troldesh | 19a087166b899e4f6c63c76e3a8978a2429ed4e3f2479299c4b2a3f8872f6e3d

Analysis

max time kernel
1050s
max time network
1047s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
31-07-2024 08:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wallpaper.jpg
Size

1.7MB
MD5

fbc1ec46f422d917dfb19ca4e20f963e
SHA1

9eae41c1bd0f13786b101af0d0914dc780a0b00f
SHA256

df57305ce989d8261057e38313b535928955d9331d86b80439802fbf0fbc6776
SHA512

70e618857fb653ed79fcb6b4f8c89afa3b48a8542d1d945af1a2b0623e60d9f0a7461c223eee2b35232a4d87d32275ab584a20b84deedd2e1349606b88ad3e74
SSDEEP

49152:Id3C4LLGujE0qwt9936ihsJqtW/xH/CXOX5H6j/G:IdzLLGubq090/2WIeX5H6j/G

Score

10^/10

troldesh bootkit discovery persistence privilege_escalation ransomware trojan upx

Malware Config

Signatures

Process spawned unexpected child process 1 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

description	pid	pid_target	Process	procid_target
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	1932	1744	iexplore.exe	44

Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

Boot or Logon Autostart Execution: Active Setup 2 TTPs 2 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8A69D345-D564-463c-AFF1-A69D9E530F96}	setup.exe
Key deleted	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\ACTIVE SETUP\INSTALLED COMPONENTS\{8A69D345-D564-463C-AFF1-A69D9E530F96}	setup.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 3 IoCs

pid	Process
2576	[email protected]
2752	[email protected]
3568	[email protected]

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2576-1390-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2576-1392-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2576-1391-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2576-1395-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2752-1404-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2752-1407-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/2576-1418-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3568-1421-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/3568-2057-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	[email protected]

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs

Web Service

T1102

flow	ioc
439	camo.githubusercontent.com
374	raw.githubusercontent.com
376	raw.githubusercontent.com
412	camo.githubusercontent.com
415	camo.githubusercontent.com
437	camo.githubusercontent.com
449	raw.githubusercontent.com
360	camo.githubusercontent.com
362	camo.githubusercontent.com
450	raw.githubusercontent.com
373	raw.githubusercontent.com
375	raw.githubusercontent.com
440	camo.githubusercontent.com
451	raw.githubusercontent.com
363	camo.githubusercontent.com
371	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	WINWORD.EXE
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 21 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Office loads VBA resources, possible macro or embedded object present

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "64"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "422"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D16675C5-4F16-11EF-B4E2-F64010A3169C} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "64"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "422"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "64"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime = dc9f859823e3da01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{1A6C23CD-4F17-11EF-B4E2-F64010A3169C} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "103"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "103"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a3d5a058b71c4645a1a6b8b9d2c7fb47000000000200000000001066000000010000200000008460f463e04568e64ea0bb41b7784c68230a5f4d9a7ab93257fe3b42b76befde000000000e8000000002000020000000fd6bb3e916be0628057e74a8024dfbfba472a519a89d1e0f584580d16d0dfd3190000000f291263083bc857264c2da0004031e45953026f05a00205a5395636d78cd5e89eb9633937932fbce954a8bbcea6aa8ae3d01d84561dbd2f8ca2bf6f388593e063aeace7cbff8b5d8ae9550b865484643aa6b86f81fb19a39b7cdd85224e4f5b9e37e44e38727aa392e9ece602121cfa5a2f4a63c6cef542c6349810045a8b887182b5ab1c3e8634eabddae5c0546aa104000000084a1c5f38fc5032f7ec3dfb5a4388ef0583d7ccd06fc967933611410aa85f03007c3b246f304eb1d248219e370800d591c5f911b6604cf53c7c994dc6e070934	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe

Modifies registry class 21 IoCs

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{708860E0-F641-4611-8895-7D867DD3675B}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{A2C6CB58-C076-425C-ACB7-6D19D64428CD}\LOCALSERVER32	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings	firefox.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{708860E0-F641-4611-8895-7D867DD3675B}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\APPLICATION	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\WIN32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\shell\open\COMMAND	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3551809350-4263495960-1443967649-1000_Classes\Local Settings	rundll32.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\ChromeHTML\DEFAULTICON	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\PROXYSTUBCLSID32	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\TYPELIB	setup.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{463ABECF-410D-407F-8AF5-0DF35A005CC8}\1.0\0\WIN64	setup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\NoMoreRansom.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MEMZ.zip:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
748	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
880	setup.exe
880	setup.exe
880	setup.exe
2576	[email protected]
2576	[email protected]
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
2752	[email protected]
2752	[email protected]
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3568	[email protected]

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3540	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeShutdownPrivilege	2288	chrome.exe
Token: SeBackupPrivilege	880	setup.exe
Token: SeRestorePrivilege	880	setup.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: SeDebugPrivilege	2612	firefox.exe
Token: 33	1096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1096	AUDIODG.EXE
Token: 33	1096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1096	AUDIODG.EXE
Token: SeRestorePrivilege	1356	7zG.exe
Token: 35	1356	7zG.exe
Token: SeSecurityPrivilege	1356	7zG.exe
Token: SeSecurityPrivilege	1356	7zG.exe
Token: SeDebugPrivilege	3540	taskmgr.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
824	rundll32.exe
824	rundll32.exe
1932	iexplore.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
1356	7zG.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe
3540	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
824	rundll32.exe
1932	iexplore.exe
1932	iexplore.exe
2880	IEXPLORE.EXE
2880	IEXPLORE.EXE
2612	firefox.exe
2612	firefox.exe
2612	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
2216	iexplore.exe
2216	iexplore.exe
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2324	IEXPLORE.EXE
2776	iexplore.exe
2776	iexplore.exe
3964	IEXPLORE.EXE
3964	IEXPLORE.EXE
956	iexplore.exe
956	iexplore.exe
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
2920	IEXPLORE.EXE
3088	mspaint.exe
3088	mspaint.exe
3088	mspaint.exe
3088	mspaint.exe
856	iexplore.exe
856	iexplore.exe
3528	IEXPLORE.EXE
3528	IEXPLORE.EXE
748	WINWORD.EXE
748	WINWORD.EXE
3712	iexplore.exe
3712	iexplore.exe
1120	IEXPLORE.EXE
1120	IEXPLORE.EXE
2812	iexplore.exe
2812	iexplore.exe
468	IEXPLORE.EXE
468	IEXPLORE.EXE
1520	mspaint.exe
1520	mspaint.exe
1520	mspaint.exe
1520	mspaint.exe
2588	[email protected]
3616	wordpad.exe
3616	wordpad.exe
3616	wordpad.exe
3616	wordpad.exe
3616	wordpad.exe

Suspicious use of UnmapMainImage 3 IoCs

pid	Process
2576	[email protected]
2752	[email protected]
3568	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 880	1396	DllHost.exe	40
PID 1396 wrote to memory of 880	1396	DllHost.exe	40
PID 1396 wrote to memory of 880	1396	DllHost.exe	40
PID 1396 wrote to memory of 880	1396	DllHost.exe	40
PID 880 wrote to memory of 1008	880	setup.exe	41
PID 880 wrote to memory of 1008	880	setup.exe	41
PID 880 wrote to memory of 1008	880	setup.exe	41
PID 880 wrote to memory of 2288	880	setup.exe	42
PID 880 wrote to memory of 2288	880	setup.exe	42
PID 880 wrote to memory of 2288	880	setup.exe	42
PID 2288 wrote to memory of 2036	2288	chrome.exe	43
PID 2288 wrote to memory of 2036	2288	chrome.exe	43
PID 2288 wrote to memory of 2036	2288	chrome.exe	43
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 2052	2288	chrome.exe	45
PID 2288 wrote to memory of 108	2288	chrome.exe	46
PID 2288 wrote to memory of 108	2288	chrome.exe	46
PID 2288 wrote to memory of 108	2288	chrome.exe	46
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47
PID 2288 wrote to memory of 2592	2288	chrome.exe	47

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe "C:\Program Files\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen C:\Users\Admin\AppData\Local\Temp\Wallpaper.jpg
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:824

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2776

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:908

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{FCC74B77-EC3E-4DD8-A80B-008A702075A9}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --uninstall --system-level
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:880
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x154,0x158,0x15c,0x128,0x160,0x13fae7688,0x13fae7698,0x13fae76a8
    3⤵
    PID:1008
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --uninstall
    3⤵
    - Drops desktop.ini file(s)
    - Enumerates system info in registry
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2288
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef52b9758,0x7fef52b9768,0x7fef52b9778
      4⤵
      PID:2036
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1360,i,14170031135487615185,14716712840329883212,131072 /prefetch:2
      4⤵
      PID:2052
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1508 --field-trial-handle=1360,i,14170031135487615185,14716712840329883212,131072 /prefetch:8
      4⤵
      PID:108
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1660 --field-trial-handle=1360,i,14170031135487615185,14716712840329883212,131072 /prefetch:2
      4⤵
      PID:2592

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://support.google.com/chrome?p=chrome_uninstall_survey&crversion=106.0.5249.119&os=6.1.7601
1⤵
- Process spawned unexpected child process
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1932
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1932 CREDAT:275457 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2552
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.0.162181355\999515044" -parentBuildID 20221007134813 -prefsHandle 1212 -prefMapHandle 1204 -prefsLen 20769 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cae2e82-5352-4227-8962-0379efcf2c3b} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 1276 103d9158 gpu
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.1.345094887\764094662" -parentBuildID 20221007134813 -prefsHandle 1468 -prefMapHandle 1464 -prefsLen 20850 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dda513bb-e0f3-45cb-b048-c3a22b93462d} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 1480 e70a58 socket
    3⤵
    - Checks processor information in registry
    PID:2296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.2.1413167915\1914270760" -childID 1 -isForBrowser -prefsHandle 2080 -prefMapHandle 2076 -prefsLen 20888 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1de37e1d-6ab6-41b4-bd1d-0489d707a3c0} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2092 1a294f58 tab
    3⤵
    PID:2480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.3.309326295\1101648565" -childID 2 -isForBrowser -prefsHandle 1636 -prefMapHandle 1632 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f13cda8-3c62-4d2c-9766-071335064baa} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2444 e71358 tab
    3⤵
    PID:860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.4.1793086110\1496818316" -childID 3 -isForBrowser -prefsHandle 2748 -prefMapHandle 2744 -prefsLen 26138 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cdaff4a-e6d5-46a6-b52a-7adae5e74e5b} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2752 e61f58 tab
    3⤵
    PID:268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.5.2005413176\273871919" -childID 4 -isForBrowser -prefsHandle 3848 -prefMapHandle 3840 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8157668a-200b-4b7d-be62-7a357b73c9a9} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3824 1e3ae658 tab
    3⤵
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.6.2126851802\502376484" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2aa1fc91-da59-47d3-94d0-bdb2177b5973} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3944 1e57c558 tab
    3⤵
    PID:1788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.7.917798799\2026896262" -childID 6 -isForBrowser -prefsHandle 4148 -prefMapHandle 4152 -prefsLen 26197 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5482b050-cc08-411a-8da0-a126a0fb7efb} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4136 1e57bf58 tab
    3⤵
    PID:3000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.8.470632834\569150672" -childID 7 -isForBrowser -prefsHandle 4460 -prefMapHandle 4456 -prefsLen 26356 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a677bfa7-0096-4c15-a662-122e85cff1dd} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 4472 fb44f58 tab
    3⤵
    PID:1996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.9.692844649\1260845306" -childID 8 -isForBrowser -prefsHandle 3908 -prefMapHandle 3904 -prefsLen 27585 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {deefcab5-0a64-49d0-9d2f-3f2a7579b6a2} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 3888 2252e858 tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2612.10.9249180\1952879793" -childID 9 -isForBrowser -prefsHandle 2024 -prefMapHandle 3924 -prefsLen 27585 -prefMapSize 233414 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2598738a-4e41-4692-b3a9-d244b7229c3e} 2612 "\\.\pipe\gecko-crash-server-pipe.2612" 2804 1847e858 tab
    3⤵
    PID:3964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1096

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\NoMoreRansom\" -spe -an -ai#7zMap26546:82:7zEvent16592
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1356

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2576

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3540

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:2752

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2704

C:\Users\Admin\Desktop\[email protected]
"C:\Users\Admin\Desktop\[email protected]"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of UnmapMainImage
PID:3568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3756
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.0.1306149216\1621098792" -parentBuildID 20221007134813 -prefsHandle 1132 -prefMapHandle 1124 -prefsLen 21749 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5d08a59-1214-4eb8-807f-61743fbb431f} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 1196 40e5358 gpu
    3⤵
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.1.1695721582\810219072" -parentBuildID 20221007134813 -prefsHandle 1352 -prefMapHandle 1348 -prefsLen 21794 -prefMapSize 233816 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08febb44-db8a-40da-959c-322ab67f2ede} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 1364 de3e58 socket
    3⤵
    - Checks processor information in registry
    PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.2.1659740786\216535454" -childID 1 -isForBrowser -prefsHandle 1996 -prefMapHandle 1992 -prefsLen 22255 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e80d818-b319-4d27-b7e3-0efedcf4f80f} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2008 19e96558 tab
    3⤵
    PID:2900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.3.1691155894\1630835827" -childID 2 -isForBrowser -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77a79cfa-0f4b-4897-9a4d-ea4ab88af1e9} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2440 d62558 tab
    3⤵
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.4.1086780180\25515272" -childID 3 -isForBrowser -prefsHandle 2660 -prefMapHandle 2652 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f527fa9b-59a7-46d2-a224-cba75e7b6d6d} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2672 13d52958 tab
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.5.1049725366\452893924" -childID 4 -isForBrowser -prefsHandle 1580 -prefMapHandle 3376 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f2ba80f-fa4e-4498-8689-80a28eff604e} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3388 1e8e1e58 tab
    3⤵
    PID:3784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.6.518832768\1646415130" -childID 5 -isForBrowser -prefsHandle 3496 -prefMapHandle 3500 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {92699a44-aca0-454e-aa41-179b2dec404a} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3484 1e8e2458 tab
    3⤵
    PID:1532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.7.1107824157\1517533227" -childID 6 -isForBrowser -prefsHandle 3672 -prefMapHandle 3676 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {246d4efd-15c9-4e82-827e-2207b9d1a834} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 3660 1e8e2a58 tab
    3⤵
    PID:3948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.8.984385668\1671899169" -childID 7 -isForBrowser -prefsHandle 2740 -prefMapHandle 2724 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6830f29-8e71-4eec-9fe4-662409aedf3a} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 2956 1c1c2458 tab
    3⤵
    PID:3456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3452.9.423893713\468317907" -childID 8 -isForBrowser -prefsHandle 4344 -prefMapHandle 4336 -prefsLen 27440 -prefMapSize 233816 -jsInitHandle 884 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38031a12-5ea8-42b7-868e-c3933f25531f} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" 4268 22194758 tab
    3⤵
    PID:1716

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
PID:2880
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  PID:3100
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  PID:620
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  PID:2272
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  PID:1704
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  PID:3696
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2588
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2924
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2216 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2324
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2776
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2776 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3964
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:956
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:956 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2920
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3088
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:856
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:3528
- - C:\Windows\SysWOW64\taskmgr.exe
    "C:\Windows\System32\taskmgr.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2024
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=how+to+download+memz
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:3712
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3712 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1120
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=the+memz+are+real
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:2812
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2812 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:468
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3616
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:3392
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:3460
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    - Modifies Internet Explorer settings
    PID:1988
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1988 CREDAT:275457 /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2016

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2592

C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:748

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:1520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6a11830b702b72c1ff5cb8c90a787e78

SHA1
42d7ac33ccd4a7e03d1dcfcc6cc763e6e4557040

SHA256
911ee4abe23ded9775ad944043a8659aab582d77a253c329bb1515fc48a1bdb4

SHA512
f6c3a21da98888b7340cf8d15e982a09d6e9f89d0fa25bb21b62ea1733d634faf9a9e92cd7d1ee1e78112a6370525eb353df3bce0dbbe05627e6eb3ddac46cdb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
dad2740e1231a7cbc7ef177aa4ca3237

SHA1
1a49370ae1494fc1c42e774242770dfc39423e7b

SHA256
3c3c1b81ffaf785549e3ab793f2535c875405ea68f67888172e14fd5edca2f63

SHA512
319f736387f1742504c825092e343a03085d9af611b6fbde4500c047b9af883d22100d05a6bc60f6da8903dda4ee439662b58c8c26af1dd4bc6f5782a0ef85ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4303ad7224a04608574b2d1d85fec7d8

SHA1
2dc213b49cb7c08233e1074b067d1d306e8468eb

SHA256
8756d1e9ed74f7c9990236b4dbbf7320d9fdda4c678b12ecfe6149958a4c5509

SHA512
338a0085abcc03c7ac45271aab8c5a3163415b430dd6bc1418499bed7432426c5f65117b9c492652a6e898c8457de8073fd87ea746c8021de309125ff723eab7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e95264e487285ebe9559ef54e127ad51

SHA1
d07a160d87bb3e92cdc25b771558800f532104a4

SHA256
b0b273a606604b08bb3117f4b47ea8df305791d88e37ff6883c8e1dff52a3795

SHA512
fe7071f575d2ca491b03d26528ef2784c439e6f4b8162b4b7d3238756b3cf54dc7a50aef2ca14c54cfccdff72d4c6e47be78c46fc50edec91b13b05a32695361

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
cc336f738bfdab979686ecd6a32ebe65

SHA1
d241f325ca0b5a8777f546557a3ece0e826d45f6

SHA256
e3627fce81742560bbc8a5d87706694d77d74551b14b44241992f19148ccbc80

SHA512
71e46c54b38aaa9a0c8932a0ce069f5bac9b573dd8f16e47fb461ba99e6c7c03b79129c45e1ed6756c3ab5905f3b3ddd9e31821f0aae9b4fccf5c8e3fe79b786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
502841f1767c762de688fce77330fe47

SHA1
421ae0954135e7b348316f255ac9c13b7ed6daa2

SHA256
d786478a607f7ba330ee82afe3bfaac06c3a1a539de97ff6399aaf5136dd18b9

SHA512
da07d4bded09810803634f0dfa0881420ea57cbbad84b60ff09cd232c62765d1ad2f7a3e1eefb61d5f0874bdfa26ea192b0ce845fabfb732b5080b1efeb3fad5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
eb078b1ac170e0555da6bc7ca6d753f8

SHA1
edb28bca3decd1275dce88a4f96b0dcc40e8a840

SHA256
4885ee601a996031b54bab6c4d3fc94cd2385610b1ab64f7a092aec205b6f8b8

SHA512
df60ce9faf3bf0c82ab0f32adc8fe87f88714a2b93c513f34777e196699d6f02aef598b81175a993b4efea365ad41a7810c39427c0914012f33a00560970607f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
e354f88c9b5f5605bfa018fe7628140e

SHA1
2e5ab8f53efe86674db5501d43dae2a2a9f67c90

SHA256
0cdf4cfd6f382fa4d16c389058549b799c59ad058bd8cda95cfbcdda6aca492a

SHA512
549774f4230bc583c6c82331d5a37f73df9785c86efc659fa6c89c46f450c68e61b46ea22a772ea10ebb84c068b1b72919f5a10619a565e307057edce53f5de1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a1c379db98152749147a4fe7c3cdcbea

SHA1
abcd19368afc2620c7e92fba3d47f53bcae6f4de

SHA256
9ae6ab691fe3ee76db5a3c28d54b673733bb172a84731a59d56c80521ac80775

SHA512
d13d15ad8a5a7133f9b70fdf20e0a416237396f63233236610d7783251e0a3ec6b730daae347ec449a4e8f5e0c8306c0ac116d684569b8b791fb6bee2e3fe9a1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
4f191d21c94055abff2d3fee46e9a29d

SHA1
75fafa692ea110f59ecdb1736dcb4597381c8a3c

SHA256
37edbc3359bf3f106f93ab4e8597a21790d79bcd46082d5c7d07b68f3cf78f96

SHA512
398b1cbfff842868a4d3822d8b1f2f6066421ba892a694a62bf22b5ca2c5502e7adbf78fc59e9bd5a2c8daf63c1e75b9d5879fb6eff1cf425aaf0de5243997d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8bed30d10129feb14a73d9829e04bc80

SHA1
2abf99db10534e112e202b0806ac46b2fe9e81c2

SHA256
254f0991b5a4bc860be36672e28475ef14160d1669bbf09c345f1557ae946360

SHA512
94b1927eb53455eab0a843baaf726dd69558c329818c794d539c6822d8acb33efebac4f29b1e3bb63a38e36124454e6cb03ec1c57fbebfb6a1bdc95242a1613a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
6767717a20c56ce9c2eff346b0ff0b8b

SHA1
3aff668e92224d675c25f02ae0b38dbbdd1d848e

SHA256
a276fdf31ff07681ebb7aaf862ca08914007d03b496f4d42628c2388d7d4b4e9

SHA512
c05e6d90e6f64d33b5381eb9fe1cc49909dadf97ddab23381f739534282f425561e824717fa8c80b7f9f6efc35ccd12fad0fcb9807ca4f9327cc6152a2e3cb02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
06bc5c2af14d50a094a0df3bc35bbf14

SHA1
d32fe9f096cf63c3417c93a28f6f69a5299a6097

SHA256
cd7888f33a40eaa3633bc22de74d9a77c53479bf923ff84d0685bb56a9a1e194

SHA512
bc6cd25cb00fdece94b13d8dea1636c75c85c00b0e6cbf63c216177f163b7634c8fb27358322e592b8a13f7659f10180b2a8d23269fd81a8fff112f95c3708f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0abf4c9278db7e9803bcceea8637cc0

SHA1
cc43f61c50cd7588b4137bdfc1b6f51a67e359e0

SHA256
920566559c10ec61697a8f5a518c39ccec36d97cf753895910a7eb83c5d146f6

SHA512
3959a4805188aaaa6475c953efe0a4dc1e4e7da62a058fa0deb6ead3822fc9af44e972d7955a183021d7b54c7fcc048b5d1f43599fcbd2c9967cd682537faf57

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
07f5772f2fd6fed4225ade3d3e6511ed

SHA1
9334529d06f93c237287fe0984ffc266adb97617

SHA256
2b6eab9a7ff12e5080d0df3c40dd59e977d28895dbf0f9350c55470303df70e0

SHA512
13611e49403761ff2940b443925f482ff68dbca479a7b8c2a07082c71bf438d29ff47600b42ae77c0c5036ec3d68689f486e9e375595c75e6c13959e1041c7c9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
db604b12dfb50f7f38c787a1bfcee816

SHA1
79cb3a3f702d4dc3a98a817dbfb20ff97115eb90

SHA256
29886dbe7d07d8864f89cb8658583ea27ff01560b464f1bc879a38c03ca72041

SHA512
1dfa674cbe3f26b595ef8dd174fc42a85cb7b039952b895dcd0e7aa08ca8722e1948be48a478fc4d8fc2f8afeb14f7b666203a0af24d5f2564603e33e71b8798

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
373ca96571f205090dd93e7f176b972b

SHA1
ae3073c6d9e33a5a6641edc0de597a421012a429

SHA256
e8ae51a57b3a30a9cc5c2d3869a27ecde12b1842c0b8551f32a1225ade2e8887

SHA512
0aa769a1470ce0041b5d0c97c8c39e757c5e3b5c99cc2a3bf58e948bf48e7d10b57dee5c563d2efee6df1ee62b7298e5454e8343e92a72cbf7a9476ddee2173e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
46a457eef264f6b13df2438d9b758735

SHA1
ea16f007c7a1e6ecea625764a46e5856605bb3fa

SHA256
fe69bd5a4b3b5048c18bd568e848a9dfb27fdf7b34629b5ed7771e89c607b79f

SHA512
8507847f1561143c4d46ab0ae1ece6cc4fffa7a0632559bfaf5cfe88779f32ab31fe6d6f79f1d168a3d0af4f67068e3b7aefa5f9b845f282d082a38b1facb5d1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f3c0205f5a8e2033457cffd5a59404e6

SHA1
73db5ba90f88db673f1d6f6df0b794fc7b95cb5a

SHA256
48a570b8691eea7fb4ed46f215277a0e6531b963a117bc16b7928560384d2ce9

SHA512
9ba902bf8a20a482ea986390e0dd357e8b73dcd75a58738ac3c29b100aa394f08d372f7c3a2afcc3519950ea6e2279983314f306032ee2d8564661f07e6a509f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1ffdc9cb896944df2673980e93333648

SHA1
e34aa0354e15498fb42cecd73641c3d1337b8516

SHA256
8c151acd327c38d17a50b02b40cfd558ce09ed5bb9ec7f18b70d2ddbde12fe6a

SHA512
95cf8394f077679f0e602166f8bb3f8c7ca2c4c0da53f00999792b7ee4846acfa357d7dcab379198f7d00a739e3ebc8361f28f8b8e1dc83badf166f0819e068d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f554569d1625aa40e67cfa984ab04d3c

SHA1
a9d80c7fc3a40c9ed901cf8c63c909e113e5ea1c

SHA256
512647d9dc4b54ca2443943a802fcfdfda607f43bcf7e5659d47037719be54ff

SHA512
aa4fc33e26314c4fe43008726210c56a5cb59a572e500d3f57d247b2fa7994c7b568c9ec3843984ba8eec865b263d1e010ebee58454805467c6c28ec09262f32

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
035eea28feafcb9a8ec0af2fab365325

SHA1
2d8201a89d290b9c8fb4c8d40259fcf4455691db

SHA256
6c574fcec2442643a2e7382e6c7ad28874d6af806b8cbb9c8ec247595ccfff47

SHA512
e724add1cc4cb50198c656e7d5485ef48e78ef6ea29924357dea042156ab7c156bd453d657544763add6e6d7b0acf3459ff41222d1d6fff7df87cf6d52297e7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
3f4e69cc919f1942e09509005fe358d9

SHA1
db80f9e6e1b2f9801c15072cf73e880a67416d72

SHA256
6bd50876df600c16281d670a44778ba58b77adbb726adf97f0812c9569403e73

SHA512
1cb468d15d3003294349e8667d4b524584d1f41891878c9a2d7a336ac3f006c98799008a255185ee3a2200b04653c2da78b61c8d3c99ca64233e76fd06a3f0cf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5a6dd2ffb3815199dcf5bed4cb4a7930

SHA1
21f1355cd50601868950d2fd62ffafd303c237ec

SHA256
7278ab24427aad2a7ed420ac972aa366005f4445b617f8631a590925c331a1c9

SHA512
738e09d410657fe8d8b750b0812578d8c3b3e2dfa5ac44161fd6b972f7893cce44380ea7a5e3dac465df1ec419396a0693d9078d80f7aa305f7a017d12d68c64

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7329eef0b21849ddfb0ae5239ab82c7d

SHA1
825544aa5746225ec1b36dccf65d7e84affdbb59

SHA256
3efa5fd8d6e0066e42a73135715eaec528296cc95f5b42aa6d44a9c679a8d5a9

SHA512
3415d8051d6547b44f5767689d24dcce85563fb2094578219f125ccbd7b0be75eda3c38af612f4efe7a1bc22fe9abaf6657b50245afc87b1bff4e0b45447f901

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b09de2d0885a8525b8b99962237e087c

SHA1
38b4bdc2540872d2ea21ae40aa5008ae0bfa2426

SHA256
492394b8e0778ca85d4b05333b23414e476b62ba73a6350961abe7a6f20d8aba

SHA512
34c7ecb7246da0563066051fcc41b218d3b4f02ab723bce8730da30acc43c839649f3ea9f6642af495bbf627668df5a26d6a0a7d941e53c018947a836a4c93af

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
31d9dadc18cd6a6b026ac53db3533b4f

SHA1
20b2c22badcb893c8bd0880596cfb6121dab20d8

SHA256
bbbdb2b2753b49be34a4caeaff51e31e5bb97ec0d08362c7e05ed8fec82e98a5

SHA512
21738db0831731f7cdb3e18bbe0b8b4f18b0086f4e4ee17c481ca72af397c70f8413718c3d6708c217f64fb02652856102bdbec4e98bfa91e89891e5c1fcd03e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\80f1a5ea-199b-4e8b-ae97-72025b58bc3e.tmp

Filesize
154KB

MD5
41c83316b58fb19706b02fc246210be5

SHA1
682a316889c245b7a6751ed148fba758de01ecef

SHA256
1c95955c63b1d25eb50f6312c15a6597c5a5460a4f220de478dbc0836dd508ed

SHA512
8511eeaf2b370512ced602383c21cdbafc409f6ab2ddd58f2de2ebf4224ed4c8d63e8e0d88595213c65191a567ff4ca1cba6403d9027038ac04c9274424c7696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
6440e5b4ea3156744e4a29d42c8a2bd7

SHA1
da7b625fdca100cadf355ded3e112a57f8d25866

SHA256
c06f6986514f9e2a2853949c3809aa06a2d39594470ed4ffc77b5a9552565fb7

SHA512
960de88d405bccc917ad98c1cc04b9a3cb2daddd7a53ab5934e27e3bb2b1638dfa81688239db0910b53af711521a998a788ffabcdcaecf36caa0df2a31582d7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SP3OKTKN\www.google[1].xml

Filesize
540B

MD5
58bafac1260cd8787af34e552d7224c3

SHA1
7838b4e2e459dacfdc359073d96c47e427eb1a28

SHA256
8b62455ee374f9b15f376779bba93962801d85e6f8a71a47b684fd3e286ef04e

SHA512
b6acc616581c5a13fd375fc4d96066dd13edf8404551fd32033cffb061d7405edbcace716f6742cbd008b780dc4d909117168b94fa13ff07edc51f2412f09d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SP3OKTKN\www.google[1].xml

Filesize
99B

MD5
f49b9dc939619f6b855458d6a984522f

SHA1
ff36d9579d85970beefdf0cae3304bc0f49d5664

SHA256
d3970180a7098dcda6d290cfe87d41f4ec2cf844097e10b2e47fe80d858032ce

SHA512
9bb74b5de72a314b9441a5eacb14f93ee4ea342be4b805784b6c42f8337562c10e70c93897a58c944a30b9655524a89e1d91b902da2a9ec914bb4a0ebdb4fc51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\SP3OKTKN\www.google[1].xml

Filesize
238B

MD5
cf68eddbecf5ef4c3341d3bddea38e21

SHA1
b760f314ef9cf6a8a0ceba0d8a72981e18b8e56b

SHA256
e89312123f461a8e655b394252e305a9263c87eb9d1d6eed5dc07ee43e049bb7

SHA512
7a09a7c5942dff73ba3e341e1bc083393f9cd44ba5219084e3f5a17e7e528fe974bf1f33bdae0bc7db20315015002710b32af5336c172ac5de5587f9e7c82c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39GEHZPO\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\c-BYr-dvr3RXadZ0LNNpBv61e2-StCdS2EeDw174niU[1].js

Filesize
24KB

MD5
b71fc3fb244b490ed864d9e5a27cc3f7

SHA1
f8fc1f61245b654bfb34821b9f35844515af145d

SHA256
73e058afe76faf745769d6742cd36906feb57b6f92b42752d84783c35ef89e25

SHA512
c0a1b70b79b4919d482411131345682aa081fc3d437b2116a484534d16b084f83a530aeb625208149028427fb7a0c10592606c200ddbfb02b38fa443ec9e9e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\recaptcha__en[1].js

Filesize
531KB

MD5
2ea96f82197c227ad3d999f6a6fcf54d

SHA1
dc1499948a1822d16cab150eaee16f4ab8c028d8

SHA256
e1d667d61bb50e0a815101a7d0d7f379b7219776fee856eedbe965a049db8d44

SHA512
dafee1d415487b796e02ef295073382aac48ac76e90c749028a9241bd44ec04ec2ee34163b8177f94d01e9e9d87577ec34c18d780a9f17b80923106d992749a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HHT5LGG0\styles__ltr[1].css

Filesize
55KB

MD5
4adccf70587477c74e2fcd636e4ec895

SHA1
af63034901c98e2d93faa7737f9c8f52e302d88b

SHA256
0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

SHA512
d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UQFHO95Z\jemwMo903uERjMApF-n3CSVN64n99SYmycf4Bp0ZSBk[1].js

Filesize
24KB

MD5
bf14f84bce0c1d0e620588eddddf4cf9

SHA1
3dbbc93baa30aa9c1f732535f67c1f1c5ef75665

SHA256
8de9b0328f74dee1118cc02917e9f709254deb89fdf52626c9c7f8069d194819

SHA512
91b7882807c6e1e46f14943d8a56c64af86a7d59dc80156a4aeff28e37fcbb2b4c3f240b8d1f404907745bf9513ff465046dd514612711acc307386327c328ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
348428d33b355d63316ec202b12bff2a

SHA1
f5f250443844ab2201295d1e211b6fb3855ef9e7

SHA256
029404f73c64e319dc6219970f8111e4b571640fd84ee67f7d774f24bd89b66d

SHA512
7b876b3e5a83dc20f53a25f50caf4d842b065d1be9f2dcd304c4ec1a49a3ce113b92596966483c0f706cb6249444e49227bb37fb2faff07be2008a2b25daa5cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\doomed\31042

Filesize
15KB

MD5
ccede7f6f5332d4a5328a05a5e557d9a

SHA1
137d9311517b7db019f851437a413fba76e94077

SHA256
0c6f853e92bd9c7638aad606cc5600a8c3210537227cc38cf0e48aafa6bfe745

SHA512
af2eed209cecd5758932c6d8b4906d402e75eef3b0186610e4645aaeda6092d85b5cf565d5479ee9fa228d5c4bcfe1446f34ed8836548940f32e1670a7c6a33b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\doomed\6517

Filesize
14KB

MD5
53de56f0b25a7680efc76f230674dc64

SHA1
a1cd7c9bc2b160645e3d46c3bcc883e001936b87

SHA256
d5a765cfb05e3cd4b09dfaea2da5741164583a9efe7b433ae3ea7f1785d1f429

SHA512
42502c2358c792bae11cd7cca8c8d1725a6a0a4434447d7586873355a160002876a21780aeeebd86f32b8f6c8dbf50883034e1e98d1a56df8e3ad145e82fd372

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\doomed\9434

Filesize
8KB

MD5
b81a4df776b59cc6d556a26af00285fd

SHA1
226e9aa8842ca10337ebfcb21317c40a28bf8775

SHA256
2544feb2891ce1e2f76547d31f56de5d0e0647b341bf534796ce4535c9f85057

SHA512
9c17be79e2c2a2bac8c635a4418bc4f33a5473dbf298b72789fcf92af199aad104b8fcb6e0e3396f06de984d79be3270191f7b8a5372fa293da09b54993fbd7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\003B9E0A2EAC56AAFE3116E93CC53920DFB930FE

Filesize
21KB

MD5
b2795b0d71a451b285eebe2c3035b529

SHA1
b66b9c3fc50dd562f195502a7d4f2405e356bea4

SHA256
d90e69decd4ed05cc9dc1f58497b10ff24bbb2833ca099cb4292905f524909ce

SHA512
c0c95c9096d84f90dcba99162391a7709a165b111d80c42277b6269699b0926ee38806e0411149fabf544d1b06467eb7eea3fd4067ec84a35abe86fed51940da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\055BBB905A5045D20CA3FAAD45FCD316C5072EEB

Filesize
219KB

MD5
e37f744712ccf620550dd6901401f096

SHA1
7b58251d00c44d7840a91c8af8bf1fb14826f299

SHA256
131243a7f1ab471e7f9e6efd0ab4f042b67b48036ef52bb775dea72e561eed34

SHA512
4d5a6d3dbbd7e30da780cd821e9c79c4e069e1b0d1fbf8b75ee138bf98e22fd9b602d4a404d0c2e8f796427c16c3f5183d93ff06a58e985aa91184b628ae4a40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\169F2F823AEF582DAED7D306EDE98433E6AF81E1

Filesize
14KB

MD5
537eafa94f4f25cd5986839d59149972

SHA1
922ace38c7ed790eaf73325c3683764f3650fd71

SHA256
f95cd1a342740aaf2f83a21a02c23310e3c316311c039e9dcaa426bafab79573

SHA512
cafbe7b6929f35cf4f2f7b420d1627091651f26d0e43f979dbd6d3816fbfa45193175848a584ca757fdfec54e8beb6fb8bdc80fe9cb6ec34e4f7e0f168c58aec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\178F9251A8CDAE47679D71C934F806FF3E374711

Filesize
15KB

MD5
5912a37d89dd8257a36e12498f3240cc

SHA1
ad11133b5949cb2da116306401450ff2b1a20752

SHA256
1f1e70638b51fa84c6003ee60c086db76e8ef80e04aa71d2b9b12acef3cb2fb5

SHA512
4745e86801bccc98fef24033adb4e3632d2f1a0dd38f6528b6dac9e15df0fdd9652dfb682c2d30fdb747ff75b6b0544161840dfc5865629c0a0a93f5c0f7c527

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\21816B0DB510050B0FACA059FFBCA789FAFF93A3

Filesize
17KB

MD5
0191dab07bb5d81c3c4051a8a3991f9a

SHA1
62fd1fb6b7ce2e5da762ea31d54a69aaabeff0d8

SHA256
24ca5a0d6a178384f00504fb94b789017cf362a9d49c6337dae71e4e3f2a58f3

SHA512
2af882211515dc488908f987d03ae640cfbf38a3e426cfdd6ac1f6edfa7baa1895fa4c9390ab7a5881ee45c21fe481d814fdb75e13bb11cea8fcf14f50a82a2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\2468DE793392A31250A51EFA704C70472A3D1A0D

Filesize
59KB

MD5
37ff4cf1248f02d3ff9e0da4929bb8ff

SHA1
1558069676719d056c08659ad2cfe04020d15330

SHA256
b293c7abfc62e30dd274e566868e24b2f2018b2c4103a9c37f3d188716782cf8

SHA512
2d95f95e6fe4cc965755498b823bfdb679a98ccb338acf1c42c0c0b6d5281438d6d97ed5d85bd7eb98b023bbdaf735c690f32aaf19291374bdd4e782ce2f3b60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
7a45aeb641cc89c5e1437df788cb06c8

SHA1
476588f957f1cca7579185a78b49fe2e076fc90d

SHA256
04a46f37889866d5d4f228b53e9674fde12f8603e10f3f8379125158fe076433

SHA512
e7fc95a66011770e081d6c83a2a8b4ea43c1c77e3ef4be7f03f17aac05ea1b51d7a8f84628be36e2fe69b13dc7d7fcc6696c9f3f8ad68797dee64e532727ee86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\2587B8254FF29804EA8C313AE41DED8329BBA421

Filesize
4KB

MD5
d1750b39a3a3f81ebcaac972bd6e9deb

SHA1
03985a262f3d8b41787058b15d0926dbb2a012c4

SHA256
10fc15cfaaecd11032aded59729df1832472c8b96724f347bf78774906a5cbdb

SHA512
b2f4dfffb0ba546d403623571c2306af8e63f5644a7988ebf16a0d368f56f192d51719472f235dba9c3ec2567f892499b123948898a8c98264c515a836c88a75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\4706140295A9E0A210FE3C6BF4C08BBB20839F91

Filesize
32KB

MD5
a668ceaa2680e9dfc58932f9e9fa0830

SHA1
28eab9fd4d2632f35a6f7079f686a63cf66d85fd

SHA256
c5c5b5bb65bff15f926190eac0b55f94bd3fd1cacf897f5deab1e4f3539b16fb

SHA512
7a521edcb0a122f2c61b9c357348f00d2f89ff387da2e5e35723ba1b704a0f8196b1202b4c9da6837cb46b7ed7eb8ba5c00c47ce0ea33ca0c92dcab086a18e50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\65EB1ACB13C0748AFEECCCEC3AD1521D0B414AE1

Filesize
24KB

MD5
08132ac2f05cc095fac117e9ed846860

SHA1
d40ccadcf178e6266d3b005a71479867316f5437

SHA256
b47d62a97d8df4959ff7d110eeddbf68409876f855d05281ed986b4b460b63e3

SHA512
5e29196a1a977728e7b9d3d42d3618fadacfe82ad6656fcaf93308f91a08c98a6aa2ebccaf55ecda1c486b536d87933818c4e957aa7ee7da905a944318cb82e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\68BC2ADA259BF925235C7E6BF89FCA3B60EECD19

Filesize
60KB

MD5
ded4f4649c4ce0c3cdd5863ecf71a009

SHA1
10d23000c0e3db8cc909664dfc42dcc7a6699c1e

SHA256
fdc0c5d7816185797d2c7b7629a92ae2aa405ffa076caebb2abb6dfef862042f

SHA512
f30d2266a37983e14d52d69a726c034771b49967967dbbf0618fdbde9ae2ff475a0c1cb90a41cd14e042ade6d3cc97cbc313616e2a5e5d1761c42f53a95403f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\845B779E8F6C6245485378122FCF02EA92E7539D

Filesize
19KB

MD5
85bf8b86d97609588359a0e970ccb2cc

SHA1
fcfeb25b9f3b5a0a84cc906a8e88d5d01aed988f

SHA256
c848a23c8f55eb1581ace976a19c7def7002aa5781307f7cfafa7f691df7dbc9

SHA512
5b11a43413fa03f55294baf0935445089b58b44351ef237ce463f8bd89ce7a245a335dc024fc37f81d37e0e3428d00cbe67ea09e429306567c00b580bf58d8b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\880F429709ECB024C13EA1062E351585B52DB453

Filesize
22KB

MD5
ea4f17863c298e10560ade40fa88cf20

SHA1
0de3f1319881318560320078335b0848d2fa2040

SHA256
2667999f14ac974dc13e1fe161909a96c1d6ac17729a5001e9bbb2b57e5cc665

SHA512
69c6be18fc974f58c0d4b3c74069f059c82e15d9dfa491d5e57a17e7ba4067e8a172f9cc0c2b53188f6bf232d779edbb3df8ee29e80b05f4b5d64d4b10e4d2d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\8F2B50ADE38DBEB7F4A4E85B4AEA9EE28AE93B76

Filesize
147KB

MD5
56e96a4e219df8ea70ebfd539df446a8

SHA1
d8c3397f53be75f0fd2cb7666f043e145ff113b9

SHA256
a7e7c8505edbbba0605eb3d4336570b12034c6298df782ef42c88c0dbec0f7fd

SHA512
3321a9ddc0e485bfb3b73ea176db89225caf2cbab86d7d8e1d1fd3a7e2020c44b74eb627960a85aa4b24d5152ed805193908ffce7f95bbf9b7672c93026978be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\9BD0BC0C8600F2A8E27D38697E1DE7F3730F995C

Filesize
17KB

MD5
7354427aead4b9fc8692c61464d5b83b

SHA1
b39a48ac191df9cf8c464d28fff9ce52cc185ed0

SHA256
8f1a53cda7c92570effb3953ec535f570fa520a237be965a373b4160c7285cbc

SHA512
f691cd33388ccf50ef62cfb6471148f2a7ae9b028432f7a3b8dd292241d75bd525e0f75d090eabdd822d203dcad684fbb05a323822e08b95da1fd4c4627428d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\A152B6D6C9D895309E8E7194B1E85CE9D7FF9C25

Filesize
16KB

MD5
36ef30c6e5409ecbc6eb48773bf9e4e4

SHA1
f3d6837799decd14ce5d9ec4544365c7f8dbe5e0

SHA256
e281752130d558438c171820406df29f2f13424a7316612f641d3208630fff78

SHA512
e1ba00a6d15754529578ebe45a1c802dc7caf76fabad343c7e2bd83f7b894a9336877df05c427883f8aa9741d8a869498310f0b1f12ba1fc716df2193d9a0696

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\A2BD72A3227572715C6CBC7E489B8F9A87263541

Filesize
43KB

MD5
b569cd8dd137167575aeee5206e8f097

SHA1
df865ac41a9b30dcf6297380dd08e82fe62e5782

SHA256
26c72fe5d6c5619e169c53260647ca9bd5baa504e7604a80d8e2225f789cb3ed

SHA512
2d45f52fc7ece10b27125395f57d9d392a627d2bdb13fd41e05afeb85e495bf03a8f79747d6433f4b3ae2bdf20c234f0f47dcb52b7405ae7a44db6a02244fc8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
39KB

MD5
be8afaf4274b9973e8842d711e0b433b

SHA1
63d3ddf879c03797410febe90427c01d88743f1b

SHA256
52384d4324f41048d0767ef82239137420de455059b9dc8d2c04ffa7184cde97

SHA512
f492e6f4dde514371ec92aa347afba0433ba0e782b34d74eee971ddab0853875ef8936bb2d8cf0b295a70140ee0843ade35f80b9c4c50c474221af3de6ba6d00

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
64KB

MD5
3ff996e0b632051a788d3cd12145e37a

SHA1
b8524dc61a06c07f76487681b111ccc722d5ebf7

SHA256
ee335d56941c0a2de0cb57ecd9247601fc2b98d53785172d6bb08f13a128ef47

SHA512
da2c151c20c3238a179b02313c5eefd3922d21fb3e83f8742d167c1cf476b209f8efa06c3b421529430816d5e35a7418a6472ceac8529496ffe1900faa9dc8bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\B47C2290387CA81094036091C984E8DF3E89AE1C

Filesize
14KB

MD5
fe789e37afe1c91319c1b2e8c85a76e0

SHA1
f50836232d33ee5c13316ce3fa239cafc0e2aabc

SHA256
b6a0e938bc73b8328cfeba54fbd84155008912402821233f1dd68d9892bc921e

SHA512
25103d841737aa57ef6e0be637ca533a5d6983275171e0aa434eafe8c4fbb574c2b5d8a7e45d2cad0b6bc32fafca442b7df53e01e9f0ecf07ef1d0a0af2e030c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\BEF30B8945DDB23CE855354CA1126602E172FE38

Filesize
19KB

MD5
c02cda3e252edb5958bc54b489ee8d9b

SHA1
2a01ccc6ec569fc9990ea9636a3c87e660f3f5d9

SHA256
8f53acdfaf02977ce8eee7b53a51928f7879441716b10f3875f9034488f8bdad

SHA512
5f94aa17e6240b0cfc81ebfe4bb93d2a832a785238c0bf4915d1332ca73ae216cc6b90f59630d0473d25eee90f4f8daafaf9e73e64416b129be008bc061700fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

Filesize
16KB

MD5
1a1ba6131d03f5ea1c65a9560358414f

SHA1
45b5e222d00e9b17785e6f48b6beeb008bab80d9

SHA256
34e655e9ca53bf97987e5c623543c07c80ff0cd7a8624b44d34a812d4e3c5b20

SHA512
c85a1b1647405c963c12a5a13121cee0b5a62cd2b084cddb2aeb8dc1e3aa112aa296c727d4f30ff7fe2b9fd36b3a05b6ce4cad1944e70df8bd38b8ad6fc2d1e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\BFEF5B7F3B00F0A81ED1F7E43EA7F8DE07A9D010

Filesize
16KB

MD5
92549fc05034ca280702b9d697a16f73

SHA1
7fb07fd05df0249b547b1d16fc18f7d2a0fb3cb7

SHA256
e23116ddd33dba42b0416f24becf580f1e443879a99eb6cd58e6d0e2a0ca6333

SHA512
25012d83fcedb31a58f459623492f34182c97b16441153a74836f6d5dc0bc31c0101f02d43bfcf94860d74f9880aa2f4c87b08dfcfb6dde2cec36f96671e77ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\CBFB415A72A631B4C4F5CFAAA213F430321E2A32

Filesize
15KB

MD5
6db346e21893a0bb684134a323d2f741

SHA1
0e62bbfd693db6e13247fbbe8be6dd2fe2497056

SHA256
21cbb7764b3ad3a47e6944484dee229ff8451ea78ad1d0ded986b3672ce616f0

SHA512
f7b1fc3ac764c4d1388d3a9936ad3b136c219c4f211de2f02f9a7915e08a1850d988d08b9b7741f918cf60f19f8311442c824f951dceb32f5d543cbbdf035b81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

Filesize
14KB

MD5
aee462cf334bf670eddc5b464ee54f98

SHA1
d5496b1923d111aedfc6ec7b324630b8ba070682

SHA256
a40192502da20572bec7027feb72a493c680ffcc595f38e6973a8c4e5c4624f5

SHA512
8b9c4ec5ff56eab1b6f941156b8afe9c6441fa53f33c3ac1168fc58b1d9d89380b78da368bbdbaae2bfa60493337fade0f575c2fd4ff1a4f51b96f88dce397f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\index

Filesize
11KB

MD5
78c5c0b6f8b419bbea4df0e59ec0709e

SHA1
6b360ce0ecd3eb9d66d7df81e5624deadecbf811

SHA256
b52db582f2b1b66a5a44afa863c4d60cbb459cfae8b29f9631fbcc6459de31cb

SHA512
0f7a251a9a44e6a5d23b745c564c2c535b29fd303da6ab380496be340db6e040bd38215a01eda660931ed0da27228f7dd6dfbdf0ec74a00a2a4573dc5426806d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cache2\index.log

Filesize
4KB

MD5
dc4b0e6f42d88e314b9021b07072eb62

SHA1
bbcc2168cad6c479e2b5d056792f3ac2d82674f7

SHA256
8ea8d779cf2a0f774fbdf7e853558ce6c1653b32d2117552eee7dc4c5814c462

SHA512
1fac128d63d4c14e59a03d938ff23982dcad3a296b24db073e12745f46040e971ac48228130238ebe19c193e0da52fe94957ae0b68758d7b90f02520b8e8291c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
9117bf7422456e9ed365935a005018af

SHA1
a04c67a7f05f579393ea876b8c20bfd00e4f462d

SHA256
f922573ba5fbafa6bda18cd09caa30e3a2bdbd3d04cbc51b210505aec8562fa8

SHA512
83fbb3f6a98185280fcd56ee0f609b2d6d5da30de780bbe0f646d6ff08e559598d0d9931abcbf89ee67df70e316683b66927222e0afef2022768844b7559aeed

Download Submit
C:\Users\Admin\AppData\Local\Temp\6893A5~1\state

Filesize
199B

MD5
0ebb448a11105b713b7899aaeee005fd

SHA1
ada23f0844b49da898802e1363fe26ceaaf69469

SHA256
2e8270a643c0b2d33a9e25c6b01510b4dc1e3c36cca06aaf247b0703a2c6d56f

SHA512
a24064546b54c1544d53be9a109620aa0b3675d4d7546cb40d9684894426ee1b795cf2959137f635b1bcca8f746313cddb12945baeb21ebd5dfb8de6edfe62a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1BBB.tmp

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar32A7.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFFDF2858CCCA9BFF3.TMP

Filesize
44KB

MD5
134effb40340e4333438b1d734a92578

SHA1
bf7c320cbbb108d1e0cec73c67c19bb53d4e2d5d

SHA256
f745a542cdb163876ba4fa1c594850c20a7ba3b2a7ccc9f94947eb533cf37c5c

SHA512
cb7fb0df9cf97cf5babc3e9b619b519232860ee84cb5c9e00ed2e06991f9d73d6a301e5a87a7622255e58e6182af6d684ddd0188746430d70baba260d736f90a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Templates\Normal.dotm

Filesize
19KB

MD5
53ecbf3eb51d420d0e870eea72a1d793

SHA1
ffc7ab77c3e1b59b2bbc8e7b83a7244b96efc29d

SHA256
de15cac532705b31dbee6b78f86da6f80ac4f74f54152e0aad799b8f7bfca44d

SHA512
65fd38eb809c82b37c6460a36f718ffae0ee1cc9afb35ac1d4d592a084c0df03aa503d8605f3b4368e80a6b34f0149a28060e54c7f216a21034cf24579d86dd9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
338488798fb159c43a93f94eadf58816

SHA1
c9cb8ecb5b48dd96b64a5862378ea96e38527f40

SHA256
fc41d755e7a0265f95da248b68309ad7ec7d09784bb2874e2a0cbfacb0350f66

SHA512
82d7229269605eda41131e6d057ccdc6ee29302113f46afd3e496b543138b6b8a96710dc40f28d57762a0779bee2698f3dc8b0da7185c9f81f7ac0ca725b2075

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\cookies.sqlite

Filesize
512KB

MD5
fa070fb1316d37a9946dfc1359287aae

SHA1
b46ecb409f634ac5b4ecda05749ff8249f9b268c

SHA256
9757c91f7b0067adf21ed3d7ff429f55556dbeca8676436bda5609c0626d5cda

SHA512
f42cd5255b7009e62189581b8c8e8d000ba1d3750b093733b939684c9c700d8ff69258c9d9cb38e0fd67ec7ca136ccde34801304cbcc75ece4b602102eea82d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

Filesize
16KB

MD5
8e630ebcee297abd9aff0e8f0b56a1d7

SHA1
406bdeef3dd929f57b871535572898574fb1dd2c

SHA256
bf9c597d23d0d53c637d2cad7885c66f9db55ba1096e25b9f5116446571cf065

SHA512
923af331a4e1f4a3bf0f48f06c7661f3ea814afb68d7e574ba92790e3a4fae636cda07963f9cecfc95edd4ec1f38ac2f08deccd0e9bc83cd846f270aaae368e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
e1d5c8ad8085f0d983393a7e43dd0b15

SHA1
c2f4774b521f3e8ff2414dab436f7e2ff9e890a6

SHA256
14039dd70c771e99c5ff805f6fa35ab178997c6ab4ee30150ae0765c6a207734

SHA512
1e00f001f009d1ed7d8a9ae4e56943790ef14309c2a7c8fcfa43cd1e63adbf4e3f14a6205e8d51515c3031ebf0f81cce2e07a701c0ef7e8b7aa0d15dc92d759f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
28189638d4142860026eaec3186a0fe1

SHA1
09c00e53d1be733dd16594fe00d2daeb004f0d78

SHA256
c9c0ed19145af18d2c0554e57e77505a31b15ca1a7142c84300ed340c2937748

SHA512
2c913e4963068a2430cc307043d81d24e4f80d033194e204dd40fcd0f0cd323eedc27b76c6ac7e2290c320004b6cec1d775a7d9ded64d0204bceb23c7d220750

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\db\data.safe.bin

Filesize
4KB

MD5
f1934647df43df1c1b28c9687941d484

SHA1
0d3c1a81abd1e31514b190c93b4ee1091bcb2d45

SHA256
166f8403c393b86ee98c7e42d499db4780f8652f422ae9c43d598484670852dd

SHA512
4e3ec7d33930c1221881dacf190fd1b8bebf78ca654f4899b90d41630cd892f972392ca2b84695a738b2828c22865f841db674138e3a7206d8e62529cc24b9d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\1996f3dc-fd20-4280-8367-9b2f46f19693

Filesize
932B

MD5
a71f0a43a3062ab491378318964d2996

SHA1
273965f59f08bb6ed5e05fddceae262e50140e08

SHA256
11008cd3d30fdb062c82844f1ad04a8096c2d8385a6bf4c425515d15bc8a0812

SHA512
4036d6c6e64819559ec56699c16739f0a492b402b8a34c413006ffea05eb3bbb945e4ece511b6f124ab97737077759c1e524322831ef2e8db7c5a7cdbd7fd660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\35f155d6-942f-4f33-9413-0cdcf8fb8c2e

Filesize
677B

MD5
dd766f67eda4f1d063891f4cc15d7d29

SHA1
050e407d58d115cd9664b4c55de9f9be282195d7

SHA256
3ba64072116c122197c9be150b93d3d1d93f185f18164faf927c2700522daf60

SHA512
18168ecb04a2d5c5c095a87f8dda4800464f17215ec1fa472845ecb411ba16d6821dc787f49fa3835021c1990be59f7ea9f7b21d78079e205d69d7040274bbcc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\6ed84d15-ac74-4a94-bbe0-92bdc57cb79f

Filesize
773B

MD5
dd628d003242cc9f2555a63b509851d0

SHA1
1df83ac34f959dde6bdf7e9e4215cdab84192d09

SHA256
b84f24ec6068ac28f8a2c3b6e83d2b88136399aee88307d8d3cb1b67bf016316

SHA512
1f30197f4a4e062896565c907eab58c06553fae25861a8441428c1c0ba5bf101de745c8ac5102c9fd00212fdce49465b4d249d54d67cbe3e8a2a0c9ffe19ad7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\787daa33-30f7-4401-a8e6-71be29d941ab

Filesize
667B

MD5
f73cf25cd4489e990cacf403cba52b85

SHA1
07432fa93902e06030465a932bf906d2278d6806

SHA256
d862128b7951c62a82b72363a01989106eb3b15b2fb8dc291c8a43760f86e5b8

SHA512
14ef840532b10f987e9505c7fc08b145ee497844ea57f2eed4b811ac256eb62f0ccc418b0e5140ef808714dafdc1635bc1255455d426ffa74f605181c56710e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\a045032b-6b96-47d2-ac61-c64e3c6fa73d

Filesize
11KB

MD5
7d9e45f3c3b206d2e12d6ced69de408d

SHA1
2a717c486a17ff45c894f0e35692f1c780aef8c8

SHA256
4e080ad36123d8c973951c6b43594c97be04ab859ac443bb1f91f5d5fd33ec34

SHA512
48b1a887000428a72122ac2c047c6b8aadeb0a93d307a4c7549430ecc8b0713633ee73fc11bda6e5d15c5284cd4b67663489de9cebb231aa3e40dc4c3d89031d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\bcd3dd36-97a5-47fc-b683-76bcd88fdc39

Filesize
845B

MD5
a4a7a6f754a7c62bd87b7bcfd28d7d33

SHA1
fa2a55b98a3d00ae0fe35630a4b52186fb2f58bf

SHA256
3943577f774a066fbc83a4e3348ab00f61812fc0cc6bb5ee1cca0fead9876cc0

SHA512
a795af8206b896e55ab865078487e02140989a78a40cd48bba8366db19dda60d60257af7f39e21be4390d33ed7ee4144ed8b316a0ff5038daa334bcb14af91cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\bcff9bb8-6f2e-44ef-8b79-731559787723

Filesize
745B

MD5
a19ad9e0cf8c36c81a697248bf4b7dfe

SHA1
d9e2a6f7ea76c5793d3d962a908e30355351fe3a

SHA256
041af68f3d1b8fbf6165d94117bc9c29bfd8eb8b31e3a14cfc78e135940fc57d

SHA512
26bb5435c62ba201e3acbc750d0ffcac8315c5a2526e9b8e3ccf5c1c28a80827b77f2006552776d87236bab4848331d159f81cb2f92dc3a667d8b768ba2d9358

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\datareporting\glean\pending_pings\de0e0e08-6949-496c-a829-b64e39157cbd

Filesize
854B

MD5
7edd7113c1d5624e5345f47c0e4bf7ef

SHA1
9824c9cc9e15d7f63d34ca7aabf6601459837fd8

SHA256
ccae95abda9465956999f6c4eef13441ae7f95b70be5fb694aa6d7a76588dcf7

SHA512
06ca045cc2111c5975588887ce336af087298a020920bd8a78079f28eae2f0e12b0d2fd22ffe270252a56c028ec2aa18354a9c94cc0fe2859248c2448cd50700

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\permissions.sqlite

Filesize
96KB

MD5
4265bfcddafb85be48e240fffd135150

SHA1
9d321c77491ea535dcd76f5bc62077436f912cb2

SHA256
6f9a6a39bec6ea0518ba407909d8a4b1a575c75c39b8975f7f71eda1114d8bff

SHA512
65b7b5429147091a7ce39d26871f99ae0a481a5b2af2587d3f5fec53265f8cdbb61cfd9a71451c68132f7ab0b01d2f50e287c61c1ac3279415d4fb06b0f53884

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\places.sqlite

Filesize
5.0MB

MD5
15461cfef5eed283f15ffd88fd3517f6

SHA1
14dba934a0922d737ebe62863990f90d1ea012d8

SHA256
7f4661f5060e4861ca4ffc97dd0e4b55b2e204199e492433b214e40d1e3900ba

SHA512
4a877c59f75c31b67cb2a156a1410998ce7e2eb7c115e5cd031ab12dac6811cb79fffabea695ee98c197bc20df7fd077068fae42d4eaacb0a18d2173dddc8a3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
6KB

MD5
5f3674e02b635277086f8740f1577441

SHA1
43bdb02049ce2033d40159b6a46f042e4e9d0087

SHA256
0dc8b16ac2e58a0289f1467ba8472cfef1a91266bb814873a6bdd87675ea79aa

SHA512
640ff1c070d7c11b4f2f9cb59aa5a9244ef274a99ab386ee49f4dca0904a86b33449596908533f784fa06f1b25237c92a943faca0e12fba11cd8cc285b2c6eaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
7KB

MD5
d581ddd43925c0889bda86f950cadd3d

SHA1
a5b0277302c298a1f6f9fcea21b9040e43c93d4e

SHA256
279241b2d332c9c4d945c1151591acc6e673a4f3c79e4ef89fddfddf8eea32da

SHA512
ac8cd83ac9f7f603f1dde8b3ddc47819b7e2db6ea63879389592f4ec5ed7e6493e2110f2550d84c6c44b7c0c82d78f0f413df51e1d5877327a00377f11947c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
6KB

MD5
8f8401d99a5973975f8907b2017f8bdf

SHA1
8fa0d32c9e0af19eb79de84519dbc51de1bba151

SHA256
4bf6728bd938e28ce3ce53214b6486c26aa8426e28c056abea253e6f1a33c39d

SHA512
cc167659360169a0eee9cfb681e66405b0f9c5a1c64b53de659b9badd72f723bcc4ad3f3c659b41e7e1f562ea738cb847da3f779ed7d32d8b0252912b6e90cec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
6KB

MD5
81d7914e05cd2a783242b527293832a2

SHA1
f43f06bae2fdcfa7f05a083e11849ed2d2036b48

SHA256
e9af1cf04846305b9b812a88fa2de8f77f7b16fe795b75b27be4ef2706b23979

SHA512
410d8ac0e323ade8d4c198161c0b8dd054ddb86930d8de0d33b91af494a049687ca6fbeaa5e147cf5d4013abddae2378a84bb1de44189daca29a3047363db960

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs-1.js

Filesize
7KB

MD5
a8bd27b4a7e94975a3cf97603f293c98

SHA1
62fa38f6ed704a484451ec2f0be8c9968d3c3118

SHA256
54d69bcd3efe0e53a0f24d85cbed6605801cdcebbeb950af2a698ad0eac29f6a

SHA512
c08004712cd8faf511af3ef6b7df1d2ba7ac939d1ec5bcff25290b930126c9c211fca467f382a79650bc90c6dab47e5e9a12855d4badfabb53ed28fb07c84705

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

Filesize
6KB

MD5
23d48ab77c6d302ef7cf6fd4b9ff2212

SHA1
3afae563bd18323160d61d8fa3038a01ba2a118b

SHA256
8127d4705ed9a422af82069b9b415708dda370e5ec3673ff192206ede810c5bc

SHA512
246e57a10c94f3ee20a137f2236b06c049eef4219484f037bb1f05e41487e5c045748966c540b9072d0eab56386ed8d55384bdc7d1a45d72dcc0d381b6733d1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\prefs.js

Filesize
7KB

MD5
cd24a18d93e1405a10d6fef84d90dbea

SHA1
12e549bc54bea3800f0e5b77fd22872a49340115

SHA256
ffd9a96456af7d5c7cc32eef833d99a12a4555dee5bb9c05f8d3165fd8f4236d

SHA512
2336b89e8ed91af5acccde05401f0e1720b91f657a3c27c8b5ceb38208acbcec28bab7c81ae3ae7a4325c2b82d6ea7afe179070f8994813fc4ddbffc369e651a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionCheckpoints.json.tmp

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3538fc336892b377edd5997a53c02d1a

SHA1
6eca554740ed09a8f3559b9eb6de20b41a0bbbb1

SHA256
eef1a3576c2658d17ef16fdd6b74a5622fee030e83c2633341471237e0b90255

SHA512
38ed3221dc83683a0ffb4b94e44e1d4eabb937c341fb1c1d77b69005eaa8afe5ea059f06b874761ce84f02a6ac4ef71baf7edc378fad55cfa130ab3e1d46e27f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
b88a64d855f98aa3c7ab9aa63374bb2c

SHA1
0d5ffe778e7a9f247d3b7a0191a8144bcb75684e

SHA256
1b937c2c91008848139043684f5478a8a4c02540f72d555182ebd21f4e85b8cd

SHA512
8725011e0192990c8b8728700e6c1a08f7851809843af2f5173fa8de364215f0a695b993423ecf8b664ac2fff89c1675bccb323919630107aa88041269f4840c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
0f03ccc83ebc59107c0aa7160424bd86

SHA1
b33149c4b262464a6339a378267db2fdbb1ebf1c

SHA256
02dbef813c5c6859bb8ddd2732dc1a3ee09898d30e7357891349e772b3acd97e

SHA512
b168f1ab237484253446d596bdf1d140ebab59fd445ad0fc2b59c5f3c6fe22850c920f91c7f5d5e2073f9166f3fc9acaf76a253ce1039b4ea62d47faab5b0b02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d44c8af356d884bdc8e615dd7accec80

SHA1
c08aecfa32abccb5988fc9be581c6ee273357935

SHA256
cce6a192ba6d1a321bef33e1dc1e15d6d2ce5378b934c267ca4b46c95be62a2d

SHA512
4b7cd039f485e5d83b6a400d7a2e6f76cf6fc521525d179b1f785d53d411a4420f4faaff8a59dab6d5c9484bb2baf28eac72bbd57db75402c687a40e7bcbab15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e4b47247343099d408a68b761293fafd

SHA1
6da95db049b7e624cd12c94534838e60bb0601c9

SHA256
6bfffe63c1cff47b04039dd59be40bc30866f995208afdb555617b60accc6080

SHA512
4e5e0a14fe581cedd6e0f21fcd334b2e004d7a47264766984319c08e5d8fbcca5da9a08933baa060eda3f261f9ff8d0370cc5f1d4df18ff34cd560f6ceb9a7ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e3572dd73967bf0104a696b001e36954

SHA1
77e5dc8bd8db3f1e59b114ad1dcb699111c593c1

SHA256
ba363bfaa6ad9a60b1c537131a4b954606d1ba1419e3fcc9a9075312f43f8ce6

SHA512
635487166ab536f809cda2f342594c10c7b938f2641ee5a04e1efcb7290380c720295e28d13bc9f5affc0baa0a83691e30efa11276d712c57324739ac149b136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2af1c4a8305b395f832863bea699f434

SHA1
760951a278b481e9eb48af4e89190a7e522a1b24

SHA256
a4df757255173c20ee93ceef4aca4b35cf43c849aed728b0d5a6b1de165230bb

SHA512
1f54a15e84c9dd565ce47319cb5a4bcba1a8d09eaa389a6e216bfa6ac7d2069d6dde353a6347296e4881a921aedc694b02947a4735a5539c8838dc51a676b4f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
a955af1e261763789835c888bcd1f0c6

SHA1
01ef7417b037fabca23c0312c1cd2dda1b67ea93

SHA256
f04415c9300d0a78bbef927ce7978030d9d4ac1bee1e92d002da6a1056d74891

SHA512
2c73e542cc36ffb6362047f34e8465418eddc36835bdf50bf02c58dfe325e1d4c746e0c5c93db87de252794fd62fc89eee43ee599265c8492af6716cafef1717

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
20c852e5d981d907a29e36b302cae437

SHA1
67054838d557c81db57b6de661a4c497f9eabe2a

SHA256
380fe788490e01fb3b84f87d6782731528ff55ebda114b425fb31f18ce63aac6

SHA512
d2a91784cf90e781d27560f4cd76df1c7361527faef36868993cd6aa835b9af8bff66b9095914fd6884ca5480a7381781188a877d5f279c70f332caa23a8082c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
fe29a1a8f4f667652b86340b7e47d790

SHA1
68978be45c0d5899600c48cbad8f074bdd309b20

SHA256
018faccb8cb44df71e0f44995f50212de609a9c77160b9c6a64f252cfce9b06b

SHA512
b918fc757197336d44f6c7c2b9f10932725bcdd6b0ef76903b36ff615bc818c2f2d2b02fb8ef672ebb4e83cc3426b7c603220912f47a4956522ff5c540562d97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0e8ea670cbc2d18aeaffa740ca728897

SHA1
efb24a66c70971ca08484a9308302ef130968642

SHA256
d265e697ffc6c4ccdc3183d28a59c72b39dbc55852699b516d8507f82498a22c

SHA512
e14a3d928d1bc80826556324e8ed0b48415bbd86d59a371c9cec8dd077f0a555195f9b77e53f57ecd614d339d8db89fd8d8a38c4195d1d7e793d1b46301b2cd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
fb3d8033b0e67acc4af1aea59a22d3a4

SHA1
9f8735e48dfa792c7463c1a3eebe4f41bc336cc8

SHA256
f7f7ca87a5fb56d1f8d610f22a999d95d3f80d458ee166a1fd325192af90f105

SHA512
9ec5e7ff29e5de57ac2f09afa7b1eba3cab0e0830d8b8c2aa370357b12475c61690dbdc94c23d6093b52d6e6f22a118e5f758662d5699c76b39b54d048f252eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
08939065411e7efc2278a9a348425938

SHA1
633ad8425c22637c79eaced6ae12a500210c41c7

SHA256
5d81dd64e7b5b012b694838dc5c3ffb21ff1416b1cfa4b135eb305b4f31a065b

SHA512
2c8940fcfa45d7a3e623066dcd0edabc8bdef1226004d08820764cdcea96df47df2d49bcf067961931f763820f3ef1f627926e453417fa12b081ad128b805139

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
91c9d9c20e33f50328696ef256d83bed

SHA1
16feb718a1c9539725041d18feca07df3122e9b7

SHA256
1ceb1dedfa7110c16ef6decd796c8c063f27182359b769827787874c8984f977

SHA512
bd4da0b2b8a9831ca3a11e83b4d6f6062fd35faab435d7ef3127425317c4b423c9e92aba0bf13c8a54a4642d0ac19f7251785f4109da06baef0b6b63c6bb2dda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
29ac0ff98d1313c5f6388bf4d8f5ce66

SHA1
9bea783028d3717798790fb4bee243d2833361e4

SHA256
9e3982ec0f48d2e2a514c1baca25fe8a0c36d45ae218de6fdbff50439e56d6bc

SHA512
68cb83dd0fb6f29a66460a95fec51d4f0487a417a828c8054949fef23f37128503faf52520c376b8f29c9ceabaee93d844c7307c9b9bfdf8ddd8c56338cbe729

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6ca3ea9247c612ad55e46db90cc8cdb3

SHA1
dadeca790b75747aad2d71d0c399fba372e653f3

SHA256
bd0c2d637e8ebd04d1e83ac2fbc95446439035836bd1f0d59289dc839a34d074

SHA512
51f1149ebe45497a49bbe007786300edc452c3132c16055e0f7ef4d8d6f07f34d2db483f40fae1e18d5134c36a22751bda0cb011cfd43213edd18181c102b86f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
98ff6a4103af170825a7b5aeb2279281

SHA1
7b4542e4bfe33485b7ad22062caf54179a2d2fbc

SHA256
dea5e8584be5665a74a822540124a54a353c2faaf00bfacfb1b6b74e91e4a019

SHA512
58acf9b28cda623b5a8759c097d79fbfe74404ac5fea112fc396c5177ccdfefe23a6edb9bd2017d885e10d920fb68f7dec572ef65d85a68bb3454aca104f16ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
fcfcc3d1ee2743fd9383d92ee6fc93f9

SHA1
33806ab2dc623f44aafc5955b80d1c89d9dcfce1

SHA256
efa6614b156bcd4211db1f7f470fbf28f0de39b96fe6fbe7a104a359e4cbe61b

SHA512
ddadbe2610c5a0fdc5ef48ee4cce6e92b1ba3d55319d2510c66626ba2cb8ceff566f826000ea18a89b1a6d3d4759e967d7d9aa50c931dcc32d05f790569bdc23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
cf1dacddeaa2f57eff704acd2b338971

SHA1
2a6cda8299389e116cb1bcb838c76dde63820dd0

SHA256
118e35ebb194e3d6fe2ce068f49f83e8acbd23da518598ccdbfdca59a729f959

SHA512
6bc78694a2f7eeef2de197e661bb9e8ac23dabf442a853db00a867dcac491b91b693ba06e9fe2ab5ca91d8fad5fcd7855c48164f0f362ee5f87cf2c2da450750

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore.jsonlz4

Filesize
7KB

MD5
9dcb9d055523db62012f6c6820305ba5

SHA1
375c601a141260962bb714d878ac618c994dbd83

SHA256
700f82d1d3d356a19a3d32d81b43afebcb4cf1ca9b6204182102f6ec76c04538

SHA512
fd23f013a64def7e571bdbceb84f3812a01b6bda63efc43f7daadbdb01cb07e91f62b053271f07185a64b54a1b517e02cc24b683ab72628e1921fd16b3ac85ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
6beab4c35071c3d28f294b4d839a1be4

SHA1
f4d1a849778bff96595d227f7b03b932d52b8ce9

SHA256
f3bf6ee68ccea7ebae9f6831b298ac04d0a64e19a4a1dd1b5077ba28b646b823

SHA512
ddd7df40f731dba092091fda75db852c74cf783c35ffcb5ee94795a97255994cde7dcdeaf6da8244c9f79e197d41babef61e4dbb56a37dc600c7ce9565e3ddc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
6622bbd7ad96708c2ca7e2db67911b79

SHA1
8325b8d1b71e3d7695c5e5fb259d3015c1c45b60

SHA256
af7ab66ca2bd803a1547bf4cfdc6c211451c1babded600b862f4dda3cfc68a88

SHA512
0e248a21c5f78b4850007843f8f11f65c7966bfe1f2bb12c019d4106efead20dde8524409f85c6cc93b303befe937869b3a4ad4fa347f14e69abd20509c05177

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\xulstore.json

Filesize
217B

MD5
c64c353599fd3ad2e43607fcb5b4ebf8

SHA1
d47b687df6f60fab3f0b32dd20d54258b2b645d9

SHA256
c92da016f56b7aa125d9735490a7421c525e839d1e34c130d4f73915b08c8b44

SHA512
c5e25b4206a027d28ac6aae3fd31b9dc020febe33b7036885fb94d39b7378f3bf1d7f6df9902c372de1ea9505e7f4032ffbbf394bafc1cb87ed3b20fabae7b23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bz1ih2a5.default-release\xulstore.json.tmp

Filesize
141B

MD5
8c8e29dfc7492b92903124e1da454a88

SHA1
09e1ea8b5a53255747809121543598e55e38f9ba

SHA256
08e5486c5550ae2844b9569fbe77ca63617c48b2918e8427ba729deba24a2cbb

SHA512
bb1b2cab79ab3a1e467094748fa6879ec325c21da733255428d2b661c02255dcd3036a3706afeb4f576c168127b4a537802f5748950a3db8fb0c04f4827f903f

Download Submit
C:\Users\Admin\Desktop\AddGroup.mp4

Filesize
595KB

MD5
3a8c2885faf01b4520ed58837d7ea250

SHA1
2680bc66358df5c7bf107dd49ff5001d12c15b5d

SHA256
f72c1998b40761b859d0a7c846928597ec83b410f95e5c624104b6d7fa67f232

SHA512
d33dcc5f68c01ebd6980c8610fc57a4eb12c4950aacd52a25dce0978db9a63a3c49d1484f8da17a5712b9d10291d0cb8fa989a53a289bb336f68fe0fb9727e0c

Download Submit
C:\Users\Admin\Desktop\AssertExpand.css

Filesize
331KB

MD5
61d5a85fc1761f71c35a9aaa2717fa5b

SHA1
b16b8fa02f9869b26bd2e6fea002dbaa48620df7

SHA256
26280c087382f190ce8ced59b34fab8a6244730227d2506b070bd8c6d6ef33d1

SHA512
df6f8d6a916b85a5a36681e5635f645ab62a7a506864b00bdecf6335bb5b876314b5eebc64c81566d4b778e0a53cafc744efd7c1c0bc9c47e2cc60183e2d3ebf

Download Submit
C:\Users\Admin\Desktop\ClearCheckpoint.cr2

Filesize
264KB

MD5
d40af37cca34b20482e15026fa8833ee

SHA1
a5481e72d0f786cbcf915408cd01086dd0aa2b4c

SHA256
0ed119e648cfedcf1fe7cf297703510b415e6da6360ddbf36b40e79f70f78102

SHA512
7c9dc5d5147057ab35abd261ab6c324702532f781bfef09ddc94ecc16e776f471af069aa10b442f00e329df940eeb7c0b0ba852b421bc51f303b561bee55e81f

Download Submit
C:\Users\Admin\Desktop\ClearRestore.mpeg3

Filesize
230KB

MD5
1641d4e2fb9ce62d0b7c28c66e323d83

SHA1
911a7521031b50648970d3f9b47cd34b0756f806

SHA256
00e5db99413c6050b7f0f9e94c67caad18fa45a72f07f4ff5d6a2715f81057d3

SHA512
99b0f2a51f27e9f6f457a130cb818f88c2408bc05ffd3d806329d8f5f717ea0650f1538a38c6abbd57dc5e12815992b68985087958052008d2991acc6b7551da

Download Submit
C:\Users\Admin\Desktop\CloseMeasure.ADT

Filesize
275KB

MD5
b67bdfe9f20e385f37e990e23a2551ab

SHA1
acd664487103bcafaaaf0ab43516f6edae2c6469

SHA256
8e45f75af3e49641df357e3765778ea055ee507b0ba3d9154298509af0b236c1

SHA512
c6531bd80daef345b1d6a7092a06e8982a61ca9767775784f1bf2c6aef0cb8d7af0f83eafd0d705e0db5cf8f5f036bc305a5c4d0f885cc448a8b6f9bad6b2806

Download Submit
C:\Users\Admin\Desktop\CompleteFormat.mid

Filesize
241KB

MD5
8211d4486b488b69c971862da658d161

SHA1
a3990523821b7b94a53ce733ace7f3aa17195fb2

SHA256
51cf40fc586ad999a5f21933d58713c89252335cb8dc75b7fd6b21179c62e3ac

SHA512
63532d222a0adcbe5dae1d21ea4f55c6a8aa09e6964fad115066ff20274c965b07a48a120b5d0d7da20198b87474e830240f8d096d1a886201c44172565270f7

Download Submit
C:\Users\Admin\Desktop\ConvertFromExport.vssm

Filesize
398KB

MD5
934573634835392a7a63a952fa5d6107

SHA1
eadfc0f4a8de12a767c44414dee59c1e1c221baa

SHA256
6344647ebcb09476a9680cb39ca1d7938e860aaeaedb4e31dc03483d22750b4b

SHA512
cd6fb19c57f30ee784669c18756b3860c416d3c64a6d9cb1d77f4ef56b57754706df4c789319ad0ab089b06212923c953a0e421e3a6b558f2e81ed12e813ebc4

Download Submit
C:\Users\Admin\Desktop\DisableProtect.cab

Filesize
432KB

MD5
a1c704ce4ae1620d2268570cd2e65907

SHA1
12328372930d1147bd73401aa4bf22c96ac99296

SHA256
d6a9ee84aef27ec75c54c775d6844e1939d5762518fedd1b80cf564cb9985962

SHA512
f93e98e96a39d551e332d024a6c954ba689237d231f04e19eeac217a6ac091c8e416feccfd6072365329c154afb720e12ec3a2c9e4843aee450fff67497f7369

Download Submit
C:\Users\Admin\Desktop\DisconnectWait.bmp

Filesize
387KB

MD5
6f8db139572e9d372311460ad61c3398

SHA1
94da837b47c79e8814bca35414c8d33b804a11ac

SHA256
59f04acb4fd1d5267f75ea40e19a74407104891b1c137096d26197fdfda966cc

SHA512
b9f59c5f36bb42466ad039a19d17e3ccf4f611170985abe67b2f7fe6d43b40ed15c6cdbfc278920b9db5db5b3f9377f775e11ff5e2306ae9de87bdfb945cb1dd

Download Submit
C:\Users\Admin\Desktop\[email protected]

Filesize
1.4MB

MD5
63210f8f1dde6c40a7f3643ccf0ff313

SHA1
57edd72391d710d71bead504d44389d0462ccec9

SHA256
2aab13d49b60001de3aa47fb8f7251a973faa7f3c53a3840cdf5fd0b26e9a09f

SHA512
87a89e8ab85be150a783a9f8d41797cfa12f86fdccb48f2180c0498bfd2b1040b730dee4665fe2c83b98d436453680226051b7f1532e1c0e0cda0cf702e80a11

Download Submit
C:\Users\Admin\Desktop\ExitGrant.svgz

Filesize
185KB

MD5
2dc9eb23661eb189d734036a0a521edc

SHA1
385f38476a2235caf0c5470b5644cfc003e6bd1c

SHA256
945991bfca4fd6dd089532e3d6482257d1018d1e03ca753ba41fb54e4a690dae

SHA512
8198ac407e877be734950b92dd8bbc694ac823dd77123c5dd02611bd40cbcfb731036d29592aaf718b9f6b15683805f92a260ce6451ed3ca0fb3aa65cd3fca7e

Download Submit
C:\Users\Admin\Desktop\FindRepair.vsdm

Filesize
151KB

MD5
baf873094869e4e5c03a8d9855e35ed5

SHA1
49c1f2eac0b76527e50a0c739b2b33862916797f

SHA256
773522eb0030b0d35b0fbea30ed303296b2548489b08bf4c310c5532885ce334

SHA512
b7fd217afcd340d1172381a31971fc050042679d77f5185b1714a2cbea7ca77e4b10adc327656c630e8d5ec82ba0ca7d38abafb70a22959d903c3d845b2b8c09

Download Submit
C:\Users\Admin\Desktop\HideClose.cr2

Filesize
320KB

MD5
eca961767cc3f23d14eaf669592d4867

SHA1
0833812926e4b85d725dbc1d3d3d50f035437039

SHA256
0f7cb46cf47fbe8ff03e8484925fe627430fb9063ca1030690464773e533c23b

SHA512
28b1a5917f2849d51dc5e94f96f021f3d648861cede77c62eb28fb453f656d0cd27b1bf319edb401eb61f765c285145d307f9b6bca5024688f94b054dbfdcd57

Download Submit
C:\Users\Admin\Desktop\InitializeAssert.pps

Filesize
353KB

MD5
54acc260cfe77cb3d13e6d90c60a36f5

SHA1
ebf783f076a775dec6d0f0cc4a01be080ddb1c4d

SHA256
fbe8f7161229db26eb0578ad2100f94e21d01d9e7013030a66401dd7ac5040d6

SHA512
7b6d2f9426256363409a992718122fc0ee643e3496fdb512f9735162bf82ee7511f41b1fe25c31d4d5bb334386609f28e00050aabbbb514c219ee6b2e79ca90c

Download Submit
C:\Users\Admin\Desktop\InitializeResolve.mhtml

Filesize
162KB

MD5
eadedd557f75222598f46e7b9abfea11

SHA1
447ccf0a8b0a300d369ebeac99be8b7cbe4af66a

SHA256
21dc7820eca33978a1fe719940794463c1edadb3c728da36f711b22ac84948ef

SHA512
e735950b0c15743787d51d6a30898d3140c4819788307b7e1567b6b5828b1cfbc9ef9dd92a644e01a289f012fcb68b7ea8ef6aa94fa75f2ac1b3db6928d8f997

Download Submit
C:\Users\Admin\Desktop\JoinAssert.xlsx

Filesize
11KB

MD5
ec5de1c0cf5906d033487850b735717d

SHA1
55295d19bce4b6b62a6253b05ba4e2920074294d

SHA256
530e1abc808df4004ed7e935fe6b219e3a614c514e8eb40ef218f69d16d58a6d

SHA512
1c4b70c804487995729ced8fd2c521dac599429a38998db4077765771f56a9b993beed5053cafbb3870b356530362fc450009019cedefc749590077a8e61d0fd

Download Submit
C:\Users\Admin\Desktop\JoinRestart.nfo

Filesize
421KB

MD5
3685791df9703b26799aef5f23779199

SHA1
c4c142747bb2e7efa229de2d0b2c17e82c66f9b4

SHA256
28b263be02e87360fca98a9d1a1da74273ac5c6e369f59615f94c799f520f530

SHA512
e279cfaa7b29e13543fdde22480db832a8e02281a8eebf610e115b66cce3ed31104266affdef912ca55f650b045cc9a666d89580284e64622f3bfad0ec7cd2d4

Download Submit
C:\Users\Admin\Desktop\JoinSwitch.xlsx

Filesize
13KB

MD5
8587bd2ac4024ea698a3814203040c62

SHA1
f26ca802b98a48cf730774307ed8903f981da98f

SHA256
a42ac34d274118f7383058b5a5bdc7c8105122b56a37bd0b43ff9207d5e1ce73

SHA512
241aa42e611003a32f09c0280819a8bb34270c1811eaa702f0ad803881943cd87daeedfca0e32b20898bdf46bf94ed8d6f294a1d42f7bcc7271b50f55ce58b03

Download Submit
C:\Users\Admin\Desktop\ProtectOpen.jpeg

Filesize
309KB

MD5
9bf35d6e7be14d48ab58788a9b7f261d

SHA1
b7a52d0bf0a4b3e9ea98163150557ab0c75db50a

SHA256
2c87db80f3e64e49d2a29c9622fdd3b2005bb541cebbdf527b5c142d7659ee77

SHA512
76460b5524ac965acc9d75330c9c44413438e81b0f1de1d89daf9b14a8393e7c08cbee7b1d1dc3200c7ac6415260a0d1f249de036caaba7a32f263af3297668d

Download Submit
C:\Users\Admin\Desktop\ReceiveExpand.avi

Filesize
252KB

MD5
95e44a30ae62cc40e713aa23f32e4f5c

SHA1
86c1d19914b5e1fe0a3224bb67fb9bc949d12d45

SHA256
c9bb4de80655a0380c4f7fb34418d40d5c40f2da5c5d7368ee3e683fa47f90f1

SHA512
d6ff6f08449689fc3cf56144d422d38f5ba7068315ce752ea932a1c6ff441d1fffa258760b4cdfc53f0500a4c5f6d5f8f42499830e237c33f0dd0789a532ee7e

Download Submit
C:\Users\Admin\Desktop\RemoveSet.mp2v

Filesize
365KB

MD5
06d7dad1d41131d194d2ecbc2aa90c4c

SHA1
9eff4fe8f1f7f343d99b483abb8d047974e5f5db

SHA256
f6d1e133efdc716ea91c54bc6734650b4963e78b6d2b818fcb5e2827847f328a

SHA512
d7a0d69fc04e4eb48545692c892bc767af979bf32d384ac751b7f0c275c46d45dfa48f33a4ceacc2b1a91e082d39dcc93942f3accc667b8511ce2ba70ea43d15

Download Submit
C:\Users\Admin\Desktop\ResetCopy.mpeg

Filesize
342KB

MD5
0bbf11b7f2e7a6fc679e211add526f2c

SHA1
fd6ab7c6415a3e08fc9de135240f290e84659892

SHA256
e54ea16597e70db8dbc9602bce9593c226222bc96d7d997c53a2f783b825db8a

SHA512
d56653d980217844d5a639a7d5c2d82b32b907bf1c0a58f6fcca4af6b05eabcc77a207a1a6513555d573c61346736a4e4d37c63eddf4fbd8348d71b1c446c3ae

Download Submit
C:\Users\Admin\Desktop\RestoreExpand.fon

Filesize
410KB

MD5
2e1f2f7d469d4b3502a66043daf693ed

SHA1
d4b2e61e057c36a741ffa8f0132f4e921c7c35c7

SHA256
9b9e353da6ff9404a7a1f12614da38547be4e657cb8122dbb82746badc23933d

SHA512
b8011c97023a12458dc82b49e219939db12c6c137388b167d24cf9b97edc7cf8e4018be656807bc1740996eba0026ad69694b8f8d7c48005231edb69685e2d84

Download Submit
C:\Users\Admin\Desktop\RevokeHide.vsx

Filesize
174KB

MD5
d687c03f484077b7f88380be216db512

SHA1
2fa9ee152c28f70538198be804470f207ccc947e

SHA256
6e7d1acc8503e7cd5c160a0159a5fe633041624079060cfbf36a3f56eb27a78f

SHA512
ff439418e00e5d4862afc57f2e6446f2e19aea360b8c4af0d710c1bf3a5537be1df158f7334f45e8a006b0d810b4c765a4dc85f06a9a73888cfea3118bcd817e

Download Submit
C:\Users\Admin\Desktop\SendImport.docx

Filesize
15KB

MD5
75472fc7db472ae4da3252f1215a56b2

SHA1
7d0077a324e01a3cf999100f11348ffadf3ec8fb

SHA256
2680b26df0b5b339a2cb0abf621227549bf98ad0dc04016341cd932ebfb6e579

SHA512
717dfbc719bf43c967484c5022082603ddc6ceacb2656a41886086a3fe29af2019fb02f0fea61307d7218569bd9a1ef4dd2525ed2be519fa9c8451c054fe7481

Download Submit
C:\Users\Admin\Desktop\ShowPush.jpg

Filesize
219KB

MD5
89746445bd04d260903bd8ea4e450da8

SHA1
941044e33a3d5873310ac7e9871b5242c8556289

SHA256
a57a231d0b47b4a274e4bc942797411473923b1321aec89a6a6fc158c1df79ba

SHA512
dd7134bbcc1b27ddab3b196d52ea744f4a59f5607cc47197f745bd25394dc0ccaab830c516490ccb19a72b7340c39c9c5ce70096d1135b5dbecf7d5253f9fb51

Download Submit
C:\Users\Admin\Desktop\ShowSync.rle

Filesize
297KB

MD5
8c19913dba580448202b8c01339fd696

SHA1
e4efec8e929bed08cc7098b104245ab9f4e3bc9f

SHA256
91db8cfd9cb6c5196aa282ada0b136599fcfa43bff6823437d214d9fd71994fb

SHA512
4837de83310eb44a0c66949e82defd8bf797c6503d63f38fc747f6193237037390f96253075dbd6cbc29da64ac690f6db0a0b9b671d9165bafad7485846d2e44

Download Submit
C:\Users\Admin\Desktop\StartRemove.mpeg3

Filesize
196KB

MD5
202dfecfcd363480959ec02d07257a40

SHA1
e634fa593fdf1b94d7d65be74a97830a2d4bdd46

SHA256
4f2580610133f50c429ad0c5d56d53bec0a916da2c77ecff9518d7a40cc69631

SHA512
db1b6ea50c4fdcd1668a2a5fab295e8625914e7ebaa034dd3f54518ca2a86890f8f46c962f51609ba3fab0923dbc908de5cf928ef7bf93649589997a9621fbb5

Download Submit
C:\Users\Admin\Desktop\StepInvoke.docx

Filesize
20KB

MD5
a9d5ae31a61e45edccc9cf7e888036f4

SHA1
4ee95a66b9220fc6aed33fd5df56005f14736356

SHA256
3f2bd89f72c46ea17c37898e3876511dd7be4171c663de78f5ca7804a06f7044

SHA512
1d1d0f05746a80aeb16aa462691152fc34516cf5b66aed6030aa7a2757e640193b9b84a45de2f655529d607011fa678cbbd31012a31e627534bc521484ddb854

Download Submit
C:\Users\Admin\Desktop\SubmitRestore.docx

Filesize
19KB

MD5
0fe803d144b728b74287b6e559504613

SHA1
d337b8848765923e0401e873ed3515ea2cbb85cf

SHA256
0d16426bea3b62e7999ea08dc52d79d0f3f3b637ad2175d3b0924a40a0471580

SHA512
646edebe7785d11a7a6d8acf9986caae45ed55b3b52d67c1b9987ba05eee0dd07d98ef771ce5d1685a005943eb096008ddcc3dd7afb82a9178998040dd74680d

Download Submit
C:\Users\Admin\Desktop\SyncReset.docx

Filesize
20KB

MD5
fc829c830424c6eb220d13e2ed2c19e2

SHA1
cb6711bf50136600b4ecfef89da8cbdc798aa77c

SHA256
a0695505030679bb62e653a6a9893bbaf0eec68deecc5da4878c7c863fd73cf6

SHA512
642481e00ea7eefab361f3c4384d0fc73598401d01c783b991b0ad0d42c13e3b8824275048c216a465dc81e9b7c7b3799188b72379bd39359ddcfe15decf5826

Download Submit
C:\Users\Admin\Desktop\TestUndo.ppt

Filesize
376KB

MD5
1ab275615b1995fc7001d6d4771f4bc8

SHA1
65b7a5ecd5f81ccae87dd2444fb9a34e92b6111e

SHA256
38f5937adc7fcf5a402acc97e736bf54b8f37a0ddd568e37f452fc5b4f0810c7

SHA512
209e4aef69f1b0041639c7605d8a5626a1c355b5b72197f5dc2a81fedb4c11f0a7fe81f9096b3730c5e2ac9a3be26de4a67ca5b6f8f81330d3beed7600417444

Download Submit
C:\Users\Admin\Desktop\UnblockRestore.jtx

Filesize
286KB

MD5
02e04aa99dc07b92a5aa9d38dbe2cab2

SHA1
4dc0ac33a199164fe2cc59d2dc7604b79ee31907

SHA256
f4bf474387f65aae4bb847edf947eafa603c0156622c88dad3fa6ac744716866

SHA512
e5bf45ceda3b23dd1c1783cdc183b7d5a97c7bd1909528878f7e1459a88585692ec1865d62d7fa16042c8b201d7f28193f1d05c993155d6d77fff4ad7a28d9ac

Download Submit
C:\Users\Admin\Desktop\WriteResolve.dib

Filesize
207KB

MD5
a3a1051975bbb2a6b0ff456609740eee

SHA1
bc6bbc00d003f746f548b1c97797e38f76429dc6

SHA256
1f2ec7cbb60b26e568c79df98ca52b71fd9b29b0a718066803a019a8de9fc546

SHA512
666e989250df1a2bff0538e8c7745b0bf978c3f625669f261bb225744a7df2b5b3e810882cee9b018b968742e059c9e3c7a0b49836f9962b95fac0211e457c94

Download Submit
C:\Users\Admin\Downloads\2rq6_FEn.zip.part

Filesize
916KB

MD5
f315e49d46914e3989a160bbcfc5de85

SHA1
99654bfeaad090d95deef3a2e9d5d021d2dc5f63

SHA256
5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

SHA512
224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

Download Submit
C:\Users\Admin\Downloads\XAwCMWTa.zip.part

Filesize
8KB

MD5
69977a5d1c648976d47b69ea3aa8fcaa

SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a

SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
878B

MD5
5d7728add5ea07795a24028b434a40a5

SHA1
47f54c2b8fcf108314dfbd6d41a62cbd52ed1de5

SHA256
d8f87d74f4e3630b909aca5c8ac2c3092bc71bc323c27773f0e1b58ab0ebdd5a

SHA512
d401d23cd4e8097980c72ad5d6240427020fe1d45224fb81b2e2137692ec71d23148c73d14435e88e3a41806a35055c7426ddb6feb1b15f5c49cd7dbada0c415

Download Submit
memory/748-3554-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/748-3623-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/824-0-0x0000000000310000-0x0000000000311000-memory.dmp

Filesize
4KB

Download
memory/1520-3624-0x000007FEF6F80000-0x000007FEF6FCC000-memory.dmp

Filesize
304KB

Download
memory/2576-1418-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2576-1392-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2576-1395-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2576-1390-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2576-1391-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2752-1404-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/2752-1407-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3540-1401-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3540-1410-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3540-1411-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3540-1400-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3540-3572-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3540-3610-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3540-1928-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/3568-1421-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/3568-2057-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download