locky | hxxps://www[.]roblox[.]com/users/1171610343/profile

Resubmissions

21-08-2024 17:35

240821-v6hxhsvfjj 10

21-08-2024 17:15

240821-vsm93s1bqa 3

Analysis

max time kernel
1189s
max time network
1203s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
21-08-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.roblox.com/users/1171610343/profile

Score

10^/10

locky defense_evasion discovery evasion motw persistence phishing ransomware themida trojan

Malware Config

Signatures

Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky

Process spawned unexpected child process 2 IoCs

This typically indicates the parent process was compromised via an exploit or macro.

Processes:

cmd.execmd.exe

description	pid	pid_target	process	target process
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	6728	1572	cmd.exe
Parent C:\Windows\system32\wbem\wmiprvse.exe is not expected to spawn this process	6968	9556	cmd.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 43 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

1965240510.cxrMainStarter.exe1927784748.cxr393125865.cxr506050760.cxr866388922.cxr2136259693.cxr1720104225.cxrRanstart.exe1579948634.cxr473683140.cxrMainStarter.exe1346060747.cxr1564731766.cxrMainStarter.exeMainStarter.exeCollector.exe266644133.cxr798164171.cxr1257183912.cxr1965240510:ed1aMainStarter.exe1360896723.cxr2090002749.cxr318348475.cxr1597093982.cxrRanstart.exeCollector.exeCollector.exeMainStarter.exe1721565510.cxr972476138.cxr825367670.cxr80185637.cxrRanstart.exeMainStarter.exe1134497541.cxr2066354664.cxr932006360.cxr1525180272.cxrMainStarter.exeMainStarter.exe1321592708.cxr

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1965240510.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1927784748.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	393125865.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	506050760.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	866388922.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2136259693.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1720104225.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Ranstart.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1579948634.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	473683140.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1346060747.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1564731766.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Collector.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	266644133.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	798164171.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1257183912.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1965240510:ed1a
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1360896723.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2090002749.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	318348475.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1597093982.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Ranstart.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Collector.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Collector.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1721565510.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	972476138.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	825367670.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	80185637.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Ranstart.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1134497541.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	2066354664.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	932006360.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1525180272.cxr
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	MainStarter.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	1321592708.cxr

Renames multiple (78) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 64 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

1721565510.cxr1579948634.cxr1965240510.cxr2136259693.cxr1564731766.cxrMainStarter.exeMainStarter.exe506050760.cxrMainStarter.exe1360896723.cxr1321592708.cxr972476138.cxr825367670.cxr80185637.cxrMainStarter.exe473683140.cxrCollector.exe2090002749.cxr266644133.cxr1346060747.cxrRanstart.exeRanstart.exeRanstart.exeCollector.exe1134497541.cxr318348475.cxr932006360.cxr1525180272.cxr866388922.cxr1257183912.cxrMainStarter.exeMainStarter.exeMainStarter.exe2066354664.cxrMainStarter.exe1927784748.cxr1720104225.cxrCollector.exeMainStarter.exe393125865.cxr

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1721565510.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1579948634.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1965240510.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2136259693.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1564731766.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	506050760.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1360896723.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1321592708.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	972476138.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1721565510.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1965240510.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	972476138.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	825367670.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	80185637.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	473683140.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Collector.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1321592708.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2090002749.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	266644133.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1579948634.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	506050760.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1346060747.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1346060747.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	825367670.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Collector.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1134497541.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2090002749.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	318348475.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	932006360.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1525180272.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	866388922.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1257183912.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2066354664.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1257183912.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1927784748.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1360896723.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1720104225.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Collector.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	2066354664.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	393125865.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	473683140.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	1564731766.cxr
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	1720104225.cxr

Executes dropped EXE 51 IoCs

Processes:

avast_free_antivirus_setup_online.exezipmate.exeSimulatorSetup.exeRanstart.exeMainStarter.exeRanstart.exeCollector.exeMainStarter.exeMainStarter.exeMainStarter.exeCollector.exeMainStarter.exe1927784748.cxr1134497541.cxr1360896723.cxr2066354664.cxr972476138.cxr1321592708.cxr393125865.cxr2090002749.cxr266644133.cxr1721565510.cxr798164171.cxr1597093982.cxr1965240510.cxrMainStarter.exe506050760.cxr1579948634.cxr318348475.cxr825367670.cxr1346060747.cxr473683140.cxr932006360.cxr1525180272.cxr866388922.cxr2136259693.cxr80185637.cxr1564731766.cxr1720104225.cxr1257183912.cxrRanstart.exe24082117521082_inj.exe1965240510:ed1a24082117515858_inj.exe24082117523475_inj.exe240821175303_mr.exe240821175304_rsw.exeCollector.exeMainStarter.exeMainStarter.exeMainStarter.exe

pid	process
5328	avast_free_antivirus_setup_online.exe
3452	zipmate.exe
6032	SimulatorSetup.exe
6972	Ranstart.exe
5672	MainStarter.exe
7000	Ranstart.exe
7104	Collector.exe
7076	MainStarter.exe
4444	MainStarter.exe
6888	MainStarter.exe
4932	Collector.exe
7224	MainStarter.exe
9088	1927784748.cxr
7888	1134497541.cxr
8120	1360896723.cxr
7808	2066354664.cxr
3872	972476138.cxr
6772	1321592708.cxr
5208	393125865.cxr
7616	2090002749.cxr
6084	266644133.cxr
5512	1721565510.cxr
5644	798164171.cxr
7424	1597093982.cxr
7408	1965240510.cxr
7352	MainStarter.exe
7340	506050760.cxr
2756	1579948634.cxr
7472	318348475.cxr
7544	825367670.cxr
7620	1346060747.cxr
9332	473683140.cxr
9316	932006360.cxr
9624	1525180272.cxr
9664	866388922.cxr
9684	2136259693.cxr
9864	80185637.cxr
9896	1564731766.cxr
9564	1720104225.cxr
7784	1257183912.cxr
7396	Ranstart.exe
6944	24082117521082_inj.exe
4076	1965240510:ed1a
8064	24082117515858_inj.exe
588	24082117523475_inj.exe
10256	240821175303_mr.exe
10528	240821175304_rsw.exe
10248	Collector.exe
7940	MainStarter.exe
9928	MainStarter.exe
8636	MainStarter.exe

Loads dropped DLL 64 IoCs

Processes:

SimulatorSetup.exeMsiExec.exerundll32.exerundll32.exerundll32.exeRanstart.exeMainStarter.exeRanstart.exeCollector.exeMainStarter.exeMainStarter.exeMainStarter.exeCollector.exeMainStarter.exe1927784748.cxr1134497541.cxr1360896723.cxr2066354664.cxr1321592708.cxr2090002749.cxr393125865.cxr972476138.cxr266644133.cxr798164171.cxr1721565510.cxr318348475.cxr1579948634.cxr1597093982.cxr1965240510.cxr506050760.cxrMainStarter.exe1346060747.cxr825367670.cxr473683140.cxr932006360.cxr1525180272.cxr866388922.cxr2136259693.cxr80185637.cxr1564731766.cxr1720104225.cxr1257183912.cxr

pid	process
6032	SimulatorSetup.exe
6948	MsiExec.exe
5096	rundll32.exe
5096	rundll32.exe
5096	rundll32.exe
5096	rundll32.exe
5096	rundll32.exe
6948	MsiExec.exe
5688	rundll32.exe
5688	rundll32.exe
5688	rundll32.exe
5688	rundll32.exe
5688	rundll32.exe
6948	MsiExec.exe
6872	rundll32.exe
6872	rundll32.exe
6872	rundll32.exe
6872	rundll32.exe
6872	rundll32.exe
6972	Ranstart.exe
5672	MainStarter.exe
7000	Ranstart.exe
7104	Collector.exe
7076	MainStarter.exe
4444	MainStarter.exe
6888	MainStarter.exe
4932	Collector.exe
7224	MainStarter.exe
9088	1927784748.cxr
7888	1134497541.cxr
8120	1360896723.cxr
7808	2066354664.cxr
6772	1321592708.cxr
7616	2090002749.cxr
5208	393125865.cxr
3872	972476138.cxr
6084	266644133.cxr
5644	798164171.cxr
5512	1721565510.cxr
7472	318348475.cxr
2756	1579948634.cxr
7424	1597093982.cxr
7408	1965240510.cxr
7340	506050760.cxr
7352	MainStarter.exe
7620	1346060747.cxr
7544	825367670.cxr
9332	473683140.cxr
9316	932006360.cxr
9624	1525180272.cxr
9664	866388922.cxr
9684	2136259693.cxr
9864	80185637.cxr
9896	1564731766.cxr
9564	1720104225.cxr
9088	1927784748.cxr
7888	1134497541.cxr
7784	1257183912.cxr
8120	1360896723.cxr
6772	1321592708.cxr
7808	2066354664.cxr
6084	266644133.cxr
7616	2090002749.cxr
5644	798164171.cxr

Themida packer 27 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\626b2452-90c0-4e00-822e-1f3716c381db\AgileDotNetRT64.dll	themida
behavioral1/memory/6972-6239-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/5672-6272-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/6972-6451-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/5672-6456-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7000-6462-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7000-6467-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7104-6477-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7076-6478-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/4444-6709-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7104-6714-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7076-6717-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/4444-6892-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/6888-6894-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/6888-7177-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/4932-7366-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7224-8543-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/4932-10792-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7224-10810-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/9088-10811-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7888-10813-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/9088-10916-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/6888-11020-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7888-11062-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7888-16159-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/9088-17248-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida
behavioral1/memory/7104-18926-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp	themida

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

SimulatorSetup.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\{8e51774f-713e-48d3-8d12-21a9548c07cf} = "\"C:\\Users\\Admin\\AppData\\Local\\Package Cache\\{8e51774f-713e-48d3-8d12-21a9548c07cf}\\SimulatorSetup.exe\" /burn.runonce"	SimulatorSetup.exe

Blocklisted process makes network request 1 IoCs

Processes:

msiexec.exe

flow pid process

1783 6760 msiexec.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

flow	pid	process
1783	6760	msiexec.exe

Checks whether UAC is enabled 1 TTPs 43 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

Collector.exe1721565510.cxr506050760.cxr1965240510:ed1aMainStarter.exeMainStarter.exe393125865.cxr1597093982.cxr2136259693.cxrRanstart.exeRanstart.exe266644133.cxr1525180272.cxr80185637.cxr1564731766.cxr2066354664.cxr2090002749.cxr825367670.cxrMainStarter.exeCollector.exe1134497541.cxr1360896723.cxr972476138.cxr1579948634.cxr1346060747.cxrCollector.exeMainStarter.exeRanstart.exeMainStarter.exe473683140.cxrMainStarter.exeMainStarter.exe1927784748.cxr1965240510.cxrMainStarter.exe932006360.cxrMainStarter.exe1321592708.cxr798164171.cxr318348475.cxr866388922.cxr1720104225.cxr1257183912.cxr

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Collector.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1721565510.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	506050760.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1965240510:ed1a
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	393125865.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1597093982.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2136259693.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	266644133.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1525180272.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	80185637.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1564731766.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2066354664.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2090002749.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	825367670.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Collector.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1134497541.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1360896723.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	972476138.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1579948634.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1346060747.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Collector.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Ranstart.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	473683140.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1927784748.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1965240510.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	932006360.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	MainStarter.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1321592708.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	798164171.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	318348475.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	866388922.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1720104225.cxr
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	1257183912.cxr

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

zipmate.exemsiexec.exe

description	ioc	process
File opened (read-only)	\??\R:	zipmate.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\J:	zipmate.exe
File opened (read-only)	\??\Q:	zipmate.exe
File opened (read-only)	\??\Y:	zipmate.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\K:	zipmate.exe
File opened (read-only)	\??\P:	zipmate.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\M:	zipmate.exe
File opened (read-only)	\??\O:	zipmate.exe
File opened (read-only)	\??\S:	zipmate.exe
File opened (read-only)	\??\U:	zipmate.exe
File opened (read-only)	\??\V:	zipmate.exe
File opened (read-only)	\??\W:	zipmate.exe
File opened (read-only)	\??\E:	zipmate.exe
File opened (read-only)	\??\G:	zipmate.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	zipmate.exe
File opened (read-only)	\??\Z:	zipmate.exe
File opened (read-only)	\??\H:	zipmate.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\I:	zipmate.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	zipmate.exe
File opened (read-only)	\??\T:	zipmate.exe
File opened (read-only)	\??\N:	zipmate.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	zipmate.exe
File opened (read-only)	\??\L:	zipmate.exe
File opened (read-only)	\??\W:	msiexec.exe

Indicator Removal: File Deletion 1 TTPs
Adversaries may delete files left behind by the actions of their intrusion activity.
defense_evasion

File Deletion
T1070.004
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

1616 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html
Suspicious use of SetThreadContext 1 IoCs

Processes:

24082117521082_inj.exe

description pid process target process

PID 6944 set thread context of 10468 6944 24082117521082_inj.exe notepad.exe

flow	ioc
1616	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

description	pid	process	target process
PID 6944 set thread context of 10468	6944	24082117521082_inj.exe	notepad.exe

Drops file in Windows directory 26 IoCs

Processes:

rundll32.exemsiexec.exeMicrosoftEdge.exerundll32.exesvchost.exerundll32.exesvchost.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSIEFA6.tmp-\CustomActions.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Installer\MSIE748.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8B0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI8B0.tmp-\CustomActions.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIEFA6.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIEFA6.tmp-\CustomAction.config	rundll32.exe
File created	C:\Windows\Installer\SourceHash{9D037432-72EC-4A03-9A0D-116EACC48A8E}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIF7B6.tmp	msiexec.exe
File created	C:\Windows\INF\netrasa.PNF	svchost.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE748.tmp-\CustomActions.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSI8B0.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIEFA6.tmp	msiexec.exe
File created	C:\Windows\Installer\e63dd3a.msi	msiexec.exe
File created	C:\Windows\INF\netsstpa.PNF	svchost.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File opened for modification	C:\Windows\Installer\MSI8B0.tmp-\CustomAction.config	rundll32.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\Installer\e63dd36.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e63dd36.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIE748.tmp-\Microsoft.Deployment.WindowsInstaller.dll	rundll32.exe
File opened for modification	C:\Windows\Installer\MSIE748.tmp-\CustomAction.config	rundll32.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\zipmate.exe:Zone.Identifier	firefox.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

SimulatorSetup.exerundll32.exerundll32.exe240821175304_rsw.exeavast_free_antivirus_setup_online.exeSimulatorSetup.exeMsiExec.exerundll32.exeDllHost.exe240821175303_mr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SimulatorSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240821175304_rsw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	avast_free_antivirus_setup_online.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SimulatorSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	240821175303_mr.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0065	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0018	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0055	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\000A	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004C	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004D	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A\	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3b2ce006-5e61-4fde-bab8-9b8aac9b26df}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0052	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\004E	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{afd97640-86a3-4210-b67c-289c41aabe55}\0003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{4340a6c5-93fa-4706-972c-7b648008a5a7}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\0016	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0005	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0038	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Capabilities	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0051	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Mfg	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\0034	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{3464f7a4-2444-40b1-980a-e0903cb6d912}\000A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\2003	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{80d81ea6-7473-4b0c-8216-efc11a2c4c8b}\0002	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{656a3bb3-ecc0-43fd-8477-4ae0404a96cd}\300A	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{88ad39db-0d0c-4a38-8435-4043826b5c91}\0009	svchost.exe

Checks processor information in registry 2 TTPs 15 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 4 IoCs

Processes:

svchost.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	svchost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache	svchost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000	svchost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1a\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client"	svchost.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeSimulatorSetup.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.roblox.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com\ = "84"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Installer\Dependencies\{8e51774f-713e-48d3-8d12-21a9548c07cf}\Dependents	SimulatorSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Installer\Dependencies\{9D037432-72EC-4A03-9A0D-116EACC48A8E}	SimulatorSetup.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com\NumberOfSubdoma = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.roblox.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com\ = "105"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0000000000000000	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com\NumberOfSubdomains = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\roblox.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com\Total = "84"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Installer\Dependencies\{8e51774f-713e-48d3-8d12-21a9548c07cf}\Dependents\{8e51774f-713e-48d3-8d12-21a9548c07cf}	SimulatorSetup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000ec45b4fffe7c60b5dee335f8718b571374007da9725d1d396b12fa39818f5af63444c5d925a290a54014fc609c52cf776bcd33052fedaeeb4189	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "82"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Installer\Dependencies	SimulatorSetup.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4322dda0f0f3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\ImageStoreRandomFolder = "cgdzszh"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com\Total = "56"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\roblox.com\Total = "105"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.roblox.com\ = "82"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\AskToCloseAllTabs = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore	MicrosoftEdge.exe

NTFS ADS 5 IoCs

Processes:

firefox.exe1965240510.cxr1965240510:ed1a

description	ioc	process
File created	C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\zipmate.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\ransim.zip:Zone.Identifier	firefox.exe
File opened for modification	C:\KB4\Newsim\DataDir\MainFolders\14\1965240510:ed1a	1965240510.cxr
File created	C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\1965240510:ed1a.log	1965240510:ed1a

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

zipmate.exemsiexec.exeRanstart.exeMainStarter.exeMainStarter.exeCollector.exeMainStarter.exeMainStarter.exeCollector.exeMainStarter.exe1927784748.cxr1134497541.cxr1360896723.cxr2066354664.cxr1321592708.cxr2090002749.cxr266644133.cxr798164171.cxr393125865.cxr972476138.cxr1721565510.cxr

pid	process
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
6760	msiexec.exe
6760	msiexec.exe
6972	Ranstart.exe
6972	Ranstart.exe
6972	Ranstart.exe
5672	MainStarter.exe
5672	MainStarter.exe
6972	Ranstart.exe
6972	Ranstart.exe
6972	Ranstart.exe
6972	Ranstart.exe
6972	Ranstart.exe
7076	MainStarter.exe
7076	MainStarter.exe
7104	Collector.exe
7104	Collector.exe
4444	MainStarter.exe
4444	MainStarter.exe
6888	MainStarter.exe
6888	MainStarter.exe
6888	MainStarter.exe
4932	Collector.exe
4932	Collector.exe
7224	MainStarter.exe
7224	MainStarter.exe
9088	1927784748.cxr
9088	1927784748.cxr
7888	1134497541.cxr
7888	1134497541.cxr
7104	Collector.exe
7104	Collector.exe
8120	1360896723.cxr
8120	1360896723.cxr
7104	Collector.exe
7104	Collector.exe
7104	Collector.exe
7808	2066354664.cxr
7808	2066354664.cxr
7104	Collector.exe
6772	1321592708.cxr
6772	1321592708.cxr
7616	2090002749.cxr
7616	2090002749.cxr
6084	266644133.cxr
6084	266644133.cxr
7104	Collector.exe
7104	Collector.exe
9088	1927784748.cxr
7104	Collector.exe
5644	798164171.cxr
5644	798164171.cxr
7104	Collector.exe
5208	393125865.cxr
5208	393125865.cxr
3872	972476138.cxr
3872	972476138.cxr
7104	Collector.exe
7104	Collector.exe
7888	1134497541.cxr
7888	1134497541.cxr
5512	1721565510.cxr

Suspicious behavior: LoadsDriver 10 IoCs

Processes:

pid

4
4
4
4
4
620
4
4
4
4
Suspicious behavior: MapViewOfSection 4 IoCs

Processes:

MicrosoftEdgeCP.exe

pid process

4220 MicrosoftEdgeCP.exe
4220 MicrosoftEdgeCP.exe
4220 MicrosoftEdgeCP.exe
4220 MicrosoftEdgeCP.exe

pid
4
4
4
4
4
620
4
4
4
4

pid	process
4220	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exefirefox.exezipmate.exeSimulatorSetup.exemsiexec.exe

description	pid	process
Token: SeDebugPrivilege	1488	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1488	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1488	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1488	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4212	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4212	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4308	MicrosoftEdge.exe
Token: SeDebugPrivilege	4308	MicrosoftEdge.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	3452	zipmate.exe
Token: SeShutdownPrivilege	3452	zipmate.exe
Token: SeCreatePagefilePrivilege	3452	zipmate.exe
Token: SeShutdownPrivilege	3452	zipmate.exe
Token: SeCreatePagefilePrivilege	3452	zipmate.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeShutdownPrivilege	3452	zipmate.exe
Token: SeCreatePagefilePrivilege	3452	zipmate.exe
Token: SeShutdownPrivilege	3452	zipmate.exe
Token: SeCreatePagefilePrivilege	3452	zipmate.exe
Token: SeShutdownPrivilege	3452	zipmate.exe
Token: SeCreatePagefilePrivilege	3452	zipmate.exe
Token: SeShutdownPrivilege	3452	zipmate.exe
Token: SeCreatePagefilePrivilege	3452	zipmate.exe
Token: SeShutdownPrivilege	3452	zipmate.exe
Token: SeCreatePagefilePrivilege	3452	zipmate.exe
Token: SeDebugPrivilege	3452	zipmate.exe
Token: SeDebugPrivilege	3452	zipmate.exe
Token: SeDebugPrivilege	3452	zipmate.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeDebugPrivilege	2212	firefox.exe
Token: SeShutdownPrivilege	6032	SimulatorSetup.exe
Token: SeIncreaseQuotaPrivilege	6032	SimulatorSetup.exe
Token: SeSecurityPrivilege	6760	msiexec.exe
Token: SeCreateTokenPrivilege	6032	SimulatorSetup.exe
Token: SeAssignPrimaryTokenPrivilege	6032	SimulatorSetup.exe
Token: SeLockMemoryPrivilege	6032	SimulatorSetup.exe
Token: SeIncreaseQuotaPrivilege	6032	SimulatorSetup.exe
Token: SeMachineAccountPrivilege	6032	SimulatorSetup.exe
Token: SeTcbPrivilege	6032	SimulatorSetup.exe
Token: SeSecurityPrivilege	6032	SimulatorSetup.exe
Token: SeTakeOwnershipPrivilege	6032	SimulatorSetup.exe
Token: SeLoadDriverPrivilege	6032	SimulatorSetup.exe
Token: SeSystemProfilePrivilege	6032	SimulatorSetup.exe
Token: SeSystemtimePrivilege	6032	SimulatorSetup.exe
Token: SeProfSingleProcessPrivilege	6032	SimulatorSetup.exe
Token: SeIncBasePriorityPrivilege	6032	SimulatorSetup.exe
Token: SeCreatePagefilePrivilege	6032	SimulatorSetup.exe
Token: SeCreatePermanentPrivilege	6032	SimulatorSetup.exe
Token: SeBackupPrivilege	6032	SimulatorSetup.exe
Token: SeRestorePrivilege	6032	SimulatorSetup.exe
Token: SeShutdownPrivilege	6032	SimulatorSetup.exe
Token: SeDebugPrivilege	6032	SimulatorSetup.exe
Token: SeAuditPrivilege	6032	SimulatorSetup.exe
Token: SeSystemEnvironmentPrivilege	6032	SimulatorSetup.exe
Token: SeChangeNotifyPrivilege	6032	SimulatorSetup.exe
Token: SeRemoteShutdownPrivilege	6032	SimulatorSetup.exe
Token: SeUndockPrivilege	6032	SimulatorSetup.exe

Suspicious use of FindShellTrayWindow 8 IoCs

Processes:

firefox.exeSimulatorSetup.exe

pid process

2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
6032 SimulatorSetup.exe
Suspicious use of SendNotifyMessage 6 IoCs

Processes:

firefox.exe

pid process

2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
2212 firefox.exe
2212 firefox.exe

pid	process
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
6032	SimulatorSetup.exe

pid	process
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exefirefox.exeavast_free_antivirus_setup_online.exezipmate.exe

pid	process
4308	MicrosoftEdge.exe
4220	MicrosoftEdgeCP.exe
1488	MicrosoftEdgeCP.exe
4220	MicrosoftEdgeCP.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
5328	avast_free_antivirus_setup_online.exe
2212	firefox.exe
2212	firefox.exe
2212	firefox.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe
3452	zipmate.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MicrosoftEdgeCP.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4220 wrote to memory of 1276	4220	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 5152 wrote to memory of 2212	5152	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5236	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5236	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe
PID 2212 wrote to memory of 5348	2212	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "https://www.roblox.com/users/1171610343/profile"
1⤵
PID:4436

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4308

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4220

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.0.1290188593\821558731" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1660 -prefsLen 20935 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9fea3a9-2852-4682-bcdf-ce2400665a5f} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1780 21995cd6158 gpu
    3⤵
    PID:5236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.1.1014967546\651328041" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 21016 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2a6dc19-7ac2-417c-b6bb-dc6875d7553c} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2136 2198ac71f58 socket
    3⤵
    PID:5348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.2.398178194\16656460" -childID 1 -isForBrowser -prefsHandle 2680 -prefMapHandle 2880 -prefsLen 21054 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b403175-6f26-466b-974d-12cf31877d0a} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2576 21999fa5558 tab
    3⤵
    PID:5576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.3.807286867\1594954815" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26212 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c98c8c1c-1e08-4ae4-9313-627c4b721723} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3476 2198ac68758 tab
    3⤵
    PID:5736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.4.1532874097\142622514" -childID 3 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {af4c0ae6-8062-4fb9-aa0d-e222e1c7a751} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3996 2199b67d858 tab
    3⤵
    PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.5.477137080\173940661" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 4724 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5c4204b-7152-49dc-a9ec-99673c502891} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4704 2199c4bf258 tab
    3⤵
    PID:3536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.6.228157048\359101278" -childID 5 -isForBrowser -prefsHandle 4648 -prefMapHandle 4644 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13149dac-fbe6-4ffe-b30d-2ff2cc77084c} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4664 2199c4bfe58 tab
    3⤵
    PID:4108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.7.674829872\537452571" -childID 6 -isForBrowser -prefsHandle 5256 -prefMapHandle 5260 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5cd0868-0a17-42a1-aa0b-8be7bcb640a6} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5248 2199c7fa958 tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.8.1553964965\1262447288" -childID 7 -isForBrowser -prefsHandle 1376 -prefMapHandle 2732 -prefsLen 26433 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddc4a9c7-1526-4a63-ba32-5c9cf8e29a7b} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4836 2199c25ad58 tab
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.9.1084957282\1084054093" -childID 8 -isForBrowser -prefsHandle 5448 -prefMapHandle 4720 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ef71dde-5d77-43f1-89a8-5246fe0460bb} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4872 2199b762b58 tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.10.1327083009\408084831" -childID 9 -isForBrowser -prefsHandle 3984 -prefMapHandle 1588 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89c4dea7-9156-4484-acc8-a568f5462c6b} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4624 2199b763d58 tab
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.11.588635929\833720628" -childID 10 -isForBrowser -prefsHandle 7008 -prefMapHandle 6956 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7bb5d5e-43cf-47fc-b016-aa4c4ce6088f} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 7084 2199df86b58 tab
    3⤵
    PID:2404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.12.532057148\1092937811" -childID 11 -isForBrowser -prefsHandle 5936 -prefMapHandle 1588 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df259e80-7acb-4f78-a43c-fdcae98efcd5} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5996 2199e33c658 tab
    3⤵
    PID:1384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.13.1095512993\1699420776" -childID 12 -isForBrowser -prefsHandle 9924 -prefMapHandle 5980 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7525f90c-610a-4323-9934-0c5547632987} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9884 21999f09358 tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.14.582322288\731252545" -childID 13 -isForBrowser -prefsHandle 6072 -prefMapHandle 6084 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e6f7757-b827-4043-9bd7-9b897326dda6} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6036 2199ec31c58 tab
    3⤵
    PID:5512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.15.1466404993\1187501868" -childID 14 -isForBrowser -prefsHandle 9760 -prefMapHandle 9672 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34739c1e-0674-4462-a8d8-9dea70492849} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9748 2199f220a58 tab
    3⤵
    PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.16.2043618719\421814113" -childID 15 -isForBrowser -prefsHandle 9444 -prefMapHandle 9440 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {36c09aa8-d979-4fa5-9365-4d31d960baba} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9452 2199f221058 tab
    3⤵
    PID:1172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.17.768828343\1795408816" -childID 16 -isForBrowser -prefsHandle 5992 -prefMapHandle 9916 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8218c63-4458-47f7-8617-bca99c058845} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9408 2198ac62558 tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.18.1177107262\789671302" -childID 17 -isForBrowser -prefsHandle 10020 -prefMapHandle 10016 -prefsLen 26882 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44eac1de-c806-4a4e-8004-ee5e0d6be96b} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 10028 2199ff7d058 tab
    3⤵
    PID:5016
- - C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe
    "C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.19.894814134\1144869126" -childID 18 -isForBrowser -prefsHandle 5328 -prefMapHandle 4800 -prefsLen 26922 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6caa3529-201c-40bb-a288-eccb8cb0e218} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9252 2199ee87958 tab
    3⤵
    PID:5912
- - C:\Users\Admin\Downloads\zipmate.exe
    "C:\Users\Admin\Downloads\zipmate.exe"
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3452
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      PID:2172
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        5⤵
        Checks processor information in registry
        
        PID:4456
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" https://zipmatepro.com/thankyou?tyid=cb2bebb8-a150-4acd-b26d-935a537bedee
      4⤵
      PID:3848
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" https://zipmatepro.com/thankyou?tyid=cb2bebb8-a150-4acd-b26d-935a537bedee
        5⤵
        Checks processor information in registry
        
        PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.20.2036192372\614423806" -childID 19 -isForBrowser -prefsHandle 8880 -prefMapHandle 8548 -prefsLen 26922 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6ea10b2-c470-4a78-9114-521aae4c02a2} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5204 2199751e458 tab
    3⤵
    PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.21.1433530555\811009080" -childID 20 -isForBrowser -prefsHandle 4544 -prefMapHandle 8388 -prefsLen 26922 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d93a75a9-a8f4-46f7-bc3b-86db45a2cf3e} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3756 21997520258 tab
    3⤵
    PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.22.97465882\1914664396" -childID 21 -isForBrowser -prefsHandle 9428 -prefMapHandle 9612 -prefsLen 26922 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc7d5721-b3a5-4d43-8ee3-219ca153a501} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4840 21996e62b58 tab
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.23.1837091291\806363588" -childID 22 -isForBrowser -prefsHandle 8288 -prefMapHandle 8272 -prefsLen 27155 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {533cddf7-b516-4215-8b51-b2f4bf772779} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 10072 21999f07e58 tab
    3⤵
    PID:4476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.24.427754000\1334517618" -childID 23 -isForBrowser -prefsHandle 9884 -prefMapHandle 8544 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7a959f0-75e1-4d97-af83-831fd9e0138a} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8224 2198ac64158 tab
    3⤵
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.25.961468736\1479000334" -childID 24 -isForBrowser -prefsHandle 9492 -prefMapHandle 5828 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b32a6301-6cff-4b4e-9b17-9f2fefee95aa} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9496 21999f08758 tab
    3⤵
    PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.26.582664087\1236071736" -childID 25 -isForBrowser -prefsHandle 8228 -prefMapHandle 8200 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94179af1-ba11-4453-9804-9a7d6174db3e} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9740 2198ac67558 tab
    3⤵
    PID:2428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.27.2028707015\913198970" -childID 26 -isForBrowser -prefsHandle 8132 -prefMapHandle 8484 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3ccac69-1ffd-4ee4-96cf-3a0deed893bf} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6012 2199d0d7e58 tab
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.28.2087026285\1580724170" -childID 27 -isForBrowser -prefsHandle 6188 -prefMapHandle 9444 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0fffdd4-ef88-4875-af08-a85b0b66dcd2} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8232 2199dff5b58 tab
    3⤵
    PID:2968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.29.1503584649\825115152" -childID 28 -isForBrowser -prefsHandle 8104 -prefMapHandle 3772 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bfe8fbb-f7fc-4e89-9b9d-85883a992952} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5384 2199e24eb58 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.30.2131701555\1681711689" -childID 29 -isForBrowser -prefsHandle 4368 -prefMapHandle 10100 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5e3c4aa-acb3-4072-96d8-36f2aba1c71a} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5384 2199ec31c58 tab
    3⤵
    PID:1908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.31.1972403011\879856987" -childID 30 -isForBrowser -prefsHandle 8364 -prefMapHandle 4924 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d6d5ea-889b-44d7-a95d-a1c1d38e1cf6} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5372 2199d5ca858 tab
    3⤵
    PID:3044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.32.867122275\1782127726" -childID 31 -isForBrowser -prefsHandle 10064 -prefMapHandle 9608 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d6666b0-74fe-472f-a4cc-a15ba25fd40b} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 10060 2199eceac58 tab
    3⤵
    PID:2844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.33.586947181\410021767" -childID 32 -isForBrowser -prefsHandle 8012 -prefMapHandle 7092 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e516325a-60c8-4fef-bf25-eba1b1883e80} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1380 2199df86b58 tab
    3⤵
    PID:1376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.34.1350023263\746230864" -childID 33 -isForBrowser -prefsHandle 8348 -prefMapHandle 9432 -prefsLen 27164 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d048860-3000-462a-9ae6-a08f468e3583} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5368 21995cd7958 tab
    3⤵
    PID:5488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.35.1117416634\822545145" -childID 34 -isForBrowser -prefsHandle 5096 -prefMapHandle 4628 -prefsLen 27173 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c982c66-2315-4dad-9517-4ef883f27d14} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5088 2199c4bb258 tab
    3⤵
    PID:5976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.36.2118190754\1690042654" -childID 35 -isForBrowser -prefsHandle 5808 -prefMapHandle 5044 -prefsLen 27173 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {593dd413-b6cc-41d2-94cf-0e7f48afea17} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6168 2199d0a2a58 tab
    3⤵
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.37.1686735477\1287458585" -childID 36 -isForBrowser -prefsHandle 5460 -prefMapHandle 8228 -prefsLen 27173 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0895b16c-9c5f-4c43-9bda-b3cc74af347f} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8156 2199d72c558 tab
    3⤵
    PID:3972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.38.1671135252\743403720" -childID 37 -isForBrowser -prefsHandle 5692 -prefMapHandle 8380 -prefsLen 27173 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {667d4734-6484-401a-a6f6-7b77e72060ea} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8836 2198ac68a58 tab
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.39.1254538493\180636467" -childID 38 -isForBrowser -prefsHandle 5244 -prefMapHandle 5048 -prefsLen 27173 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {427bf695-5397-499e-99b5-18468dc9102e} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8772 21997520258 tab
    3⤵
    PID:3464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.40.1604959148\252676675" -childID 39 -isForBrowser -prefsHandle 8444 -prefMapHandle 9336 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fed1e74-544f-414c-ab70-ca2b7a6b95cc} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5448 2199c1a6158 tab
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.41.216067143\748586245" -childID 40 -isForBrowser -prefsHandle 4832 -prefMapHandle 5832 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c127bcb0-bea0-4c44-9658-c1f9e2a9ac2e} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6044 2199754ff58 tab
    3⤵
    PID:332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.42.324735745\48502128" -childID 41 -isForBrowser -prefsHandle 5520 -prefMapHandle 7956 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a893601b-4695-4a6f-bd0c-1a39ae73e6b5} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5696 21999fa7058 tab
    3⤵
    PID:1008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.43.1349541696\1579607745" -childID 42 -isForBrowser -prefsHandle 8832 -prefMapHandle 5832 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcaac70b-98f2-4f6e-b752-67896cee10d4} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9328 21997520258 tab
    3⤵
    PID:5512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.44.820965474\292493649" -childID 43 -isForBrowser -prefsHandle 7888 -prefMapHandle 7884 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcec28e4-9cdf-425d-81ef-3c1de0912018} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8200 2199feaa458 tab
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.45.1853887994\750462345" -childID 44 -isForBrowser -prefsHandle 8372 -prefMapHandle 7768 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e0a7ac1-9bfe-4421-a254-f2e5ace1ac06} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8108 219a00cb658 tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.46.1364146868\1286875930" -childID 45 -isForBrowser -prefsHandle 7868 -prefMapHandle 9328 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2322c74-7181-4a92-aa8e-4915d24cce40} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 7892 2199fafce58 tab
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.47.931219204\915688047" -childID 46 -isForBrowser -prefsHandle 5808 -prefMapHandle 9488 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db570cc2-9695-43bd-b2ad-7e4a7e59a4d1} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5660 219a047b858 tab
    3⤵
    PID:4432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.48.902317584\1511245010" -childID 47 -isForBrowser -prefsHandle 4284 -prefMapHandle 5856 -prefsLen 28200 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e463208-568a-4fbd-90d4-1f352e921f5a} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9540 2199f2b8358 tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.49.888189178\1749184908" -childID 48 -isForBrowser -prefsHandle 4892 -prefMapHandle 8832 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39624daf-e1bc-4eba-ad8d-f82ece42c5cc} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5336 2199fe7ee58 tab
    3⤵
    PID:3076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.50.46306963\1776910312" -childID 49 -isForBrowser -prefsHandle 8708 -prefMapHandle 5424 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b251248d-d587-4ab6-9ffb-4911653c2493} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 8496 2199b33db58 tab
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.51.1792510732\1908679459" -childID 50 -isForBrowser -prefsHandle 7092 -prefMapHandle 9572 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5283bdf8-831b-4bba-a7c9-5e8275e1238e} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 7660 2199fe81b58 tab
    3⤵
    PID:4240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.52.951746762\165142453" -childID 51 -isForBrowser -prefsHandle 2612 -prefMapHandle 8640 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {966173a9-84ab-4cae-b7c0-75e8beae04b0} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9712 2199feacb58 tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.53.1874573371\948141780" -childID 52 -isForBrowser -prefsHandle 5832 -prefMapHandle 5080 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7bd9686-b642-41ea-90f3-e4ffe8eac073} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 4284 219a0837158 tab
    3⤵
    PID:3672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.54.1891403942\1175638550" -childID 53 -isForBrowser -prefsHandle 7592 -prefMapHandle 7588 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93679a8b-e659-4cd3-8107-3786e48c21aa} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 7600 219a0a91858 tab
    3⤵
    PID:5776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.55.498700001\840128251" -childID 54 -isForBrowser -prefsHandle 5428 -prefMapHandle 5476 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42271992-3927-4670-8350-9c565435c4ee} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 10152 2199de39158 tab
    3⤵
    PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.56.1378613415\769562798" -childID 55 -isForBrowser -prefsHandle 8088 -prefMapHandle 8076 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9235cc-8761-4f55-b04d-5f92697e0391} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9464 2199de3a658 tab
    3⤵
    PID:6112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.57.1736148183\768402044" -childID 56 -isForBrowser -prefsHandle 7364 -prefMapHandle 7372 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cc4cafc-d1ab-4a71-b9b9-83556262a727} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6108 21999f07858 tab
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.58.739024739\579579162" -childID 57 -isForBrowser -prefsHandle 2900 -prefMapHandle 5944 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67960864-2f20-44ae-9ad9-4f093bf2cadf} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 7088 219a4861558 tab
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.59.1026781723\1897202730" -childID 58 -isForBrowser -prefsHandle 5204 -prefMapHandle 8668 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {80bf6dda-feef-4fa1-a843-b2c21f6733d9} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9944 219a5596658 tab
    3⤵
    PID:4700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.60.410551464\558333103" -childID 59 -isForBrowser -prefsHandle 7496 -prefMapHandle 7492 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {764f4f3f-9ba1-4058-8ec7-68c9f6d7c2dd} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 7372 219a5595158 tab
    3⤵
    PID:2652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.61.1586059987\2086857159" -childID 60 -isForBrowser -prefsHandle 9520 -prefMapHandle 7508 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93175aa8-34a0-48a8-bdc5-0a08d5be66f8} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9944 219a38d7658 tab
    3⤵
    PID:4816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.62.1917667105\2020147919" -childID 61 -isForBrowser -prefsHandle 7172 -prefMapHandle 7296 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e355a5d-11d5-4546-aa9e-66010f5b54c3} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 7024 219a38d6d58 tab
    3⤵
    PID:1376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.63.1355295340\940780019" -childID 62 -isForBrowser -prefsHandle 7044 -prefMapHandle 7048 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5dbb62c-7c78-45b1-9b17-af54d9c9b0b5} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6844 219a38d7358 tab
    3⤵
    PID:4972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.64.1652814418\1980682884" -childID 63 -isForBrowser -prefsHandle 6452 -prefMapHandle 6456 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fca701dd-e680-4002-8fff-d20db1a11a82} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6432 219a58b8058 tab
    3⤵
    PID:4556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.65.1427821064\860938835" -childID 64 -isForBrowser -prefsHandle 6440 -prefMapHandle 6444 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c4c12f-9fee-4427-9697-4b1b0fc6b345} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 6632 219a58b8658 tab
    3⤵
    PID:5000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.66.1428534669\366525073" -childID 65 -isForBrowser -prefsHandle 6860 -prefMapHandle 7896 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df1f9fe4-68b1-4779-bd1b-71381cc216af} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 5012 2199f221c58 tab
    3⤵
    PID:1756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.67.1392317917\2026138439" -childID 66 -isForBrowser -prefsHandle 10568 -prefMapHandle 7888 -prefsLen 28209 -prefMapSize 233414 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84f79a7c-218f-4425-8500-d4c8f521a70b} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 9548 219a047a958 tab
    3⤵
    PID:5040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Temp1_ransim.zip\SimulatorSetup.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_ransim.zip\SimulatorSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:7076
- C:\Windows\Temp\{795E270A-BA56-4819-84BC-59D0D7119719}\.cr\SimulatorSetup.exe
  "C:\Windows\Temp\{795E270A-BA56-4819-84BC-59D0D7119719}\.cr\SimulatorSetup.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Temp1_ransim.zip\SimulatorSetup.exe" -burn.filehandle.attached=628 -burn.filehandle.self=604
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:6032
- - C:\KB4\Newsim\Ranstart.exe
    "C:\KB4\Newsim\Ranstart.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Suspicious behavior: EnumeratesProcesses
    PID:6972
  - - C:\KB4\Newsim\MainStarter.exe
      "C:\KB4\Newsim\MainStarter.exe" -d
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious behavior: EnumeratesProcesses
      PID:5672
  - - C:\KB4\Newsim\Collector.exe
      "C:\KB4\Newsim\Collector.exe" "Progress.csv" "MainStarter.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious behavior: EnumeratesProcesses
      PID:7104
    - - C:\KB4\Newsim\MainStarter.exe
        
        "C:\KB4\Newsim\MainStarter.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Loads dropped DLL
        Checks whether UAC is enabled
        Suspicious behavior: EnumeratesProcesses
        
        PID:4444
  - - C:\KB4\Newsim\MainStarter.exe
      "C:\KB4\Newsim\MainStarter.exe" -s
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Loads dropped DLL
      Checks whether UAC is enabled
      Suspicious behavior: EnumeratesProcesses
      PID:7076
  - - C:\KB4\Newsim\Collector.exe
      "C:\KB4\Newsim\Collector.exe" "Progress.csv" "MainStarter.exe"
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Checks whether UAC is enabled
      PID:10248
    - - C:\KB4\Newsim\MainStarter.exe
        
        "C:\KB4\Newsim\MainStarter.exe"
        5⤵
        Identifies VirtualBox via ACPI registry values (likely anti-VM)
        Checks BIOS information in registry
        Executes dropped EXE
        Checks whether UAC is enabled
        
        PID:9928
  - - C:\KB4\Newsim\MainStarter.exe
      "C:\KB4\Newsim\MainStarter.exe" -s
      4⤵
      Identifies VirtualBox via ACPI registry values (likely anti-VM)
      Checks BIOS information in registry
      Executes dropped EXE
      Checks whether UAC is enabled
      PID:7940

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6760
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding D2136D2C07540FD220B0D7815BA39EB7
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:6948
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSIE748.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241428468 2 CustomActions!CustomActions.CustomActions.CleanupPreviousInstallation
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:5096
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSIEFA6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241430453 8 CustomActions!CustomActions.CustomActions.BeforeInstallationInitialize
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:5688
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe "C:\Windows\Installer\MSI8B0.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_241437015 15 CustomActions!CustomActions.CustomActions.SaveDisplayLanguage
    3⤵
    - Loads dropped DLL
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    PID:6872

C:\KB4\Newsim\Ranstart.exe
"C:\KB4\Newsim\Ranstart.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7000

C:\KB4\Newsim\MainStarter.exe
C:\KB4\Newsim\MainStarter.exe run
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:6888

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\KB4\Newsim\prepare.bat /S /Q "C:\KB4\Newsim\DataDir\MainFolders"
1⤵
- Process spawned unexpected child process
PID:6728

C:\KB4\Newsim\Collector.exe
"C:\KB4\Newsim\Collector.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:4932
- C:\KB4\Newsim\MainStarter.exe
  "C:\KB4\Newsim\MainStarter.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious behavior: EnumeratesProcesses
  PID:7224

C:\KB4\Newsim\DataDir\MainFolders\26\1927784748.cxr
C:\KB4\Newsim\DataDir\MainFolders\26\1927784748.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:9088

C:\KB4\Newsim\DataDir\MainFolders\25\1134497541.cxr
C:\KB4\Newsim\DataDir\MainFolders\25\1134497541.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:7888

C:\KB4\Newsim\DataDir\MainFolders\24\1360896723.cxr
C:\KB4\Newsim\DataDir\MainFolders\24\1360896723.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:8120
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c dir "C:\KB4\Newsim\DataDir\MainFolders\24-Files" /b /s /A-D /o:gn
  2⤵
  PID:9740
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT.csv" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT.csv.ljcijrl"
  2⤵
  PID:8216
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT.csv"
  2⤵
  PID:8348
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.docx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.docx.ljcijrl"
  2⤵
  PID:11000
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.docx"
  2⤵
  PID:10344
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.pdf" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.pdf.ljcijrl"
  2⤵
  PID:10752
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.pdf"
  2⤵
  PID:10720
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.pptx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.pptx.ljcijrl"
  2⤵
  PID:8260
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.pptx"
  2⤵
  PID:10104
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.xlsx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.xlsx.ljcijrl"
  2⤵
  PID:10172
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT1.xlsx"
  2⤵
  PID:7260
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.csv" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.csv.ljcijrl"
  2⤵
  PID:10524
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.csv"
  2⤵
  PID:9304
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.docx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.docx.ljcijrl"
  2⤵
  PID:6980
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.docx"
  2⤵
  PID:3872
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.pdf" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.pdf.ljcijrl"
  2⤵
  PID:7428
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.pdf"
  2⤵
  PID:7544
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.pptx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.pptx.ljcijrl"
  2⤵
  PID:8776
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT2.pptx"
  2⤵
  PID:10452
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.csv" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.csv.ljcijrl"
  2⤵
  PID:8880
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.csv"
  2⤵
  PID:6900
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.docx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.docx.ljcijrl"
  2⤵
  PID:6528
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.docx"
  2⤵
  PID:3156
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.pdf" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.pdf.ljcijrl"
  2⤵
  PID:10192
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.pdf"
  2⤵
  PID:6836
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.pptx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.pptx.ljcijrl"
  2⤵
  PID:10264
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DAT3.pptx"
  2⤵
  PID:10512
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DATA.xlsx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DATA.xlsx.ljcijrl"
  2⤵
  PID:10532
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\DATA.xlsx"
  2⤵
  PID:5252
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu1.docx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu1.docx.ljcijrl"
  2⤵
  PID:10580
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu1.docx"
  2⤵
  PID:8428
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu2.docx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu2.docx.ljcijrl"
  2⤵
  PID:11160
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu2.docx"
  2⤵
  PID:6084
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu3.docx" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu3.docx.ljcijrl"
  2⤵
  PID:11056
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\docu3.docx"
  2⤵
  PID:8544
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im10.png" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im10.png.ljcijrl"
  2⤵
  PID:9856
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im10.png"
  2⤵
  PID:9724
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im11.png" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im11.png.ljcijrl"
  2⤵
  PID:8040
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im11.png"
  2⤵
  PID:11108
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im12.png" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im12.png.ljcijrl"
  2⤵
  PID:7916
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\im12.png"
  2⤵
  PID:11256
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict10.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict10.jpg.ljcijrl"
  2⤵
  PID:9420
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict10.jpg"
  2⤵
  PID:9936
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict11.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict11.jpg.ljcijrl"
  2⤵
  PID:11244
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict11.jpg"
  2⤵
  PID:11200
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict12.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict12.jpg.ljcijrl"
  2⤵
  PID:8616
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict12.jpg"
  2⤵
  PID:5848
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict20.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict20.jpg.ljcijrl"
  2⤵
  PID:9752
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict20.jpg"
  2⤵
  PID:5004
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict21.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict21.jpg.ljcijrl"
  2⤵
  PID:5208
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict21.jpg"
  2⤵
  PID:2104
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict22.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict22.jpg.ljcijrl"
  2⤵
  PID:8240
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict22.jpg"
  2⤵
  PID:10104
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict30.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict30.jpg.ljcijrl"
  2⤵
  PID:9272
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict30.jpg"
  2⤵
  PID:11132
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict31.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict31.jpg.ljcijrl"
  2⤵
  PID:9260
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict31.jpg"
  2⤵
  PID:9916
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c copy /Y "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict32.jpg" "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict32.jpg.ljcijrl"
  2⤵
  PID:11156
- C:\Windows\system32\cmd.exe
  "cmd.exe" /c del /F "C:\KB4\Newsim\DataDir\MainFolders\24-Files\pict32.jpg"
  2⤵
  PID:7840

C:\KB4\Newsim\DataDir\MainFolders\23\2066354664.cxr
C:\KB4\Newsim\DataDir\MainFolders\23\2066354664.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:7808

C:\KB4\Newsim\DataDir\MainFolders\22\972476138.cxr
C:\KB4\Newsim\DataDir\MainFolders\22\972476138.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:3872

C:\KB4\Newsim\DataDir\MainFolders\21\1321592708.cxr
C:\KB4\Newsim\DataDir\MainFolders\21\1321592708.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:6772

C:\KB4\Newsim\DataDir\MainFolders\20\393125865.cxr
C:\KB4\Newsim\DataDir\MainFolders\20\393125865.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:5208

C:\KB4\Newsim\DataDir\MainFolders\19\2090002749.cxr
C:\KB4\Newsim\DataDir\MainFolders\19\2090002749.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:7616
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:2792

C:\KB4\Newsim\DataDir\MainFolders\18\266644133.cxr
C:\KB4\Newsim\DataDir\MainFolders\18\266644133.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:6084

C:\KB4\Newsim\DataDir\MainFolders\17\798164171.cxr
C:\KB4\Newsim\DataDir\MainFolders\17\798164171.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:5644

C:\KB4\Newsim\DataDir\MainFolders\16\1721565510.cxr
C:\KB4\Newsim\DataDir\MainFolders\16\1721565510.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious behavior: EnumeratesProcesses
PID:5512

C:\KB4\Newsim\DataDir\MainFolders\15\1597093982.cxr
C:\KB4\Newsim\DataDir\MainFolders\15\1597093982.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7424

C:\KB4\Newsim\DataDir\MainFolders\14\1965240510.cxr
C:\KB4\Newsim\DataDir\MainFolders\14\1965240510.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
- NTFS ADS
PID:7408

C:\KB4\Newsim\MainStarter.exe
"C:\KB4\Newsim\MainStarter.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7352

C:\KB4\Newsim\DataDir\MainFolders\13\506050760.cxr
C:\KB4\Newsim\DataDir\MainFolders\13\506050760.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7340

C:\KB4\Newsim\DataDir\MainFolders\12\1579948634.cxr
C:\KB4\Newsim\DataDir\MainFolders\12\1579948634.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:2756
- C:\Windows\System32\notepad.exe
  "C:\Windows\System32\notepad.exe"
  2⤵
  PID:8176

C:\KB4\Newsim\DataDir\MainFolders\11\318348475.cxr
C:\KB4\Newsim\DataDir\MainFolders\11\318348475.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7472

C:\KB4\Newsim\DataDir\MainFolders\10\825367670.cxr
C:\KB4\Newsim\DataDir\MainFolders\10\825367670.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7544

C:\KB4\Newsim\DataDir\MainFolders\9\1346060747.cxr
C:\KB4\Newsim\DataDir\MainFolders\9\1346060747.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7620

C:\KB4\Newsim\DataDir\MainFolders\8\473683140.cxr
C:\KB4\Newsim\DataDir\MainFolders\8\473683140.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9332

C:\KB4\Newsim\DataDir\MainFolders\7\932006360.cxr
C:\KB4\Newsim\DataDir\MainFolders\7\932006360.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9316

C:\KB4\Newsim\DataDir\MainFolders\6\1525180272.cxr
C:\KB4\Newsim\DataDir\MainFolders\6\1525180272.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9624

C:\KB4\Newsim\DataDir\MainFolders\5\866388922.cxr
C:\KB4\Newsim\DataDir\MainFolders\5\866388922.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9664

C:\KB4\Newsim\DataDir\MainFolders\4\2136259693.cxr
C:\KB4\Newsim\DataDir\MainFolders\4\2136259693.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9684

C:\KB4\Newsim\DataDir\MainFolders\3\80185637.cxr
C:\KB4\Newsim\DataDir\MainFolders\3\80185637.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9864

C:\KB4\Newsim\DataDir\MainFolders\2\1564731766.cxr
C:\KB4\Newsim\DataDir\MainFolders\2\1564731766.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9896

C:\KB4\Newsim\DataDir\MainFolders\1\1720104225.cxr
C:\KB4\Newsim\DataDir\MainFolders\1\1720104225.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:9564

C:\KB4\Newsim\DataDir\MainFolders\0\1257183912.cxr
C:\KB4\Newsim\DataDir\MainFolders\0\1257183912.cxr
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Checks whether UAC is enabled
PID:7784

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1952

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:7612

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
1⤵
PID:8576

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
1⤵
PID:10048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
1⤵
- Checks SCSI registry key(s)
- Modifies data under HKEY_USERS
PID:9168

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:4752

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\KB4\Newsim\prepare.bat" "
1⤵
PID:7496

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s Netman
1⤵
- Modifies data under HKEY_USERS
PID:8892

C:\KB4\Newsim\Ranstart.exe
"C:\KB4\Newsim\Ranstart.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
PID:7396

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:8768

C:\KB4\Newsim\DataDir\MainFolders\20\24082117521082_inj.exe
C:\KB4\Newsim\DataDir\MainFolders\20\24082117521082_inj.exe 0 1 2
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:6944
- C:\Windows\system32\notepad.exe
  "C:\Windows\system32\notepad.exe"
  2⤵
  PID:10468

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
PID:7448

C:\KB4\Newsim\DataDir\MainFolders\14\1965240510:ed1a
C:\KB4\Newsim\DataDir\MainFolders\14\1965240510:ed1a 1
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Executes dropped EXE
- Checks whether UAC is enabled
- NTFS ADS
PID:4076

C:\KB4\Newsim\DataDir\MainFolders\19\24082117515858_inj.exe
C:\KB4\Newsim\DataDir\MainFolders\19\24082117515858_inj.exe 2792
1⤵
- Executes dropped EXE
PID:8064

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -s NetSetupSvc
1⤵
- Drops file in Windows directory
PID:8364

C:\KB4\Newsim\DataDir\MainFolders\12\24082117523475_inj.exe
C:\KB4\Newsim\DataDir\MainFolders\12\24082117523475_inj.exe 8176 1
1⤵
- Executes dropped EXE
PID:588

C:\KB4\Newsim\DataDir\MainFolders\9\240821175303_mr.exe
C:\KB4\Newsim\DataDir\MainFolders\9\240821175303_mr.exe --url=s://127.0.0.1:7777 --user=x --pass=x --log-file="C:\KB4\Newsim\DataDir\MainFolders\9\240821175303_mr.txt"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:10256

C:\KB4\Newsim\DataDir\MainFolders\1\240821175304_rsw.exe
C:\KB4\Newsim\DataDir\MainFolders\1\240821175304_rsw.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:10528

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
1⤵
PID:9956

C:\KB4\Newsim\MainStarter.exe
C:\KB4\Newsim\MainStarter.exe run
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Checks whether UAC is enabled
PID:8636

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\KB4\Newsim\prepare.bat /S /Q "C:\KB4\Newsim\DataDir\MainFolders"
1⤵
- Process spawned unexpected child process
PID:6968

C:\KB4\Newsim\DataDir\MainFolders\26\1694393827.cxr
C:\KB4\Newsim\DataDir\MainFolders\26\1694393827.cxr
1⤵
PID:8592

C:\KB4\Newsim\DataDir\MainFolders\25\399725280.cxr
C:\KB4\Newsim\DataDir\MainFolders\25\399725280.cxr
1⤵
PID:9824

C:\KB4\Newsim\DataDir\MainFolders\24\1326026451.cxr
C:\KB4\Newsim\DataDir\MainFolders\24\1326026451.cxr
1⤵
PID:7696

C:\KB4\Newsim\DataDir\MainFolders\23\45884052.cxr
C:\KB4\Newsim\DataDir\MainFolders\23\45884052.cxr
1⤵
PID:9440

C:\KB4\Newsim\DataDir\MainFolders\22\959889098.cxr
C:\KB4\Newsim\DataDir\MainFolders\22\959889098.cxr
1⤵
PID:8036

C:\KB4\Newsim\DataDir\MainFolders\21\6669510.cxr
C:\KB4\Newsim\DataDir\MainFolders\21\6669510.cxr
1⤵
PID:10076

C:\KB4\Newsim\DataDir\MainFolders\20\610901642.cxr
C:\KB4\Newsim\DataDir\MainFolders\20\610901642.cxr
1⤵
PID:9004

C:\KB4\Newsim\DataDir\MainFolders\19\2130518076.cxr
C:\KB4\Newsim\DataDir\MainFolders\19\2130518076.cxr
1⤵
PID:10432

C:\KB4\Newsim\DataDir\MainFolders\18\2147253425.cxr
C:\KB4\Newsim\DataDir\MainFolders\18\2147253425.cxr
1⤵
PID:9108

C:\KB4\Newsim\DataDir\MainFolders\17\1997259544.cxr
C:\KB4\Newsim\DataDir\MainFolders\17\1997259544.cxr
1⤵
PID:10336

C:\KB4\Newsim\DataDir\MainFolders\16\16735283.cxr
C:\KB4\Newsim\DataDir\MainFolders\16\16735283.cxr
1⤵
PID:5988

C:\KB4\Newsim\DataDir\MainFolders\15\2034757873.cxr
C:\KB4\Newsim\DataDir\MainFolders\15\2034757873.cxr
1⤵
PID:7788

C:\KB4\Newsim\DataDir\MainFolders\14\65056565.cxr
C:\KB4\Newsim\DataDir\MainFolders\14\65056565.cxr
1⤵
PID:7196

C:\KB4\Newsim\DataDir\MainFolders\13\38390352.cxr
C:\KB4\Newsim\DataDir\MainFolders\13\38390352.cxr
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e63dd39.rbs

Filesize
12KB

MD5
264b8ff7673cf8877c9e277f9f800b9e

SHA1
8857865e7c0dab6550f11962801d108de63b6940

SHA256
4eafab458797c6e4e90b3f11cf6ebac5c2dd7c2976919554ae6d473e3e5c3d5c

SHA512
7510caf250520431636cbffd78e2fa6a48f58627d986bee28e4cab46ff6d34049fb62d02d333016d19a8e08aa318e859bf7d8e57ca8a71851cdf8fdc272215c0

Download Submit
C:\KB4\Newsim\Collector.dln

Filesize
5.3MB

MD5
b588dffefa48317f2278cf3d1918b810

SHA1
f02e99edc92ae12f2a85563a9b85865a95c89812

SHA256
046cdb650b5a7bd2faab60cc0211e796e4a0c508e203033b83f6ac2ab0c691cd

SHA512
bc30f611fabbd2b88354caff6c3d7e97e082222607d1a2af9daeb60144d41846dcf234c9b2a29fb3cd3bea83d06e6407ef7a418d9bea370c240008e329d8a4d1

Download Submit
C:\KB4\Newsim\Collector.ex_

Filesize
5.3MB

MD5
77c8b2e0764ce7b62e680df8c4cd12e0

SHA1
4350f0cf8ea1c4e79e45ad03c82f9604bd83d4fe

SHA256
96253a89b4cdef52a489676b7b0631858aca8b434e8bfc526b12b8d2a013defa

SHA512
afaed444aad8c8a1960b6665a93c2cfa40195151e3db5f8a075966c142e2bea4cd8938eabe6c0baec15c8661428b1ed212da8603c13837e720267ada0f2a79a2

Download Submit
C:\KB4\Newsim\Common.UI.dll

Filesize
18KB

MD5
821c3ecd9eafd1864905bcc74fc3a672

SHA1
804596bc3a4fb89502e3dd3e09771196144cd4d2

SHA256
f753c8d31ed12d8d87e8e21bab30eabab723c22bbea8a4d0245e3c21afcaa2d2

SHA512
8bb1ab8f49b28e9187cc81336aeb8bb1b0fa407c29bce7129439d9d062be374bc177a586640e667b9a5f156bbb9ce27c2f1aec22716be08243cb4e51cf3bb8f6

Download Submit
C:\KB4\Newsim\Data.dln

Filesize
15KB

MD5
18d5b639d1414b392ebd09e8586e220f

SHA1
e59de301c1b9a36def72a2c2dfa66970f105e6fd

SHA256
97963f3d1a6c709595ce54f149c86b95877704551aeca893cd7a3accf16dbb6b

SHA512
fdc2d75a346bed04a756f25f2645c04c52b7034c83dd0ad6ee9ff9b2cd0725d438d0e493ca50b66d45167aa433a95c5d05abb5bce8f3b2d8cf795aa0db74a516

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\0\833974212.cxr

Filesize
4.1MB

MD5
f60e02ee1643d32a5a6656ba79c0b426

SHA1
cbfce6e730ab6f5c7c961272ee83a52ec5e3f414

SHA256
c985231ff3c2544b2efcabf5cbcc9a30a0b4ee233f8a37abc0ec38b0ba6c788d

SHA512
7037994913db1699e3ed1cc1f198fa709230ce34a193288ecc515b5887db35b3f2eae6ddb4ed2bc1789f5a8d42b16c19d1287e2b423ffaf91b4d0b3d1ee42844

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\10\1079697800.cxr

Filesize
5.1MB

MD5
a3714e3b822f1517e1591be76f145fd3

SHA1
180ae983865be734e3a1c0390d76913007723cdd

SHA256
a0edc9a3fd208ec8c5c3a658320376fdf8badc28b71eb7572074e4fb4dee7cc3

SHA512
7f1939a05ecbb8d43913b79c1a91d7b81a2847e75da8e27a7780746e6d95c366673e5151d6ad1dcdf8cbdb360e45765bc760e6010863a94d1775f86dc9545d4b

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\11\165051503.cxr

Filesize
5.4MB

MD5
b61c5aec5175d166d026123a74f7f202

SHA1
03e11d57f0dc5fdf492ecfeaaf79fe3d0b3e29e6

SHA256
379c8cc58e99f41de876e1651499c548ebfa7b0fe298002b763752b72bb0f3bf

SHA512
5c312c4cea87ba2b9e141f3f061e409cc2e07eb75dec43526675dc0148c4c54c423aba201e9f7fad90692be07067078c1bf97c70f73e1112cd49906c6dcd1cf2

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\11\datart.csv

Filesize
4KB

MD5
7ee3a17954ee441cf8dca4d0c37c78f6

SHA1
934c10c2d103b3f6f0736a74d2a85183718d480d

SHA256
8e4f282e081c10646f208e357626130685d69e1264061dc60e833c70f8c95f99

SHA512
fd780a2226f40279d72b4e804a2f2c430eef94db67edd5dea1c0c2cabca6cd713c82d518176c55af189d7699fbcb12af9b31fefa20416fe3a45f82d604def19e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\12\1173521527.cxr

Filesize
5.1MB

MD5
15726ea97f7caad8537e645c9a65739d

SHA1
b1ef76b1c1adda58987860c71394d92508654e67

SHA256
5534cb866c2cfb45b3e1adf0ad2b67417ef8d4fbcc1fe772198827a4dba195c7

SHA512
9b5ff25b32341a8a15f023bc45b839d9c4c6ad59c5d6ba4536003fcb0dc14e8a848cadb6a1710f5b05d7c7f02491a245db1f7b440023cc4237eefd7db552437f

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\13-Files\DAT1.xlsx.id[System.Byte[]-2987].[[email protected]].eking

Filesize
100KB

MD5
cc7aee470df9887bfc4c907bae813555

SHA1
f93d426873ba50c4723d33f3d40f1c562f6fa559

SHA256
f22ba62c1549a7fddfaccfb7fa3a31f676f36663f92bcb5f11d590f7fdb91be9

SHA512
3613ccd24e9437c5b371a6589cce8adfab10163fb893506ad8dd514d410d534d770372a368213d9e22763fe85d4dbf7b2db161df65048e9535dae7dc27115d37

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\13\38390352.cxr

Filesize
4.6MB

MD5
ebaf12a88709be1aeab243d91ccc1496

SHA1
586e5b22ce524c06e65651bda89aed17d69fc1dd

SHA256
5002096a9c9ed102ae1c469f912606f32a62f4ae05eeb59f405e726a5a47830e

SHA512
d88a87e13f240cfdb2650484889d45eec17816210aeef7eacc7ec2c07440ff716bc8edb47a88dd2db71121a77f2a53100ae5b0db1e1b574719d67af1ca63fa7e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\13\datart.csv

Filesize
4KB

MD5
33b70c4a9a060eb31533a285a2be6ebb

SHA1
294ade5501468b65c363b8b70d9a0fe766516a76

SHA256
0ffb23e8480a9e2f76e23fdaf2f745e8bdafa637fa1dde63bec21f4e50592b65

SHA512
e0647f04fa9c29f5ea7849437cc9a06e80f373d4f600b6c21587e7a92011d34b6717dfc811ace554c3554e27ecec87050746620075f85679572646b5aa28729a

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\14\65056565.cxr

Filesize
5.1MB

MD5
024ee0716c0251182f7a337750aa7db9

SHA1
9d641f1b42f9fefa2e1b836a69ad3e82b7cc3185

SHA256
dbd8c04b41a77cc1f74de2713f66288f162ea28a7bab4b29ba78e5806a899584

SHA512
7423b3729d751e352aa5a0ddcb525bcabbedf9e72e32960e88c1949488461c7fcc779239babae660bc489ab0dbc0af511cf860bda14f305ff6acc0cdbc7f74e9

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\15\2034757873.cxr

Filesize
5.4MB

MD5
df976e4fe1e45c24c5f6633fa540b9a8

SHA1
0cc95d603a4997bf2981e5a9f20a2f5fc53f6bf8

SHA256
dc7eb9d2f44ddfba9c7b24d94ba4fb67c2d7287adb893c585638c2cdcdf15eaa

SHA512
6a7e3db471e472b3562b828133b97f8a5096ad0855bb93d7ecdf814a38cb0cda9cf2f6f0c16ae70b198642ff7c0f95cb3a7ede20694e114dfc32cf34ca3bffd4

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\15\datart.csv

Filesize
4KB

MD5
395c3ce6cc1cf16f7bb815708f47bd85

SHA1
0772854aafd2474890c16fa5bd27e98f742d61b7

SHA256
95070d866e7b36cdc526a9b7166d7d28467de9c22cb14d0d7b9628b321e9f387

SHA512
8fa36572e291cc72ca8285876573d30c95f93087f254deedd875ea883615648641e9d01b47ddaa245c4079be85b3e0e4e7b65a34c7ab69bb0a9400fca9071dc7

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\16\16735283.cxr

Filesize
5.4MB

MD5
e42b44829aeb4b1e7e01e4fe235093c8

SHA1
17c6da9d97bd9764719a61fc0b96b85dbcf6af12

SHA256
36b3722b56101a4689ae38500e52a2d5b0f46605b19873261940659d735ef19d

SHA512
a3751e843683c4137113e9701695ae23226df1e86c4edb0994a795b40eb183685b0a86a914e12b3deb24b55a496835c109faa68d3c988cd8b93e8a2d21b63cf6

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\16\datart.csv

Filesize
4KB

MD5
91879c40c2f9da25224383ae95ad3ab9

SHA1
d2964df67cce9b4b6c0f2b685a8c9d3666849054

SHA256
34f82b74cfedd1ec23c0bbb6ea7958415baa7db8f5ce1bf72e966542f550147d

SHA512
2439498895eb75ecea1362b3447d3f3b01bfe641802111cfb731f3f9927acabf1dba8e5a9633443c81031d54e2935b6ad4f3f7e63758a244667f94560b54b1cf

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\17\1997259544.cxr

Filesize
5.3MB

MD5
0d6446cfbb787b9287f098bbdb7d634a

SHA1
0b46626be3c51687571c9a424c9a9125e7434745

SHA256
81d111fdd6f6268b61dc0b1e48ffa6b06e258129d161b2135509386a18b7c007

SHA512
8a8a68fec11da60b6ee9578217a3334b20a42a8ff5e53a9ef0082470548c624264e8a3ebffcc364985bf9d6418fdff245c0b1a209053e24ba5eb8d4cb430a9fb

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\17\datart.csv

Filesize
4KB

MD5
f1c4e1e6be65f92b4b6ecba73cda52d7

SHA1
c83e7fe84725db5ce2c6f584f84c1ae386e1193b

SHA256
8423c152ab488030ba994ea04ccc6e32073055f49b123bee5a726583e73f1289

SHA512
ce971e747f4e8533506e5cddc1daadd98513a444a401c959bf46a7e3c56fdddb4824a6003f200ae55433285091d1a52e0d70bd00df07c71baf1606673efbc717

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\18\2147253425.cxr

Filesize
5.4MB

MD5
8461b965f1d5372972c2e67dec65ddac

SHA1
56e899c00dd13d5b7cb491f3a4559aa500643403

SHA256
997845dff094b0bf949ea4efbee0b03f5ac4c1a5b23074066dbdb4f059bd3345

SHA512
11d74feda787851366a58e679ee6b0cbfa3a2ac09498393b3a9b787d53b3a2a133984cd7fff8b77476f5e4f5e5d7dc431b64c31589dccd23e15f9f1636df4ba5

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\18\datart.csv

Filesize
4KB

MD5
49917d0b3e46d4304367b9726900e6d0

SHA1
c29b49afab4296f5ca93ba14e435f6a8e348b022

SHA256
d8facec0f8178fa1cc91047e22ad13428d4d315131b419d500fb3991dbf9ea0d

SHA512
fec30fde2391d40c76dab157f9d3bf17080aa38769c7c79eea9e40c7e607ec5fa8f3233af64e5116ff12fb95d3d1a8afa72c0eec1a418af4988247b0e4a85267

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\19\2130518076.cxr

Filesize
4.9MB

MD5
e67d4337a97cba7ffe257d3b980e8538

SHA1
fe7c513f85f8f7e3fd97640f91c4dde262f423b3

SHA256
2969eea832dfef41537139ab6032c1f561d5921a8c43905180d61b76e0fc9b7e

SHA512
841dc597991b172a58a0323d96c21352a5e67f1155f904e0235544abc773a786deedc6e426dbf28f5be783a022c00927468b237435192b51c301b27cb9798ba3

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\19\24082117515858_inj.exe

Filesize
331KB

MD5
20d316943501ec52d9fee4dbd949a919

SHA1
56cd12bcf0088ef9c4af246e611ff73c83a1be1c

SHA256
692609e8b51c7fd69573fc7d671a39b55ff1f0444b33180e0e574b1186c35b22

SHA512
2e120218418948f05c697d3f4131738c5fe47e981d6cd435b5a1a839c78d8e23c2ae69c95d5a9b89ff63537ddc85615206452c2aee8807859320e68cfbd0315e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\1\996115228.cxr

Filesize
4.0MB

MD5
39f474f5ea00ed46d5b669f4224e0853

SHA1
1290a3f95e6d43349ae802c0abd6bacc48f1c3e0

SHA256
f3ba9afdaae483f89cf8014e2b9ce5412851b83b4a3f79ea77e24eb3afaeddd1

SHA512
57a9f954c0c30cfdda10e93d415fe9b3961f68acd031198372e910567036a182b7e7cbdae9e8a05343549e50cb18fb19030334daec92d5627b8a73636c10071f

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\1\datart.csv

Filesize
4KB

MD5
b806f34160edce6b257ac94e83ca11ca

SHA1
533c19a06b6bc4f7da04ca28432e6747077a10b8

SHA256
154c2ef8b9be7af4690e1405c0a80659a4a3c190c9f914c523492d86cec229e0

SHA512
f25a49587163c6a984d511342a08117e8dec076daf944b7e47c093608d1be341c3dd0d4cd893edb5fc32fafdbb9250785ff8e6210345d435bacfe60cef985b16

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\20\610901642.cxr

Filesize
5.4MB

MD5
81bc2972ab514ee882dd188f4e667a84

SHA1
27b2702c7b42463cba059a156f5976de8178d6b7

SHA256
7f23b33b5f36ca52d4dd9c2f83390aaf8ece0293cda024fe463715db8956fe65

SHA512
8c9b0a54e2cd835f5514d02c2e3b45704c0b1af7133ca06b70b6d0db24aed8e86c4a0522cc0752630d1b622761e13d8ddcaf457741658f1e12fb9487260b1f18

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\21\6669510.cxr

Filesize
5.1MB

MD5
2f663335692e216cf79b69f9f69e9d12

SHA1
51f6ce4d2d8d6fbef4d6993f088e51d720415502

SHA256
19bc6574d3586d37bd977e2e1af495247bc2cbbbc59f986de528f989a6831da9

SHA512
88b80aa26bd99717223579b08fd7e37fd64d68f929b7f035ad2bf8705486e0fb32b2776d1a96f42cddc1302748776cfc496ca41c4f8673ffb7c9d0898351c76a

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\21\datart.csv

Filesize
5KB

MD5
da10f0e02e3532c1dcba7485c33681d3

SHA1
c613b9b31153ad96d80868c44d58f9c04a91a97f

SHA256
14e30657e6123a11ae2aeb567fabdc8bb586fcdeb1b0128745512fe38ea2efde

SHA512
347b4a90e07542327aa23535512747ce9b989ed0205a431a1f1324b38e3272edecba996d1d0be6eee37e61c091f5d3dd076a521e06075d446dcdd081fab60a06

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\22-Files\DAT1.xlsx

Filesize
100KB

MD5
dd271f8c66c22ffa1da9bdeeb52c5995

SHA1
e6600c6355588105c983252cea675e9329a6b740

SHA256
f519256cb44362665a9671b1c7e29ac51102b517c7b7c7562016bcf04b12c769

SHA512
c113b131b211c7dbbc4aa1162b2ff1556d425e2fbe470110407b033aff94984ba0a0fbe404a7fa7f1eaf7de1941c7207a74bee7af5d5ff6484c985814aebde97

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\22\959889098.cxr

Filesize
5.4MB

MD5
c6676f274b82a0286863e1654a37839b

SHA1
434d364bd29701a2f852521f19dffadac7034e73

SHA256
790a4199389188540db8c57305adaa693701be9724ddb5323423f8759cfdbd29

SHA512
bf3156f0427b148aa67f00f0df52fc02af8ddaf9688f199efd14eed50d32dcf66ffa4d0b9374d8c06e5d24338d0f5c6e058b6e9545474b171bf364e6c14377bc

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\22\datart.csv

Filesize
4KB

MD5
d3833c62e5566c3b74aae9e9c38c134d

SHA1
8557f3f14e2a5899f7831455c9e012aea4500e51

SHA256
a65e4e6d74161674582fd52f2d4f6c9a26d0d5496c238c008a61d738779d8ffd

SHA512
8f8f0fe30da5f288b65ead167b3243f6844a47635219cf4853257d0e609510df0561b19d3125d1fabe3230b5f8abb63a97c8373f7f8b8072f5a77fe9bfcd14ff

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\23\45884052.cxr

Filesize
5.4MB

MD5
67084d7a0d41619189687b84c62d9aac

SHA1
29450a11ce6874e9582f04974b2013d0c0c55851

SHA256
e85acfed9ccef691a68a113ffaad7215cea57d5e60b34024e81499ef7baa4577

SHA512
16b0ec419a116e55faf3ca16d1781a6b89a7f35f13f69d2ba89a86a80ed82ec61254ac9ab83c1f9a8b069547e15f1ba1b34da2998235c5a11519ffa9124de914

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\23\bbaaakk.tmp

Filesize
9KB

MD5
d4d96b16a5b343503d12dbd17cf7fb4e

SHA1
7be36f50fdea3fccdf96badcd9d280d6169ffa19

SHA256
4866d72e1cc0d4895f1f3181dd22ac1054b454c3f28d6cd2451935d1d53d179b

SHA512
810d4e522b70a4f3ff3f5cd28f387c215a4e0d54244ad7770767a0aafbec4057389df65ace2e2ed3b53fcde5ba03cafe90c73ba6fad5a48415252c8f054ce1cf

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\23\bbaaakk.tmp

Filesize
87KB

MD5
d7f0ba1d9e61795bda074138ea84631d

SHA1
fefbe8ec7f7c94e625170847ebdbb200858c4730

SHA256
36d1af000dbad22ccccd6e34fe52644fbfe88b53a7e88ce86e5490412c5b62da

SHA512
e61a699fd6610a82aecfc7cf6b56341eb4770bab7bf1a97828e3e02f98182e1a706b16d917bbaf45f31d1ed19de078afd5b988e9e9072c55e7bb177fcb96f995

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\23\datart.csv

Filesize
4KB

MD5
1ce29b2e2b8cfd1685b790c56666181b

SHA1
68428310e67954904a3a0ed040818ab8355a3d8f

SHA256
dd860bb6cdc90fed4685f26477321e32afa218030549f266e6eb29b546e4a301

SHA512
7855dd801e8b28fb191f16fe0d390cc8983f472e8fcad6e36f01db503acc3626e778191fadf3bcdf4c91e7fdcb7e9d09d18eb093bd0bf932869118ff71b4f246

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\24\1326026451.cxr

Filesize
5.4MB

MD5
c413d4d569d28c017ff1ba66f66b8fd0

SHA1
8d1777bf3a4d79dc6a5d3f73ec2cf5be958ac72d

SHA256
1a9874b2869f42ff3b9cb582bb1d2e93aabced6f7c82030465aa27be22203f09

SHA512
50108a6453de042399f7392d26bf7a7c66073a6012e6c85c4fb8ad898146f46f613f96b8798f4b25aeff97fc85af164c260fb958a2e0d12272de741f6712f694

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\24\datart.csv

Filesize
4KB

MD5
1132a458b4f1fbeafcac41eabdf8fcd2

SHA1
f1b80be408572c90bc90755a6c0e43c895454cc0

SHA256
24f73a9d7b1543a4f0c30fc3d7bea4f3196f3ae1f68b88b8dd21e53f2a953cc8

SHA512
11ce4b2ea0c835265e65de80bdd3dbb8eeb4d25885f08657436b47c6ad2105e2c70cf9df921ab0e6a779dead279eaf94793587f85a032078b5d7bafdb26a4dd3

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\25-Files\docu3.docx

Filesize
9KB

MD5
a14e41f4db9db4ce56f82f4294da3b65

SHA1
6dab1513a354f8e9dfebd8e1adb81d0c207c79da

SHA256
c936a78de0ca6624f93f4bd6662b510b9bb51e4ee6ab7dc2d633de7516163660

SHA512
8f77c54a3861d71f72b09b71a9992906c23fb89b219731e5ca03c70c87793ea9d1333b80f1045cc924581f10ef4064bbf2c090c67f7e0774c08914c90e5e616e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\25-Files\im12.png

Filesize
87KB

MD5
ef4df804c86a8e1a002348017ade7ebb

SHA1
23063c6f3693e6bcf6393042fe70a8d65d584bae

SHA256
6740f5cba59430740839e30dd907d5a757fa927a1510c7b2733690f824594c7b

SHA512
62e0b1c198dc5f7f6a04766a9962f206b121c1510449e352b60159efa874259dbcbeca7e83df5e1ab07fda1ae5399aecb3b5dc588652ad4ce70393ea4ed22fca

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\25\399725280.cxr

Filesize
5.4MB

MD5
95e9c4baa4ed890b9f00bd35a0e40bc0

SHA1
d1317cba8b9fcae86e194c6da4e935f3553c6938

SHA256
34993eb6f9751bd67bd7345d2e06b228d92e265b687e849c7965e87561cd19e4

SHA512
1d6a6d8b88f4da6d43be4b6c7c4afd778ec47f875f23178ea06e3f91dafe4c1736d4943bec014df6ea2b823d16fc73c2f0c421ed458030e606ec1e377012a725

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\25\datart.csv

Filesize
4KB

MD5
d7a4d95c7f907fe79419394afb8e0460

SHA1
77cc18a15c3ecf51859f5931d74ac59daaf1e3b1

SHA256
edfe1f31d98d9ba0123d8c162689b6c0a9313a8702ba428989e5df5e4cdfada4

SHA512
c9edc0525bdd89d5e1414972e0384f6edfe466d8ce003a04f96e646be88d09eb86c8aa3184adc9fc8f9ac2c5614c10000abdd24f70611896f2ef9299414f441e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT.csv

Filesize
257KB

MD5
5734af4aca4f4fda75c6599d2c30a898

SHA1
45d983ab6f8bcad2a7dbd66d754b149403b9a2c5

SHA256
61e33b331e30571546c9c45f53f04239ee18e2b8a86f8af651418a9ea236c1bd

SHA512
f77d7f27eb7ceb62e4c102f169204eededfb3c3eccf8cd40c82e53caaf42e2160a32b9b9d1b292870a9cafbd488a8c883c9e262c4078ebe3033557687211f5d5

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT1.docx

Filesize
259KB

MD5
e1a667a527d596839e9e146001e4b411

SHA1
1086abda4ea0dc6fb431c07c865cc8653d0c14aa

SHA256
e56e69d54e49bb971d2412f3ce3f1542c3be04528c5a7edddfaa991730852e77

SHA512
9462ae1d037d6ec210c0a17b2f6c521e08fa849970b7b35c1a4459627b0715f1abe59554f487a536bf2c102110f5b3bc892cbe9f6b28757e5ff284afcf84035d

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT1.pdf

Filesize
244KB

MD5
32153b8f6af9ef9a4b871ed6d88c6bf0

SHA1
beb5506b2d0aec51f0375488d976781729100016

SHA256
aac79369767434712e5accae1d5e1c9ecc81384f0d640b261cbd36dc4a8a679d

SHA512
bd105afb9e36aa503d5d3112e5070fcb03fe3fa501392adf624d2944b9f03d430a8c85e6e5b0fa9385d5f44a8d004e9aa88a0fbc8d8e2fc46a634627c830ca3e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT1.pptx

Filesize
121KB

MD5
4a00ea5ebf09046bfc00d3a99438dba3

SHA1
b157fe25e105974b8f744ddbbe567d43bd79dc16

SHA256
59e7cd83c865b290a0f14620d7460cb05cc4c93ce4b0395934a433fa54a3aa88

SHA512
35e67a18a1e145dfcc9ff47ee43165aad36a350ae57570d012780432a0d031077ecd8ddedab7921881df57115dcc803b582ac46c1dd7a9bc5db057a3a7219646

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT1.xlsx

Filesize
100KB

MD5
5b9a2be7536f6d757d4dcb3a603db754

SHA1
7c9e5774b3a83789052656925b4a00682658c401

SHA256
7fbc2ee98ba0880076771e5d1fc6390ad3f93a4de96bdd6d2571de15237fc32d

SHA512
ae3dc7bbd0082698d2a9339f6be6177f53973ed69364a7f79c7f8284a7ade9d5504e1f36d5a7341aaf53bdb6cedb7cc9a7ff59c64be1b5ab25e9e5cf2abfab5a

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT2.csv

Filesize
259KB

MD5
9eb09c35bdefe4cc026fc8d16b7fee21

SHA1
fb828523db7a70cbf24b0d8c2f65e6826be66916

SHA256
632423dc71ccf9e0a10e490041143edec4cfd379790d2d3e518b28cb17d38c19

SHA512
539380cab92c96af6806a74d636ef91929b1466df2083f32b6a12ca5a3fb2ce35b2f115147941b8c27aaf8d70f173a4fbca6afcde02ce6343b16dad49172e851

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT2.docx

Filesize
250KB

MD5
45e1f6fcecb2c91f2df9041c411471d1

SHA1
4b76fcafaf512e59594e9d960d5e33d294f84e8e

SHA256
a135867bf53b31c7ca50047c742d58def45d5fb0f66c7de32d186aacaa069bc5

SHA512
ee7f4238b260f6be49757a6b2b99ad04162443aba9845f00273febdcd0cc729ce07861683ac662fa75fdfe82afd907d2e285e5172dd5e55cecb744b8a9e0cbf5

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT2.pdf

Filesize
244KB

MD5
85cbb4029ca6f6e91e1b978a030c543c

SHA1
c65fcb02faaf590512041e4092ac45078188b0c9

SHA256
65e942bd76bfa027c4084693c983aa1dc5562ac88f47ff488c12c435fba8c9f4

SHA512
f871f26e5d9d23f80a270d59691dab30114839f579a8190809cdc4259da4dc33b9bc25492ffc7df13ffe632ae6381a139fbf6721689c603129f4e780c64b2247

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT2.pptx

Filesize
859KB

MD5
82befb272c27fa3ff8823d42ee9b8aef

SHA1
e9a71a0eb76af72e2d4f4130d765d732389b0aae

SHA256
fd20fa86b1c8f513be845a570da0c6223fc24fd005298d9a887bad1dac8b5993

SHA512
e02c7f1749775ef1af7dc24ab533ab924490891480f6f25c481291ed38f28b7d246bec6521c23499f4faed30f45f441591001c57f029902a683b8c9183cb7296

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT3.csv

Filesize
258KB

MD5
6e89ff24fb78df56081ea401c7779eef

SHA1
46595a38fe99d75a3d2e2cc1ea4d88528345de7a

SHA256
8ad29a138cbfe0cc44b0432ac843bd11ba7bc4b2feda4fb8d72f3ddba76fb232

SHA512
8c322c0f5f5319f96ec30b7d56248ce8ac2c0aa41b391b0ddb94946e939d251b828456d54dade4ac4bbaba83504eb5854737b7d9a2bc28ff4dfebbf5027f635c

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT3.docx

Filesize
249KB

MD5
4f63c38895736af2caab7479923f88d9

SHA1
8811ceb214a412dc309382d7d87b8231fcf50c7c

SHA256
4bd830923db6c47a1772ba1fb90422379d7235555ca007dc8d664e34b66ff546

SHA512
642342ee538f8251da071713680b641f537cb94a029e76231b1b74b2f19f5866057fe18b077b6b2e2630791d8190db7c37344ee6ed0f2e8ee7955e7207f8fbfd

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT3.pdf

Filesize
242KB

MD5
ee11f3a33a3c8525503153f62fa5bbd3

SHA1
fc0c824d6af976b87c910acb12bb2159566383b5

SHA256
1e149274dd2a09d6a2e0cf73e1c5a4794d1cbe265319fb78a082e31005210258

SHA512
45e401315279fa26065e7dfbae7673ab5929d6aec24de319c53191f2712a07ac68df123ba8fd79be029c5ac1db2ad5b2752487c0198e490e9f3bd77518f30f8d

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DAT3.pptx

Filesize
1.1MB

MD5
539ef94cd3fe11218448d739aa9f7e86

SHA1
3d86a17aab78b3732885456c6440ac1d929b34b8

SHA256
530243cb5aa3006619457a0f29640228f6c51d67bcb04f30f39b933fe95b06e2

SHA512
a05fdf7b7567fdff20ee29fc50e64f00561fbb1d6bd72b1a99d54f36ca8c6f65e5e3c204addcceefd0c2b227f16c3395cef5e42c4169f9a70a9d98a95cc4dcbb

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\DATA.xlsx

Filesize
104KB

MD5
617a69b0dc21eb2286ec9f277ff784f0

SHA1
37dcef161e47570688fe4ae6e473e438ebf2c1a6

SHA256
b47ef595929ed5de5dc4bd97dcbc46866ec379288be287773e46943e2121bab7

SHA512
2418bbdc1b02a66d159945147cd3ae4e4407965eec4be797eca0cd06388b8604443897291e585d624003cad86e0e6ca76b33974ef53dc84ecea49f4d56fe05d2

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict10.jpg

Filesize
2KB

MD5
12d965235bdae414b01e6583f04362c5

SHA1
2dd6a09bb98ef856150d51a3c0e54b83b7974200

SHA256
f81e84953bc5373c7c9f2a7745795cae5ecc6040744cdbefa55ebb707fd17c39

SHA512
67fca281fa2e1d774bb2bf11f6fbc09378ee81ccec08f2f53740b29335464adccce173bfdb336ea5f0a2b51ebb8fc700915eb077026db467806060e1773388b7

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict11.jpg

Filesize
2KB

MD5
9547664ae94cb02dcaeca55d9abe67aa

SHA1
58aaa76aea2bb238f08646a52ce9785fb06535b8

SHA256
0b5e01d0790ff1ba4be08531f9b234a934c0d199e19e5cbd5550382b723f5956

SHA512
7806ec649681559b73ca5e73de3593f59194a8916bd826dc025533ed28b7f3f4c690fe6c7f6fbc1acab748f638d8b13ebcddf1d1fd536e56735df3f7ede6c743

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict12.jpg

Filesize
2KB

MD5
625a621bad83fe8bcaa76457a49963f8

SHA1
28f7edf737101e2baed0c3134ecca711b2cbd1d1

SHA256
03cc8b6f24c7fb715f331ccf0d71ecd7b1dec03e62918b9272ac6ac42cbeffa1

SHA512
014d9027f8b6c63ac5afd78982ed8c7048b3393740481195dabcc227484461c9b3c531dc868642a42fb84793f1d21c0f232ddfa7f64ab03276298ed789ad3586

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict20.jpg

Filesize
4KB

MD5
deaab2bfa7c781cef4e950edeeac3dd6

SHA1
f9e164e78e9c7c8656ba37aa52dcf59f812b445e

SHA256
43a704f79a151955707d4855acede1e3d02c834f682c3087c0e767d9b1936662

SHA512
01733e6b8ca3f19c1e01506d4f88027db2f7b2f5fde8679e1703e75df32550372e72af43ffb9380421ab38b7a391aa77f0fea7253c6009a10e971436e1b17e1a

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict21.jpg

Filesize
4KB

MD5
1d2d9e948d40cdb9f4cb7477c8e9f1dd

SHA1
dece6a7ce5d549f85b4035bc5ea1463166cd60f1

SHA256
b69c8746b59e2b7492ef3d1f97fe32cfd331ebe5413689f174ef3afeec029e3b

SHA512
eaa2db9d4dae914a84843622121187b67a5945c412ac968ce8cc149ca4bdd82c138ddde6edbe893157aaf857447446c469d24da228f6ea78d42ad08069e7615e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict22.jpg

Filesize
4KB

MD5
73531b8b5bddb0221f180252e6f96122

SHA1
83d19454407fb29542e954110c0539a4ce9b0f89

SHA256
9d8c550f1d6cd6392e5f483e37b3a6b0d3dda919f971eda0a362beb309a77826

SHA512
d6fd2ed0e5f4f8e6b40b1c8ba2a5aac175c58bc2f0d5dcbd16f13b2de1f66735cbc770dcd6f37b96823665c050ec70f63e150f01b7465f0d012c31e96f6eb0e7

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict30.jpg

Filesize
3KB

MD5
82eabdc230b9703e07369f33d44004f1

SHA1
7534dcd113a2b86b35f8951285aaf519b5605f58

SHA256
8bce95cb45b45119c715fd76723c09c2cb95f6d24474f435e892a1b3418f17cb

SHA512
e072dab3585fdde49452108d877836fc782088f3d486a3e880d463b0d01eb84aad60ef98b9c35cb061e31fc6b60eaf983452841753ea8000a8aa4f047876451e

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict31.jpg

Filesize
3KB

MD5
9a6f0769da2b947aef4462eaead50485

SHA1
ab58e9126ce1e10835de95b90c5fb9bf97a13d9e

SHA256
6c49acfdd97e2a880a22ed3f3da6dd03eb707b50e1541ea55262b887298bf33f

SHA512
4986049b9690a044a5b87137b7bfee6ae259e413e5091e6e0ce2ab31086c15b2f07466064a3bea55a114c7439d3595f2300603d032644e1e9d4168d61d45e65c

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26-Files\pict32.jpg

Filesize
3KB

MD5
102487a05a6e7ea750d988cdc5eb59cc

SHA1
9b017ef690efbcabb411f011c518d750c54f6a3a

SHA256
c8f282fa46ba7a0d0ecb837cc5ab1f7f258dae0f41d8a05399a2516211548abc

SHA512
f18f03caad19f58cd1b85d9bf2f20d437f5c88f55c481dc26b922e9ca0ba1052a490d0cfdeb68f11084a628cb9390ff1dada79d90d5bf531ed5384e461fdc0f7

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26\1694393827.cxr

Filesize
5.4MB

MD5
2b4e863c4c66339a385f8d4832d49109

SHA1
dfec8816b9e83d2f7555a8b492b932b33f021573

SHA256
8555ad4e44a4c73226bce84650e25c05d7fa0528d43171cbdd351c9b7a5b210b

SHA512
e1e5b62727001f13704d39b955b7a84bb8b3b2f8df12b8d71fee6b3173a0ecfb8e8c8a8bb48d9a776b4197718db72330e3bbd7bb4f918bb7914777ee46b7475d

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26\1927784748.tmd

Filesize
5.3MB

MD5
3dabe8f87ef4d1523760f6399cb1f3f2

SHA1
3083cc25da15a74869cb4251039f5a32942a8eda

SHA256
3a46ef33b963ec97d8a16bdadbf1bd34799ad4871330aaf1875567512a0b74d3

SHA512
3ba7831195d01689f3aada9dfd5c49d6f47366adedfacc13fe4093ab9077653b148e47b2e030b7e7dbfdd29f7bfb1411a124c9f0e549ab5e0f7c439ac8e496e1

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\26\datart.csv

Filesize
4KB

MD5
213b1df904b59c350338e12fe7916b33

SHA1
2282d33a2781f5c0fd4eab1d110860a13825f9e6

SHA256
2fd71f1ca324ccbdeab175eeceb5210c83f7c6cb2cbdbc99b9e6f0438edc98d7

SHA512
90e789b4b537cbd7d54bdc2e6e0c877eeccba9fec8addf7a96e06ecbbfd2d2afbc6005a24879a06d1f10b663af4af5b69a939855b283a058fd6fd657d4e25c24

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\2\1925365545.cxr

Filesize
4.6MB

MD5
9f83ee53b2ea57148fdf9bb1ff43d965

SHA1
d531951a1f4a252c24ea3c65b1d52dcff7970d1a

SHA256
ac9e9e529e2ce5e655bf688639f9cdfe627dc9eeecefeadc42975eeb10cf4981

SHA512
8be717290f390a29fbb32e101c34e835e2b6f86443e976db692db16a2c1721b184e1664c2a4093727d47dddad41dd39418eff6d0b78fef4ab5f4792223214c43

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\2\datart.csv

Filesize
4KB

MD5
8572353c93f2118f38ed1557fd6d9e2a

SHA1
39a8717e8f6d642a2387c04b991af60a643285e4

SHA256
8105bd9c592606719651670562bd0929237b933d2138774602f45f94332cf5dd

SHA512
0d7d65244f7d673179181d23a0a9bf1bd620cc59d6b281ea8a7d7586ad2c2f816b2d51ec1d7aa1da680b6c51f2f991d40a92aee88c3ec267075ed29e27609fc5

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\3\529709465.cxr

Filesize
5.4MB

MD5
ef79bd796b4be33dcdd15353ddc70f83

SHA1
88b0648ca76854a58af9b2159473439b5fb1ecc4

SHA256
4bedb306f0817788d49ffacdffab9deef05b5d6ca2eb37ed3cd58dbc6a773264

SHA512
8751959bfb57dfad445b497395b4a00beba21fa06863885a02b35dc0dfe2d74cecb1bca1adf6eb3613f30e4c92007a6d2d411df8120fb266e6f61581a5a6a814

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\3\datart.csv

Filesize
4KB

MD5
573aeb271c2f7745bf4cde0cb4cf9c01

SHA1
e633d9b573b2945f2fd9cb5be4ee39a8624a95e2

SHA256
da1dff07d05c163bccd7f3a30d23258caa6207e75bb65042b7168964db8336aa

SHA512
d95b923b45a5922a591286d0dae7af6ec491bcc1a2fffb8420b2f2a726de7836c92a4d1a1eb3540df2e4a55f67ae18ed72ac554e23627b578e84c53216f00b28

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\4\860487720.cxr

Filesize
5.1MB

MD5
bd7120cb6fbce0d76b1e8915f87539e2

SHA1
cbc6cd8798284766cf1cdf1498114efafd345a2c

SHA256
4074fd4db5546d6760f7e85715a9a8cd126789571a99d86a3daa8c8dc5d2031b

SHA512
7c21cf03040d7947277726a252b10d23654529c919fd6e390571af97b8361ee5a1904fcc2a5088c8ab30e53dec92f345e3f983b22cd38253dea3de0ee2d2bb89

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\4\datart.csv

Filesize
4KB

MD5
b220a7d78502402d2c11303a38f020da

SHA1
2d8a5217f6adb44ff50530ac74bc595ca5bce5cf

SHA256
9ce408fe1dcde21f98a4dd662b2ae08a56f8a00369b8aa08390338d159cfced7

SHA512
af77aa6bb1dd3abe5feca4c28b472f72ec301c44c339aac432229617bdc6cd3e08aee4d5b7cd75db338bded45730663102ef484750900fab03b85295faf46649

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\5\1929647133.cxr

Filesize
4.8MB

MD5
a4dd1a5ba7bd4bb6012f9d5048bc8309

SHA1
ec8e367a5e0337d82ce548e689ba24fcf569c925

SHA256
21f9c0da8d2008b7378f94943c53dd2b0002035497fd202fbaffe42eee5b3cfc

SHA512
5fb8d90c9da9c4ef1b10ba0e0a27a81fe760c188273243d4bfb6761d885bb212532f983fb0f1b122db678e459da92dcc3ef34ca390612c66cbca4504cfe5b1ad

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\5\datart.csv

Filesize
4KB

MD5
6f6d1f47a7849707b3c8990424b909a0

SHA1
109b4823a1c700555761c234c18ae8e79633edac

SHA256
866516e42173f0dbd50ec0808f51bf64ba2183b0aa37074c27148c8fdc13b88e

SHA512
c97a9e4784e9195e4cafaad919af1d70c6e497650d0aa120492a417756e30e6bc630b6be069577c00675144bd0fd9dc361a6c888af44715eef05250b0baec9ca

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\6\1075271985.cxr

Filesize
4.6MB

MD5
8b03c9a44b503f67c706c82ba7bf173b

SHA1
b823e6e17ff8ec614b00e58bdbc9cf04a43446fc

SHA256
60c6f0eb9fe2b9e977845b2313a202847e5ce977d65abe7daadf1f952f3e86c9

SHA512
fdf99b2af9fc4d65992c08744679f01d6872d729a3776f352543721cdd6d4787f3e32b120121fdc1992241071b98e1dbd5753abf3013d1623b39d060e17d2d05

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\6\datart.csv

Filesize
4KB

MD5
9c03ed0b86c740ed5b373964580b9151

SHA1
0d929412439a5bab6bfbf631593d8dec117a41d1

SHA256
892ae45bcf0e7825524c2757e7d691e185d6bdb42cae1e782bd8d79e7923c457

SHA512
5399f7fb07ae521c1e604e08f5856d446d0aec76ad736a7903ee89108e7dcfddb8eabab4701592d32748ec1f7658ce27eebcd1563518c463a42ca7a42bbcc38d

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\7\2110744735.cxr

Filesize
4.9MB

MD5
5f132231f70f00bee1fc66ed1669d519

SHA1
d0cdb0be0d0059d326da3b1417608c215b125ab7

SHA256
e96c92e3a4c982ce990ca0ea160dc0af9fe8b802c0a46bb48f5aa409f50667c2

SHA512
7492dc8882081bf3835b291c621680be968a3e9ae6fd76407e5e092b13aa1b9f035334823646b02fa7bb9cc6db53917e12e43e69bb6f016357dafbbe80571e56

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\7\datart.csv

Filesize
4KB

MD5
ee0104f13afd6bf1df46856a8b6a5534

SHA1
a96b3e476243ffafc1c42adfbbc801ea686d661b

SHA256
7cbecfff936331423a5cd43fb2c19679fb10488d98e6ea9921eddbbced512679

SHA512
bc482492b03f3dc74e08b3ef733d155fdee719c4d18de82c936fddc5046bf332591230a950a237b97e1c9a3d0fcfe06419b201a52b4f697d7e233291c213ebb8

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\8\1655227055.cxr

Filesize
4.7MB

MD5
dfe4fbf34d66e9af6de684a4aea796ab

SHA1
d0c86fe661deb6601b3536e1d58d0a1b653351e2

SHA256
87cad119a91be76d3d8a170525acee8acec44cccd59ab3c50df77b54ede08b32

SHA512
5194ace0f9a6aa93173174e0bb83f5d955c94d919fba7a513b27637a594a6527f9d7563a801f4abb8224935633f97aae0895365f8d62378f9dc5b834c9d9d9de

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\9\877710323.cxr

Filesize
4.6MB

MD5
6e9261f4b69d32ec9e85ef8e84dc95e3

SHA1
839ed5c22846adacce4fbfd5bf2f2a892d20bb65

SHA256
a5ae30cbe61333d0bf72dfde35f009ad4c1a8cf493fd9eac11d201299d95e4c5

SHA512
db5a0cc5521be8a33da1e48c5d36f1b78d72b9214eb87cf4aa29d371c5a96a6791dfe344d07421c408e8e50b24a5de0195cb8e82e20aca40d2328ef995d9fbd6

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\9\datart.csv

Filesize
779B

MD5
ad153332193a69471faecd34bec1bd8d

SHA1
c233b5d004fc50cbe69b619f4d3b0d72904d3b62

SHA256
07bc7a7988faff0fca68476270babd70e56a27b4ad5e66f120fdd545b298f8ab

SHA512
9cca4ef93bc103c79a2989cf654ab0c8199f5778932f7c3d93b6f3a95756144c49bff73bb7c2521fdec6fdac333250d2cf0fbb209919ab4322bd6f779cac7acc

Download Submit
C:\KB4\Newsim\DataDir\MainFolders\9\datart.csv

Filesize
1KB

MD5
d0788e5e74fb9dc1d0d701a62bf1ad33

SHA1
8a437420e497998153c97ce936547944174f3237

SHA256
83408415904335c8a3bd661ebbe10512347b65f4401f75c1e3a42eefb0aef931

SHA512
9140c0696c0b026c5407f9bc7ad1feb22ec49f2b2cfa123e1bdc88dbac838ce873e1e2610ea8a4a6becf5c3c39fc4179f96431d60db68309ef0b23e16c6b0c5a

Download Submit
C:\KB4\Newsim\DataDir\TestFiles\docu2.docx

Filesize
9KB

MD5
68e8f1780c2b0eeb24f6a67139cedf01

SHA1
3188b945e3af39d1a9c86cf21216afb154236da7

SHA256
f284e785c056f98f7071e95cc6289e2ec87077c1b0b39c92df1f357756e61c23

SHA512
9084005841c08a3b0ffc993999ba0f602d703121dad8423fb208c701e138a46dcd16e608efc3f0e7debfbb445ccf02383a736a6cfc8de348c95e13c2b3e82730

Download Submit
C:\KB4\Newsim\DataDir\TestFiles\im11.png

Filesize
87KB

MD5
6a9823c9e4324f13a1197bd8e24966aa

SHA1
da4912d94177c6b0bcdf31ee07198120614e7ad0

SHA256
37d2e302466777e70122313468028d6b2d53b1c5b3ed133f52f6aaca57f3569d

SHA512
f608f01a8ec4b45f0866fe7d51e7273fa0600d4d733e043276deebd95e83b3d6fb8d90d7c080e5a97cef462d79d56ae2f53ba6b48f2b593a3edbc83e0bf2c334

Download Submit
C:\KB4\Newsim\Descriptions.en-us.csv

Filesize
8KB

MD5
d05cb39073079b5e3262307c9513d475

SHA1
281fb914993c13cc56ac7d73d3520f739332d5f3

SHA256
0ef112d90e725fbe37d8485713efd47f58b78d035cc33cfb4b6e76310b03ea6a

SHA512
b2d3335142a7cb5e19394ac6d8d66e0402c39935cfca8c609d35e4b1bbcfd3f604e0baa930e63adc24237481c332a12b59bd9a7ba4409b3b5bf35b3aa4613bdd

Download Submit
C:\KB4\Newsim\MainStarter.dln

Filesize
5.4MB

MD5
67d39a32f7134073734ef8694bceb103

SHA1
147168c81cdb3e9b11c69dfd50aaed24efb3e68a

SHA256
17ca581e160fe087da2ee3d5b6f290da62b242ae88deaf93b83bbd236575f58f

SHA512
0e473af03a37edb28d75f74ae47710c29e14f2f216442376051689c0e9e057a3e3b8402c97316faf3d90f3cced89ac9674c6f01ed3e12d99934903d6b7971f3f

Download Submit
C:\KB4\Newsim\MainStarter.exe

Filesize
5KB

MD5
5c070acfb16bb830b44c9f11dd31e779

SHA1
6b15ec7610061e3e751637520010b94ece95bbbb

SHA256
c0615db581f05f701c54f3f00ee3810f1d6554dbe7b811051e3005f358aa08f2

SHA512
1851a01306432e5693fa7518a29a7737df6e7dcfc634cfc86547ac456e9f13ff0c77be5317d73f492a1de973f59c00eb40d45b8ba30f8f93f674e9764c28efd4

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
0eafadc35539e3f227041d8ca5eae230

SHA1
b92eaee3be37b285fa007ef4ff79d3afec5ede25

SHA256
60e78de7358673d21ad9c06998233b32474103abb22803d701fedfe0619ee2e5

SHA512
93f60cb2ce827bb9c003e53e826a8a71c10ef00afccbc67cb45396a170f605aa5ffa3bbf606261eb8dbe6d57546b1c310d4844453dfe2efa13a6d4b0d8e7cdd1

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
2241bf0151bb488e35db4a15e5f484a9

SHA1
bd7f6633efa52455c6625a4f5c238a32d307744e

SHA256
9e1636672392f24a13a3d1e9afca00f06470ccfc4f32b56aff7e8dbf4a472e16

SHA512
90549418c7dd54dd63f1c6b8e03275b0618092c008a936e9c734ed6a6f8345ca1bcef36b2677d08154c049f822b4dfc66bd28bd15703a342a0ebbd8d598e1114

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
3285659ed3ccabf501ee6d0a6144b4c4

SHA1
73b55724f0ee9c202571e0dfae54f962e17e1801

SHA256
cdfe19e2887d54a1768e6aa6d292c0f32d94dd43af83ac6cede6233f75987b72

SHA512
40781315fc785a8ddfe5a5fdf1ed692b4dd70190a43271a1830f07cad3d6289822314d5b952bed032fb8b2eb104fb29c9e0a84480bdf0ab2ff19372d39ae8171

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
e1e9ce966eb6c76820472ba3be4ba5d1

SHA1
49f72402d82ffae50590d346a85c61aaba200bb6

SHA256
b06b739534ab8929ca757a69b5650c743653ae4883dc6924b44f4fc46fadc64a

SHA512
92703d48b6037f309a0a550e52d917256bf238984577a761738b958a31d390ceece9f0a0aef1962f8f11a5b6c7e66e3b4ffc1be757f0867fcf6e2c7890632095

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
e6dc6836a2e9e8103f5edf16d1a228d4

SHA1
b82987eb3a9637e8080763ff8206a68f74009366

SHA256
a46069e7e10826f210bfcd0809c2d5a5916659b9d160db4d59c8a9c3a3bbe401

SHA512
eac07edf0724130466f72685c8046b1a54d69855d576dd571fe782943f4b59f78b98cc1489c45fda635d0e37157e445d6fc83b7f69696fea63d00d17ea0b5b1d

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
42201b3dcbe6eaad277aa278f359210b

SHA1
754045646ad35baa8067a48f07d56e5c494780ab

SHA256
942dd7b774b72027ac3d837e2fb36f07309693ae52a66a33244890b229e3058b

SHA512
1ab7ab67c4ba7afe6f6d39555f712026f0b4a79f0935480108a012318145b962a6a3465b3c61cbc23bc411302b6b7bfc59df1764c90f5c9f18a177a2d7e93203

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
f4377771b98bd49983af812b12fd0a6f

SHA1
eadb60f28ea64ddc872e3a1fbd1d40b42c155767

SHA256
55ab123f5a437db7c2167cd77fde3d15d1c8f573764830d2abee1e7c626146ac

SHA512
6ce95142e303f5e34a7350379eb8099bb4586fcfc0a79f780d7a0ef1951f7a91c9e4f82d661555fd5d963d1485a7b77311b358d33e4c4a7fc30470de47ab8af9

Download Submit
C:\KB4\Newsim\Progress.csv

Filesize
1KB

MD5
18eef5694da80be88ef02055abfdc082

SHA1
3667187e3f70aed266ccd0fe79151e53be90a8d3

SHA256
e1fea830e1bf43c3744f304f6e1dd877733e8a74460ff0c9099fbae570398a7b

SHA512
1704ab62dce9f71b47ccfa7837e1e73c88ad85b94ba98f212d1969befb42997b83a24068ad0abf1827f1fce3a0621f997712b85fc423a659b4a79e28c0c6d0a7

Download Submit
C:\KB4\Newsim\RanframeDll.dll

Filesize
5.7MB

MD5
116d598add4c37027461efa1ec0f018f

SHA1
788ea730562e5fe95075b1f162e75eeaacc6a637

SHA256
d63a7b3fa38062ee4f17b311cdfeaf6d5b1f2631ea50600a5ba9058162a9dec5

SHA512
51bc2e597b2e016e63713f20b4409a1b7ec6cfb44c12c21ab23a8bdb1a7229a260427f6b7d4318d70cb1c3cc5bd4a1b2655acf66970aa1f7f2582b9d8be65b78

Download Submit
C:\KB4\Newsim\Ranstart.exe

Filesize
238KB

MD5
6e79f1ace04940996ec557204a96d7a3

SHA1
6550827f788ec16ccadacfd5437e6c13fafde84d

SHA256
379180539eb02c6f53d6d972198b8fca91441bf2d4fe5485057eb429cce0d141

SHA512
f6ed14f66656b129afb9b7a8d3b1e3d34acb8713531717ef88973ef32e22cf66fd3917c4df5ff4ee0101033f43f7fd6bd9035a598a24e7d1e8ec260c0fe3e313

Download Submit
C:\KB4\Newsim\System.Windows.Controls.DataVisualization.Toolkit.dll

Filesize
272KB

MD5
6813ebecd58e557e1d65c08e2b1030af

SHA1
4dc95c499cbe862d4c6a4fccde71b2869f07e279

SHA256
895819bde598f710ed62cee50e8bac05eefd42dda64de60e7d8de8898082cae4

SHA512
0bc8b0af27d565f604f49733bf5bf643f360f1c78fc29335f3415329c93dfaf4cdbc2923dcd1d3025249a64291c112893468b3ddd7bbf2050f8e671aa7ecc96e

Download Submit
C:\KB4\Newsim\logs\2024_08_21_0550op_log.csv

Filesize
265B

MD5
b28b68a68f1e04357be8fb0094c05bfb

SHA1
1a23eb765e3e4899e712161eedcef0f62ddfdabf

SHA256
d2deead1b498bbf5742c1e79d33339acf4fe64bad7cc0bee48b6cc1763851719

SHA512
7a5259830be85042cb32c4c7319acb1bbbf9ae1fa55ae42dd1309b2b645f393a89434063e534f84fca87b196b3ec3010780c949ab9d14d01cee42c98accc026d

Download Submit
C:\KB4\Newsim\settings.xml

Filesize
201B

MD5
ef9c994f9a7b804381264400b500709a

SHA1
6b58b39f41c66fbea2ee7ace0bc110370f24211f

SHA256
6b5a6ec506939260d94ade2f05dc84565e8c201716c860e37fbce9fb0c629a7b

SHA512
e6366d7a660b3d781617f2e06c28da91b1ddec4b6e545a1824b35ee3de1290b66c5a1d528aff3a559bd0e911b197155ccf79a3ea035665473bf6011ae8c01af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\MainStarter.exe.log

Filesize
642B

MD5
91da0e0d6c73120560eafe3fb0a762fa

SHA1
450b05f8ca5afb737da4312cf7d1603e695ec136

SHA256
bbb62e473ac1b24a55b9fca67848cebc87764d47a6bf60f51d85ed6de28575d1

SHA512
05fb7457b58d099581121c9afc361543a5d2d4b3444994be5cf6a36b3010a76a13310698f77452e2921dc6d1ac511240d95588030a5983eaee7899b625f4e11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Filesize
651B

MD5
47c6667a0d9d4bdb4e5215578054c0d6

SHA1
56f494a719ad3cf29723458166d9831719941fa4

SHA256
b2526c381832cbe24e8f0d14bb7dbf8e9ab753e087a2f9b7d6b8e36065672355

SHA512
7af086ffeee540b70efd190db4b77867356452d2b22904665d6fb53fa0b3749cba6f0613cb96134bed91ba2fa80bf4cced1d8af28679d27f230748fc0d38e5e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
98df921f667bf303621c789390ed9f2e

SHA1
d9c82e51534cf1c2eb5a255286de6a09ca364d1a

SHA256
8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3

SHA512
58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
37KB

MD5
34237f159b226164fc3166de221b3f07

SHA1
b527f8b8ed855f2e47506bef82fa29a53b7f18f0

SHA256
6be9ddb0fc10aa48ab871a01e8ad79a3276370e0b7c0a1a46138c41165160e1c

SHA512
825949feafb4d307e5dea74cae8612cdc17e1fa0ca5fb17075810a9694e0c0f6515219002f61dd6d3b3dc0511aefe082e72e9ef99a109d546141613bbcdd0d40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\1046

Filesize
8KB

MD5
e165a71f523a290a25568bff7e37f77b

SHA1
ba0469c53f4f9c46f78f3b6da5df37d8398b0069

SHA256
bc8221663d79c2f37d069c8caaa575b866476d07bacf86559c3a6a1daecf9207

SHA512
600d93443b989a3d44a3cdc81b3cc7b9e265fc9fcbc3113600b0877b325d3a02f96f6ce9045ad1f62e8ca741a2725c4edfc3e77bf0429c66febc9a631fadf662

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\10916

Filesize
5KB

MD5
998d47669673d3bbc8f4f21cee3e3f1f

SHA1
305ca826941c5d5b862afa83600750b90cd007ed

SHA256
5294d34aa7c78878845dce0fc1bab4e96c8c5ad8f565cbe9cf65572a515f9f88

SHA512
9ed655a1ceecd587ce23236eb94d7eea3c53b11d6fed0e84ab8f6c15dc17a791b07c27ac2a61ed2c53907e9f0b53db2f14e211784ed60e3b3fb4ef20c86c6bcb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\12307

Filesize
9KB

MD5
954d322c382fe6df03561e539202e3ac

SHA1
97bc2b8b25db4c635ff63d18c5b4918d08f7cf81

SHA256
de6636793f7d3c0a41dceef46354890f2d262c2c943d4be96c6f85a55aeaeb96

SHA512
f2fbd7eee57196c8789d30f3ced85543798b04a920eb53e49759c1528b6da4e8e379fa5a0006e01b7f75aa4e3b14cf1684093b3e99ce31bde664fea41e10d6ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\13165

Filesize
6KB

MD5
ed80db09472bd3f478c10078e3481828

SHA1
a9bf9db88578708247c998445f31259c3c62382a

SHA256
d7b7a1bcdf9c246e6fbf97aa9d1a9072f0ede01253b2c787650b9484bdba4b60

SHA512
f59500e036e8a55a0b49a0431208470f872224e2c775d3cea91381ffd72f0016dbe7e87646d5dc652daa09c816960e02bd1ac77dedc37123781f7d81c7de796e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\13294

Filesize
6KB

MD5
2f373cda1e8a153f0844507f09fc4bfb

SHA1
2cb31a99b4efc019030f4894e0205b01e4cfee36

SHA256
c97a6701f92d086ac2f1d0bd61cd18a61363318c73e7476e4c50a7a42aa16e9c

SHA512
0beee44ce63808252e844153f173f4359ff2b531364bed84c37cafee4024460f833e2ef7fe8b8e5a9dbfa21790727131276ec4eff057ab898a0f5d20a018427c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\1330

Filesize
6KB

MD5
d963bbcd09f0d997a96fab3acbf5b181

SHA1
7b778420b8e091b8942beb4b2c003360bb1d3f9c

SHA256
6f209102139e616b10c30e7709733f05ce032ac1d1c965687c6312ae8ab4ff67

SHA512
529bf5f496315b0510b0f5c23d62c2067e262ad7a7cfa615661c5f5b3d60b0c8b303890351ceb39f0f8d617643e94d58b0b2bb20bb6bc0b4f69ccc1e76f56a05

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\13684

Filesize
6KB

MD5
76f92a75a0e90b669b3e0dee5c702193

SHA1
0d81fcd900a3d44627be6be564ad5a7905e801d9

SHA256
b287d64befcb0f16101d590b6a4a59eda74ab9a9e44590741f32c62e5e23a069

SHA512
6978279dbd77fc71b52458baf8f1702696fc4fb5b96a08cdeba66a69f8b06d75f906d7b9642c696f1daa6c43c1251693e9c1a1a9961bbbfc3c066de5c4dd08f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\13935

Filesize
6KB

MD5
09bc961024e38995f4aadf3ef8cc11be

SHA1
0753b9d30a7abf008a24d4f4659880a87c7aae41

SHA256
a7b804bb10a12afb020d2059b63289f66a19adab5dcfb0975b0a7fb838d28dbb

SHA512
456492306926b4d679b7862a714f15b6476699f5c4885330a362ef2602b2d3b510a5fb3d72280a016352f48904feb561d300fd665375d65171e165483c456987

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\14038

Filesize
9KB

MD5
52694de3042a7f9dab5243099533fc15

SHA1
b79a2ca08bdbc6e6462e934cb906e0dfcc682e94

SHA256
9b780a4b8da77683d826ff9c2f51642a63e777f9fe195c8a04a92a9165008efb

SHA512
3b2f4f9bfbf8cf7d42022cdfb8d11f786792e9dc00673be51386a7006fb9bc8aa476e9f5c2637190cd6125bfeaeb9ced23eed35085687c7edb1c797eccc4d2fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\14227

Filesize
6KB

MD5
89e04bd8e8ae589cab9a6c3089cb166b

SHA1
cd0c39c31de8b87b0e3f2d7c947ef908081d331b

SHA256
e0a615ca700c4fe93455cbd940c441c323a50ab34d328a716a288c7d4f105df1

SHA512
6add0c29b93e650a32008717ff6a536de9aa876cbe433fae0d572d3418814e4f81fa244fb4a323b29c2cc7a57ca30cf593d576bf928416aa0cb6ac6c68f6f3a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\14480

Filesize
6KB

MD5
6051e73d4f410dd3ef60b5c10bb7297b

SHA1
e600183e585d28aa609e61da62326f779e40921d

SHA256
d4baa9126047e2e999a89981202e47030326968773407c562d95898ef52edaae

SHA512
04d4619618d4d626704d6041287fefe802b34f5285c6481683952f4d443d68ec365299b588e634727f6c5d138ecf63430f8b9d0a1574fd7abd2ece5dd9a96917

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\1648

Filesize
6KB

MD5
64f7aa9e1a18c50996691805ba2cb593

SHA1
97852591b0250232b301fdcf299be308229bbb97

SHA256
9b392716662011e58b88d58913d930e8b581982d69c709e0dcaaed1e456473f2

SHA512
c6c411f7d8690c6dc20ab4d7e6a0de39f4a25822af3b48216de95db04272069b0e108b2caf091682e0e59a1496a43d695051779c6697003bcf80842bc6bf9e03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\1779

Filesize
167KB

MD5
712d15bb163377ec3f7e98df162a3c0a

SHA1
ce5c249ebb25fd4b7ce2e9c1f4cc9b9a63b6831f

SHA256
b933acf2d503e8797cf55cb1f325f3161764d72105d0b118f11cc47371fc719a

SHA512
be0f7e9250d3e1c2c2863820a3ade55fdd805a8b94e7694bb1364d9854939abecd8f682f7a10b198a9daf8e850dac27d4c38cbe1ef5fad16615e1e763c88f67e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\18052

Filesize
6KB

MD5
d53226c7f9d7a28b654622db78e3ee4b

SHA1
720c952c929063f7f8b6e7fc7cd3c29c59025e9b

SHA256
1ffbd0d0ed4f73f04ee242eb98d3e3fcb22a3ba624132a53f5e084682bd859e8

SHA512
90703098d7fa8d41768ac17f6112a56508b5816724c96222ea8e7d8478acd07fa29212e3f3c9a4565e3c12f2538c86b1d8cce02b4bb0951258d87542c26e335d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\18648

Filesize
7KB

MD5
5a48d5cd78473cf9d62ed2f20a841e8f

SHA1
bd18cc6ed53718e33eaeb8c634c12a3693011a25

SHA256
16c4d747cd6e8f359daed2b8a3347e631c1f5a6c9bf00d4564b030f751209c26

SHA512
11b477aa0d51be510788ae5d7d291247fd6ab7b1c7a265bc5bbad448b7cd72db79c6e38f04be4b71607d76c8d6ae7d3cbae6501bad0696e395dc6522acc3d384

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\19342

Filesize
10KB

MD5
680b80034edc20a2ce33c807efc026db

SHA1
6e25079db0361f4b9119b67ec4e49cc506a1be43

SHA256
06765b63e4cd0ff4664d3b62eebe7c3b6560db26b645f7b5329a7190b5aa7ca9

SHA512
5ebe32a1154ce9084686b56624f590137c0095f3897b7f9d4e2c0fed4be6303724bbdab40b66424ca11440c7fa93929c5cb841e625f0c885741a987fed49403e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\20485

Filesize
9KB

MD5
ca775169322b3e3db9adb2b3142cd02a

SHA1
ae4624b468a6b6a269167357d9a07d24d7b9cffa

SHA256
aa3de61e88b38629ea459cfeb2a50b2b8aacb968d2f662be3b7c638e33cbcd3e

SHA512
94171fa567775ff2305f730a0e8b975add6202098cba9c961b66fcb466e5ef22965e9092c0567a3dd5dac59e33721050fc45be7b5922803a34d67f0434d68eb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\2096

Filesize
7KB

MD5
19e72de0964f535ab9b324be708cc0c8

SHA1
921b58472f7c265f9b88611ba427583c91628a11

SHA256
089e91551b0232ae203200c9f3e3a3337265ff9f71354d360f760cadd071fdda

SHA512
e13b60f1be87c330bdf24fa14e59e9ec3a59d9bbe7f3d3ccee80b6ba629eb87a07a18b4effc7573f3e2d85d47bd7b9dcdd4b8c28222ece88120a303e46fe9477

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\21271

Filesize
6KB

MD5
830c6276ab76b5af89d4d36ae0cb1ca2

SHA1
984d30c08cab5a322d9800a5088cfbffc9d39ac8

SHA256
de4c97a22df760573cd5ebf98aefafcf0b7662643658f7147f61ec5e4265b33a

SHA512
a7c2e5582d6c1297c353f828276f0165821758bb5bd508ebed7812423f0f49e47e26c80ce538b144fa7291008a80fd80a9ad3efc35f8121c3cdf68c4b1744f4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\21620

Filesize
8KB

MD5
0c083592fc29ba2cdf5836bf2a7e6fed

SHA1
e232d56c5c775b6a6dcea05e3dbf551924085311

SHA256
c6dd250e4a5aa78f33351cef8e49ee0708691afa524a896dd5051d3351c5d794

SHA512
d85d6f017f5e2a158fcb6033583f711809601431a507507779990d2dfcbc4fe62da4a42fa2143ee45ad37742d6437293cc7fa453a368d0bbbd777a324f3c1777

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\21630

Filesize
9KB

MD5
642bce4fddd9a21490a17afbf7fb8982

SHA1
5e66c5d98e076402d4ef51779df7a3f472cc20cb

SHA256
51e8abf3630c97e17f964afe5b07be9f0510d8b2c09a894e375dc718f4509ce6

SHA512
4a86a2b757e3e6dbe780397a3ac85b2a14b2895f77e25d0032d970e285ed9d5e259419e4843cebb2b8bd096ddc80989f45d87142d72561d567dd4296b471d176

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\22116

Filesize
6KB

MD5
3d18c512a0469ae44764ab912761e806

SHA1
8988c33e633de89ee2ac37680c073c5e824336a7

SHA256
c2c8b2a5fa6b5e3d6794351e63adfa924d1c7983a038614faf450d5ca1d36c7b

SHA512
766fa4b302886470b539fa7139f115eb65f1c1a776d91edb099fe3de3e10761ad3dfda8d7dcb130116a64eded6a26126f417828e091e91052fb31a52e1e442e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\23067

Filesize
6KB

MD5
920c4d2ca78c7c5b9c95d21b6931ddff

SHA1
89d45b72ca789d53f5b98a104680e64d6a619db4

SHA256
c80e9c4ef0a3088baaec7d08ff33123b3741cde7b02e6200c86f79af9175d4cd

SHA512
b6add601b70eaf5328d798e08d8c4d96ae552dfb0746a3f75eecfa55d2bb9893aeb8d3ba8c2acc92737e56a49cc74129f73f2051b8030a2f39c1e1bdc5649313

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\23121

Filesize
6KB

MD5
127eb85c318b959dcc573d726d878ab8

SHA1
c032e68bb840de1ec0bd2153ff1a96360d735554

SHA256
1eb4020dc338ab1da8d329d61eb3d8b843aed66ad9647d91c2582c3a7442af82

SHA512
0c5be384595d14b50e7f6ef099313a976269e00555a719deac3dde4bf87209e233a2438fb506906d821db7e5d8cf7fa33d7d53f5239c1f506a9b9385f8d1d543

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\23381

Filesize
6KB

MD5
e8ea4a3149f6a74ed28c62bd5f6c5d46

SHA1
741db47513f16f3221b268ade78b8185a0dff211

SHA256
3468e9d940bfa614d63f1df9a0a6e7b3130f62c45b721e5f19adb12fe7900755

SHA512
1c44308af65bd3b9e32cf65eda53e001983b82dd0e21d1b2f4af02841ba69f581928c6d24280197ac6c16d720015db2f893e6cac8c4fecab520c7609b17af052

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\23916

Filesize
5KB

MD5
e1cf05d7506d1b00596a865b04ba5dac

SHA1
76d7fc514f521357747b10532f02ae056659a74a

SHA256
243ed7fb1e14f03308ba369624fdd5c67970f958d39325596dbdb1abf807ac73

SHA512
e36008f04ce8487f23c0ba4b1cd4e983521969198f4a7893570dc87081cf3ffeac3ddbbd0d10161c580d659769cb4b48e1a5c4774c465b6567c81256f7906ca2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\24210

Filesize
6KB

MD5
116b5ea7fffba197d5e22db53ff31c51

SHA1
7c2b260670b02819ad72515e8205ec4105b424b9

SHA256
d4f4a60f67e010fdc4f30fe426a2249975b8d75e95f9bff300476d6ace30eb26

SHA512
a745248079c381ab7b3e9573b07bc5ebd6bd7ecfbd8ad4329ddfa2c05afd9d40525a1bc34a56a9e362e4b1061d1820bfc2c61895737662e52393b0d25152ed93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\24538

Filesize
9KB

MD5
7984008e5b09478a48eec0262ad86857

SHA1
0cfc44ff9cfeb6f9d4f101dfc6099f1a264c85ed

SHA256
775d0094b1a16e2fde9b66867bb6ea886ddf7a3b056c3edd34de8868b63b76d7

SHA512
86f64fd0e998748e6926ac836d74d8f89e6f25a27ef726240e61d73e5e1c52d5d185ef19d7241d445d3928d1faf671979a909238f4936c9a37f2059910262683

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\25701

Filesize
7KB

MD5
da3d75faaaa28a0a8742fa072841c766

SHA1
0c67e1f6b0c888c0a54c8b067de1a4abbc83b371

SHA256
919f097ada6d89eb7200b098c917842c852f8dcd01611d2605922ef3087e5fff

SHA512
da9d423c16510ec655f349121506f8eea5d605b55a8b462ea506f00d1ccc260448ed454b21cfb4b7e49b64c9c2915edded101097dbbb98c5c73107e0d2da9413

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\25876

Filesize
8KB

MD5
b475ca0bac81c99cfe89025769ad0c57

SHA1
bddb243a484944eaf62eae57b761f6f63cc8fa71

SHA256
6418b6d77d4ae8906c1f831c832eb70179d05a8a7696822096367d3c48c42d0b

SHA512
ce494f4eab883f76e98170ac0310951389d234a489cc29b9928d936eda004ecf97f18e69837417833cdb6d6e5953f6a20b08eae779c54fd3f6f6767cbc944a27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\27017

Filesize
8KB

MD5
b82cfc4d3f1fac3205d75cdcc912474e

SHA1
31551c75a8ea95371ccb306236e7cc23a3d55adc

SHA256
77e7a14962393419b2d7b4a09bf24b2e4e559c52c3e55f3fdd532a4f42188e96

SHA512
ccec43994027d9335d353a49a337532abf66a33b93bc988c037f8bcc9ce62522858fa38684979ee11eb0b04632a75b75e80663561a7978686fc3ddd6a40d4016

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\28201

Filesize
6KB

MD5
96397d3bfe7bbd6acf510c900ac7e07b

SHA1
32962929a88281748a4ef14856a0682119f96f4c

SHA256
784fd49b2daf71af7b9a6141fc50090356099572ba921161669a8ef5d4ec2a45

SHA512
4cac916a513fb8593fd8c9aa3874236f29227a57ffa0d43d9da9bc3106d07320fabd8018a4cf0dc8c0ff04d82d6c4dc12b85e55af9ebd67417c8089deb119a2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\28603

Filesize
6KB

MD5
d38ee277e32b09a4984c93aadba0f113

SHA1
af3277414bd11fcfd42e33c0f01669d17e2e4c39

SHA256
b8d18cbda628edc8fa961a551aeaff0b550ea8b8851df48b53f766e80f186bcd

SHA512
4e538c0f856937850e846b98e24157204f07080a46dff6237f883d20d2f31c463e5e72f1117b638e2724110ff282bb0daf2026e3bd55873892fc8b7da4a31fd5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\29229

Filesize
9KB

MD5
ea23eb9cca9cd336d7e899cf38008a46

SHA1
c561bc4b7448522218d1fd6338ad724c935bce3d

SHA256
a5ec24bb54cf051dc9b3c24eb4ad89f4816bcb5ef2af9ffd395ab1fa504f83c9

SHA512
b89f0b3581178f56f992544fb74bd05eb4a1477c1bcca8d46b6d1536e7d3641f43b6bb0daf635b7dbe7f394f9cc76f823840e64053fa7cee63de7bb8578007fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\29839

Filesize
6KB

MD5
cd155d1694380eae7bb130d92495e0cd

SHA1
5f5412652629f52d646a5ccb8464115006584040

SHA256
b2f57f21d2317bf8481969e86c3885ed7f7f950858188e36f42f2da8442810c0

SHA512
9369a77c5b309f8c9266762d1dc97a712cfaa83f563ca9734c6e708b3381edbad1da879d457f911335be15e0080ae0eae85f003a8ca7303c7d1b73106113ec3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\30241

Filesize
690KB

MD5
65bb0da0b9381ac3905ac07af189679d

SHA1
03ea5e16b01abaf4a4cf0fa8bb164a148b4ceafa

SHA256
6bd7e06d3a815e6066aa8470aa32f9a4407aadd9a1f5f7807a3464d11d0f3e37

SHA512
ab09a70dde51112badae6dc9a4aa01d2234f130950907f6e1aac3ef1b203246aac73ff4c6ad624f6d2c595e23c37c31d40cdf7be588cd91bc9975c1c4348d9d7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\30454

Filesize
6KB

MD5
106ae3e7df42256aebf558b172d338e6

SHA1
eb02de42a9a448b728a4cc96075e8b425d83c7b4

SHA256
bff921a5f09105fc54e6fea8bf7192c2e8beeb5b3b0f35ff17f79e4bb4411acb

SHA512
16f4ad505bab5e2408f45202692dead3230aedd25fd1f759b56edc52c1c6e7204277dbc6439bf44385e2a29ef93208e5f790d6ecf14dc395ad0fc14562a8f19e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31008

Filesize
6KB

MD5
e2bfef5d8a4fbe9366281f498a79a48b

SHA1
f5d8b691897f3081e3c119ebd1c921bad75877c4

SHA256
140085c8af73e465db9e0373df6f342fa85cbbdb208b0883dd062957164a180b

SHA512
56ec3b17bdb3f8d01d2f3a0bd4f4c032de3f65dd722a06ece98bb1d0efdf337f22b87210fbd930690edcc97605c52f8e11a4086147c1e22a42495e51f82ba2e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31359

Filesize
6KB

MD5
dc539d0767da592fccf182d8d5f1b8d6

SHA1
95ababcf436d2474022ce8b9f579c7fbc8d38f80

SHA256
ac7339ab371dce0faa3cbf26115c9706d877e28c155f17ca0c6f2cf5bd88d24c

SHA512
4e891c8cde6e09d6b273f91c682e01a3b6c3febe9efe6da5a5b5415b88ffc80e01a37fb000c7d00a9023398d74a9d4294c752dbe086f0e8b4c392ee332a1ec88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31400

Filesize
6KB

MD5
9c3ccd921c4e38e545172840f3950388

SHA1
23b1664152e9486d59a7e45949a513b5a4022bb1

SHA256
d26eab848d33b9e8594af3203eebdd7a8fe0da27b240e079c672f05c5d487be4

SHA512
a574a4991cabed6a55ad94fcc6ddcc5e9d11e20e97642e571b97f1ff696fbc4d32ad0c512f1200bfad2bb40999224b884b3dd5567341df6d5f177f2330f7afc8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31623

Filesize
6KB

MD5
65900a11df0d9d43e7f6a53807f27e99

SHA1
36b7e7d62c09e3d8bccde80f9e699c0e80baba74

SHA256
f202ad9c9dee6003c86f8804909e087a2e1d4a7bf21faaad741b24ce3c0177bc

SHA512
6966f2ca5f2e07327516efac4eafd771fa37073441e4115fd80fdfabf1946757afeb04a818dbd971add474c9e5277ced24d997b2beabd3d3c03f5999dabb7229

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31640

Filesize
6KB

MD5
3ca2044b1691713835d5eb88b5d06f16

SHA1
3aaa166c66e2e6d67d72a8edb9d4b3ee9b703ffd

SHA256
082f786de171ef88d6885e34e19001cd2c51a05fc35a42907333bfaf9a8f5000

SHA512
47bca33376ce797f296de328001bf57c005ba31841123ee9e362bb249200c2dc8d9e71223a170a818f30ade721b4569f23fa18fc8a48280a9e0a3ae127b0a1f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31676

Filesize
9KB

MD5
b1d916b8f4b138dd161a451b3577da89

SHA1
a052d52fd58e6ace221045131184365268b9dde9

SHA256
7e9af6a7e046eddac4b85512b21855232eb9dea177e0ff7b751934064fbe12b9

SHA512
cd70f7cedc3231dac87938e9c492bf861070a6addded5c5a403efa586c8dedff453b9566ed4f227222cbcb614f767583437b11cd6c03b0c7c95b8b3fa2d14426

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\31914

Filesize
20KB

MD5
8dfe42aa1faf141235fecdef4cc6646c

SHA1
99a935b62ce8b9895b676c736d57088e7653d344

SHA256
760b3f80c4f430b0e85621bf887dcfbbe2527775c73c0aa4edad5a184c42b689

SHA512
08ccfa1ce554991315917900b6b6bdc7df414c23285aa4ee979f781002a8a9aa924f4f17a2d2644e453cad6afd1fb4057bf0e5e7f7673f24c1b175e65e24fc3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\32404

Filesize
9KB

MD5
186c410184d1af3ad63f4d208e52fcce

SHA1
b176c5e4c90589f9264e991b06af6ebd000e010b

SHA256
a1fae8ced8c43cf73a3eb61b3b77267162a15744eecf1bb544664dfb1e1a2e2e

SHA512
80a3929c5571b5a7cb764ba74bf5c45999faac2681d7cf08d5cf07a6c7abde012abb67e5433e7a9a04a7bb8deed6585da6b89f8ab3b8cc034dc03ab5c8b72c74

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\4698

Filesize
6KB

MD5
ae9e31396b23e92e58ae929a3aa7bff0

SHA1
86db0a8269cf13666063406d4e131c5a7aed3e2d

SHA256
07e21c6b189758e87e9e41afe26c3700397f2c8f7758ed69dfa1865404336dd0

SHA512
bdec7714b135cb7573e85be16f7b8d7773f04272fe796e316c8ec4e6dd867e61fa8c7ddbdd944af6a39646ee0b6a5ef507ab1db4a0c39fe5a2b7b4121c74aedd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\4827

Filesize
6KB

MD5
6ae3a249f1b7c3ce9383627d82fb2190

SHA1
e9981929220e63198a8724c71bd8bca24ff5786b

SHA256
43b32a2dc42a16e324d18d42aff0e61eb4b8fd1fc1d388e886b00bcacd43ed41

SHA512
2ac9dcb40f470c42cfed32e989d4c2d8d2f52246cafe676ee5588b5e7501d55ba7ebf9717e93583266f7eec40323ef1022f41057bfc5690519a373bc85d6ea1a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\498

Filesize
9KB

MD5
d3e417944e69b9201eca3791aa1258fd

SHA1
4dacc1a56f2aac33678c7d5e7f6affec47bb6e3b

SHA256
24d9f8504fbc4a2cd3394bda425757d5b27cb01bac975f6c574c212b8c922b7a

SHA512
e5b64fe40e267bc8e80933a05fea44150b454c5c7103c33304ec37a10b205ca2191ca9b7a0f5361d5788bfda43b1215d224133e5f14f3e4228f5147dc238c142

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\6203

Filesize
6KB

MD5
d743b2af777db2d0f23f793ccca87273

SHA1
570438ae4be9e1df8c4afda4f5679247f4754274

SHA256
772fe4270a22e8e3c4ca8a68c2481cd478ef96c38fa4382cb558e072f53dca64

SHA512
65e8eef5b272963c7293277b0f6b0450e0440c5c405cdae52122bc547c8fe3fe76feb42c912dbc2bf367db4d8f122204012134a6a599a70a1e75a78d10832c5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\6280

Filesize
10KB

MD5
f9e8d633c798d360fc2ea067dd96534e

SHA1
9d5bddadd29e36c702420141f7ef92cac6d3b0fc

SHA256
ac1e9d16686e0d36dfd339ee80a7605caa6656676f74836075e72f7cf8162b26

SHA512
54f5b57bc1b4fc3ad9a04a09b161b6d2282c594aebcef34de732775a8c20d19c4d5a64847806fddcb322d04e01855a44c6ce255d09868d6992003ac95ef0339b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\6724

Filesize
6KB

MD5
460c6087d975e32bad453c189863b11c

SHA1
ad10b23d9f5dafde81055075a46684da474ba3b5

SHA256
04c234a56be52317d69acb181bccd1ac27acee56649ef910367e273cc4d9ac78

SHA512
6402eacf3c8ff21a098c2e72a1f39c422ea62f61f88dfe1004c42058ec68199bc2d1561179af540756bb36672d4f431df97e945c1534a52c11dd6e3fc3d4e85c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\7142

Filesize
7KB

MD5
6fc315092ea8cfaa46d9b2bec332c886

SHA1
15b40808d9d828355ebaa73f9133f33d6bc5c7b4

SHA256
c3ccb5a7b50a9ac565ffa62e7d5d6c578c1bc2e0507150207672f48698eff78d

SHA512
728be1102873cce3f58598da216c775dc51abb7aae1811a9494045621505e6228497e4595a4584cc8eaccc8235f7f76b6edd6e1e18da1fc1cfd7a90fa5ecee7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\7311

Filesize
9KB

MD5
84415f9a8ba28b3c64b906f63487b1e4

SHA1
cf807f5b6d8ec1c06605a489ee129b05393749f5

SHA256
2cd2118d21351e12f981dc0a1aa3f4296c4c94a445f2adcaf35d7d804652760c

SHA512
f6a4ee1d99609dd7f77d19d9ff0e1d685ea994072c1d38fb0f3759231871211bfaa9424254f0440124034bbd5c48a420a5f4e1f622e76dbcef220f9d7507f1ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\7423

Filesize
10KB

MD5
4b76bfde5f80b759cfc81406b76628e9

SHA1
eecee6a0dc8551baa342581fc6f2706fad4a2311

SHA256
b30bfe50e062cafd7961db7447cde9db8589a86df867ebf2b19e97524206b239

SHA512
4b2219919042edae1e5e429fe49e9aedf8971ca2a9443395d9250f6712a3f7bec5b45995bd545d82eb7c086aef9d214d1444af8a25e59609a2b85ae1657e28e4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\780

Filesize
10KB

MD5
cfe75e7d0f7abc7bed4f9f352caf9850

SHA1
ad732a13861c7e951f5c8f7db64b9ff8b054a1fa

SHA256
11c88d4430253822ff2f15f6c043bc76ff331b671d15ceef67336c0ba6c9a27d

SHA512
6ef3302d18048105d8038ecbbb6271c48126476a86eb313a87588154fdde4601cbaa8cb7f0bb16a7e3df63f72bcdcbe5f70cb26d3b218653414365a417f69451

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\7812

Filesize
6KB

MD5
d8b779fdd3a8b8321ff21077f09c8559

SHA1
3cbc4ec0bc603f113e0096edaaa03801dfd9e143

SHA256
2f6663be59286b51c5799a359ac97a37a5b610c0bd0a607f5e948c2af0b27132

SHA512
6b7c172d08d91b9e8efb86257f20807cf1ad835b43b0d4f381e044859c7f9469221d184ba5d806e8765661e25d25a823b6316621b87ab2f42dd4a1a35249fbb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\8414

Filesize
6KB

MD5
b514250b962aa9c814713a3350bc936e

SHA1
054533c5fef72646293c453c58b3b4e894081d5b

SHA256
c21da444442a6b491db67f1c3d57935a04e8f2d28278e3fbf563a82ab59923a7

SHA512
32a8bb9880a4d458fc3b1b33107e42d1ec9dc4688f380a80530e8d8303217d699580cc666a9f943080b5ef7133cb61e655a21e9fc6919497c9e6e35dc57d12b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\9644

Filesize
9KB

MD5
d61d06fee078b4c96d5cbb1963c1229a

SHA1
78883d477fba9a9bc5676ecf511ba94db4c9f5e8

SHA256
d6533679cadf4c55bea5145027122a2c3e64d975b0e949d9075ddcc04fd5f5a9

SHA512
89e9f34c8c04bb8d5f1e88d35909529a50b5d3917de8d5a161f3a572f8a258f08bff973fea4ba0205b61e962ed980d29fb3bfa9fdfb59844c719263fd90b5c62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\0CAA66E35D8DFE18F8A141FAFB4413E14BE46B27

Filesize
39KB

MD5
8a49518478992e70996cf6b67195c72c

SHA1
9039bf403e6cdb7039fd521b56ed7c0b6e5bbc56

SHA256
a25a27bb7aff804bfe4e99f1c0fdef4c28211b661c050ae2a6c2fa5d376f62e9

SHA512
6c81b11c12e399c276aa48ed1d5d6321674bab66667a074213aff979117a5f2e9efb10106ba5b2b8ebb5f5c922ba479c53511d7846175d2bc5320b96f2b4b426

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\1B138816602270A150B24B36E3EBF0AFB98DC184

Filesize
50KB

MD5
c4347528e90e5edc11c16c2a0e3ec1e7

SHA1
94cfdfd07e4ffec0d3eafa9c1ee2b35c0a3afba1

SHA256
7997a4a2d1b1c95b47cd3264e0f588c2d4472748b9c6f112d4bc64fee9f71eb9

SHA512
9e08d2c952c2c79f2871ae6d374632d1c6abc7bc1ff3782734cd6c78fa83acb0538e1cb2f2923de109f084aae923fd9513ec78dad1df09edd82c16efd2c84365

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\27779B0F8A83CF440F9A5A86E24224ECB74B9D74

Filesize
457KB

MD5
72da38b78db793cbec0f00bbbe22ab0a

SHA1
6712e09772185c355b70132b41c083ff19806068

SHA256
335636327f409e74403377694530b9f7757386827ffcac7bb6f4b933a390754f

SHA512
a0ff83e7019d0c33c9e5e5e637df010a3f6caf32dfe739e21fc81fa277cb658977a95f68654af0cd7673252d0b1ce6419550b1bf4057ae967c1729f80042cffc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\283210CC8FA94E228CA4E14C46A2AE88E3575E92

Filesize
42KB

MD5
15a17752124aaa62b89c1fbb3633a2aa

SHA1
e0b33aa9c68b2ae35171281d842641353692786e

SHA256
b6a5c6e9f0fc67127b5eea4c7ceabb59d8fc0a49301ddfc0a64d21efa57f5fdd

SHA512
c5f250c03d1026494a9cd4879742866cb3fe0148c7f43c3f9ea0ce088fd6ca885365d4b2cc9916c79030645871f9d922d9903167453b3124b9ad18ec18aa5830

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\28EF0FE23C1C533A643C7C63B4F44F0E2D3520EB

Filesize
44KB

MD5
946159c5190a21ee69b133824177e32c

SHA1
772b047ee1314d1b5a5642e35911c0b932647def

SHA256
016f09d14660e7eb3c9df3a5b7b02c0dcc90d93a30790858b2ab820ffa5f47ed

SHA512
df453ee6c91aef3c5feffe91c4a009c2eff840d8e641636a3e9221abd37efba2ec47444dbb29157cbf809610366f29a951f170396471004b75088455f42bb46e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\2CDD0343A6F7632902CD9DB975A138D332F79F93

Filesize
1.2MB

MD5
81f91791f0a3090105f64bbeffd9bd1c

SHA1
8b5803f841d78148650ada0c426b0eaad0c1b3c6

SHA256
181d76b6ec2f7e94432d604b67ca7107673c71b091aebf5a528f2038bd2ddc21

SHA512
82d36483361f034f34c8620cf73a60a3fa45567a6d6b25d2ff6c4f0898abefb31b7bc71e5fbc869014409ac7ae0cd7b1be4f8302bbb2b12f0905cd9dd4c8af93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\316A0B13D06AFBAA1428C7990EA6CADBF615CAFC

Filesize
118KB

MD5
ec11a8a7e38259739cc105a27b0ba3f2

SHA1
7403a279c833cd4ba94b463b010974a15978c10d

SHA256
a1d644451daba3e7c5cbf53a30df601532a79a9f1873476718634dbd016ade1f

SHA512
76f60a303893cb4bdc59aa40af957ed87dad893e65e3000e2a19879def4fe076595fc99838ce65c70873934120de5b39a311c66bbb4a95ddc0fe5a695d5a350e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\3629C07CC1E8CC4D7CEBD18220C3F122FD49C982

Filesize
51KB

MD5
1c3dc4b161da0981210779cff69e26b7

SHA1
6c40e7e7c4f6c4ff7f3e0fa41f00852310236687

SHA256
d91c036ebac03b656c900b6d3b826aaa07f7916ca576e7565c410331dd60ffbe

SHA512
d59a709989b365e22ec847f8bf192fdee732ebf6068da1cdea7687c86c6752508a4e59bd8d508233e2ed4d08bf4a277e4b4d72979729203abc8fd3216f6e9231

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\38F39B0B31E33F645C94BD40B7A67B5ED9C5C11B

Filesize
204KB

MD5
dbd1cd754b85cdb78c0151b1b256e514

SHA1
7ef21ab05fa72d73565b575b54f8c5c832687597

SHA256
0266f2c762b1b2496b7ed4521f2cb32248a8f45bae5e7639bde9b8d82de958d0

SHA512
b2775e46b790436f2a355092b36765026728d916e4f1291662e6207c36662976b4f35b065c3dbcdbcd74fd3ad84663f8678cc5e9365d50bd1abb12b70e8c3134

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\3D7C8BBA51D00F11D8DD4D7881EF4809F914C9A9

Filesize
23KB

MD5
56b6c428346550045c343fd67a9a13b7

SHA1
5108c4edd25899173d6b68ddfed6b846a714fe3f

SHA256
cf6bd7536818248314f5f237af2bd6e886bfec39e3d0d8d5c346d5953fc3035b

SHA512
45e51e782420c3652d5fa8d09c94dbc6ed628b1ee56a539ea819ded1baafb176d4142be87c9f37fed680786b7fd96aced433d1120a512a1e3bc6ed4283c28fb1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\404085704EEB7B8E548770473625320FA2E2571B

Filesize
458KB

MD5
2ec5aedd7a507e41b0c3edd8f6187967

SHA1
09245f94868cdc1edf30c7e537ca026736402fe3

SHA256
5706273c03bfcb8ceed9f9467b0157e228187b8f6c887ba813fb0a08572fbcec

SHA512
478ddea47e3c228f2edc5a03eb0595113f92172aa8e3ae229683cd9669fb10f20ce07f6e54ad793151741fd3022669f4e5953eb0d27fd70623681fc58de5ab75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\4410156B280AED933035ED2418187FF0A25EB860

Filesize
120KB

MD5
0e68f879bf7495d3f2fc7d37085cbdf3

SHA1
735f12b9bd101642a9601d82396998fd2b3561a9

SHA256
45b30d3005dae8bd7631de09e93647cdeee6a9ce36878b6af1e5ea03a86e414c

SHA512
7191b9fb4ccdda8df5f0eb602dc832a24cb8ac6f06af05417a82c3d3e1a8f0d5737aa2f7c06314602abe1a927652d9dd083aba90f37a4de39cbe8c6e6d22ca0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\59D2411177E2AC16AE309B35F5E8F555059950C2

Filesize
29KB

MD5
d514ad8b939424bdb8262b925eba02e6

SHA1
080f9e783b2fa7efa5dad496c74612fc46807baf

SHA256
d103b5e93e645694b2e72c729444e0ffd5d0c36c933ccfd6411b8c94275ab3d3

SHA512
843ee0eb9b2478b4c175a9e656d13836866e69d9d9a3bd38d79c0ba1a061c2e8c2ea98f25895013eb7ee699fd6eeb130689ecd0076df597f79f67259a132afdb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
d16bdd5f4d0053713852efbd5bfe8680

SHA1
5d2eab772a2e6f3987f42ecf3c2e4a952706b459

SHA256
20a0ce4e1c5104e2f1b716478a479aa22e61caf8f39889b93831d297d1d77cdd

SHA512
136d42273d6ce3c2d914ac272210321fab9d9447b6009dda5dd26b8a3ea448a3b974f2325261fd9e4422fefaae120fa22bdbe8c15c75edbd177fab1ea6345584

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\5E1BA8496761AB3CA5C5908A944A8F7574CA32FF

Filesize
54KB

MD5
1308b0ebfb680f908a3f94e7e6e46e4e

SHA1
1338801799cc68f951cacdb5ff46367d4c6cc755

SHA256
938c689c7e6be04b472c2351d2a9c6c7959e5a747b6a1bb6b67c191404fbea75

SHA512
581fde4677a436281f0074b7c17421eb717221728bdb271cdfb37e63c98e45ce6cdc2a1ba216bd38336db9408a2a0bef35dc205045b40a6c3ff4080972b4d48e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\6392094649FB363F17897042851BCA1B92B53DE0

Filesize
61KB

MD5
bfb0d094e863af5ce7536f620c72b3d6

SHA1
d4a650544558c0295914b66ebdeb0c312a1308f8

SHA256
3fcb4f86205680be4ecbdf4a96e1213c548a7d3b82d7d330d15ca7dbe393e502

SHA512
b9a1f664f4e2215c45e8ba49e7c170890477bdc81e33400b6e23c109e2f0d95dc8d9581000a61ccb7d904d295b504f5671e98531e950634e477deec0f7410dd9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\780602FC4687537C3CAAEAFAC6F243D879B1EA9B

Filesize
60KB

MD5
0937924122befd101e66a057891cd023

SHA1
cedb6e511571919e170fb2b1e60707e8968fc406

SHA256
9dcd48eb77f3beeea4f729dcc4009ee9cf19630df129beb60275434c1ececae4

SHA512
2f5a21aeeba77a834428ab489ec6a789def083b467b290ac35e3f2440972cc7fc39628466d6a3e110f638a3bbf499daf06120bbdf4de82e35eb6a7f165fa4b07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\7901C4F08D7B987514C5907B3AB913A43315E010

Filesize
26KB

MD5
39e332a139f6cf0a999f72f465f048b0

SHA1
ce81d18db845c1fc81eb88d662506c9d385d1cd6

SHA256
7c0d698304ddca5f9594feb449cc9a6983c9d62fbcdd56ca9cbc2357b7e24ba2

SHA512
c56542ad25f8703a513635393fa5d8aeab404f900dd7da69b09ab6cdd1463823d2c049e1175365aa60e333d6921042181eab577372d9948a9a7ed7e267fb32fa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\79124D727D841249F0650EB4FABF8024C61B73D2

Filesize
76KB

MD5
c248776eaf3c12f766d40cdf4bfec9e5

SHA1
8ea84e78fe60d996d2a7eb6bd294e36c8dd26325

SHA256
10e628f2939c66e956e1ad6228f719cbef80170adbe03fbab4df9e0d6889e555

SHA512
f3cb505a21f6d455087d1d23a4d91abcd5a581e8ebaf0f34549e17df7bc0a8cc00f65cbe729e01dfe622ff8cd49d50ed2c4ff3ff2c1d8b7bd916e03e4d624853

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\9820A04C9F7400106751A4218255253EC1E427B5

Filesize
966KB

MD5
931ee17ec7e060a9f33dc4af75336c89

SHA1
8506ea8723a440b4d504362a71ab775cebdf9073

SHA256
0d29eafd51713da5a087096fbcf084ab8fa2e69c3f8849dad7de0d041aca6b9f

SHA512
fa7c7f61f04bf9ae07da8ea2d3db9979953590da98fac526b1e70c928c44fef6e02d3f67a0d8f3fe617adbf16fba66ea9e23549b6cebd0be784f33b2087d09ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\98BC5DD09528E16B6F6642212A43CE75C54D9E05

Filesize
56KB

MD5
c224c26e8944f3ca887b3ec9e4f2121a

SHA1
c2c03defa2b8c68fbe5298b1868bd053f9ce1349

SHA256
614e51f1fd0882900f46c859d051e8f0a829a6f5946f531daf1e4a6670413af9

SHA512
3c5fc830aa167e8ddcf762bd4ef1a9b3701625bdff4acf3c9c817583fd14ea9f6dace668c5ac70753232dc342f4df86ec19c05f4c29fb0be1ee97d2bb30c3749

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\9E28FD23D351B2DFD76177DCD272DA50C4D5E471

Filesize
222KB

MD5
6c3999e85343a4b83baa955cedd59203

SHA1
cb7ba532b1b9db488844774e498453d684b8f0a0

SHA256
53ea38c44a9b089984ae06d32bd139b1d6f6c1c5bc35a3a047db35abd613b39b

SHA512
d083eeb5d16fddf1c7a737e41b921ab1c5a9962e206fff3ef9b26360ba92858fb772b8150558dccf1c340d82cb228dc9936fe01823e6e45e81987e1f8f251328

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\9E5843B5EA7251EA7BFF7FA41E7954F24CEE7A21

Filesize
1.2MB

MD5
be3b1789895d43d977775b39ddfcbb00

SHA1
57a517b32bcd7e0a44c26cc2aa093eff94e82915

SHA256
9c5cf3b1abf1905a4df2345eeadaaa70f147d66cf2861507df09be0243f8364d

SHA512
9550814d03c5bb5990f85e6110c8ce4cb8069e04d2c6cedc3323e6658b7c4bef53a944da491fc9139214fb6ff123d68abe71583c7e126e6cb84837c32fd897c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\9E831B1D789529F8AE6D7C008D4B2FF35302414F

Filesize
109KB

MD5
5bb6a331a0cb5ce324fabbcd6fed2f90

SHA1
b5c4d2b8aac15bea686469ba0583c4dfb0d25977

SHA256
d2130818695fb2c1512e95843a86adc4f95d5e8a61cbf5d85b560a1e1f857c77

SHA512
33772df05e3787cfda42b9c04407203e4ca0c82d511d9deab66607699f1d559d472ad8f1a923dc3b92226fcc598b78e0d625268ef8ef80b0851e7ff14d8faa56

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\A2DAC355874E44AC5E12D30C1B40C75D392C4439

Filesize
54KB

MD5
4c2222da05b74a21b804e10aa7e1f928

SHA1
18ff900fdf12dfc1259fb3c41f44edd54a5a1496

SHA256
cd442d2186242be3fe36e2bc8c525f45c2c2fd098f875013e5d09186b011fcd1

SHA512
a0963ec843f31b59a703725707dbf9f7432f2abe4004f81d0b2afae7d4e3e84a9b51185e617e454625227ffca464bd7655c4788a77a7f43d2eb27544511c0668

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\ABEE1CB8BC5BD57C2318554979139D8624C968B7

Filesize
124KB

MD5
f257d04fcf702c6ecf055af64c3ace7e

SHA1
2354826e5ab09e4e4bff6544921c55900f0e546d

SHA256
9b6476488cb09b6d30844f61f9ab7599ac9961c5002e41d9d0a9faf2f409df9a

SHA512
4b7b1cb399f304bb9fc412e509fd5337f95783ec7102c68bd5637bdc92b2a32e8be40091f3a9880fc0026a135b4f2735106afac0d3043be134e964f7e60dcc77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\B36F0ABEEEF4020A21CC15CE9F8CF844972365DD

Filesize
13KB

MD5
dfe3e60d79761c0ece02eb333b2b35fe

SHA1
f33b6c94ed0d303cb76aa78f61381afffe9a09e9

SHA256
f908d7ab32676f07a33c6d998a8c814db208500c1a5bea41808a38ec2b2a6472

SHA512
e88bbd5976c6252e2e4b7e72852e84312bd35d08f49933c5aa96139dec38004b2f8558839cb1c9d80d8db7ec79bee78baa8d133438a48f165ab6fd2c65f66d63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\BC23FEF4F198927418D6452FACA0130B3B169FD3

Filesize
1.0MB

MD5
d8533c31945612c97289216a484844f9

SHA1
3225512eff346e000ad1592906c980968551926e

SHA256
31c217653f19726aab8724ecacf73df6282f0fe6a5b4cc9337009d40e62b883c

SHA512
3def9ffd2e31574c758a1fdbb259937c642b04ba0668067d1152178b56bba2dd3b51510f61d84e45a8f7c189ac43d783d536cf64c6ae7d5e577b2b20b56f1ddf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\CF3923F55C1045C0419C4B0AFC0371B5AE17D65F

Filesize
31KB

MD5
6ba95b46adb926fd70a24d0509404cf7

SHA1
6617dc762ff47726f25b1d9bef0f5eb0abecc190

SHA256
7e6dfec3e744d595a6d40d36bd31ad1084b8d0deeebc1c2a5109d6880a9329dc

SHA512
3893845fbd9c1c3562f897c359cc676f04b87ab8bbc4f3735b45a1d57578904d3125143799fe11f8575992293f56083d6659abfe62a4b90a771891991b84bf59

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\D3C21CF890816D9CFCA43FDB2892F73A22F899B0

Filesize
22KB

MD5
bcf107cffaf6f2c7f94320ae2033b325

SHA1
09d84a85154dbd3d2eccf3f7d6e7a5a44654ddf6

SHA256
6043436384637b0952246a967f527354777fc872d149a38e96952ae84d97c09b

SHA512
a9b0d22d5cf9a3b8382e9c9b23f4b537fb207c0c618e01d0ccdbc30e2d45d150b37c23f52872745d449f4da3a458e223e96c4cfa30bcf3134d15ebe790a49e03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\E831F6D6DFD5134C0480BD67A78E4ADE0BD98546

Filesize
1.4MB

MD5
32a03fb462f2a9f7dc1913fec93672e7

SHA1
3adac417875fa022eecb72a11973464b4809c102

SHA256
15e9e4953225957a68e23f613399cdec191fce4275af539ef731df0f78e9e649

SHA512
31c1caa840310736a33feb6e2dec04cdb88084535616f4eaf198e536ddccba17bf07c8d0c9c5d3ab514a2b5e4da1ff8b616e529ca5319c86e0a5b125fe1f1be0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

Filesize
19KB

MD5
8184c2c5164d0b1aae19251f4593ada9

SHA1
abef2d896ae3e72d6c430ee8fdbadb99d9c6eb70

SHA256
3f63790c518647aec3d1c12f1878ea81c5d0c9afdc6b7ada3a65f5200601cebb

SHA512
f49e06940d1351315707e98bc4746a169f07b5c8d8170bd106a1e4858b456bf65629b3d643ccf6f7651e88bd80a57147ff2b7931618a0b538e330c8fbe9758b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\jumpListCache\ve7KGva1KZ8G77K06DEqrg==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\thumbnails\10f9618fe3e60df10c58e12129c2101e.png

Filesize
39KB

MD5
7773a84a297bed19fde5d1a958e27b3d

SHA1
ce3b782a3169d8b11ac4504975c103c93d90012a

SHA256
8bb9c7253ec4156b17a5ac6cb19e36000c4e30ae67cf4d11dcfbf1ddfabad8c6

SHA512
1d704bf7751284ea409ff7dc8e5cf3826e4ce5a7a487683b568f2956738791918c3ea0bf337bdc001fa32757f004c4e37cf863947038c34870aa6df728fdc483

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\thumbnails\55f9b993ab2736c811733b55af6ad778.png

Filesize
1KB

MD5
a4e3dec615867334fc01bb2b71796edb

SHA1
6ca3970f02d7ab704f5b82849c2f9163a9bdb9e1

SHA256
5fa0608bb3291da5006676cc5880c90c3d591c29e0f96ffad8a35cc961522560

SHA512
ff4192657fc611ae0938c3962a541eac877a66d372924a8df62aa8e99f6be4431c6b706df232aff96269746a448fa8a23e7d1c8a9d809d74782baa78a0af62e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\thumbnails\d8e09607710b59b8b749078c5b3fbf80.png

Filesize
7KB

MD5
c025a0e0fc41a8c27ef9b8d012fdbf12

SHA1
a0c979e37bfc7b2d658f9bdd5515a43edd9d2922

SHA256
089a27e50bbf4d92e132ad7a91d25921e0e52a582100e3e2c504b1bab9de8496

SHA512
5a8774aed2782578a897a6479e51412891922dae6321400eb1a60c8d6eb7c18ebc24cbad3affe6355bdc48f26785098ef9e38779d3d897a97b0ae625ed2deaec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YDU94X73\www.roblox[1].xml

Filesize
415B

MD5
c6cd6907ad5596cf1b9ffa28c0ccb8d8

SHA1
019c81041f3aff6fb5a8b2b178f4ace4c80bf021

SHA256
4dc71f545d8e7e537169308408a0e97ee556499370fccc7c9878d1674bc02c7c

SHA512
56a6961cf13deb81c50e5c6896129804fc997a23fd16c32dfb9f7772e41006cfff08d7099eb2aa3696fbf51e663937061ab795edaf3e9bfbb6290b20f43bc4cf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YDU94X73\www.roblox[1].xml

Filesize
298B

MD5
8eaba2900ed427e2f9f65a46f6e60810

SHA1
fed289bc34b0ff538e5432be1774cfb0233b7076

SHA256
dbe96d270a341d410246eef96ac216259e457da5c71aa0b819502e350cfa1c16

SHA512
c0929b0fdba2bd4ff8b21d46447981be69277a1feb74e79f3f135656d80fc27f99694d8e53b103b719360046e0cf2f61518d8391b0028436801237b682835a73

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YDU94X73\www.roblox[1].xml

Filesize
382B

MD5
4b7d9db28ec308f09f1c2fd7a351abde

SHA1
07da14ceb9983823a1b5a6381c9acc9021bfc558

SHA256
7f44dfa8bd04d0f708eede17a796f82bc924e3bc3ca6f7e553bdf1392ca3587b

SHA512
d664abca1b4355bf4f53739000875e20a2672a15eba0681577e6e9a104d142c1e9be300cf94fd8d76f02ab4524c3fb3191d1e01632da71411f26ba1c7adb67ab

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YDU94X73\www.roblox[1].xml

Filesize
102B

MD5
36969b9f3986beaf02ac488d3a96cc17

SHA1
31a689fc653490157b30c0741bc1be9ce56c9b3d

SHA256
3cd8ce457fe17cdb6e5d2ade05f7ac77095a5b7e6f6e047c7a141fbf2071837b

SHA512
0589a91c1d00dd3e30e80632ad8f489faf9a8a19ed0c7e3b1dea2bb3befef0bfca9b14613580284680210c00feacbaa1a23ec39036a8f499d0cc261be6d938d0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\YDU94X73\www.roblox[1].xml

Filesize
184B

MD5
923c86e8e13b8213e0641dba3fa1d38f

SHA1
332cf714e608e68ef627785023501f4c5f83db72

SHA256
e9812be651786426fba57aa81d181bb372f0983ff312816612774135749b27e2

SHA512
29a85d1dce259543c55db1be3597cbc44d291861ab5ef287fad74e20bf1e93cf14fc3e5d790395e46aa6870ac0fa0678a0e795ae6cc9ce43a78db63d6af13e10

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\6P19M6DW\7bba321f4d8328683d6e59487ce514eb[1].ico

Filesize
4KB

MD5
7bba321f4d8328683d6e59487ce514eb

SHA1
ae0edd3d76e39c564740b30e4fe605b4cd50ad48

SHA256
68984ffee2a03c1cdb6296fd383d64cc2c75e13471221a4bcb4d93fcfa8dab54

SHA512
ed6a932f8818d5340e2e2c09dcc61693e9f9032c7201e05a0ce21c6c521b4ac7dd9204affbbfffd3bcebbebe88337fbd32091eaa1e35469b861834f2523c800d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF3BC047D001F5F63B.TMP

Filesize
20KB

MD5
d17aaba60028acd918e126aa8773e2e0

SHA1
5d70dbec0dcb30d38e213036cdaea3810617748d

SHA256
4b19f2f124ef95e106c001c41d5b89c8b7a6501b4a0da3fbaec438d4de819060

SHA512
b701633588a21e5650efc576cea6c735418be20164af204a99c8df1cec31fa5d2c53e419b945e9b7e0479bce9eb5a00f49474d4556254fc7c1a7eba5541841e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\626b2452-90c0-4e00-822e-1f3716c381db\AgileDotNetRT64.dll

Filesize
3.1MB

MD5
541ddedd68b48fdd51e7fc885cf361b4

SHA1
bd3b5e3d4b627d142fdf4a173850fd94fd7a9598

SHA256
1cf5d2d5c8a4c3d55eafc723e5507eaac147d5c7b5bb6ec095fd85a79e5895d4

SHA512
40dd6c94e67693c5c1012fe693e2d717f0c9a5683575fb433bbeffed15fbc3be30ee1098ceedfc3cc931eb4d920db9860d31450973e81e7d9344ef38d81b3497

Download Submit
C:\Users\Admin\AppData\Local\Temp\KnowBe4 Rns Simulator_20240821174920_000_AppMSI.log

Filesize
1KB

MD5
f316aa29d4fd3b33c0c72b04142648ec

SHA1
5b3a3df45e840652406fd9b771f51c884afb0503

SHA256
02354072bc41e0431c2c61850a7090babf384a5c427fbcb6a7c5343a42d239e2

SHA512
0011cdd85dab690d802ac1e013c8b4ce3a382c8b155452da38c17d30466f2649f6aa111f72a5dd8ae25ec1c0352f2f6dac33062c07b57721045bd58ff17d84d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mate.Assets.ZipAnima.mp4

Filesize
146KB

MD5
1c1ea327ac5318f622523dc8668c1f0e

SHA1
7f660fefd4bb1fd050c36e1f6de2cf789c372a97

SHA256
4ac24f78ffe5cf18d675e99b774ec2b51b8f47e9a87195b6f7df7aa6207b3f00

SHA512
674ffd4e54da114e0860219473e020c7874b225c43787a57f97c2b5766425a3e99aadd83e1fd2edcc10465bc04e443e74961263ed54bc02fa50f8c14318d5c9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
b62f2b3890ba99adfe31b05cb9360d11

SHA1
c7924b83d68d4bbb53d0a204bff5717f121de16b

SHA256
03f5f25510926629b7fcd1057bb78f406888c8152f861ee6738ee5d2d83fe1fc

SHA512
f01dfd5e6962a6e8a0f34f1628bd52e13d55d99f46f33b819cbe1299cdd9ddf966a60c0bf6a804856366242c931955d1ff8c01a5d6edda03a17654b5771fe445

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b62de66423581e36d2e9e28b2b00037e

SHA1
a8a25d337cb40daae22e93013fdc3618e11f2b80

SHA256
0b25dec6c9de5a907b6a9dcbcd6d61f62994f9be04aaad5fb487691b949acdcf

SHA512
497869bfc7a765c84e8052d4a1fff6f24f4ba1c6cdb6dda0685dd543a50d1915bdea60ab58e1e42ac11994eb0c25652b1fac153f6db82c71e102f83b35e2acc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
17KB

MD5
3eb065abdfdb09ca7de218d03bee5c13

SHA1
0d2c69c8182ac0950085567f7f72ac65825cfafa

SHA256
c334c1c89ce72c1b15107ad921b83ab89f98301697d6ef751ae826cdab2e773f

SHA512
af747128be67eebb54b5d31c8f89133556fb96ffa96f24aaee36922969638fa147395306acafad57931d295def723dd196fa790747d23a1c5b6f58bdbaba9d87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
21KB

MD5
1d6016c9432b96961aead5e8e29bbc8f

SHA1
e2ec9e66a5e1ab8c57a2acea6fc1d1fd5058aea5

SHA256
604ebc33f84fbeb82fb77674664ff59cc801c087e165aa3e21348b8c3c6b58e7

SHA512
92bc8e09ae40f705b924adcb94d82cfb4add9e3be16e35f19d1c4f06194238d00cde1e05a6249d5718a58538eec4ed75389826809abd4204b16bfef4369e2b5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\15c78f96-9b02-46ac-b352-077c02b7466d

Filesize
1KB

MD5
363a34f4ec78043c701ab6cbe6ba2d84

SHA1
171ef633b7cffe3be62498cd2068a4f09fdf93f7

SHA256
c67c8bbf873abcdefc66cf03e1bdedad76a6f038fe56a1262c95234e85ab8737

SHA512
88f250a324ef541154155d43947169ef103206a89371dfe7d1354df39a35399fcd8f3043fd72721b8a73b35924bf6984cade7d32462baeab45a13770d51ee242

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\4c6ce3bd-6e9e-4c61-b0da-3a92ecdfc54a

Filesize
746B

MD5
760930d16d47e988140f5d171a56d01b

SHA1
b001fd4b75855adc246c8b44bbc67cd383b26896

SHA256
316b712d7422415df40e07e35b4a6d67eb99868dd56f1daa04e7673b7e216764

SHA512
d062a4dedb0be7da9de0cbf30129ea4a0b7be28c196eefa3df35c1cbfe82d5e6750be143968c460b79d1078c63d47f5f7af34b53b1cce822ea99be84c4a2926b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\8006f395-1b87-4222-aed7-026ed9eb0b05

Filesize
3KB

MD5
aa6bb04e8485f76280bd3e32d17135ea

SHA1
46831d942ca9ccea915a823629e474c84c2004b7

SHA256
583193538a417ad57ce5459de33529280168963e2f4d3641bdd72da06879146f

SHA512
3dea66eb057c86096ed8c259e5ad9ed2e7108c8247cfd3f6ea4ac2a8651f4d5dc8be31a6732cb31a7da20c9538c725828eb3c308d30e3f109aa19a9e4a279574

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\af9c01ed-cabc-46fe-87c7-623a7a3ccf29

Filesize
856B

MD5
7221ea46299dbf184cd2fbc7bbc14ab2

SHA1
200e15fba80351586e587db749eb551103cf6f3f

SHA256
79d3e5bc4c7c1cb97a4486912957d6cf98a6f103ce76c524ad72f4770239f551

SHA512
473bd40586b4e193e60285ca9690d0f5aff4246ddff2bb3c60053a28ef0a0aa64bcfd0464206bc2478c79f13f826b77f39c92c7c1dc0cde73c385a02df7821b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\dc30d508-2b60-4aab-8249-ef1d4be2995c

Filesize
774B

MD5
eb929fee24f085e1af06dc9b56554efc

SHA1
a1507fe655a830839a0e1bcf3fda7bcb0ff05d76

SHA256
e2d89adf2d9e622d52deaed1505067839fb67f7068dfde381f58b55f4e74233a

SHA512
8733621f3ae088e54d1923e1bcc5014536f3e6ee975617b8dd4cc4d58631e83a5f3f7438d518109ecde9820b6f0b65b53ee1a7e4c088e91f9c82cbb7c9339665

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\efd3da0d-15da-4ca9-992a-79ac8c96cc1e

Filesize
10KB

MD5
283daa8a70286ec035dd3adf766bf528

SHA1
fa3ac2ed4d32ec70b4619ad892b41ae444016d25

SHA256
f82d0c07daae329fb454fb221e05241c43e19bfcd1f3fce7c31119e49083c09f

SHA512
0fc83ed0a361ff3eef6486acae6b7076f1dce954b218dc19c8185c1a0417f34f225a676c9c29b6e7d35dda265bd1500c150b07cb55ad9c1fe515fd9ad3c4e175

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
8KB

MD5
acd2637ad06e23e9fb0fd625e17167a7

SHA1
b21329b147006b5334386edbb4f4a51ee4cbd819

SHA256
05e79d89a2131357765cfa2c1f788840cee51c24f5b27b47c2d9b5e1f26195fb

SHA512
a8d1c930938f1bb23f762d4805445ac56ffb2c7060e4729463e26dad9330fea90413859ccfa7b6ec178632613186621087c155efefd83fd223a8126f0f1052ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
37836f4d146fc7ffcdda85ea67c1b815

SHA1
2bec9838c447eb0c254b788524f78482d4a23b32

SHA256
3081da307eee536a34354947c0e6c052a283c6af336069bcb964d929c67c4a2d

SHA512
17641de484fb911143d7d6006601a3550e21db86ca8bb155682a6a565eb5969e31725614fb474cca47aed20d9cd3c1754835f36b2e203dc6e2af1248ea3540d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
05a48550421f3a73d01d30de31f5affd

SHA1
03db1e709600f2647174669333831717d3e9bc64

SHA256
d98452e7f7aeeb8f7ccfca75b28e996c829b82aaaeac36101bb1b32b4638979b

SHA512
46d7951aa96c1e3671c3ae21e58e147008f1b5aa95f0189968914ad7e71b1f57fc7826feb2069ebc026f0863e832f996832d28cdfb24295460e7d9eec395b1a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
8908a3491090af2e7af531dfb0777ce7

SHA1
a9f0ac439b092ccc4b211c6e629e2a95871412cb

SHA256
816d02c999f0aed0fa5d8ca0629d576f2378ac213c368dab5276bd7244927b53

SHA512
1f433703637e74d363bf3d9f614ee0e65d565f4cf4757b684ca8e8741eef0697b79d5c15944f15f7e5351b4cf29b3519c10e71f2b1590c474787b3552f27d674

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
a345ae87c5f8e1acddfa1288b57fab84

SHA1
5ae90b2468abf2004f30f1c3098d24378e8ec835

SHA256
f4aa356235d4bc505c578a5f298db2986a91b5535439d96fe2487de6e933d168

SHA512
2e3f3e73f8d77e26d6df779a0bd62f3381aed71409ee629f0a8ebd91ab181c93ab2f480145eb49fd5719657c0f040bdea5830fbb4ab4b211b1daf44a298c86e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
82KB

MD5
1269453330280e07fb8e57aa4e1db78d

SHA1
38c49e02c0f04bbcdd2c749261c61f595bfdc508

SHA256
ecd537ae41c65484d3e1288522a7af2b5de8e632d675035657828d835906851d

SHA512
b5fc7952a8b089e88063518978643da402e5029688d696febf79c39e42db325514497df80ab331ac96a51b892760b9a362bce8db0a8a984d905977754d3aeda5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
0a22fdacc7660716c07631b31d701d9d

SHA1
8519c38bda81d0d73ed46626ff674b4b89056826

SHA256
2e4e529a87db948fe463c2ad4e658b19b4e51cac64f2e0c68a51a19806109bf0

SHA512
a58d35ca7c35fb9a7be46d3372c5844954e1888773794b038099ea2d952094439b892c8b24c94988b98a079bdd0532f98d23164ad60483f21478d1e14f0a2686

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1f723682c253a50cf79237b93ab979a6

SHA1
5f70cf787323e58d03e3a9f5a980594d19520558

SHA256
2f902fd191ef5572828d219a66e2f1b5fc16fe814100b42b531973905374dc60

SHA512
479f1d9afbc8acf0f564b44b773871790942d347d0a888ead448bb5de3936d6f0145efadb99c47657dbced1da94efa0cb613683042276f702c49651aa2faa81d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
83KB

MD5
2dfe9a8f83cfe0bcf6dea96c6bd7140b

SHA1
c84c5ffb75d7c0d1379a497e90748d83b3f4d23a

SHA256
428f1b59484e340e48869bd1e2048f92e7ff0ae47fff42010dae5d5d6bf2c418

SHA512
cf67f204e130a4b200b7c7438b236493cb18e7152fcee7b05dc91550704382c16ee5d972da2d401db53029655a1b87aa605a938c205d9bd178753374726de099

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ed62fee9277c69739d72f78cd4ab6cb6

SHA1
515e8ff5d17218fe60212a22ba00ee0b37649f7c

SHA256
45922eb4030ab5538c8e46064c466ee9736c33feb87941ed1f92ef51afa79b39

SHA512
a848dfb6185f403c7e5caf9b4d018fc0f74fb6d7adc5ea9648bd60158bfc7cffcff1f0328c36ddd92b2d1ba61a0bbeaa9f18445c2823970e82487df8543b418d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
07949045da3680fd0579faf181bf911c

SHA1
2995eab82284a602305a3fb82e381ed92a7156cd

SHA256
e6b5cd07b90120e1b1346e1a41159f6e2bcab6b914b30a138d398080c66fb274

SHA512
926a360e0a71f265fdc698cde6516abeca456af660d912484f56a77494ad53f2e71f9500c6470453d11ff178acf460cbec54801fa3bb0250cfb922dd394a6535

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
90KB

MD5
05ac52104a5ffebd053030245d5354d0

SHA1
b1ebfa12aa5559c583895bb2e1dee3e5c81950c3

SHA256
4cb44290bfac05d3ead35e82960bcd22e26b7191f3131896a5f1cdd2e78847e0

SHA512
37a5b7332cb30f2e477ccc468164fbabe1ad097ff32e84e6c88a2d1b245946ce3ac1182317b437f95b1e52d1d8f891763f8b5e40d0978978b2460f869aaff7fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0f4db8572a5ba50f206db183e9c445cd

SHA1
8aefc56effc333becacfb4b560545f876aebc610

SHA256
d866d48cfd80a2371d0989f6812b2daba1c7df673389199283fcbbe06d8a16f8

SHA512
83ae931a47d3cf094a8290d9d0a19c251b35772a8a35f7adc9c9c18cb44db999d0cf4fb948de063f30afe5212447f9da6ae3ca9f1585d55b88b43d9b36d53075

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
edba0b8abab7acf1d701020f8998bd34

SHA1
495eb6aac0c3edd062a4498a7c2097426346d561

SHA256
0e3955c51bd761596f89c0537774fc84c73f6e83259f1a8b2a916b226fc9d8fd

SHA512
3a0cc38929ac046e74c529bc2bb0206c8efffaacbc825cb052fa80ff7f9d9c044f041f279002a8e989527cf3b84fca186b35cc7c56992d58fb27639d290a9d58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
84KB

MD5
5c1c7713e463a410008ac433b6654cf3

SHA1
32356699f56d5ed10dd39afa1390092a998de596

SHA256
b3fa033aba5f09652d8d11f8558c7cce778c0fb6482f29ad7417b5547a3ef109

SHA512
1f32ce0d077f0e66014f23a2ea87b33599ff0f88667c5a6722b041bd1d829e049f3add8b1d13fde2db9cb10b563be4d5a7fb3a56eec337d958d2bb2780e109cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
adae19d089cc7c68616f58bc259d048e

SHA1
8f1891301bbd2ed2338f7815a91af81380544279

SHA256
a3a50eb8ac78d31f6f59cb233bdcaecc717510493fb027f62ea9017ce6a96ccd

SHA512
204cadaf979ce5e0c8c45d5dc55e6e26863e796c2ea8d33ff9e0c960469a50c66213916559b22dbb4fd42e3ac54647cc031599d4d2ff9bafe77a1ededfd1bf5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
c5929fdef222050ea82342a8ece69dd8

SHA1
0adba6c98749b94c3fff86645777eda2ca3e7785

SHA256
5b5d9483230213ce13c7e89a614da9007e67faafcc1e69a26ea8248fc1da8e58

SHA512
9aed14b134b1b9e3c5b9ce2e6c5135cfce85688208e65d10fde4fd0c9554a78fc1678ae0a306bf7647f846578565bcd6f2325f16dda518abfdc266b64625ae72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
84KB

MD5
a436d8b56855364d18383b7320ccca61

SHA1
fb616b5cd223df93c4a1a38c2607b5cea5a82745

SHA256
18f6db4d1fda98aecc140438e247b9e432ec57e1f6ee0de4fb357df21fc7ad38

SHA512
7677313d470afe70b2adff8f3b1251ba9f01171957bc886b705007a870cf02886b168a3602ecc1101366c0a9c2adc47316cc1be1bcc66712d200cd816580e1b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
30KB

MD5
f92f7a4c70ce01ec3a781f9ac35a21b4

SHA1
73543e4f286438565cd5e8d46284e5133960118e

SHA256
0089043fc3f4a72c1a99217e3e17dd4012e85e3f1d743628bed11ab3d4c3c1af

SHA512
0e977370f2859afb7f78caed0a5ac8d931c783ade2bafb31d9c56dd82e37668aeaef8f29c7882ffff3233d14760cebe8d1450c9926f73dc5434a7324dd9e4fb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
29KB

MD5
e2b3af8bb39e4ea148343c1c4814a730

SHA1
80c139cb893a3ef15e723a055e65d81ee2bf3378

SHA256
2e440c27e54d4fa47e5c88b81038f49959f4b8189bcef54a11f1ea05739ee592

SHA512
2928fa22aa27a47d07028a2a7ef0314d2f7a6e5d59e073aacb64e5621288a133ac4fc370a1daea9005796dfdd9251ca5a2d0ee29d3e58b88a631fa0f63b142dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
88KB

MD5
62a4a088caff1788f3ce948bbd83ba2f

SHA1
83b467a9bdc9efe212a28c4e93f6d00a1cd1bd98

SHA256
7662711028773cde759453e9b3c1cc8d423999824a7f894403f6c62f7ab4ebda

SHA512
a3061d335b9820d8ddb19c33b293c63ccaadb14629492c63f0078537cf3f977496d7299873a0a2d06923fa6fa4fd715236ca2afc92a7170b6c2a3c060967162e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
39KB

MD5
5596cc7675a28f7130555933a047db32

SHA1
47882ae34a8c92be1c0067eb505b2e380105c2df

SHA256
10775051890dc9cd21723e8f0922903ba31f9c07622f07659cc0172cac7b7312

SHA512
a281032dcc8dca289c3a5270b2f3976cc523ac463259dba2f9d77948f3c853300149a17636402d1159c6ce2cdae7d5493d60a3b5ed9492236e2e777d3daae8c3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
36KB

MD5
b3ad00b0df67479ac8a40d6eaf546f67

SHA1
3fb6eb48aa364bc84c3f3e1b82abc28b711c5759

SHA256
a59abf01aa2bc3736685da0c51bb4abd4e5d928cd91164497d681f251bb48630

SHA512
8fb2a7de34781992aed9fb48084da6034ff43a9f705a2d5ffed0ee79ca9a03c16d213284961f859338c87aa78e15dfa990260fe43117daf158c5ef83e06119f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
93KB

MD5
f3765701ea35b70022426f72c33d4e9f

SHA1
5d9582782b5f0b4f69c7cab52003b534f4f248e9

SHA256
06c120b75710054aedf8b9c1fccda4712dbd2be227aa53ee8998b9c327f06ef0

SHA512
9e5a5c67b10087cef47fc40aa6c3e28c31c56d26a94c635adcfb8c63344c798f683081bda248ba22b0790211f7865e168167b55c7e614a318f94906439bea34b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
27a1124c6c9699d59952bcfa1f566aac

SHA1
44812c88680b97c33758ee5d0ca4e4fe0ddd68e5

SHA256
c9dd5eba7ff954cc6f29c9819a80fdb863dc7db11dc702c0cc97ef0dfa4e994a

SHA512
2c4a51f51c90a1e945785b03afde516990dd3dc0261c159d66d1e33c6f9c68d9921e7018205b362e11f443a46332e6e57dc9d5f5be3236103d5fc343d89e057f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
37KB

MD5
8d3925c14de5a16d7410b405bbfe9707

SHA1
422a20b5ef1996a71c1e81851c4bc0e9904119d9

SHA256
ecaa95f82b0dde082251c52d0cdb089fd9adff38b7a84eaa3dd4fc056788d71a

SHA512
a34f9b6bcf46f25824f508b45c6e6c673a4ee4ccf388dd27e56c045f891d4fef9fbbabf70e3a08b602988c117b6c9af643635201b3360ba49acba7ea2aeefce2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
42KB

MD5
0290656795d179031c26b934f422bbfb

SHA1
775239b1a31578d82d3c30dd69d0250e5a0df028

SHA256
e1c47f27c40206c0b686c19ec9747f590ef2f53153ae82740a997b93bd458739

SHA512
cd551374dd2a09e31b61169553401a0c1f34f25d12e4bb16fbf28115e956810e4df9c66a0486229dd21b13a743c1db5f83811e44a9a0d40e69f91895284dd619

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
42KB

MD5
ce611bc29762be6417508ace4577fdb0

SHA1
1261a76f6e11c0d56036554c64e23ecc01575d59

SHA256
d48ee53fbb4cfaf110b623ae9bede03934d98aa428be993bfff6a3dff5e5210a

SHA512
133d68c09cf630494346812f0e84c462bb44aa71e7d405e327d50938dc5921863a954a89dfffaa8c7acb610d386b70ed42391930e318a4ad4ce9e1dbe612e4ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
46KB

MD5
76467deb2b56d329805f21e7e3cdd1ce

SHA1
55762ea2713785b764f4ac2ce0ba4d94ee528d72

SHA256
9502053a7df45011b331ac234e3ce4622a5e01604f680ed5609954ac261af24e

SHA512
d96e5a125d55cfe4bc846a40d80042b59cb4f49af73a157c4a49fcf0169c1329b3c168cf360f6ac78296183cb368e9069cad2f5e2ae2b674b75d34e5fb3e800b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
46KB

MD5
fd32dd01de60c73af24424bda750ed82

SHA1
9ebf430cf139ad65a32eb07416ee0e6a156dde61

SHA256
ff3c508d24059e233cd6d39186aa4971afba158c90f87ad955e9042f89f462fc

SHA512
5c8f78a3ff095b489127f869363fef6b6ca925dffd57dff68a56016fad6ed12e4bae6f79e5ebe4dd8593283953cb3f831bccc9bd177be102c3ae6918bd61a943

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
59KB

MD5
c916084a18d56238a6bf99a3584fd26c

SHA1
aa166545c59763b11608b74a83f0a98ec2de2360

SHA256
a03a62303575a58207a7d4e572c5c72b697607847360d9013b57d7e922ecf0f4

SHA512
46f0c8c1f76c6e80cb4e24dc8d6d103781d7d4c3c3717f424e48340e175a0923e61fee3d438bd22969b2725ffa4cdc534e1b88b5bf4ff22db205571c78722079

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
66KB

MD5
025e5be20e3e461f31a78e0554cf99cb

SHA1
fae1eaf73086cb9daf933d5fcb212e4ddec0b947

SHA256
f7de85fc95d6c661540d57ebb455fca4ddc621b2883a617fd5669d2a9e7fafaf

SHA512
da527a79152a5e6c381d739ef5c3652b7056aeb00d1d2cea085261e987a7cd4a9edbdceaccdf44e31be1c81a2749d0b48f7ef00ed0f6ad784ca5cfddcc1133bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
74KB

MD5
2eb183e4ee40c5498d1d0fa3cc63dab4

SHA1
ef847f3c54e4022c8e10c1a0b7033afc26b8003c

SHA256
1e300236cc1f54fb1036f35f4f1e1767d6fa095cb4ef7e3aa47438d8be5d52cd

SHA512
26cf44fbd8d157bc47cfd844f0bb70a6f8ad2f4501fddaa3306ffd1d20d9d71fe04a8eb3b0808d9d1b52821b536870e922f70b53206b74deaa2a43eefbe1a7b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
67KB

MD5
23152e166df9e6a12a15254cd2005ce8

SHA1
23ec72c094a204ace1adbca43174c21a689a33c7

SHA256
95d80c563b883153e459bb41ff2073290398b88e1dc692ec957f2e4eeea0d1c2

SHA512
487c1983ed46cf2798f7b644e8ee44ccdf3044f8b9d2c0382d1a13d61de36cd8a473190ded795b65654e275ce8653488859d84f3bc792ba26879ddbf737c5743

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
74KB

MD5
0418b232274f1e69fc3915c21d3a72c8

SHA1
c3ccef417ab58b583d9f18d0c76d20ac2c7c7874

SHA256
f9cd1e117e600dc5ea0a5d6596124efdb81d17383734b71a51dd3234f1179862

SHA512
709c4e6cdc9e53801fa99d273130bfa051685bc88e5684f3d359f3fa9ece01cb030645a77e92578820c41b9cd13b35909391fdc7ee310f0e7824d72d74ba8096

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
67KB

MD5
a05321ebc8313b304011dc57e5a04394

SHA1
46a58a4260ecbc2995f3641b965a7a4ed058479f

SHA256
2a8bcd1126f803a187154878b443c95108ca5dbe7e11ed281605feca931aa8f2

SHA512
ddcb7ef7e416272edcee738b4132f3b607b9bf4f7f836075929676e7243f50372b72f74212848b2c9ef912e3e6fb7400650bb1da04b9f25f7ee2c41b4208809d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
74KB

MD5
04e29d7aa504a85692e903aab16f9cee

SHA1
81ab8e321071c81b4b3cb603a06f1c96a7546fee

SHA256
a165836d7f8570f566c8ab6b9a2ad784f4f13cc929c276c1d1bc233f6458c311

SHA512
b596fbd35d704d603235b3e9193df8133ac1fe6214d0cd1b43ffdc997c4d47cce2204e7f2f05cb72357f3d205fb6f33275fb21628d60d1746742aaf5bbe19be4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
82KB

MD5
df00d09529fedf3e78aff6e29aa1c64b

SHA1
a4ec305982c68d3f56b9bf49051b30493d6c9208

SHA256
a2bc82533c1b3d519341530c5df79763966ea25b68693357db8ab2925f15b6cd

SHA512
ed0d3bab3e6e918d483333ccdb8568364a09bf2f236308c29d8dfaea10ea2a654d7287ae321493f0d785325482f70ddcac44ef69cd0d538bcc41446033629339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
83KB

MD5
af990bcdebb8b38e638450f8cac6e499

SHA1
cef94b6f0914cfbf7f0e4f39959492fba4a5bf0c

SHA256
1fc4bdd30d376bfa069d3021554056a3093801f4f42ede5b2fe5c43edeae067c

SHA512
454e86916abc044035c846c439699fe9aa49a21813c6c7b4c9d70d4432125885493bb6575802a6e5a17c5b9177385f8442f49b3bfbbb335498dd6e0c2f9c7a10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
85KB

MD5
810e469262bc8e5df08f75151319dcc2

SHA1
527903defad743f307dc6b8ac5a00ef1344bae22

SHA256
fe8360684e26ba6bd826d320e96e7170c8f993901e32ad556a74b96e658ead46

SHA512
81169412ebd0e650aa25442aea91bc9386863c6d54d9023ca95d5468208213f2322ad070f6f0d523b301cf8e2676cd7e14ecbc9e48646260683c172e3216f3d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
85KB

MD5
76efd31006c43a6e95a6a646a93aae83

SHA1
216f9c7d3856a6bfe1f68c99beec1eb56e08bac9

SHA256
13055918df04e53bc82531a0afb9ec885f0d1e9aefb9605f421fd640f451943a

SHA512
d0f5193d772e030f94ec4932d74e1f506ca61c3242874cb3971f0554e05b5363bd06aacc002ad61f674046bb25ef96ffbef64665cb8385eff5f38ab4b94f2fe7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
88KB

MD5
68a7d81898db5a2a71c7ed6187bb187f

SHA1
999ede465bc6dada0bae131dbfe5852b2491196a

SHA256
9dad41fbd5612632c5356188d40708c9057a041929c1829bdc46064993c98bda

SHA512
6ff603cdb782f407fa2304a82e594db1c66dffe0c96c8bdc6b3dfa95d0bfc26a3afbcdd6dfb11cb5cce57552ac6384e22b2250ce183caf991ad768618b96c285

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
88KB

MD5
c196cb197b4b53d14d150f1367116cd5

SHA1
f95d4b56460912dba984ae3dc3fda2fdd0f6c8a9

SHA256
52f3066bb0f11f7b015fdfb919090f2d857ba3e4c3b9c3b139a1f47ec0cfeed2

SHA512
4ae0a8e7f88589deda29ddd532867156e480334c5f11f563b312ce452d519e95f87cbfc136b5530054d597208457df91012f9ea81f88689afb30975d520619ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
94KB

MD5
7b8a4d9e86be4158ec5711b5a97d4de3

SHA1
67691176457f3499f3ef84ec3ed87db42ed40527

SHA256
30367abc385359057d687df2687f52e46de91bcb95a8cedb4d2be95e022fe441

SHA512
1f60f1b988892bbd20bc15bbb89003bb6152abc688ff5c70570b39b7baf7355c1aa4b2f09dbf2b8c09d26d888a3a1437fead704e5d08fa05638e4cbca132c386

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
94KB

MD5
76dd2a6674c7df022ee55612e29c0571

SHA1
3e8538c8175d08d4fa2173a57f69f2bbf21f1250

SHA256
6de66709a6d2dfff41acfbac8bfa3a474d398dbd176e338644332bd5c592f1b0

SHA512
a6059247f6adb5241f39d71e3f66e4be1518a4c7f805d14bc8b5672973a4cb2ad4659a015e4ee28f52a839bb53140c7e65924adb51e3d1e5918a7fe31750f2bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
bd3111bc956b6a5a916fa6f7af2a3e53

SHA1
e8ad6682fca0d860d6a80a404ec8e896f06abba3

SHA256
15320328483508aca800c2df183ec3554d7732783d4327155eabafbceaf9493d

SHA512
bc24591be0cec2ac914262b206fcf3f6de02c1f672a02810310567f956f5bf707d71ad3f56c8e68ff1f535e3bb17e5e52c884e13d7d2699a2a2b8a7029b3640f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
9fdf8ed9c4ae5eaacd5904469b5cedf4

SHA1
fd7d971cd380fb7fe1bf6ea13afb91ff7fd9939f

SHA256
7c41b0abd38fbb3ae22702fb9ef1a63edf257a0056f6f31583b4ded4a71ae1ca

SHA512
d679fb75e94f224a5ff4fb533cafe382215e8f731568484264728ed26719dfb8e1c91e680ed90fa2a090232724642e7ff3dc0bc9c764c72c3e08b0ebf5635098

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\weave\toFetch\tabs.json.tmp

Filesize
10B

MD5
f20674a0751f58bbd67ada26a34ad922

SHA1
72a8da9e69d207c3b03adcd315cab704d55d5d5f

SHA256
8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792

SHA512
2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

Download Submit
C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.EZOhRLMd.exe.part

Filesize
21KB

MD5
eb63cd885d68356f90af34b6c9888769

SHA1
09143c94881ea4b0a64301c7b2d61baa7c87138d

SHA256
ecb8c5d8ccb12ecb048ad410cbc9ef5b7d8189088afdd6a0527033cdd3ea802e

SHA512
c9208c3bcb2c49f52ce32c1de4a2e2d297b904b31573d6a37108405e2a5beb70358a42e7b27a8c2efbfb8b8f94c574329916abecd373c42090aaf02756510cbd

Download Submit
C:\Users\Admin\Downloads\avast_free_antivirus_setup_online.exe

Filesize
243KB

MD5
4de3008d868a02c71296f184baa06e63

SHA1
d5c5750805f3fabf40e60a062d079a51ecaea720

SHA256
4780e0e85c960c9d6ac644a0cfcd5e05e1f659f3517ddc92ad1db65d1cf48365

SHA512
8c06a0f502afb04a830de4c1935a3d32b289484696292133bc1655b4266b393111307558ee45a6c0fbb5a8882c996717efe25d70f9143c0b915a425a464e9936

Download Submit
C:\Users\Admin\Downloads\ransim.6-IT4BvK.zip.part

Filesize
173.2MB

MD5
f0888c24399ac1de52ab11279ea8f33d

SHA1
251a4fdf3b211614d8e7f0afdedd950822d26fc4

SHA256
107012e8d54016d5f93583173614cfcdaeb4716b63528f5e04142fb805d16104

SHA512
4019212b63c78adc98ab30019dc5719b60314c0a9f88168b9842b43bc6a2362b6447ab031a79b5e40a1561bf6501efe3d7377203b424d171484b88c8334d9425

Download Submit
C:\Users\Admin\Downloads\zipmate.exe

Filesize
4.8MB

MD5
4cf805614c76fb8910719fa3b324b196

SHA1
fd5601fa36976ab64399a7494e2d50aa4301ae05

SHA256
427b4f7ad5bc5a6977425027d78117b143cd95076585190483fbc586b3d281a6

SHA512
2ad04710030e719e30385119f22283322743674b26f3c7b9f673effe80d28614602f330144cd9291293e04e625854d8f796c327c700a26a19f5e0223605aff88

Download Submit
C:\Windows\Installer\MSIEFA6.tmp-\CustomAction.config

Filesize
1KB

MD5
01c01d040563a55e0fd31cc8daa5f155

SHA1
3c1c229703198f9772d7721357f1b90281917842

SHA256
33d947c04a10e3aff3dca3b779393fa56ce5f02251c8cbae5076a125fdea081f

SHA512
9c3f0cc17868479575090e1949e31a688b8c1cdfa56ac4a08cbe661466bb40ecfc94ea512dc4b64d5ff14a563f96f1e71c03b6eeacc42992455bd4f1c91f17d5

Download Submit
C:\Windows\Temp\{795E270A-BA56-4819-84BC-59D0D7119719}\.cr\SimulatorSetup.exe

Filesize
679KB

MD5
77a6ed15a7ebbcdcee0a1b5a3386d87e

SHA1
ccc4f8ce23348fe366997425fafd5a34bb956e33

SHA256
f5ead0812f7f4209e9d3595b5765c5e533458e13224ba1dc249b7d8bfbf60592

SHA512
775bc940e5f3ecbc040f4c91fc462177d2966db69eac14fcc054b940889f3f87c10bd79e5d88d926e0dd94f01a2870eb3d625dcca22506a5c7c242af63c3284e

Download Submit
C:\Windows\Temp\{DED49E75-77C0-482D-9E11-E91445381E65}\.ba\logo.png

Filesize
33KB

MD5
63a5f8b51b2402a9466f183e7c18a52a

SHA1
b489048bf8baacb27ba8bc6fed6bbcb66ce6630c

SHA256
7c7dde5b63deeb928787b95180da44b3494aa0ba5b1882c9506077def08463d5

SHA512
8dd10c9a0ef7660bdb2dd0aff1e797b2abde40a30cc32516e40edfb0968aa99a09eea1ed423e5c7a389abe5a721d08ed1ac1404c422cfd48c35ad69283e0c2c5

Download Submit
\Windows\Installer\MSIE748.tmp

Filesize
265KB

MD5
57f383a40ce2e9fc3e991e1b8b4b9ede

SHA1
00218498b45068445dc72fffc280a6621c6878f6

SHA256
f3899d0529c42d823e6b015bcbf9b85fef822418da28b73b31072158c2649322

SHA512
5d92d9917176a0573432f9989b3b4d4598ecd0cd2e47c91dac29f2c54f773e6391a17fa0f6089c815040b60270a4df13dfa95cbc540590e6fe9c7a1b866c629f

Download Submit
\Windows\Installer\MSIE748.tmp-\CustomActions.dll

Filesize
9KB

MD5
5b806794cea9fdbd8d4cdd9bd77ed086

SHA1
ff0a0f4d858539ece9f9a72c7989708d68bcf518

SHA256
32c8232c748100e44fb02c18f489094c77e4fe6a6b71ad570aec3997b5f0e0ec

SHA512
229ef5f30b4e23ddec72d725e995a8af3d29a52395a20d876d190d5911cec357ff3a65ce012cc576105d28d8aacab78bb03443c1e7c18e9e751143d7a46f8ba1

Download Submit
\Windows\Installer\MSIE748.tmp-\Microsoft.Deployment.WindowsInstaller.dll

Filesize
182KB

MD5
82eb1ccf28f3af897c2db27282b41156

SHA1
9f945d8b18ff0fbb5f013efe5e2ff33aef136104

SHA256
ced6cab3c04c08ce5705af0b6986965dbdbfda17cbd66c973bb371ed3b95f37a

SHA512
9458fabeae4dabf8109b9736496a01d9168312faec1c17d6eed89e8f09cbb8287d74ff758948cf07838720c11005e87a734e920be4ead275354f46a0a6176f84

Download Submit
\Windows\Temp\{DED49E75-77C0-482D-9E11-E91445381E65}\.ba\wixstdba.dll

Filesize
203KB

MD5
0ba387d66175c20452de372f8dbb79fe

SHA1
5411d41a7d88291b97fb9573eb6448c72e773b70

SHA256
7b3d4a22a56cd80f19c48a321f978f728d34b8227cdc7fcadeb76b7506b2bb33

SHA512
13ec6e6ddc602e8053aadd4dd84ed87c23b581f2a41d738e32a522128ca4985dcfcaedc7fab192085f0eb4facd1cd7ad91ccaf8505491e29288d2f66cbf705fd

Download Submit
memory/1276-779-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-295-0x000002AC275A0000-0x000002AC275A2000-memory.dmp

Filesize
8KB

Download
memory/1276-788-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-64-0x000002AC14150000-0x000002AC14250000-memory.dmp

Filesize
1024KB

Download
memory/1276-823-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-293-0x000002AC27480000-0x000002AC27482000-memory.dmp

Filesize
8KB

Download
memory/1276-289-0x000002AC27460000-0x000002AC27462000-memory.dmp

Filesize
8KB

Download
memory/1276-389-0x000002AC28CE0000-0x000002AC28CE2000-memory.dmp

Filesize
8KB

Download
memory/1276-400-0x000002AC28EC0000-0x000002AC28EC2000-memory.dmp

Filesize
8KB

Download
memory/1276-396-0x000002AC28E40000-0x000002AC28E42000-memory.dmp

Filesize
8KB

Download
memory/1276-392-0x000002AC28E00000-0x000002AC28E02000-memory.dmp

Filesize
8KB

Download
memory/1276-383-0x000002AC280E0000-0x000002AC280E2000-memory.dmp

Filesize
8KB

Download
memory/1276-386-0x000002AC28CC0000-0x000002AC28CC2000-memory.dmp

Filesize
8KB

Download
memory/1276-412-0x000002AC28FC0000-0x000002AC290C0000-memory.dmp

Filesize
1024KB

Download
memory/1276-426-0x000002AC28FA0000-0x000002AC28FA2000-memory.dmp

Filesize
8KB

Download
memory/1276-824-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-434-0x000002AC29AF0000-0x000002AC29B10000-memory.dmp

Filesize
128KB

Download
memory/1276-489-0x000002AC2A130000-0x000002AC2A150000-memory.dmp

Filesize
128KB

Download
memory/1276-499-0x000002AC28EF0000-0x000002AC28F10000-memory.dmp

Filesize
128KB

Download
memory/1276-510-0x000002AC2AFA0000-0x000002AC2AFC0000-memory.dmp

Filesize
128KB

Download
memory/1276-754-0x000002AC2BC00000-0x000002AC2BD00000-memory.dmp

Filesize
1024KB

Download
memory/1276-787-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-780-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-789-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-778-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-790-0x000002AC13B20000-0x000002AC13B30000-memory.dmp

Filesize
64KB

Download
memory/1276-429-0x000002AC27940000-0x000002AC27960000-memory.dmp

Filesize
128KB

Download
memory/1488-44-0x000002EED4000000-0x000002EED4100000-memory.dmp

Filesize
1024KB

Download
memory/1488-43-0x000002EED4000000-0x000002EED4100000-memory.dmp

Filesize
1024KB

Download
memory/2756-13002-0x000000001C8C0000-0x000000001CEBC000-memory.dmp

Filesize
6.0MB

Download
memory/3452-3267-0x0000020BF3CE0000-0x0000020BF3CFE000-memory.dmp

Filesize
120KB

Download
memory/3452-3263-0x0000020BF3FC0000-0x0000020BF4182000-memory.dmp

Filesize
1.8MB

Download
memory/3452-3264-0x0000020BF46C0000-0x0000020BF4BE6000-memory.dmp

Filesize
5.1MB

Download
memory/3452-3270-0x0000020BF4680000-0x0000020BF46B8000-memory.dmp

Filesize
224KB

Download
memory/3452-3261-0x0000020BF1260000-0x0000020BF1722000-memory.dmp

Filesize
4.8MB

Download
memory/3452-3269-0x0000020BF3FA0000-0x0000020BF3FA8000-memory.dmp

Filesize
32KB

Download
memory/3452-3266-0x0000020BF4190000-0x0000020BF4206000-memory.dmp

Filesize
472KB

Download
memory/3872-11962-0x000000001D270000-0x000000001D7D4000-memory.dmp

Filesize
5.4MB

Download
memory/4308-35-0x00000286ECFE0000-0x00000286ECFE2000-memory.dmp

Filesize
8KB

Download
memory/4308-16-0x00000286EFB20000-0x00000286EFB30000-memory.dmp

Filesize
64KB

Download
memory/4308-0-0x00000286EFA20000-0x00000286EFA30000-memory.dmp

Filesize
64KB

Download
memory/4444-6709-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/4444-6892-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/4932-10792-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/4932-7366-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/5096-6079-0x0000000007380000-0x00000000073AE000-memory.dmp

Filesize
184KB

Download
memory/5096-6084-0x00000000073B0000-0x00000000073B8000-memory.dmp

Filesize
32KB

Download
memory/5208-11734-0x000000001C880000-0x000000001CE7E000-memory.dmp

Filesize
6.0MB

Download
memory/5512-12184-0x000000001CF50000-0x000000001D4B0000-memory.dmp

Filesize
5.4MB

Download
memory/5644-11733-0x000000001CE50000-0x000000001D3B0000-memory.dmp

Filesize
5.4MB

Download
memory/5672-6272-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/5672-6278-0x000000001C9B0000-0x000000001CF10000-memory.dmp

Filesize
5.4MB

Download
memory/5672-6269-0x000000001B7F0000-0x000000001BD46000-memory.dmp

Filesize
5.3MB

Download
memory/5672-6267-0x00000000007C0000-0x00000000007C8000-memory.dmp

Filesize
32KB

Download
memory/5672-6456-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/6084-11336-0x000000001C4D0000-0x000000001CA30000-memory.dmp

Filesize
5.4MB

Download
memory/6772-11303-0x000000001CE60000-0x000000001D3C4000-memory.dmp

Filesize
5.4MB

Download
memory/6888-6894-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/6888-7177-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/6888-11020-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/6972-6239-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/6972-6459-0x000000001D7D0000-0x000000001D818000-memory.dmp

Filesize
288KB

Download
memory/6972-6215-0x0000000000A00000-0x0000000000A3E000-memory.dmp

Filesize
248KB

Download
memory/6972-6232-0x000000001BC40000-0x000000001C1EA000-memory.dmp

Filesize
5.7MB

Download
memory/6972-18921-0x00000000029A0000-0x0000000002A18000-memory.dmp

Filesize
480KB

Download
memory/6972-18922-0x00000000010F0000-0x00000000010F8000-memory.dmp

Filesize
32KB

Download
memory/6972-19001-0x0000000001110000-0x000000000111E000-memory.dmp

Filesize
56KB

Download
memory/6972-6245-0x000000001BA90000-0x000000001BA98000-memory.dmp

Filesize
32KB

Download
memory/6972-6451-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7000-6462-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7000-6467-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7076-6478-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7076-6717-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7104-6477-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7104-6714-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7104-18926-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7104-6656-0x000000001C990000-0x000000001CEEA000-memory.dmp

Filesize
5.4MB

Download
memory/7224-10810-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7224-8543-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7340-13289-0x000000001CDA0000-0x000000001D302000-memory.dmp

Filesize
5.4MB

Download
memory/7408-13089-0x000000001CC30000-0x000000001D192000-memory.dmp

Filesize
5.4MB

Download
memory/7424-13208-0x000000001C7C0000-0x000000001CD20000-memory.dmp

Filesize
5.4MB

Download
memory/7472-12958-0x000000001CAE0000-0x000000001D040000-memory.dmp

Filesize
5.4MB

Download
memory/7544-14309-0x000000001CD90000-0x000000001D366000-memory.dmp

Filesize
5.8MB

Download
memory/7616-11302-0x000000001C710000-0x000000001CD0E000-memory.dmp

Filesize
6.0MB

Download
memory/7620-13811-0x000000001CAA0000-0x000000001D134000-memory.dmp

Filesize
6.6MB

Download
memory/7784-15773-0x000000001C620000-0x000000001CB80000-memory.dmp

Filesize
5.4MB

Download
memory/7808-11263-0x000000001CBE0000-0x000000001D144000-memory.dmp

Filesize
5.4MB

Download
memory/7888-10871-0x000000001CAD0000-0x000000001D034000-memory.dmp

Filesize
5.4MB

Download
memory/7888-10813-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7888-16159-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/7888-11062-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/8120-11066-0x000000001C5B0000-0x000000001CB14000-memory.dmp

Filesize
5.4MB

Download
memory/9088-17248-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/9088-10811-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/9088-10916-0x00007FF980E00000-0x00007FF9816B9000-memory.dmp

Filesize
8.7MB

Download
memory/9088-10842-0x000000001C6B0000-0x000000001CC14000-memory.dmp

Filesize
5.4MB

Download
memory/9316-14686-0x000000001C9C0000-0x000000001CF22000-memory.dmp

Filesize
5.4MB

Download
memory/9332-14362-0x000000001D1C0000-0x000000001D724000-memory.dmp

Filesize
5.4MB

Download
memory/9564-15446-0x000000001D1B0000-0x000000001D72C000-memory.dmp

Filesize
5.5MB

Download
memory/9624-14687-0x000000001C4D0000-0x000000001CA32000-memory.dmp

Filesize
5.4MB

Download
memory/9664-14754-0x000000001D110000-0x000000001D672000-memory.dmp

Filesize
5.4MB

Download
memory/9684-14940-0x000000001CA30000-0x000000001CF92000-memory.dmp

Filesize
5.4MB

Download
memory/9864-15129-0x000000001C9C0000-0x000000001CF22000-memory.dmp

Filesize
5.4MB

Download
memory/9896-15262-0x000000001C310000-0x000000001C870000-memory.dmp

Filesize
5.4MB

Download