68170c93ac9e464740babc9f3d7cacc6cf6fdf4c4543640c8897e9036eb252a0

Analysis

max time kernel
136s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27-05-2024 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

prison_1.exe
Size

10.3MB
MD5

a9a4f11ed68e04d83479f3b8d347dbaa
SHA1

30f6c316a191f3eda1b6d9dea4376c8b5310fa54
SHA256

68170c93ac9e464740babc9f3d7cacc6cf6fdf4c4543640c8897e9036eb252a0
SHA512

10c0ed5edde0d9b47c1416efcf252eeaf5de2cdecba18ebfd7795bdfdf12e00321bb08da31ddb516a99250bb2c3d838c254b3478448753eef71aa2f90269724e
SSDEEP

196608:9X3qgxbAQ5owejuJDUX47dwdW06aw2cLpeBc0W8/LatYPERB3K:dxCaUX47d4Saw2sp0W8iZB

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 6 IoCs

Processes:

prison_1.exe

pid process

4356 prison_1.exe
4356 prison_1.exe
4356 prison_1.exe
4356 prison_1.exe
4356 prison_1.exe
4356 prison_1.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exeAcroRd32.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

Processes:

AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133612984024753979"	chrome.exe

Modifies registry class 2 IoCs

Processes:

firefox.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

Processes:

chrome.exeAcroRd32.exe

pid	process
2760	chrome.exe
2760	chrome.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe
212	AcroRd32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

2760 chrome.exe
2760 chrome.exe
2760 chrome.exe
2760 chrome.exe

Suspicious use of AdjustPrivilegeToken 38 IoCs

Processes:

chrome.exefirefox.exe

description	pid	process
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeDebugPrivilege	1708	firefox.exe
Token: SeDebugPrivilege	1708	firefox.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe
Token: SeShutdownPrivilege	2760	chrome.exe
Token: SeCreatePagefilePrivilege	2760	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

prison_1.exechrome.exefirefox.exeAcroRd32.exe

pid	process
4356	prison_1.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
1708	firefox.exe
1708	firefox.exe
1708	firefox.exe
1708	firefox.exe
2760	chrome.exe
212	AcroRd32.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

chrome.exefirefox.exe

pid	process
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
2760	chrome.exe
1708	firefox.exe
1708	firefox.exe
1708	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

prison_1.exefirefox.exeOpenWith.exeAcroRd32.exe

pid process

4356 prison_1.exe
1708 firefox.exe
6100 OpenWith.exe
212 AcroRd32.exe
212 AcroRd32.exe
212 AcroRd32.exe
212 AcroRd32.exe
212 AcroRd32.exe
212 AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

prison_1.exechrome.exe

description	pid	process	target process
PID 3532 wrote to memory of 4356	3532	prison_1.exe	prison_1.exe
PID 3532 wrote to memory of 4356	3532	prison_1.exe	prison_1.exe
PID 2760 wrote to memory of 1196	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1196	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 1088	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 4880	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 4880	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe
PID 2760 wrote to memory of 3736	2760	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\prison_1.exe
"C:\Users\Admin\AppData\Local\Temp\prison_1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3532

C:\Users\Admin\AppData\Local\Temp\prison_1.exe
"C:\Users\Admin\AppData\Local\Temp\prison_1.exe"
2⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3912,i,15721081447618313297,6839074028983272033,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
1⤵
PID:4224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdd490ab58,0x7ffdd490ab68,0x7ffdd490ab78
2⤵
PID:1196

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:2
2⤵
PID:1088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:4880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2284 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:1
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4228 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:1
2⤵
PID:3620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4312 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4524 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:2964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4236 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:4324

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:3532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4264 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:8
2⤵
PID:840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5028 --field-trial-handle=1916,i,7325709796551591377,5641918648663476031,131072 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.0.1666891304\864699318" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f180f44a-1ca6-4d11-84a1-a07817a77b94} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 1896 1b9957ae458 gpu
3⤵
PID:2916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.1.1443279849\1525339908" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 22280 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8349895f-adaa-4a5a-a356-b98a6f6614c2} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 2472 1b988a88158 socket
3⤵
- Checks processor information in registry
PID:4960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.2.1483683565\1367367246" -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2992 -prefsLen 22318 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9589652d-2161-437f-b913-fc0d779dae19} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 3008 1b998606358 tab
3⤵
PID:5184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.3.1774294947\1037115182" -childID 2 -isForBrowser -prefsHandle 4104 -prefMapHandle 4100 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40c47843-746d-4c63-b8e3-8a7b2e253331} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 4116 1b99a879058 tab
3⤵
PID:5392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.4.706024682\1743477276" -childID 3 -isForBrowser -prefsHandle 5048 -prefMapHandle 5036 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d80ed7-7d12-491e-9af2-c7846a6d71dc} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 5020 1b99cc4f858 tab
3⤵
PID:5836

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.5.978063198\245578620" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c88f9118-1f2c-4c76-a0f8-ac21a5f802a5} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 5168 1b99cc50158 tab
3⤵
PID:5844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1708.6.2110550908\541610265" -childID 5 -isForBrowser -prefsHandle 5344 -prefMapHandle 5152 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1248 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {470fc61d-9d88-4407-9e6f-43a68aa426ff} 1708 "\\.\pipe\gecko-crash-server-pipe.1708" 5388 1b99cc50758 tab
3⤵
PID:5852

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4652

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\ResizeInstall.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:212

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
2⤵
PID:1436

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=E03B87BE5B853C0615A0429372F56332 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5164

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7A03407D13F843964D46708F21075481 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7A03407D13F843964D46708F21075481 --renderer-client-id=2 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5180

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1028F997043B5CDDF6F0590812026C95 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:2656

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C0C329B5605C6F2A1EDD7E27F23EA4E1 --mojo-platform-channel-handle=1936 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5436

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F5DEDFD8079C73143D0777B24D0BF94F --mojo-platform-channel-handle=2424 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
3⤵
PID:5644

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=6FE57C3325B8CBA4D8182E0C06D48DC6 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=6FE57C3325B8CBA4D8182E0C06D48DC6 --renderer-client-id=8 --mojo-platform-channel-handle=1896 --allow-no-sandbox-job /prefetch:1
3⤵
PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
Filesize
12KB

MD5
f0c8e42bb0eeaed7a8f0dd54fcc1bcb4

SHA1
9d74cdec9f34f4ba778906a44a5aa147a17ff458

SHA256
faeea355f4c3b02561862e5418751e1572174707ad0ce72b5f2b48f022b25d1b

SHA512
219c75e9bb2f43876f09537597202c4595a86c3fa6f3bc40a6f36700a4a6c1277e191968ae5a0d8a60f8ad00ede6cb1b1d590bdafc270aa37b96e3ce5f44d17f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
9b0437790d6db86e1ceb3ddee48b4159

SHA1
86480a240183f43b357f05c10ada914dc077688a

SHA256
9ea0cca921773f8f1cb38296d6c79018a82ab8ee1b2b5503768895a0c9ad2112

SHA512
7c2cb25cf16e5be01704849cf9522bdb2ab3b6bb9d5e0784150794b337a9bb0d716959a4aa6885f7e926d601ba7c7ba889eaadcfe2d8de82cbf2143e58d9fcef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
d446ec5f234277b79f99beacbfee9792

SHA1
20e08e57a43aacb6dffe26b444d96a443be8f2cd

SHA256
84ed5c75d582a7e3498d989e5279e3a9135b588f5ede59dccf0f8a108ad93d59

SHA512
bc35eb227214fc9943d86cb850100331110bb7a3e46ab47b639428e0ae7b41444ea89e07ecdd23d98512454cbf465c8686506a41c808870bb208a45827210dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f98b247565e880ab6a47f726c8f76b87

SHA1
cdecdf2465e610e3451d953e3e4a859284467d4b

SHA256
918cea85cdc8e6a7f6d4d4bdb42c4aad3ac655abda1a6ef415fad6f28c64f5ea

SHA512
3f513e4f318fcb69b2e23faf9035f44db0abcefdf576df08d799289c2fce9f456c3c63df28ef3fcfcb905a62a6411868ac9a54294b311d81503d27e1e024d011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
16KB

MD5
3f035cc51321d7c742cdd3ffa81e09f4

SHA1
e978490c049f04c3a540442afeca72265faf409e

SHA256
0028095a41aefffc2608b73e896cd9987b18d39f2d796539b50fc00b6e9f35f6

SHA512
05a0c8a5b3e9031da0eb85e79d7ddacbdc56a028fe6aa757283a75a7a4fe9a785e4cfdd5d256be9b420712481ad888e589b2eceb15d64e1b9bad85919cbb9df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
c1597085f755c8ab82344ef667e17971

SHA1
9919441958c32f955e62acda0fcb840f121860d5

SHA256
dbd3860d713269815ae0c020ae2af020d498b8f303ed3b12ef44599c7443697a

SHA512
5c5d366068ea247e9e402a454cb8b103f8ecb075a959dc7692eb988e3ccd7b04e5cc33ab008a61799e294aff80a120edb9a3a30d130efbcd49b5de3ea809d98d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
260KB

MD5
32968e05448a7b7f7cc6c7f0d136bb74

SHA1
9a53251c5739ca3ba63756965243afbb67cde2bd

SHA256
50e76011c091edee4c3175258dfd47067137072105e0f5994ee9c5d291d322ef

SHA512
b3d6eaf4169a49df8ecccd4c50759a02f82b18623c2263cdedf71df990619c81aaa43cf521e730e9ed2573d45f59a482dbf0e8b04951e3be5453551ea9d79c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n9vxbo99.default-release\activity-stream.discovery_stream.json.tmp
Filesize
24KB

MD5
1e82d390540a49c546f4f4fb6281ba3c

SHA1
281d99b07b705e4c831b7b0a9f273c37646e0524

SHA256
d997a74a00a7a27633102ce3cd4b69ee67ca5dec94f9683f6377cb8309f5c978

SHA512
0bb8057275e9c4e2c4673e526fc1a68c83389c15985d1d1b320bc702ae0edf72f8565e544de45aef627edfd262db6bdb20ed40d3797b94c16d266e4977883871

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\VCRUNTIME140.dll
Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\_tkinter.pyd
Filesize
62KB

MD5
645b5b6d1b589d0fa165eaa4f94936bc

SHA1
20673a3768611b25ee2f56a92362e1ff60e344ba

SHA256
1af5a43b1051828f9cee087f6017456c4993a06db4b08ca205e3481cbf11112a

SHA512
688e43d2775905ddd1d9a3488ec8b66cc0a092a7267e799996b12b69500ba928cd1c58ff3517486c1be90938d0e1bb2192d8641f96710e703f5daae0bd30731c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\base_library.zip
Filesize
1.7MB

MD5
948430bbba768d83a37fc725d7d31fbb

SHA1
e00d912fe85156f61fd8cd109d840d2d69b9629b

SHA256
65ebc074b147d65841a467a49f30a5f2f54659a0cc5dc31411467263a37c02df

SHA512
aad73403964228ed690ce3c5383e672b76690f776d4ff38792544c67e6d7b54eb56dd6653f4a89f7954752dae78ca35f738e000ffff07fdfb8ef2af708643186

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\python311.dll
Filesize
5.5MB

MD5
1fe47c83669491bf38a949253d7d960f

SHA1
de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

SHA256
0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

SHA512
05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl86t.dll
Filesize
1.8MB

MD5
ac6cd2fb2cd91780db186b8d6e447b7c

SHA1
b387b9b6ca5f0a2b70028ab2147789c4fe24ef7a

SHA256
a91781fe13548b89817462b00058a75fb0b607ec8ce99d265719ced573ade7b6

SHA512
45b24ca07a44d8d90e5efeded2697a37f000b39d305fe63a67292fdd237de3f8efd5e85b139b5702faa695f9f27f12f24ac497e005e2f3c24c141d7cd85305b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl8\8.5\msgcat-1.6.1.tm
Filesize
34KB

MD5
bd4ff2a1f742d9e6e699eeee5e678ad1

SHA1
811ad83aff80131ba73abc546c6bd78453bf3eb9

SHA256
6774519f179872ec5292523f2788b77b2b839e15665037e097a0d4edddd1c6fb

SHA512
b77e4a68017ba57c06876b21b8110c636f9ba1dd0ba9d7a0c50096f3f6391508cf3562dd94aceaf673113dbd336109da958044aefac0afb0f833a652e4438f43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\auto.tcl
Filesize
21KB

MD5
08edf746b4a088cb4185c165177bd604

SHA1
395cda114f23e513eef4618da39bb86d034124bf

SHA256
517204ee436d08efc287abc97433c3bffcaf42ec6592a3009b9fd3b985ad772c

SHA512
c1727e265a6b0b54773c886a1bce73512e799ba81a4fceeeb84cdc33f5505a5e0984e96326a78c46bf142bc4652a80e213886f60eb54adf92e4dffe953c87f6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\encoding\cp1252.enc
Filesize
1KB

MD5
e9117326c06fee02c478027cb625c7d8

SHA1
2ed4092d573289925a5b71625cf43cc82b901daf

SHA256
741859cf238c3a63bbb20ec6ed51e46451372bb221cfff438297d261d0561c2e

SHA512
d0a39bc41adc32f2f20b1a0ebad33bf48dfa6ed5cc1d8f92700cdd431db6c794c09d9f08bb5709b394acf54116c3a1e060e2abcc6b503e1501f8364d3eebcd52

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\http1.0\pkgIndex.tcl
Filesize
746B

MD5
a387908e2fe9d84704c2e47a7f6e9bc5

SHA1
f3c08b3540033a54a59cb3b207e351303c9e29c6

SHA256
77265723959c092897c2449c5b7768ca72d0efcd8c505bddbb7a84f6aa401339

SHA512
7ac804d23e72e40e7b5532332b4a8d8446c6447bb79b4fe32402b13836079d348998ea0659802ab0065896d4f3c06f5866c6b0d90bf448f53e803d8c243bbc63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\init.tcl
Filesize
25KB

MD5
982eae7a49263817d83f744ffcd00c0e

SHA1
81723dfea5576a0916abeff639debe04ce1d2c83

SHA256
331bcf0f9f635bd57c3384f2237260d074708b0975c700cfcbdb285f5f59ab1f

SHA512
31370d8390c4608e7a727eed9ee7f4c568ecb913ae50184b6f105da9c030f3b9f4b5f17968d8975b2f60df1b0c5e278512e74267c935fe4ec28f689ac6a97129

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\opt0.4\pkgIndex.tcl
Filesize
620B

MD5
07532085501876dcc6882567e014944c

SHA1
6bc7a122429373eb8f039b413ad81c408a96cb80

SHA256
6a4abd2c519a745325c26fb23be7bbf95252d653a24806eb37fd4aa6a6479afe

SHA512
0d604e862f3a1a19833ead99aaf15a9f142178029ab64c71d193cee4901a0196c1eeddc2bce715b7fa958ac45c194e63c77a71e4be4f9aedfd5b44cf2a726e76

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\package.tcl
Filesize
23KB

MD5
ddb0ab9842b64114138a8c83c4322027

SHA1
eccacdc2ccd86a452b21f3cf0933fd41125de790

SHA256
f46ab61cdebe3aa45fa7e61a48930d64a0d0e7e94d04d6bf244f48c36cafe948

SHA512
c0cf718258b4d59675c088551060b34ce2bc8638958722583ac2313dc354223bfef793b02f1316e522a14c7ba9bed219531d505de94dc3c417fc99d216a01463

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\tclIndex
Filesize
5KB

MD5
c62fb22f4c9a3eff286c18421397aaf4

SHA1
4a49b8768cff68f2effaf21264343b7c632a51b2

SHA256
ddf7e42def37888ad0a564aa4f8ca95f4eec942cebebfca851d35515104d5c89

SHA512
558d401cb6af8ce3641af55caebc9c5005ab843ee84f60c6d55afbbc7f7129da9c58c2f55c887c3159107546fa6bc13ffc4cca63ea8841d7160b8aa99161a185

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\tm.tcl
Filesize
11KB

MD5
215262a286e7f0a14f22db1aa7875f05

SHA1
66b942ba6d3120ef8d5840fcdeb06242a47491ff

SHA256
4b7ed9fd2363d6876092db3f720cbddf97e72b86b519403539ba96e1c815ed8f

SHA512
6ecd745d7da9d826240c0ab59023c703c94b158ae48c1410faa961a8edb512976a4f15ae8def099b58719adf0d2a9c37e6f29f54d39c1ab7ee81fa333a60f39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tcl\word.tcl
Filesize
4KB

MD5
70450a0cf04ef273eff2b070053fcfa6

SHA1
47974d6c0fc986ee1273c4e13ddb9e1288cef0ff

SHA256
678f891615e2209a8ecba17857922a9723e78709adb983032e89ca706000c44d

SHA512
afd3e47324d1497cc46ac6141191fceb843977d0b0285c807ff8985dcc56fde10977f57d503d986cd2c1edc6c62f01e405a0eb483340b247b129fc8d6d9fe689

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk86t.dll
Filesize
1.5MB

MD5
499fa3dea045af56ee5356c0ce7d6ce2

SHA1
0444b7d4ecd25491245824c17b84916ee5b39f74

SHA256
20139f4c327711baf18289584fa0c8112f7bb3ba55475bded21f3d107672ed94

SHA512
d776749effa241ba1415b28d2fcff1d64ed903569a8c4e56dfddd672a53b2f44119734b1959b72a9b3f4060bb2c67b7dea959cc2d4a8e9f781f17009c6840fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\button.tcl
Filesize
21KB

MD5
aeb53f7f1506cdfdfe557f54a76060ce

SHA1
ebb3666ee444b91a0d335da19c8333f73b71933b

SHA256
1f5dd8d81b26f16e772e92fd2a22accb785004d0ed3447e54f87005d9c6a07a5

SHA512
acdad4df988df6b2290fc9622e8eaccc31787fecdc98dcca38519cb762339d4d3fb344ae504b8c7918d6f414f4ad05d15e828df7f7f68f363bec54b11c9b7c43

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\entry.tcl
Filesize
17KB

MD5
f109865c52d1fd602e2d53e559e56c22

SHA1
5884a3bb701c27ba1bf35c6add7852e84d73d81f

SHA256
af1de90270693273b52fc735da6b5cd5ca794f5afd4cf03ffd95147161098048

SHA512
b2f92b0ac03351cdb785d3f7ef107b61252398540b5f05f0cc9802b4d28b882ba6795601a68e88d3abc53f216b38f07fcc03660ab6404cf6685f6d80cc4357fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\icons.tcl
Filesize
10KB

MD5
995a0a8f7d0861c268aead5fc95a42ea

SHA1
21e121cf85e1c4984454237a646e58ec3c725a72

SHA256
1264940e62b9a37967925418e9d0dc0befd369e8c181b9bab3d1607e3cc14b85

SHA512
db7f5e0bc7d5c5f750e396e645f50a3e0cde61c9e687add0a40d0c1aa304ddfbceeb9f33ad201560c6e2b051f2eded07b41c43d00f14ee435cdeee73b56b93c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\listbox.tcl
Filesize
14KB

MD5
804e6dce549b2e541986c0ce9e75e2d1

SHA1
c44ee09421f127cf7f4070a9508f22709d06d043

SHA256
47c75f9f8348bf8f2c086c57b97b73741218100ca38d10b8abdf2051c95b9801

SHA512
029426c4f659848772e6bb1d8182eb03d2b43adf68fcfcc1ea1c2cc7c883685deda3fffda7e071912b9bda616ad7af2e1cb48ce359700c1a22e1e53e81cae34b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\menu.tcl
Filesize
38KB

MD5
078782cd05209012a84817ac6ef11450

SHA1
dba04f7a6cf34c54a961f25e024b6a772c2b751d

SHA256
d1283f67e435aab0bdbe9fdaa540a162043f8d652c02fe79f3843a451f123d89

SHA512
79a031f7732aee6e284cd41991049f1bb715233e011562061cd3405e5988197f6a7fb5c2bbddd1fb9b7024047f6003a2bf161fc0ec04876eff5335c3710d9562

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\panedwindow.tcl
Filesize
5KB

MD5
286c01a1b12261bc47f5659fd1627abd

SHA1
4ca36795cab6dfe0bbba30bb88a2ab71a0896642

SHA256
aa4f87e41ac8297f51150f2a9f787607690d01793456b93f0939c54d394731f9

SHA512
d54d5a89b7408a9724a1ca1387f6473bdad33885194b2ec5a524c7853a297fd65ce2a57f571c51db718f6a00dce845de8cf5f51698f926e54ed72cdc81bcfe54

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\pkgIndex.tcl
Filesize
376B

MD5
3367ce12a4ba9baaf7c5127d7412aa6a

SHA1
865c775bb8f56c3c5dfc8c71bfaf9ef58386161d

SHA256
3f2539e85e2a9017913e61fe2600b499315e1a6f249a4ff90e0b530a1eeb8898

SHA512
f5d858f17fe358762e8fdbbf3d78108dba49be5c5ed84b964143c0adce76c140d904cd353646ec0831ff57cd0a0af864d1833f3946a235725fff7a45c96872eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\scale.tcl
Filesize
7KB

MD5
857add6060a986063b0ed594f6b0cd26

SHA1
b1981d33ddea81cfffa838e5ac80e592d9062e43

SHA256
0da2dc955ffd71062a21c3b747d9d59d66a5b09a907b9ed220be1b2342205a05

SHA512
7d9829565efc8cdbf9249913da95b02d8dadfdb3f455fd3c10c5952b5454fe6e54d95c07c94c1e0d7568c9742caa56182b3656e234452aec555f0fcb76a59fb1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\scrlbar.tcl
Filesize
12KB

MD5
5249cd1e97e48e3d6dec15e70b9d7792

SHA1
612e021ba25b5e512a0dfd48b6e77fc72894a6b9

SHA256
eec90404f702d3cfbfaec0f13bf5ed1ebeb736bee12d7e69770181a25401c61f

SHA512
e4e0ab15eb9b3118c30cd2ff8e5af87c549eaa9b640ffd809a928d96b4addefb9d25efdd1090fbd0019129cdf355bb2f277bc7194001ba1d2ed4a581110ceafc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\spinbox.tcl
Filesize
16KB

MD5
77dfe1baccd165a0c7b35cdeaa2d1a8c

SHA1
426ba77fc568d4d3a6e928532e5beb95388f36a0

SHA256
2ff791a44406dc8339c7da6116e6ec92289bee5fc1367d378f48094f4abea277

SHA512
e56db85296c8661ab2ea0a56d9810f1a4631a9f9b41337560cbe38ccdf7dd590a3e65c22b435ce315eff55ee5b8e49317d4e1b7577e25fc3619558015dd758eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\text.tcl
Filesize
34KB

MD5
7c2ac370de0b941ae13572152419c642

SHA1
7598cc20952fa590e32da063bf5c0f46b0e89b15

SHA256
4a42ad370e0cd93d4133b49788c0b0e1c7cd78383e88bacb51cb751e8bfda15e

SHA512
8325a33bfd99f0fce4f14ed5dc6e03302f6ffabce9d1abfefc24d16a09ab3439a4b753cbf06b28d8c95e4ddabfb9082c9b030619e8955a7e656bd6c61b9256c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\tk.tcl
Filesize
23KB

MD5
338184e46bd23e508daedbb11a4f0950

SHA1
437db31d487c352472212e8791c8252a1412cb0e

SHA256
0f617d96cbf213296d7a5f7fcffbb4ae1149840d7d045211ef932e8dd66683e9

SHA512
8fb8a353eecd0d19638943f0a9068dccebf3fb66d495ea845a99a89229d61a77c85b530f597fd214411202055c1faa9229b6571c591c9f4630490e1eb30b9cd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\altTheme.tcl
Filesize
3KB

MD5
01f28512e10acbddf93ae2bb29e343bc

SHA1
c9cf23d6315218b464061f011e4a9dc8516c8f1f

SHA256
ae0437fb4e0ebd31322e4eaca626c12abde602da483bb39d0c5ee1bc00ab0af4

SHA512
fe3bae36ddb67f6d7a90b7a91b6ec1a009cf26c0167c46635e5a9ceaec9083e59ddf74447bf6f60399657ee9604a2314b170f78a921cf948b2985ddf02a89da6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\button.tcl
Filesize
2KB

MD5
d4bf1af5dcdd85e3bd11dbf52eb2c146

SHA1
b1691578041319e671d31473a1dd404855d2038b

SHA256
e38a9d1f437981aa6bf0bdd074d57b769a4140c0f7d9aff51743fe4ecc6dfddf

SHA512
25834b4b231f4ff1a88eef67e1a102d1d0546ec3b0d46856258a6be6bbc4b381389c28e2eb60a01ff895df24d6450cd16ca449c71f82ba53ba438a4867a47dcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\clamTheme.tcl
Filesize
4KB

MD5
2b20e7b2e6bddbeb14f5f63bf38dbf24

SHA1
43db48094c4bd7de3b76afbc051d887fefe9887e

SHA256
cffc59931fdd1683ad23895e92522cf49b099128753fcdff34374024e42cf995

SHA512
1eb5ea78d26d18ead6563afbf1798f71723001dcc945e7db3e4368564d0563029be3565876ad8cb97331cfe34b2a0a313fa1bf252b87049160fe5dcd65434775

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\classicTheme.tcl
Filesize
3KB

MD5
0205663142775f4ef2eb104661d30979

SHA1
452a0d613288a1cc8a1181c3cc1167e02aa69a73

SHA256
424bba4fb6836feebe34f6c176ed666dce51d2fba9a8d7aa756abcbbad3fc1e3

SHA512
fb4d212a73a6f5a8d2774f43d310328b029b52b35bee133584d8326363b385ab7aa4ae25e98126324cc716962888321e0006e5f6ef8563919a1d719019b2d117

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\combobox.tcl
Filesize
12KB

MD5
f7065d345a4bfb3127c3689bf1947c30

SHA1
9631c05365b0f5a36e4ca5cba83628ccd7fcbde1

SHA256
68eed4af6d2ec5b3ea24b1122a704b040366cbe2f458103137479352ffa1475a

SHA512
74b99b9e326680150dd5ec7263192691bcd8a71b2a4ee7f3177deddd43e924a7925085c6d372731a70570f96b3924450255b2f54ca3b9c44d1160ca37e715b00

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\cursors.tcl
Filesize
4KB

MD5
18ec3e60b8dd199697a41887be6ce8c2

SHA1
13ff8ce95289b802a5247b1fd9dea90d2875cb5d

SHA256
7a2ed9d78fabcafff16694f2f4a2e36ff5aa313f912d6e93484f3bcd0466ad91

SHA512
4848044442efe75bcf1f89d8450c8ecbd441f38a83949a3cd2a56d9000cacaa2ea440ca1b32c856ab79358ace9c7e3f70ddf0ec54aa93866223d8fef76930b19

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\defaults.tcl
Filesize
4KB

MD5
fc79f42761d63172163c08f0f5c94436

SHA1
aabab4061597d0d6dc371f46d14aaa1a859096df

SHA256
49ae8faf169165bddaf01d50b52943ebab3656e9468292b7890be143d0fcbc91

SHA512
f619834a95c9deb93f8184bcc437d701a961c77e24a831adbd5c145556d26986bfda2a6acb9e8784f8b2380e122d12ac893eb1b6acf03098922889497e1ff9ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\entry.tcl
Filesize
17KB

MD5
89089172393c551cd1668b9c19b88290

SHA1
0b8667217a4a14289e9f6c1b384def5479bca089

SHA256
830cc3009a735e92db70d53210c4928dd35caab5051ed14dec67e06ae25cbe28

SHA512
abbbe6aa937aab392bc7dcb8bbfbbec9ee5ed2c9f10ed982d77258bd98f27ee95ac47fd7cb6761b814885ef0878e1f1557d034c9f4163d9d85b388f2b837683f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\fonts.tcl
Filesize
5KB

MD5
80331fcbe4c049ff1a0d0b879cb208de

SHA1
4eb3efdfe3731bd1ae9fd52ce32b1359241f13cf

SHA256
b94c319e5a557a5665b1676d602b6495c0887c5bacf7fa5b776200112978bb7b

SHA512
a4bd2d91801c121a880225f1f3d0c4e30bf127190cf375f6f7a49eb4239a35c49c44f453d6d3610df0d6a7b3cb15f4e79bd9c129025cc496ceb856fcc4b6de87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\menubutton.tcl
Filesize
6KB

MD5
4c8d90257d073f263b258f00b2a518c2

SHA1
7b58859e9b70fb37f53809cd3ffd7cf69ab310d8

SHA256
972b13854d0e9b84de338d6753f0f11f3a8534e7d0e51838796dae5a1e2e3085

SHA512
ed67f41578ee834ee8db1fded8aa069c0045e7058e338c451fa8e1ade52907bed0c95631c21b8e88461571903b3da2698a29e47f990b7a0f0dd3073e7a1bcadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\notebook.tcl
Filesize
5KB

MD5
f811f3e46a4efa73292f40d1cddd265d

SHA1
7fc70a1984555672653a0840499954b854f27920

SHA256
22264d8d138e2c0e9a950305b4f08557c5a73f054f8215c0d8ce03854042be76

SHA512
4424b7c687eb9b1804ed3b1c685f19d4d349753b374d9046240f937785c9713e8a760ada46cb628c15f9c7983ce4a7987691c968330478c9c1a9b74e953e40ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\panedwindow.tcl
Filesize
2KB

MD5
619d8f54ee73ad8a373ab272fbdb94a6

SHA1
973626b5396b7e786dedd8159d10e66b4465f9e0

SHA256
4d08a7e29eef731876951ef01dfa51654b6275fa3daadb1f48ff4bbeac238eb5

SHA512
0d913c7dc9daee2b4a2a46663a07b3139d6b8f30d2f942642817504535e85616835eaa7d468851a83723a3dd711b65761376f3df96a59a933a74ef096e13ace9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\progress.tcl
Filesize
1KB

MD5
dbf3bf0e8f04e9435e9561f740dfc700

SHA1
c7619a05a834efb901c57dcfec2c9e625f42428f

SHA256
697cc0a75ae31fe9c2d85fb25dca0afa5d0df9c523a2dfad2e4a36893be75fba

SHA512
d3b323dfb3eac4a78da2381405925c131a99c6806af6fd8041102162a44e48bf166982a4ae4aa142a14601736716f1a628d9587e292fa8e4842be984374cc192

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\scale.tcl
Filesize
2KB

MD5
f1c33cc2d47115bbecd2e7c2fcb631a7

SHA1
0123a961242ed8049b37c77c726db8dbd94c1023

SHA256
b909add0b87fa8ee08fd731041907212a8a0939d37d2ff9b2f600cd67dabd4bb

SHA512
96587a8c3555da1d810010c10c516ce5ccab071557a3c8d9bd65c647c7d4ad0e35cbed0788f1d72bafac8c84c7e2703fc747f70d9c95f720745a1fc4a701c544

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\scrollbar.tcl
Filesize
3KB

MD5
3fb31a225cec64b720b8e579582f2749

SHA1
9c0151d9e2543c217cf8699ff5d4299a72e8f13c

SHA256
6eaa336b13815a7fc18bcd6b9adf722e794da2888d053c229044784c8c8e9de8

SHA512
e6865655585e3d2d6839b56811f3fd86b454e8cd44e258bb1ac576ad245ff8a4d49fbb7f43458ba8a6c9daac8dfa923a176f0dd8a9976a11bea09e6e2d17bf45

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\sizegrip.tcl
Filesize
2KB

MD5
dd6a1737b14d3f7b2a0b4f8be99c30af

SHA1
e6b06895317e73cd3dc78234dd74c74f3db8c105

SHA256
e92d77b5cdca2206376db2129e87e3d744b3d5e31fde6c0bbd44a494a6845ce1

SHA512
b74ae92edd53652f8a3db0d84c18f9ce9069805bcab0d3c2dbb537d7c241aa2681da69b699d88a10029798d7b5bc015682f64699ba475ae6a379eef23b48daaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\spinbox.tcl
Filesize
4KB

MD5
9c2833faa9248f09bc2e6ab1ba326d59

SHA1
f13cf048fd706bbb1581dc80e33d1aad910d93e8

SHA256
df286bb59f471aa1e19df39af0ef7aa84df9f04dc4a439a747dd8ba43c300150

SHA512
5ff3be1e3d651c145950c3fc5b8c2e842211c937d1042173964383d4d59ecf5dd0ec39ff7771d029716f2d895f0b1a72591ef3bf7947fe64d4d6db5f0b8abffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\treeview.tcl
Filesize
9KB

MD5
f705b3a292d02061da0abb4a8dd24077

SHA1
fd75c2250f6f66435444f7deef383c6397ed2368

SHA256
c88b60ffb0f72e095f6fc9786930add7f9ed049eabc713f889f9a7da516e188c

SHA512
09817638dd3d3d5c57fa630c7edf2f19c3956c9bd264dbf07627fa14a03aecd22d5a5319806e49ef1030204fadef17c57ce8eae4378a319ad2093321d9151c8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\ttk.tcl
Filesize
4KB

MD5
af45b2c8b43596d1bdeca5233126bd14

SHA1
a99e75d299c4579e10fcdd59389b98c662281a26

SHA256
2c48343b1a47f472d1a6b9ee8d670ce7fb428db0db7244dc323ff4c7a8b4f64b

SHA512
c8a8d01c61774321778ab149f6ca8dda68db69133cb5ba7c91938e4fd564160ecdcec473222affb241304a9acc73a36b134b3a602fd3587c711f2adbb64afa80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\utils.tcl
Filesize
8KB

MD5
d98edc491da631510f124cd3934f535f

SHA1
33037a966067c9f5c9074ae5532ff3b51b4082d4

SHA256
d58610a34301bb6e61a60bec69a7cecf4c45c6a034a9fc123977174b586278be

SHA512
23faed8298e561f490997fe44ab61cd8ccb9f1f63d48bb4cf51fc9e591e463ff9297973622180d6a599cabb541c82b8fe33bf38a82c5d5905bbfa52ca0341399

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\vistaTheme.tcl
Filesize
9KB

MD5
0aa7f8b43c3e07f3a4da07fc6df9a1b0

SHA1
153afb735b10bba16cfbe161777232f983845d90

SHA256
ec5f203c69df390e9b99944cf3526d6e77dc6f68e9b1a029f326a41afed1ef81

SHA512
5406553211cd6714c98ef7765abd46424ccb013343eff693fdd3ae6e0aae9b5983446e0e1cc706d6b2c285084bf83d397306d3d52028cbbcfb8f369857c5b69c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\winTheme.tcl
Filesize
2KB

MD5
769c0719a4044f91e7d132a25291e473

SHA1
6fb07b0c887d443a43fb15d5728920b578171219

SHA256
ae82bccce708ff9c303cbcb3d4cc3ff5577a60d5b23822ea79e3e07cce3cbbd1

SHA512
47fed061ddc6b4eb63ef77901d0094ff2ebb1bafacb3f44fbf13fb59dea1ec83985b2862086ecf1a7957819a88a0faa144b35f16bea9356bbd9775070d42e636

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\tk\ttk\xpTheme.tcl
Filesize
2KB

MD5
162f30d2716438c75ea16b57e6f63088

SHA1
3f626ff0496bb16b27106bed7e38d1c72d1e3e27

SHA256
aedb21c6b2909a4bb4686837d2126e521a8cc2b38414a4540387b801ebd75466

SHA512
6ebf9648f1381d04f351bb469b6e3a38f3d002189c92eaf80a18d65632037ff37d34ec8814bbf7fae34553645bfc13985212f24684ee8c4e205729b975c88c97

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI35322\ucrtbase.dll
Filesize
1002KB

MD5
298e85be72551d0cdd9ed650587cfdc6

SHA1
5a82bcc324fb28a5147b4e879b937fb8a56b760c

SHA256
eb89af5911a60d892a685181c397d32b72c61dc2ad77dd45b8cac0fbb7602b84

SHA512
3fafea5ff0d0b4e07f6354c37b367ada4da1b607186690c732364518a93c3fd2f5004014c9c3d23dde28db87d1cb9ae1259cda68b9ba757db59a59d387ac4e02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs-1.js
Filesize
6KB

MD5
e905af6c2f9022aaf735a286f0467067

SHA1
35a0e833ff349d711a0ad10c61648aaf0abe1e78

SHA256
5a0805cba63c6bfd723e75d52b3b451e937a675101f379183e12bb44ed444bec

SHA512
058342d9c96250ddab2c7043d8cc094da6e91f084399d2964502c83b4d50c5e202e8ecd4549a1bc5df05dcdd7954035b08ff54fb622f9bd83f6aab6d4766a613

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\prefs.js
Filesize
6KB

MD5
68068c78ac7500ad8c725e3e5646c0ab

SHA1
400cc8e0572275d75dc6759f0f71b241e4af3f77

SHA256
d6bf68b8480a52227df5780d09837a255a4e1f962130a40e1a1e94810e3e54a3

SHA512
6c05fa2608d6e3aed3be27cf6908f0816257f851475fe09c1d87098321598f000a2e864bcb9ee061270f21d4f80cffa084ac465ff615e594e21b90bcb72b7843

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionCheckpoints.json
Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n9vxbo99.default-release\sessionstore.jsonlz4
Filesize
930B

MD5
5d85714e4cb5634c767376809f7206a4

SHA1
8fa9907864275d02296526c32b47ce6a80c9c010

SHA256
79d3b375c0d0b91b6ed4ae01f9a476c1540f40f4976eabcf2f9633a0826fd021

SHA512
94d4795ee5382a3763abc126f5fbc53a67fc1430cfb9b724fa71afa38f29e99bee7e91dc9b5aa82a981b4e4af77bfb33cd28a5e1fc5fc5534ea6222bbc765a17

Download Submit
\??\pipe\crashpad_2760_BBBYGIQSQGQETCOA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit