hijackloader | hxxps://vixcall[.]network

Analysis

max time kernel
326s
max time network
315s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-09-2024 20:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://vixcall.network

Score

10^/10

hijackloader rhadamanthys stealc benjiworld3 credential_access defense_evasion discovery loader spyware stealer

Malware Config

Extracted

Family

stealc

Botnet

benjiworld3

http://5.188.86.71

Attributes

url_path
/05feb00efef399f8.php

Signatures

Detects HijackLoader (aka IDAT Loader) 2 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\1dataset\1temp906.exe	family_hijackloader
behavioral1/memory/5872-1608-0x0000000000400000-0x0000000000ACA000-memory.dmp	family_hijackloader

HijackLoader
HijackLoader is a multistage loader first seen in 2023.
loader hijackloader
Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Stealc
Stealc is an infostealer written in C++.
stealer stealc
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

Processes:

2temp718.exe

description pid process target process

PID 5596 created 2120 5596 2temp718.exe sihost.exe
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

Vixcall Setup.exevixcall.exevixcall.exevixcall.exevixcall.exe2temp718.exe1temp906.exe

pid process

440 Vixcall Setup.exe
2344 vixcall.exe
432 vixcall.exe
3096 vixcall.exe
3744 vixcall.exe
5596 2temp718.exe
5872 1temp906.exe

description	pid	process	target process
PID 5596 created 2120	5596	2temp718.exe	sihost.exe

Loads dropped DLL 17 IoCs

Processes:

Vixcall Setup.exevixcall.exevixcall.exevixcall.exevixcall.exeexplorer.exe

pid	process
440	Vixcall Setup.exe
440	Vixcall Setup.exe
440	Vixcall Setup.exe
440	Vixcall Setup.exe
440	Vixcall Setup.exe
440	Vixcall Setup.exe
440	Vixcall Setup.exe
2344	vixcall.exe
432	vixcall.exe
3096	vixcall.exe
3744	vixcall.exe
432	vixcall.exe
432	vixcall.exe
432	vixcall.exe
432	vixcall.exe
6064	explorer.exe
6064	explorer.exe

Unsecured Credentials: Credentials In Files 1 TTPs
Steal credentials from unsecured files.
credential_access stealer

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Suspicious use of SetThreadContext 1 IoCs

Processes:

1temp906.exe

description pid process target process

PID 5872 set thread context of 5912 5872 1temp906.exe cmd.exe
Drops file in Windows directory 1 IoCs

Processes:

vixcall.exe

description ioc process

File opened for modification C:\Windows\SystemTemp vixcall.exe
Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs
When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.
defense_evasion

SIP and Trust Provider Hijacking
T1553.003

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Vixcall Setup.exe:Zone.Identifier firefox.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

5744 5596 WerFault.exe 2temp718.exe

description	pid	process	target process
PID 5872 set thread context of 5912	5872	1temp906.exe	cmd.exe

description	ioc	process
File opened for modification	C:\Windows\SystemTemp	vixcall.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Vixcall Setup.exe:Zone.Identifier	firefox.exe

pid	pid_target	process	target process
5744	5596	WerFault.exe	2temp718.exe

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

Vixcall Setup.exe2temp718.exeopenwith.execmd.exeexplorer.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Vixcall Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2temp718.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	openwith.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

explorer.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Vixcall Setup.exe:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-970747758-134341002-3585657277-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Vixcall Setup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 57 IoCs

Processes:

Vixcall Setup.exe2temp718.exeopenwith.exe1temp906.execmd.exeexplorer.exe

pid	process
440	Vixcall Setup.exe
440	Vixcall Setup.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5596	2temp718.exe
5652	openwith.exe
5652	openwith.exe
5652	openwith.exe
5652	openwith.exe
5872	1temp906.exe
5872	1temp906.exe
5872	1temp906.exe
5912	cmd.exe
5912	cmd.exe
5912	cmd.exe
5912	cmd.exe
6064	explorer.exe
6064	explorer.exe

Suspicious behavior: MapViewOfSection 2 IoCs

Processes:

1temp906.execmd.exe

pid process

5872 1temp906.exe
5912 cmd.exe

pid	process
5872	1temp906.exe
5912	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exeVixcall Setup.exe

description	pid	process
Token: SeDebugPrivilege	2132	firefox.exe
Token: SeDebugPrivilege	2132	firefox.exe
Token: SeDebugPrivilege	2132	firefox.exe
Token: SeDebugPrivilege	2132	firefox.exe
Token: SeDebugPrivilege	2132	firefox.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeSecurityPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe
Token: SeDebugPrivilege	440	Vixcall Setup.exe

Suspicious use of FindShellTrayWindow 21 IoCs

Processes:

firefox.exe

pid	process
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe
2132	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

2132 firefox.exe
2132 firefox.exe
2132 firefox.exe
2132 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 1008 wrote to memory of 2132	1008	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 3468	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe
PID 2132 wrote to memory of 4648	2132	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:2120
- C:\Windows\SysWOW64\openwith.exe
  "C:\Windows\system32\openwith.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://vixcall.network"
1⤵
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://vixcall.network
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1896 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57672b14-3c7c-4325-9851-0d0edecde951} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" gpu
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57db9cd8-7e77-44ac-ac0b-5fb00dd1a024} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" socket
    3⤵
    PID:4648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3176 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3256 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f22ea5d-3731-499d-b746-a56143381d11} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" tab
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3708 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8427bf06-c79e-4647-88c4-886f955f907a} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" tab
    3⤵
    PID:1672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4768 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4588 -prefMapHandle 4484 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6bf96ea-deb0-4d2e-830d-154d6f35a330} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" utility
    3⤵
    - Checks processor information in registry
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5244 -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da037373-d19d-4190-b410-c7141017ab53} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" tab
    3⤵
    PID:1104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 4 -isForBrowser -prefsHandle 5468 -prefMapHandle 5464 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69876f50-3da9-425f-b995-4eda39cf50b5} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" tab
    3⤵
    PID:764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11c3e583-0448-46b0-af88-249cec6fdc89} 2132 "\\.\pipe\gecko-crash-server-pipe.2132" tab
    3⤵
    PID:1568
- - C:\Users\Admin\Downloads\Vixcall Setup.exe
    "C:\Users\Admin\Downloads\Vixcall Setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:440

C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe
"C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
PID:2344
- C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe
  "C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\VixCall" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1760,i,127814981703304016,2868935166893202927,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:432
- C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe
  "C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\VixCall" --field-trial-handle=2156,i,127814981703304016,2868935166893202927,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2152 /prefetch:11
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3096
- C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe
  "C:\Users\Admin\AppData\Local\Programs\VixCall\vixcall.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\VixCall" --app-path="C:\Users\Admin\AppData\Local\Programs\VixCall\resources\app.asar" --enable-sandbox --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --field-trial-handle=2432,i,127814981703304016,2868935166893202927,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:1
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3744
- C:\Users\Admin\AppData\Local\Temp\1dataset\2temp718.exe
  C:\Users\Admin\AppData\Local\Temp\1dataset\2temp718.exe
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:5596
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 720
    3⤵
    - Program crash
    PID:5744
- C:\Users\Admin\AppData\Local\Temp\1dataset\1temp906.exe
  C:\Users\Admin\AppData\Local\Temp\1dataset\1temp906.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:5872
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cmd.exe
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    PID:5912
  - - C:\Windows\SysWOW64\explorer.exe
      C:\Windows\SysWOW64\explorer.exe
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Checks processor information in registry
      Suspicious behavior: EnumeratesProcesses
      PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 5596 -ip 5596
1⤵
PID:5716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\ProgramData\nss3.dll

Filesize
2.0MB

MD5
1cc453cdf74f31e4d913ff9c10acdde2

SHA1
6e85eae544d6e965f15fa5c39700fa7202f3aafe

SHA256
ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

SHA512
dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zgr882s2.default-release\activity-stream.discovery_stream.json

Filesize
33KB

MD5
efe3ac5d54f3aebcd8e7211ae552eef2

SHA1
de28580171f53464e23eaae11f528853dc916d00

SHA256
6cbece87450c811ffcbdac789e081d8aa23a550b1c8dbc3b05a6d635e62fd086

SHA512
b927bcb773e0bdf26669b0e0ed8a8b9251915ba5235b97b7eaddea4c697ed6e9a02c5a55ed8155a3acbccba4c59717197a29d05afe68f4df4d305be83a3a6609

Download Submit
C:\Users\Admin\AppData\Local\Programs\VixCall\chrome_100_percent.pak

Filesize
148KB

MD5
cb4f128469cd84711ed1c9c02212c7a8

SHA1
8ae60303be80b74163d5c4132de4a465a1eafc52

SHA256
7dd5485def22a53c0635efdf8ae900f147ec8c8a22b9ed71c24668075dd605d3

SHA512
0f0febe4ee321eb09d6a841fe3460d1f5b657b449058653111e7d0f7a9f36620b3d30369e367235948529409a6ce0ce625aede0c61b60926dec4d2c308306277

Download Submit
C:\Users\Admin\AppData\Local\Programs\VixCall\locales\en-US.pak

Filesize
454KB

MD5
5c52a86b21633b55b383c20f16859b2f

SHA1
126585e68cb17f241351004e21c1d30e65de1cf6

SHA256
41123d72bd8e289e85bd35227aabb4cc61fe1de02b5cd7a7834e5ec200bc2078

SHA512
2a1b6a4becfb97d470cd7de74857edf2cc9cd4a77f377ccd9bf60c30539862ff1ac3ed6cc849632a3ed4ea0e5b92679f3cc5b4cb26cc7eaaa2bb2f4ae9974a6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1dataset\1temp906.exe

Filesize
6.6MB

MD5
f88d907a3c882bb4d2dc39cc74a53567

SHA1
3d0b5498236c8c40aecf03dd663138228cbaf431

SHA256
5a3278ff01cff7cef65017d2a3cd43252423cc827adc6cc81e9964ed84ce6a80

SHA512
747b598cfe7addf9972d7b16afca6774f4c28f085a3a45de06e1bf611c9fe97116b9b32e3ff112de64fe98c8adf7b503d294d16230886f3eea17fcaea9dfd455

Download Submit
C:\Users\Admin\AppData\Local\Temp\1dataset\2temp718.exe

Filesize
3.9MB

MD5
8741aea9aea1ade3be6deae579b537d8

SHA1
d4a618ad0e5092da7386e46138a9774aa252373c

SHA256
044a5b334eb291737cce67ce2b70a1d344c9476cd4c0b74a1da3eb4349970ae4

SHA512
1f86cfa59682f481e7c281889eea4ed866d7cbcdf777587bf8321a4763ff00cad116d18cb774da4898e492b18f1cf18b8eb804720fd6691d0290384dc5a0334f

Download Submit
C:\Users\Admin\AppData\Local\Temp\40ee8de5

Filesize
907KB

MD5
a238964c3345cc61cbf2b89cef89a56e

SHA1
f8b774849686dfee3ff0522a727c5095ee1444ca

SHA256
9ad39b8dddc7d7856c731a57f23a3edc20c1a4f13552d5c1feabfa7bef175ca0

SHA512
045a5fca8fed33ce8851b456967408ff2ade681976d396213e2604f6d7c4642cc39fd848746432e9f565935b5a7c58a0750e9a08176c1ffd4636f190c8ada707

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\LICENSES.chromium.html

Filesize
9.0MB

MD5
aaea51a605688fcb2f178fd60e4ca64c

SHA1
69d4791bf3cfedb68bc4d8f766878103578171cb

SHA256
96837a4a521a61bd3d34f2f660e29902d228aaec501eeb2a84403f1926c3df9d

SHA512
d328bf2f9ff7372a716a09e5882b9e3c0051b0135412b3258453085db1de2c7699c8aae24edfaca7798f468802db975977c9976e19fca84fffe884bf8594c33e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\chrome_200_percent.pak

Filesize
223KB

MD5
e9c1423fe5d139a4c88ba8b107573536

SHA1
46d3efe892044761f19844c4c4b8f9576f9ca43e

SHA256
2408969599d3953aae2fb36008e4d0711e30d0bc86fb4d03f8b0577d43c649fa

SHA512
abf8d4341c6de9c722168d0a9cf7d9bac5f491e1c9bedfe10b69096dcc2ef2cd08ff4d0e7c9b499c9d1f45fdb053eafc31add39d13c8287760f9304af0727bf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
a7b7470c347f84365ffe1b2072b4f95c

SHA1
57a96f6fb326ba65b7f7016242132b3f9464c7a3

SHA256
af7b99be1b8770c0e4d18e43b04e81d11bdeb667fa6b07ade7a88f4c5676bf9a

SHA512
83391a219631f750499fd9642d59ec80fb377c378997b302d10762e83325551bb97c1086b181fff0521b1ca933e518eab71a44a3578a23691f215ebb1dce463d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
07a87230a996c769fb5ea708352eb2cb

SHA1
b9829f43451b04623f283cb073b805f0008b44b3

SHA256
cbeee79f83bce3d880f7b01e75861bcfc67204898826aed17f17c954f2f5155d

SHA512
a24a9274b571786619ea0a122688ae16a818454a94d8cfaa99a6cc3205ed105e2eb31e1fbb761ed7462125c2588bbe9c2adfd6f348fc517e09afeea70442bf75

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
ffd67c1e24cb35dc109a24024b1ba7ec

SHA1
99f545bc396878c7a53e98a79017d9531af7c1f5

SHA256
9ae98c06cbb0ea43c5cd6b5725310c008c65e46072421a1118cb88e1de9a8b92

SHA512
e1a865e685d2d3bacd0916d4238a79462519d887feb273a251120bb6af2b4481d025f3b21ce9a1a95a49371a0aa3ecf072175ba756974e831dbfde1f0feaeb79

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\libEGL.dll

Filesize
470KB

MD5
b12d025eccde84d51b52393f3096262d

SHA1
4f0535c338d6828edb8cfb3aa3a3d41bf7555231

SHA256
801168075749f28ad7e8465f7a3f05348c74364af8ba7f0eebd41e5fb2451a84

SHA512
a7474d01df05fcd1d79349411a13c1c7e4d247d1d0a9bf9ad865ed5d75473b87e18a9bb391ed895bba0b19b16eebb71aed6ad37d225a0cb923a35bbc53e3ffa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\libGLESv2.dll

Filesize
7.7MB

MD5
81681dc59b970cceaef66e2b4871ced8

SHA1
b4ca6bffae594559ffcd5d3579e458de0e6185d5

SHA256
bd1d38ca12360f51fb1077ea392240b99f82c98ba21c05fe348ab812c795b11f

SHA512
ba947497ef42ee802435a295fcf04a0ca1a6053361bdc0cd8c4e83d745874177af52a87a99e8b84481a0212036399844a8637d838c036b449969326007bd602d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\af.pak

Filesize
494KB

MD5
e48860fe82ef022ffab38cbc4c96dffc

SHA1
a832fa66bfddabf3ae7f219cf379f66d2903162a

SHA256
e2470090a09ca500679e68bb5e3b1acc35a5873fea4f93af25a23c82122f2c13

SHA512
e4d0973ca7e59091c482d2acc384aa48ec87d3ce72d8d42a03a183b230fd209e085a4e907473a05d02d41e15ebc527df942774c23b4804c150367fcd727af7b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\am.pak

Filesize
799KB

MD5
eb869449704e7b2bc571e229c08438d5

SHA1
0c6474e1e0250c64bd001bab25eb6e7cc383832c

SHA256
ce069893f931cd1f095a47b50c5edad023a558e6b129f942b390d63a2d913fe6

SHA512
88992285dcd7642c5ac136d95995e8cd525e6fa211c461e13a8516efe0774ef81b221691bff3066a7437c5abaa695dbdd51eefe8716b21da354af3101312a370

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ar.pak

Filesize
874KB

MD5
c49f4afca050466af21212e88860f8fe

SHA1
adddf85ea75a24b92f1fcc4fe07a81a35d08f2c4

SHA256
11df77de069364d7f0e2b42fd2b7291abd8da5e4fa2d69a1b82c12a98a89dd00

SHA512
6060d96a59e424f9a630e70efced6866c074f8bf0c89273a28f9766e8c2b625bc80ea5c691a8c33c1f11a3cf1c4d34d96cdacb19a2ca61b61fcd45365d138843

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\bg.pak

Filesize
913KB

MD5
e6608ecc589e87a6f78f9ce553ec2609

SHA1
9fdb2ff6291549df773ba243b3a92b984b15bdf6

SHA256
97ef7984074775282b68dca5d5a469efdb2b22474ee6669fdfb5197d3f1b3768

SHA512
25450b23acc962be85977ef08be9b484c2a9127775039c521158c1801cd57d5781bcd8d5b8784f8a8b9403ce44b59964a20dbe36ce181f1d239143b22b53d5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\bn.pak

Filesize
1.1MB

MD5
57eab375114893a5ed0de36a516e8252

SHA1
16f23ab3eb62bc7a2525a7a5d86139fa88670b89

SHA256
1aba82aee8c985e5e370e7cf2b35c9ec20cbe5174db5fcb54ec7d19ec5d79587

SHA512
895bc282484ed028f5f023cbbb6e2755091f036e540c531b6ff639cf9e0ae5da02801dc81d7910eb141edd5c255d8b088d1abb531b152fbb161d6c2bf9615f4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ca.pak

Filesize
556KB

MD5
250958a8ced000d119daebfb461620e9

SHA1
898ca898c87ac5135ea07eef0b4de99b053b4133

SHA256
bbcf50836923477b3105a50ff4a45f80bf69326a17b907b00b37f13a04282a30

SHA512
4a07f1ba9743160e5e1e2fe21501d845277684ecb1df68b2e2098a9d634cf15429a5e455a37f812876391ea2887d0e3057ea28f91274022aa30c7e2f3e13dd0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\cs.pak

Filesize
572KB

MD5
47dbe8b4a15efd5e8e0b8a8d3a4ac8eb

SHA1
3b19039f4b7339facfb040f9e6b7386047efa3af

SHA256
0e37d82e1022d98fd44a2542f8ce82cdaba181246f728e5f099dfa47a6ecb469

SHA512
77978e8052d5d019909be8427f059c38ef4d79eece3c2faf3daec5a8e96f8ad1b408a057de6af253930f2ac01d832821e6f879b02549b659f27435864f65a6b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\da.pak

Filesize
518KB

MD5
c22b2477e29ddbd8bcf1df1b51b738a5

SHA1
482f5591e4938ee86ab2c2339fe63ed84d17ea8d

SHA256
4738f526d617a8eae389e239925019ba73a7ab9d584f512b5e1000c9c3e81af6

SHA512
cb23d13ab54de8b232530ef5b9ac8aea6be942c32375323c5a88438ab79860d5b38c94642a35f2a42be233dcf3d1f1d7ff7e2675de9daababdfbd27b73b90fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\de.pak

Filesize
553KB

MD5
d1a513308f9de55b6c7bbeef7c4fe90b

SHA1
a4a5e99fe73d5f9df2e508c3c8e9b73dea03a76d

SHA256
662496eff49febbe49f0a03cf2c51acaa743cb2237de3c41014556e16f3d8e2b

SHA512
9756e16255976569584a3a5e2a17421a31bc8f9b158c0ad3d30f6fe624ecd0e77c255571e46554c03c54d58b06d3f7b0fc77d347548f435547eb1ed9173b30be

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\el.pak

Filesize
1001KB

MD5
34c6150acccd20c7f260b269bce06930

SHA1
277b6d2387f600c84263847d6fb2342fd4746cfb

SHA256
162e51bc7d682e223e498f4ff8c81f019d136d857bd25a1c982d4a1084a8c840

SHA512
58308b1f4f92f1eb26af8516351194b96defa8b40f26cca2776aeb9e804e585fdb9918bd2acb9c6318b63c3768c29893574bd0a4fc18fa9dee96b9112732ff94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\en-GB.pak

Filesize
450KB

MD5
56bdf77ab3487e28d354a8b0f9ba8d2e

SHA1
b10ee918320a50a417b1ee6a28cd4b05a5f77238

SHA256
7df934906a61c0ae7a952f9ed058f4a06cd3989663a7d9f50afc3c9f830135bb

SHA512
8d74c79ba3a554d69f26fb8c20210c9a339d85c0e9a9af445901e8a5c7ea544ea6ec713f9dd2db7b8bb5cb0afb0fb385236d4668a73af37dc9ef8d2f73c57fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\es-419.pak

Filesize
547KB

MD5
a5541f2f1038c29f12e3fc3840590e8c

SHA1
d22b47aac65080ac8d96d677183891203e69d218

SHA256
6d1681b67b593b58f9de9822201927f1829d348e88abde360ec1e54443acc60a

SHA512
fdffa76dff56d610b446f67bb514f8b1beade201af5e336eb96da3e791855c6fab8ef695730fb7fac5e8c7a38fd378721dcb16481624a972a6292a711fe95b14

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\es.pak

Filesize
547KB

MD5
39ddf01168864ab8b3861503b5aecd60

SHA1
332442c16ab2112313ccb67fca796cedfc3d6b89

SHA256
5f5c737b7778932c2aa9cec8f54b99c7e82c5bf7eb28172c8a49494fb361ee06

SHA512
cd54485e31707ca30dd47c415540e2a0bc44c12274c14c6acab27fe25908f49f18ee9e27032a9c403f55a6b5819f3829af6f0d9a87730a4bc573f9a40a531ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\et.pak

Filesize
497KB

MD5
c0610f85a202bca2f540756ace2323e7

SHA1
f770e638e59fdd47484ca51f1c1f42cd933616ca

SHA256
77822b71398a329c43b57d9d8c0b27fff7f30c3a35fbd7850161549a23b0b9b2

SHA512
386b65ce118ee0602dfd195290f922c5abb7b38bf974b04ee4477f765d507cb4c41a0b443930eca2aae5b4e1de23d8013ba241ebbb99713da4d26df46e9aa29c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\fa.pak

Filesize
813KB

MD5
c2dc7c27385de3e4647728565e62c1fd

SHA1
5d67672fc9272e68513d6e644f79b7d3724cbe39

SHA256
bd9805146a6fcc17fb7bcabce894757cf4fedcc0a0a5178f9cbc1b1d4657fc73

SHA512
642feb1c579924f9f853a8f1778a6a0f58779e6571275229b613cacc55a688fce62ba771c1f0b08f4fdde796d481c11483a8000e6e0d41aa0c63db5a288df7ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\fi.pak

Filesize
508KB

MD5
6d7aaddb1365b3efee94d4c510a3002e

SHA1
2a970204894c5ac163c980ec0fac2dbd1711e5b5

SHA256
11b0b9b0f74d01f16db7aa49be9dceeb55fde9da56f17419c4bca159cdcae274

SHA512
f44bab9cee552dddac17d4ac1949870943cf138b3fdb0e649e8827acb6de9528dd9cf738757e5b495587e165d1c750b8bcc6205bdd029a01eb92aecab22ba49f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\fil.pak

Filesize
573KB

MD5
c744b92c8feff1c026034f214da59aca

SHA1
95780d3374841efdbc0d8a46cddc46bb860a26e0

SHA256
d7fdc7fd08dcc421bc8aaae3fdc72599c60a3b96f05989a3e46736f0de06e745

SHA512
eeefc73474642e75da61056f2841e7cfeb8d8475be55a39852dfe7de8a972f7d86e9d1df4614b3ca3ae4fb01b68e5ced664bc8e46ccfc94f44b06e29a5035b43

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\fr.pak

Filesize
591KB

MD5
5e38d6ba16bbc0e593ccb43d989a2346

SHA1
56626415dfaa0002e65939afeecb1c6c2b690494

SHA256
a82b41f40fea984c4a01628d58fb9047d591c4a3e2aa80433b71d217865e6a4d

SHA512
62bd5a4632b13015595efe351a6c281c273023e38a0595c5910443d006cbd3cbb39364a2b7a9bdf5216e7078e18d7a65baba5d888b37f95361bd9be58bdc5058

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\gu.pak

Filesize
1.1MB

MD5
7667d758f90e0d3c147da74ba06425de

SHA1
a453e2f358095849612756a1fe6e2849e1f3f7fb

SHA256
94cb050bd6ed8e588fc0148123c0440f3a1bc8b459ab4ca54f954d098eeb2a46

SHA512
0b469fde98b8558a8a037a7cae1066ff343d1355168e12fcfd80e9aae9c870525fbf4113d7a282728a2e40b606108430e967b574104e8d192be234a3eda4d09a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\he.pak

Filesize
713KB

MD5
921748ddbc20e6412c7c360130f37662

SHA1
cfe4d4318ebe40738b83893b81319d340a406abc

SHA256
178cad88217251b9ad66449340eeb4c1621fbbe2c4946c1018bd82d0b8a1009b

SHA512
0e9f43ccb26d859a814e520940416187a4d3a93e7492cf0a52d0f6d756493f86829b5b82233a1e8736ea0f6b24f420b14ace4cb4a50af2887a826f153f0f9b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\hi.pak

Filesize
1.2MB

MD5
eb95377b86ab5805d041a084535318a8

SHA1
4d2c8700699e553ba2710a9d01877e2976c7521b

SHA256
c27e6209c67e015cda2cb1ef3b1733c2dc95d1f5227d8ff6ca8b399c2e5295bc

SHA512
1f265807f0c0ae0d99dafef928c244a0039baecbb028ce9a8e80c706172a066e2560858932c6643c823d715d78e2f14dff5ce850c0e8f4dd0923d310660491d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\hr.pak

Filesize
551KB

MD5
202cd54c38c8eb6170b6fbf9704c33c4

SHA1
90aaf8f2f3b054f86d28ba983fd53b270c1a423f

SHA256
687b532c7b260d4caa9c162a7c290babd7632159ea37f51480f746c649db707b

SHA512
0106c1788cde349d7a39e3e75841899ab5ff2dfa5056c84a7bd81ebee468d6a71c05dd406804599110970297e0659451a4bbaf53a8ffb0c70f1170d888131074

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\hu.pak

Filesize
595KB

MD5
2515bb367f56f282657b3dd3b9ffcbc3

SHA1
8cc350e359f1cfefdf0ce3b016109dd483d45a8e

SHA256
b4e6a1135de8bdc42c04f4db4eb1ce48256f18eb46a5146a21010b6165a90e7a

SHA512
779a77b3380f08dfb1d1e9bd65806f3d5ab56619d040bd6ecc9726c17944f4d0c3a619edee06d638549250fbf4c6a2be46cd6196a3a8862d184a68d45d6f6d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\id.pak

Filesize
490KB

MD5
91bad2312491410c7f0393be512b895f

SHA1
6e4e9cc985c5b96eaaad91787f8bb7f72cddb604

SHA256
a21f9474a19fe2d7f26c59f5ba8d6e72801a8a057b7dbcb8b3f96471043d9059

SHA512
5c0e1cd1741e78fff90f3ec2be02bd47bfc669e50ad0cdde975238a74cb4081536faf80d0a28dc9fea6efda6548dcca4e569c54b903f5c2773c17f72000a99e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\it.pak

Filesize
539KB

MD5
033cea0b189033adf6aff0030722cf4e

SHA1
58606beacfe6c47c45f883ef0e50e3dc9d22b0a0

SHA256
f3101e941e40e8e69d646e7de7992ed695db7072e89855a7dd9f9d6bb8a204ca

SHA512
414eab311f2370072c749f55f13d1740745dac7f4e65433ed27c987eef68037190ede845e1a534439110afd4582802bb0093e071ed485c2f75276f80fa65bd0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ja.pak

Filesize
659KB

MD5
001884fb759217024364b6ef3cdb86c5

SHA1
e48abc635109800ece32539064f5085b1a108970

SHA256
f2766c8225cafdfd0649f4cc5626b246d0f3a4f1ea8bf5e4b18347d1fe5abeca

SHA512
4c3b5aa9ecbfa3b66274f528d64ba53785ea3237ef51d4ed96b683c98e249a4f812e47be43558122a0cbae4ed9fa6b6e922e872e031c5e34554bce93e5fb089f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\kn.pak

Filesize
1.3MB

MD5
2064b792d030c421bcf649ef728f24c5

SHA1
fb98b9332927b58b57e1278d9cd54972e8ed7b5b

SHA256
2029902f3ea9da2c88c079c097ef481a184275d988dbf3bcfbe9dda84dfe1379

SHA512
691dc9ed3fb3cf1f294b5c7455a7a32023ae9ecefbccb666b3d68b7543434050f634525e99ecd67cff1192a238c5d3dc95754801644da253ac65ecaaecc40387

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ko.pak

Filesize
557KB

MD5
965ac0d213ccdfd83ac4970de23a8f11

SHA1
8326841ab80c40a7ca8b13589a3f5ff54fc15827

SHA256
3fa72d61a997c36f9c093f769f4bba60b290d1fbcb71d5544f85e8e1efe51d07

SHA512
5eaf14ce5c493bb4704716add07428edc6569f2dcb721679e140916c0e426cfa8e8ce27a2c38c48ae6e60461a678525e48e42c2938ce40e488b59d3f97a2f9cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\lt.pak

Filesize
597KB

MD5
20906aec4a21bcbb8bc8bab067075ba6

SHA1
369da9c1567d4376852cebdb87cd9213dc4bd321

SHA256
a1257d10e673311747363e6929832e70f36668b1fc0d6a5ddd550fe88007aa58

SHA512
8d1ee40bff980b889af83b95fa408bddf2ff5d257f532d2da46bfc3ddbcc31b9cf14b473fdfca1a574c0316fd689a424ae241e9bcc533b7dfe0c7203d4b252fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\lv.pak

Filesize
596KB

MD5
9f9d09b8e8b943733574c32e924cc834

SHA1
cd68a843884aec9eeba36a287902e5b39f128f82

SHA256
3e3c9953e679f391167a5d5536a4ace4d56558909ac8ad5b9f08650254d99f40

SHA512
8062ec8f8ca2507ac8e10d0a9a8a76ab02feab8993989043dbdfce3807d216087017ed14e6e9f52d87a2deb87ae5a69393e5d6c6963472ed98ecb22fc45d594e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ml.pak

Filesize
1.3MB

MD5
39d4a5ed8cf7c8e0df946220fbfc0f68

SHA1
70794849b41d00f2b895f1211a6baaae3fa7d261

SHA256
87384db1ddcac012b0b40ec89daf47ebbbcf1497705f023a6983fb2470e4abd6

SHA512
ac992b9cebc2fd51f7477b36f1aa4d9157a84c3023949c02ea236d909c78fb5ccce28dd213c089820131ee3f669164529daf58901766630ebcf40546d33e132e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\mr.pak

Filesize
1.1MB

MD5
649e76b6666096a2258b942745ff9fe1

SHA1
82edf8ca68dff0caa36b17901c1e12a17172fa51

SHA256
039f4e0176c38867fef57482825d043fa63bf1356c85eab0fc665f118db125e4

SHA512
92f51140416cd6dd53109ddcc1ee24c1d26999de5cd48a11e6954dbbc985298c1b90c0b4a7bbd8701a2737b71340e8a257e8b1ace85ff3b4876b714c60befdce

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ms.pak

Filesize
514KB

MD5
9fb7c18f376b46b254ef9a960e08655f

SHA1
31cb060fc606d011151f1b5464e2a469372113a2

SHA256
2f0c83b5b3bff8f624d78e0670a31c509e7f1d5330f72aaede471b2e97c956e2

SHA512
23ea07d917bc0cb9a2f530f985c4c1930d31eb6e8271804709126b8b0f5266dc51636f679944d2e3d8dd7b603564defe85c1088a33a922e9fe15c2073b509a8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\nb.pak

Filesize
499KB

MD5
94328f521f4f02e9b27f64f35987f65b

SHA1
e0fcfebe197b58daeb1b27b89cee3bfcf6e9d89f

SHA256
b824d440176ac07aa50badd87b91ce7989e263344edec5372c6f50ff7db12c9d

SHA512
3dadb2db1ff76d5c7d13470502a062c77c6f7483bcd99112f7747b3e0bf1b4b3ec15cda0e97a38fe26fa56246c20b19312aa7d0a277e23ff5e69e618e4ff23fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\nl.pak

Filesize
516KB

MD5
d59fed8986eee2b9d406ad52d88cbcf5

SHA1
f7e409e17723e21174361bc81e54bcef269f40f7

SHA256
619c61701b3a142733d23ad8c7117bc013867a842d3d1d572faa56895ad8257e

SHA512
234aaddaa7677b39667b4078dc3a630d67b4f2ab7df5ce763d509183a4d88e8f7bd1a231113b8a51418d577e4aa630860a7f2735c34ef59e0f65966cef825597

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\pl.pak

Filesize
574KB

MD5
f73a49fde908f5de230c282e3ea461dd

SHA1
2776d2286e2d414373ca1ae60f39daf4b22a999e

SHA256
c9ddc6daa007d98cf90caebf71b3071601d5386eb34442d86020904e39f706f1

SHA512
578a7872504c9d6bbbd07335b38940bef6bbea94820147accefd31806cc2e1f7c9d8bc3f130efc754db55745cb6f164f9ace149e42439cbeed945a3491cc6ae4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\pt-BR.pak

Filesize
540KB

MD5
58e37f2afb647343fa879d748d7492fa

SHA1
bda3c160202e4ca950c6592851e3eabfe84e6a96

SHA256
c17310ce98918c16bd9c06bd2f752ce6d2d1e4bc7b3e8ab74519e57e7e751843

SHA512
5574dfabfeb4a4d17ae156eba18fab5f0bd6ed14737b7999117ccbe385d5068f99839ef130fe5a125bb9fd6d0c3486f585b3e109966c138f06b08af30bfc8674

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\pt-PT.pak

Filesize
543KB

MD5
f2eafa0bd70b7ff64c64fa0d5590ebb3

SHA1
9a945c61d79e886f05f3b13cad0420b020e7019e

SHA256
8ba5d7dd9100e14a51a9e77e2f8cede706978bfd21eaa6f334140d12af6ba974

SHA512
ed032c0373ccc59f64ae709f3c462f1c1c55b1abaf5b16398c9b64480ea5df94ab35e6897dfd1f98e18296e12528e3f27150948849b0bbb0e91bfef140c0bac5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ro.pak

Filesize
562KB

MD5
cfd7cb2444248216e12193689ba56c10

SHA1
0a9d65fdbc68688bf1624a8c98fd42673961e0d2

SHA256
655c175903a791d0ff56264a487c53f7bd09ed037cf04cfa6e79eb8be5b677e9

SHA512
7ab384dfe93c4de0d82d3a581d0c4b988f823f49848cedf081067e052be2d43c42389899588839dbc7cb35ba70617648bd0c7c199900e78c487f3dd77e64b4fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ru.pak

Filesize
924KB

MD5
04e23a841bcf29018d0bb55a730d0fda

SHA1
b3545f3ee053af799bc76c69121aab034535885f

SHA256
d68be272e1734979baf3c19134e97f3e7215ba871460fb1906e1672329434040

SHA512
efc1de023f6503c3b7c56e1d836137998de89fb112da079dab09f822f5e39e54137dfc07c930a099740b532f752333cdd850d2050ee9783b1ada3dec6ddced94

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\sk.pak

Filesize
580KB

MD5
7773015adbfd66d42b4a9cb11a29a7d4

SHA1
bd96538a2ff6c8884a545a7b10495107fc1f8395

SHA256
bfd5b52a544428c5aaa4f418903610f1373c808c20110c145d95b34c51c7cf80

SHA512
e8abceffff4fe1b6b1957ad99288bcf562fed2ccaa8ec20ee369fc5d50a3fad1ee823045860ad1028503f4dc730c5e816861ba5b2e0417433000dbe2db6be795

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\sl.pak

Filesize
556KB

MD5
33aa83936f6fc0ead34f2d89a3f6d3ce

SHA1
7e3a1df02daa63760e689f4a4bd6fb47fd888de8

SHA256
f7539df33ea860bc42a76047fa4fa0dc75044df6d602f8735c9acfa5d7995198

SHA512
f37979e94063ef24897657e33d3aab5cfe6258e071cbef13ac01dee1647353071f7e269f986d45e750013cde5ecf69599e94dd27fcd097cafa7054684018a684

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\sr.pak

Filesize
859KB

MD5
acfeb4e65ec2a66ce1b53e93c5a0d897

SHA1
0c37160a70d8317f6a80ad4909a152be7e94fb93

SHA256
c13f495540ade0670d2fa2231a833de32124500e301b8abf8daee8a6ee2224d2

SHA512
4dea3a3522525345a5d7cf821c85c817e8f779590533cebe8114253a742b82739d16230b5ee155422840f6ec58d27ed23ebb00459d6adcb9984ceb9e9f2dc015

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\sv.pak

Filesize
501KB

MD5
819b5e4f2b7734ea4677f6d579d72f84

SHA1
aff3048d8e35fabf68a756513b67efedba59f85b

SHA256
105460cb717104d82f99cf8c5e2c51ff252211a605bd1c98bf75981f100d619e

SHA512
3e1ff5d934c7e0656dd16265be697420c31b191f88a5140c3598b4fe37a6bd3031f50d45ac7e961acaf0886934951a48230f7b10a53d85e015d6d5e1602c3eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\sw.pak

Filesize
529KB

MD5
d3ae31b63eb14fc353b6e8b872d266f8

SHA1
011647736ea51490cd7ccd49433f4529b708ccbe

SHA256
462809f4337c1d6511d53e496937828ed07d64e7144954da794c36584c94b543

SHA512
aad3c37beaf1224478214623f95a549b6167d1d061baf6c2e2adf8b8d034e44e8bc4a1e9409533f2830ec3bdb06208a1e144bbc4e3ce2a6cfc6bc82002d32b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ta.pak

Filesize
1.3MB

MD5
52ee28471f2f9d01ef3f57233496554b

SHA1
abd7dd9989fac90636626a41f007eb6aa5ec7a2e

SHA256
1cebac8d758298ed2763e62b9bdfb17351831e691ff3e1ba85252c9a66d66242

SHA512
af2e9593faf60319244c90e9c06604dd3830705f14c18cd380dc2338aaa0c1e137bf751603ab9beaf7f1783839f83bcd4fda357b7cebc66ee94155d560b6f691

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\te.pak

Filesize
1.2MB

MD5
3a71904057869c23d1bc108f1e8d0d31

SHA1
6fb6e60c80bc332a2bb66d02a1e3db69961a9c41

SHA256
8264244c6de861817f5b19cef282844a18ed8cb7d4e059451489652749fe931e

SHA512
7248058b2d357c4a8b9c2e95d580a2000a96d9a5adb0b822adeeba5c4422e08cc12ef84b9b9a627a1f6cd07a08698ec000510885d14d64afd40c6e8d69376022

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\th.pak

Filesize
1.0MB

MD5
879a881174501e22c3de65b9f80bc19b

SHA1
a2e020d5ed1be7dee50a495a2f8581e751cbf735

SHA256
647ad394e92e7610bd0f6c4e08d28748408fcd5a816a35e4622ea7f71cfa7a9d

SHA512
b8961a90036b94340283237da57659cc277e65e545764251f7d3e406dc5f70c9ae29366184d0aa8831aaa0a7cb5c12ff825078bb87528606cae223fba58c73d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\tr.pak

Filesize
539KB

MD5
2c8ec2110d635c90a4d83f15b511b10d

SHA1
c688bf904f238eff46624a53102210e9c9ca5422

SHA256
8c09ca9f56200f55ee73a6f5daa017c5098f788301616db61bb9f6094f5a61f2

SHA512
24e83d545f7c3db449937c721516754b68bba4c137dc362e23944dfcfe8973241bc19c1271b787cf464e5ac281e4876360b9cd942c062952736dc6098b2aefd1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\uk.pak

Filesize
923KB

MD5
64f72c9f76578693c28b9c4fd6ed66e7

SHA1
dc321254fc902b787dd46a05ee22663f5049eee8

SHA256
121fe02499718290b4bf84e80e613b06df45730603ac1501c65f5c115412d99e

SHA512
70f107defed8c581f1bd9b4ec098232cd83efa31a3010764a78966f890b277ce48460087be923537969b74022ad8180b53954d663c7e94f5acda73d2c5101cd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\ur.pak

Filesize
808KB

MD5
fb978b7d211112a0774ce09ca54ca96f

SHA1
fb0c69801230437dcd20e3803db81ee60fc042b0

SHA256
60310f9a3457fae0395b447a30646211ef4160ba84bd7c36d291af4c8ec2b79a

SHA512
abde8d79f46b27e0e315034025837a3126d6e5d2bc52504d49c946fe96828bd9b20cc4a5c05283fb9f8813e6820a28249cfd68b30cb27fba216970c16ecc8d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\vi.pak

Filesize
639KB

MD5
565abf3f9b296fcff95fa5b169a7d598

SHA1
24de1221b2adec13b5bcc23c4a54b8e987e9f12e

SHA256
fb9463d5655e73fa69cace9800d95f8cd077ee9284fef3bfe162d2bfe220c257

SHA512
53bfe0c1c289ecdf48114048e15807c3143dbbe357736753cb845a31a6a3fccd0dbae652294508706076ca4b30e5da00e53bc6aad11b06fffbf2621997e7de36

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\zh-CN.pak

Filesize
460KB

MD5
3fe312d9859b299c3a332373172c33f8

SHA1
ce6a99d79dcfc363bcf68bdb1ddd4e6862236020

SHA256
f0c0ba53c954325b3bbefb333ba23f7fb40a7a4e506043e9f7886089f611943b

SHA512
488a6043381834c9d69a906edd9e3273da01b618e9f3351a89082e6a4727f9f882e435eca3d590cb30336cab289fc71b109322d43804ddde5fa038a63a0b84f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\locales\zh-TW.pak

Filesize
455KB

MD5
e302e1102f3f5a21860f38f41b3c30f8

SHA1
78b5d1c451cf674a7641dfcc815f966fc920cf57

SHA256
d4033cb3264c7c4cd2636ea2a202421650c449e5bfb10f29949e4c44e91ca93b

SHA512
1f96b197eb7ae6b7983ed38d4ce33ea0c845ffe527fedfbc9e53a6009871dd3c39084a04cd1d43fd6dd24e7f26e3ec4845d4225df828de0b9ba346cbc98efea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\resources.pak

Filesize
5.3MB

MD5
c9d196164a4a2f4c1190ee0e2e9eb1c6

SHA1
0a38f2328f3c9f0f03e3281df8b441869b4cf969

SHA256
2d00750fb042ad55dda47d78536eb26733d1575c1040f18a09bbbc08748c0f68

SHA512
e382bffb89e05bc84f35514199ca34f2078f216bfa65a56b2c8909563287954256ca30865abf4b7723913cfac8868512b37c2ee713e3ee22284692cd0c0728a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\resources\app.asar

Filesize
881KB

MD5
912c4ae9c6b52d91e6c4367744b6216b

SHA1
e628a2e9917c3fdb7e4cd282364e3e95d546de99

SHA256
4b40d78b1e6377bb56041e632dab228cf01b0c45e8035aac010c329ca67b0bba

SHA512
12feaf91f1424bf0a7f3102ddba06ff93a0ec9821dbbde24e17edcfb2671c71a23f1153a6e6364a5cc4a7423d314d0b7f875273cc953d4c75dda3821a067548c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\snapshot_blob.bin

Filesize
302KB

MD5
10585bea2d95df40b857a51e57c5cbb3

SHA1
e031d33c96a0c6923314f10ce16b4746cac25f1c

SHA256
1b9cd2d03d7243f26b6793b17b5240bf2f942b33caeeb7236b6f4ae0300c52e8

SHA512
4ede1f271520e2c8b4a9675adddfdc43095ecb82e6ad4374442656a42ba19d1b32ebca255b52d29d0c91db05d5ffdf93a1b90237a11f6cf4bc236f68dad2313d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\v8_context_snapshot.bin

Filesize
646KB

MD5
fb63a59e95b34b7730246c8226056af5

SHA1
75968afb6f38d1c49f03cae7f3289f7eb186705a

SHA256
10d0547126eda664ab1437c8a87ef6dbd32eff74f1b3c9255323dc8aa66faac0

SHA512
f53667fa4fc5903741287b9cff1f3638197a9eaa0d6cc7c753c66d2b3ec0248731612110a77f9402dd554c1fad8d522ab70e29510973ac63505e3f04ca37a70a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\vk_swiftshader.dll

Filesize
5.2MB

MD5
37d26be50bf31b7a85bc8b86d64773ab

SHA1
88b6c1878633f9f7e4c1dd5f8b5dd9c5b7b6cbf7

SHA256
7c35ee5d2b4db312d09875269d3a17dd394966289de426bab40b08173b2b4728

SHA512
df06cd453dbd05d6cad99d2bd23ff4aeb5fad4ecc65ae935d89a6f8ebd0b4a328068955c57073fe854790b114bf6908d52c572c2cd4d81fc156670deb1b0b41f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\7z-out\vulkan-1.dll

Filesize
938KB

MD5
43be195025f4c1d3d3a4fd10fed5c073

SHA1
e9eb657173bc97e12d5990da385f49cb6a35c1ed

SHA256
d5ef248641f00dd38a81d2f94c37034b7820edbdea4fa96f91d4f9e64996dc97

SHA512
81fa7abd4c749c2b67504e866c5d6d37ab50c902df997e8f371f0610027ac80366904fd29f8349d034f0231495fefa3e1896a201a8df3c4845854a3ce8467ee9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsz8BF6.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
4de7375198745051b3e5fdfdfe05ac6b

SHA1
229e030300a527a8b18dec634d11da95af1f08be

SHA256
3d4b7a69494d0507fd6b7aa2b9afe1449d8e5951fc034883e67de3f8e30e8801

SHA512
f7a9e52b1804335ff32b19248fe1d90efea05ced6c015f58eea3f14cc9b14a9e08c994ebb51fa45e8c040411fd7cc549d25f3fa3c10f937cb7540cd4f0f7256f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
6b36827cd0d9515ca3bdc03df579e3b0

SHA1
5e7bb2f97cdbb3416cec036febed47255aa51d2a

SHA256
59cc49c733a2704aba14fbd8771b111ff135ccdf63cbaa19cb0797d58d14c0fc

SHA512
e257a8ccad5d674f9f6f29fb916bf71177d2715f20ac052259d385f570ae863a5acd082ef4ad8b30851d945d9958f58e9f62020bd0383d8c660933bd6bfdf702

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
8KB

MD5
03ad4912010be4d4c59384b6905906c6

SHA1
1279cddf10f791f193b850431039cefb30d51c20

SHA256
fcc49af13fcf6140d6d685b7a8bcceb37cdd4fbba4fc8404340b002f912bace4

SHA512
c0e56b94693d4b12996a0ddb4daac6deb0154e321a1660935fdf9d861266397073facebde9e2d73bc07565de9209139f5fa293a7414cb35b1dfa772dd66cde21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\AlternateServices.bin

Filesize
15KB

MD5
8bdc261f25c6f595f59dc1da1aee47dc

SHA1
435c93eb5971d2a42fde7069ee7984b793e41ae5

SHA256
6beac59ff4463800941684afbecb00122c593dc6fc086c698147139e3494d8b4

SHA512
fc60eef30b2db5ef9c1fbc55c04a69a7ba7ec6a3995757b0ed14a9081e28b78988b91290d800a4439008fe2a2f5e28c4e3b8af775838ff69b975213c6ec0e475

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\cookies.sqlite-wal

Filesize
320KB

MD5
6ed5c23a6049e74176e31f2cf695a5a3

SHA1
ee3064b5ce65c63cef6e592472830a8367f1b25b

SHA256
092c99bc7ba64c33d36a376ba6c7df857104d8b673497bccd70632e7fb2aad09

SHA512
ed3987c7a298a5fb6f798c1ea1359e22f240fbf42fb45defcb89b1ca7ddc428c7550683e8b8eff03dea1363c081e4a5e79356464a77dcd6487e8720f4e4b1f74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d237677a863ceab9b57bb4948a8423fe

SHA1
dbf273d50e0a5976e3e3fea6ac35699ca6fa7ef0

SHA256
9cbd1db0ab562fac10bd070d64fcd2a4a4dfbdc6ca17cc5b570cb09058b1c90e

SHA512
144eab56e6aa3faff9e659914df86271b9b1e40137e9d8321f7c28541b7362cb90d96645aa7d8ea82803d53991d543862f881114abe6e0a1183ecd34b94bf1eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
50KB

MD5
70d51d4066318190c08d72ebc9b4d544

SHA1
dfbc6902827169b67d694bc7715e8b1f75c94b27

SHA256
171d25cc969a9f20dcca65d32db4f99a4565bd46e8422e5319af255ff8207346

SHA512
7d9af94481bbc05ac2ef7cc59fc9db7b9dc94929d93e16973ba4bcdd3266c06421006c91aae83908f091ad82c54ed1189db3dbb8728a4621722b0d1e9166bc64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6390045e4f68721a73ffb5323040525e

SHA1
2bcfe1c2d34262fc46fdc70d7dc65a751df95a9a

SHA256
3f39a324228a66fa21ba93c8468f4637b7d2989933b046be249df8804c982178

SHA512
a63cee8b9ffb69db84c15e0886b9003fc0edbbd003ae51881c6a70005cd57146ffae0685f37b4888ab8af01b135e57d871783006e83a945970686395d431937a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\209d0fb9-0a78-4e6b-883c-d48c25be8cfe

Filesize
671B

MD5
9e2dae5329a832c04666f65b788f91ad

SHA1
5e360aae3d190aa7000eabf93747bcb3db587219

SHA256
17c02f712fc79e64e327c4dd61710114a2b3f65f2f9e230a723e1349fed40001

SHA512
c0fc7a4cd80c80d1aee9b3d618848c4e1b65268dff2d55040e0c45beeaf24bd6471a1db27ad0f406343caac15c286bc396bf5daba9aa620206b69b596a456b2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\39c3477d-9e68-4db4-aa99-c4872224184d

Filesize
982B

MD5
c7f518eef667d1b7fe8916c4ea9d8c56

SHA1
7b074c6cfacc98481c6cc50d8d43eeba20d7cbca

SHA256
364a56f1adcce762a3de307a940d2ff2a2101a1385a8fee02c55520bab4ba838

SHA512
b23048f46b5b818379acbd3cba364de3d1514be2bfbc42ee3a3a117cda8ee40ac0b7ca92637322751af3a5457a191469891ddc05d777e419ed405b488ffcbd36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\datareporting\glean\pending_pings\3f41d5d7-b825-4f98-ada0-0346db2bbdfa

Filesize
24KB

MD5
14668a1f964aa499286caa061439496b

SHA1
8ec1a57d73e913ddcb53cfb445e2c96975d176d7

SHA256
b513567dcd0fd26d716c2f29e48f4efcb535bc3b52a966ad2844a06276f67226

SHA512
09e7bee38973a38086dbd84c5aac402600b65c93ba9ef35d7aa6ba19bf289039fd253426835e951a8247391df2b69d762d28b9103d38ea806dc1a6a02d9c881d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\formhistory.sqlite

Filesize
256KB

MD5
97c1441748d6cc3e5a7030cda7543975

SHA1
f5598a45b101a5404126cd27fbb7f4b70861ee32

SHA256
2015b584b844b091d6a6280d45e9a589ea0feacf5f4b19bdd4cc21c60dbaaf91

SHA512
29d358ec7725038c6648251d8b9c32f3a40458e9c97926e0000ab42f0369b96d1ba5216eeb7c35800c740633dfd3b1e6e6aa73859644bdb9cdccaf2a3516bcb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\places.sqlite

Filesize
5.0MB

MD5
09f612e28f612a50032a759c018a1286

SHA1
efcd3b2a32925910596b01399cdae60242961b26

SHA256
a2a5285c4ba065617453041f7dab218c2e53a4e341a6bcef9ae540de6c88e71c

SHA512
dc7071f617751e957f4e2cd48e6c35bea7c22f195f40725b2114e5beb6e825315d3ea31fe1249b874eb9e3dad3ea0a607b467923abee685320f5bbd6f1c7285f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\places.sqlite-wal

Filesize
2.0MB

MD5
14d42565b59480fcead35203d1285722

SHA1
9c7db25430524353921750b4a758981fde2c4892

SHA256
a3d7d8b8f6f77108b472b29ee32e2614692ae44514d6bd42b32f07a53be22512

SHA512
c9327fcc509a2b9a0da479d1e43d833c48a5f4da8d70a45df3a8781b9fc4aa91b9a123a3cf204bbde9c77a86965f30b8b7ed67851b201f3ebad86c7981fa4a36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
12KB

MD5
a94dd090551ccea72e25af4894b5eee6

SHA1
cd804020320b1bc7f7f6e5820474d10debb1c9b9

SHA256
2cd6970779dd396bb26436618400f5d3e374c9a853785cb494706643643b1a75

SHA512
7a34fc9c85ed78075ffdcea79d33704e6a019e484b29b69b91c5fffbb8891e49422c00fef827fb9c79921b42b7117e117fbac4684977f65788520ffdeba7cba3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
13KB

MD5
956ffa00532548f7cfa4dee112502a1e

SHA1
352acdd8388816e8e1799a127a3faf456dd785fb

SHA256
8cb58a3b719d2718c7eb1a50bcb1ebb78001e9f773821ef94749af06ed33cd0c

SHA512
5702fda71bbcdc2fdb3473de3433f8b9067bb4a2578ad712d4b59a0ad72580c530274dedb4b195c246578f5ec510a9e35f0fc0532843043dd53f4b2335a532ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs-1.js

Filesize
11KB

MD5
ba43f1a04a02de88afa06b5082d744f5

SHA1
b189c7cc139654d3f13ba28dcb7dd2cd4e9ca847

SHA256
26806bf44917fddec5d94cae729818d401f03645949f79139347a02d24159037

SHA512
abae799120dfa378c3ca2f9e137e688377af10116723478965b8f9f9433655566a1c4eee5c0d67a44f8db6501baca3e4a2a2c5c0b406578fc024d14121c49e6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\prefs.js

Filesize
13KB

MD5
d7b41a9c2f8d5b1ab58babcfb4d3fa9f

SHA1
f3d368152528cd1c5907dbe1778f0f1824a687f2

SHA256
0b92c3ee258fd4a37ebba5d64845d7147029119c8eb8509e1ac3124265fb01d3

SHA512
a180559173035a05832d1d57dc72ac844e6224490757b30598f3930147a274777663574012976c07d050048b2de47b7bf70ad4df000b2e2d0eb4c310ca584585

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
936fc99bba7db8cfdcad1714814b6690

SHA1
028941437800bad54e33bf895bef8419bec84a81

SHA256
610907faca4a9bd0085c5bdd645552a5353f207b9a739c51dc1c5c609aab8094

SHA512
c607af1746afe551a929166a6998e479c3b32c5f20e756c28986e5cf596cddb60e557cd36bacb350f292bc75bc859583fc0f1d7312a728e1b0015222ca069e5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
b1b50c779c475efe5719f7ee5bc6843f

SHA1
c71fa5f11e3e47d1f24545bb5eadbd4c14bdcb36

SHA256
79a8b7af2c48ccb1167990af685915432e1d87dad714790dd6b6e6ab321fdcf6

SHA512
6af06b2d00a262293deb3ddc860b5649fbc35cf096cd4779d4671d490a20de8850505e1668076314738f1f7f824365a51abb5c767d7f4fb82603ae1867bedf7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zgr882s2.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
79986e562167929354fc1de829a12538

SHA1
75530fa807d6868ee2af2b7351eccc6ed3bd55a4

SHA256
9e26984856cbc1e7f79b4c371a8b751032bbc5a14ad04ab360cecd1ed51de63b

SHA512
e06f29088108e1dfb8eca45693908513b7abe40e7ffa325b4aba0c2dc26e10bee2aa9e6ae059a6eb4beb7c0ef8af0595c869940a75cead2fc5412f7564f7982b

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\GPUCache\data_1

Filesize
264KB

MD5
822dd35396fe36d16cbb456e82685c14

SHA1
ea4daf1cd425f0774ce72f16436eda6d6046ba6a

SHA256
316c508713a1421e924fd87222a747c42738bb0c3b77255192597d5549606bb2

SHA512
8ce3bfa9ff525ff2c4918d75e5a806455522c838ad5c23dcfae4c8be1a69755e1279eef963831efda614e9125beeee02a4ce5012200eb57da23eabcc7b4bf625

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\Network\Network Persistent State

Filesize
715B

MD5
d465479cdd83be69eda5be848b6562f2

SHA1
b5203a84cd594d64f927209919cbc47b4ff0ec78

SHA256
dbe46ac806d4bc132f96e234fcb26cb70c3bc44e1c4b244e04818e763d0b462e

SHA512
4ac6e863979d89df72511cc617e706100e2525d24962e3692dec2e24e420120590e0b414bcbe139ed8e5256eef9e0bbad59b99a85033e2707a78a72928b3e88f

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\Network\Network Persistent State~RFe5bcf91.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\Network\TransportSecurity

Filesize
188B

MD5
aa95ce283b2da22fa6048532e15b7a3d

SHA1
9390d698e5207f250a44530febbbfd52c3707a76

SHA256
0a39679678c1b7d3b38b8521627781acb4de3923aa6a6637b66fd55f71a106b7

SHA512
6ea9c1ae29c8c78b67e5b9d5e8e99e7a616d9dd61187472918780009fcf41dea73e4782363bb37a32d26fd90026abe3538d06d3e874321f700d7462ac84b887f

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\Network\TransportSecurity~RFe5b0c8f.TMP

Filesize
188B

MD5
2e3d3de2522da70c1adcc1f8f4f1dc49

SHA1
a8bce50993154cd2a2897b928ffcdc34c1b669f5

SHA256
db9f01d066e255f8617c740c6833401801b35d7a55934137d019109c2b28db06

SHA512
c3af4eafea023af36d28c8e1b0a948a3689e0f06c29fc3649d8d068e72cd158c0aa8386aa94df8621fed9327582339233d952ed75ee73d68f6caf12aa48fdeaf

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\VixCall\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\Downloads\Vixcall Setup.exe:Zone.Identifier

Filesize
309B

MD5
184aa0a0f5780cf64a5136935b570c84

SHA1
031dfbba76e6ebc656ba746c48dfd7f720602df1

SHA256
be6764fea47a35d218987b099549e03e01fb761ae6e37a6883c5eccc214f3007

SHA512
cf014a6dfc844f99951476616cd0ec027aaf924640220072bf93a585fbf1ef1fc26e2d907aae31bf8cd0cd8189ad6d5656ab83a009c3e326485fad91f709b3ac

Download Submit
memory/3744-1381-0x00007FFE23CE0000-0x00007FFE23CE1000-memory.dmp

Filesize
4KB

Download
memory/3744-1380-0x00007FFE230C0000-0x00007FFE230C1000-memory.dmp

Filesize
4KB

Download
memory/5596-1594-0x0000000000FB0000-0x0000000001397000-memory.dmp

Filesize
3.9MB

Download
memory/5596-1587-0x0000000076E70000-0x00000000770C2000-memory.dmp

Filesize
2.3MB

Download
memory/5596-1585-0x00007FFE24040000-0x00007FFE24249000-memory.dmp

Filesize
2.0MB

Download
memory/5596-1584-0x0000000004130000-0x0000000004530000-memory.dmp

Filesize
4.0MB

Download
memory/5596-1583-0x0000000004130000-0x0000000004530000-memory.dmp

Filesize
4.0MB

Download
memory/5652-1590-0x0000000002BE0000-0x0000000002FE0000-memory.dmp

Filesize
4.0MB

Download
memory/5652-1588-0x0000000000E80000-0x0000000000E89000-memory.dmp

Filesize
36KB

Download
memory/5652-1593-0x0000000076E70000-0x00000000770C2000-memory.dmp

Filesize
2.3MB

Download
memory/5652-1591-0x00007FFE24040000-0x00007FFE24249000-memory.dmp

Filesize
2.0MB

Download
memory/5872-1610-0x00007FFE01660000-0x00007FFE017DA000-memory.dmp

Filesize
1.5MB

Download
memory/5872-1608-0x0000000000400000-0x0000000000ACA000-memory.dmp

Filesize
6.8MB

Download
memory/5872-1609-0x00007FFE01660000-0x00007FFE017DA000-memory.dmp

Filesize
1.5MB

Download
memory/5912-1614-0x00007FFE24040000-0x00007FFE24249000-memory.dmp

Filesize
2.0MB

Download
memory/5912-1628-0x00000000751B0000-0x000000007532D000-memory.dmp

Filesize
1.5MB

Download
memory/6064-1685-0x0000000001600000-0x0000000001845000-memory.dmp

Filesize
2.3MB

Download
memory/6064-1630-0x0000000001600000-0x0000000001845000-memory.dmp

Filesize
2.3MB

Download
memory/6064-1631-0x00007FFE24040000-0x00007FFE24249000-memory.dmp

Filesize
2.0MB

Download
memory/6064-1632-0x0000000001600000-0x0000000001845000-memory.dmp

Filesize
2.3MB

Download
memory/6064-1637-0x0000000001600000-0x0000000001845000-memory.dmp

Filesize
2.3MB

Download
memory/6064-1638-0x0000000061E00000-0x0000000061EF3000-memory.dmp

Filesize
972KB

Download
memory/6064-1692-0x0000000001600000-0x0000000001845000-memory.dmp

Filesize
2.3MB

Download
memory/6064-1780-0x0000000001600000-0x0000000001845000-memory.dmp

Filesize
2.3MB

Download
memory/6064-1781-0x0000000001600000-0x0000000001845000-memory.dmp

Filesize
2.3MB

Download