541863bc7d8879040a78889c4849c1b1da2784c4630f734c146c2998ce

SHA512
c63ca8863f63c8f415d685eff991a1aa67e3457ac2b1f6524db271c2986f7e79415f98f212e1f7cdd644f41bc48d558661e1136716d63f81675f664e53fdfc70

Download Submit
\Program Files\AnthemScore\platforms\qwindows.dll

Filesize
869KB

MD5
6031ccd3785bafba8556008cbc058dfd

SHA1
885147d02060dab7b0a124865c8116a478297ce0

SHA256
2bdc29b85bd94170f97aadb1cd447eefe7a3ddf7950c535c81a9ef63e17d1ddc

SHA512
b35c58cddc461c0160ee223fddcc181d8e6c21b5713fd8d216334b69f6ab1e4c12f4da1d377fd5b718db2c723ab20b673ab89190a3acc88d3cab03ff23bfd23d

Download Submit
\Program Files\AnthemScore\styles\qwindowsvistastyle.dll

Filesize
140KB

MD5
cc096aea386047b0131eea248122c0d2

SHA1
6251253bbc6e4460884bfc22c1dd30cec32dbac4

SHA256
47a22e7958279e7668ace09849a669f7410bf8c7aed752bd6e60f23c9581cd50

SHA512
4b097b86a21ac26e8849bf3908de97479b3484f28a68060c06f75515b07b8878466bce4241aae6b0c06a1b671b59b5dd115c760f08dc6d3287f1b875963d1cb1

Download Submit
\Program Files\AnthemScore\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
\Program Files\AnthemScore\vcruntime140_1.dll

Filesize
36KB

MD5
135359d350f72ad4bf716b764d39e749

SHA1
2e59d9bbcce356f0fece56c9c4917a5cacec63d7

SHA256
34048abaa070ecc13b318cea31425f4ca3edd133d350318ac65259e6058c8b32

SHA512
cf23513d63ab2192c78cae98bd3fea67d933212b630be111fa7e03be3e92af38e247eb2d3804437fd0fda70fdc87916cd24cf1d3911e9f3bfb2cc4ab72b459ba

Download Submit
memory/2176-2-0x0000000005980000-0x0000000005B80000-memory.dmp

Filesize
2.0MB

Download
memory/2176-44-0x00000000049F0000-0x0000000004A00000-memory.dmp

Filesize
64KB

Download
memory/2176-0-0x0000000005540000-0x0000000005980000-memory.dmp

Filesize
4.2MB

Download
memory/2176-5232-0x00000000049F0000-0x0000000004A00000-memory.dmp

Filesize
64KB

Download
memory/3516-5383-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5402-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5423-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5361-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5426-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5369-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5430-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5467-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5432-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5419-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/3516-5453-0x000001EA14BB0000-0x000001EA14D45000-memory.dmp

Filesize
1.6MB

Download
memory/4460-5440-0x00007FFCB6F40000-0x00007FFCB7485000-memory.dmp

Filesize
5.3MB

Download
memory/4460-5439-0x00007FFCD7E90000-0x00007FFCD7E91000-memory.dmp

Filesize
4KB

Download
memory/4460-5438-0x00007FFCD6050000-0x00007FFCD6051000-memory.dmp

Filesize
4KB

Download
memory/4460-5462-0x0000025292880000-0x00000252928AD000-memory.dmp

Filesize
180KB

Download
memory/5828-5231-0x00007FFC9BAB0000-0x00007FFC9CAB0000-memory.dmp

Filesize
16.0MB

Download
memory/5828-5237-0x000001E64D250000-0x000001E64D260000-memory.dmp

Filesize
64KB

Download
memory/5828-5296-0x000001E64D250000-0x000001E64D260000-memory.dmp

Filesize
64KB

Download
memory/5828-5225-0x00007FF65BAD0000-0x00007FF65D4E4000-memory.dmp

Filesize
26.1MB

Download
memory/5828-5224-0x00007FFCB8EE0000-0x00007FFCB950D000-memory.dmp

Filesize
6.2MB

Download
memory/5828-5210-0x00007FFCB6F40000-0x00007FFCB7485000-memory.dmp

Filesize
5.3MB

Download
memory/5828-5716-0x000001E64D250000-0x000001E64D260000-memory.dmp

Filesize
64KB

Download
memory/6020-5529-0x00007FFCB6F40000-0x00007FFCB7485000-memory.dmp

Filesize
5.3MB

Download
memory/6020-5549-0x0000020C00210000-0x0000020C0023D000-memory.dmp

Filesize
180KB

Download