817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

Resubmissions

06/01/2025, 19:49

250106-yj2ynaxqhq 8

06/01/2025, 19:42

250106-ye5hzswjdx 10

Analysis

max time kernel
599s
max time network
598s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
06/01/2025, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YouAreAnIdiot.zip
Size

223KB
MD5

a7a51358ab9cdf1773b76bc2e25812d9
SHA1

9f3befe37f5fbe58bbb9476a811869c5410ee919
SHA256

817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612
SHA512

3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d
SSDEEP

6144:M9iMNCHRNLhitoVak4jaChlNY4SWn0m3/ottG+DM:7IURthAXk4jBhKWl3/otc+DM

Score

8^/10

defense_evasion discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 6 IoCs

pid	Process
2972	youareanidiot.exe
2112	7z2409-x64.exe
5336	7z.exe
420	7zFM.exe
1160	7zFM.exe
5044	7zFM.exe

Loads dropped DLL 3 IoCs

pid	Process
3328	Process not Found
1160	7zFM.exe
5044	7zFM.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
12	raw.githubusercontent.com
131	camo.githubusercontent.com
148	raw.githubusercontent.com
9	raw.githubusercontent.com
50	raw.githubusercontent.com
88	raw.githubusercontent.com
104	camo.githubusercontent.com
132	camo.githubusercontent.com
133	camo.githubusercontent.com

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ext.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eu.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ne.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\id.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt-br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2409-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2409-x64.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\youareanidiot.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\ransomware.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2409-x64.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
3800	timeout.exe
6856	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 8 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\ITBar7Layout = 13000000000000000000000020000000100000000000000001000000010700005e01000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser	explorer.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806667756788927"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Key created	\Registry\User\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\NotificationData	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Vid = "{137E7700-3573-11CF-AE69-08002B2E1262}"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2409-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616209"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Applications\7zFM.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7zFM.exe\" \"%1\""	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0\0 = 50003100000000004759a2611000372d5a6970003c0009000400efbe4759a261265a779e2e000000539f02000000040000000000000000000000000000000b9f050037002d005a0069007000000014000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\0	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2409-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2409-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2409-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1537126222-899333903-2037027349-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe

NTFS ADS 5 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Ransomware.TeslaCrypt.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\ransomware.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\youareanidiot.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Win32.HelloKittyRansomware.7z:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
4872	explorer.exe
7088	explorer.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
6876	chrome.exe
6876	chrome.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
1052	OpenWith.exe
420	7zFM.exe
2592	OpenWith.exe
1160	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	1376	7zFM.exe
Token: 35	1376	7zFM.exe
Token: SeDebugPrivilege	948	firefox.exe
Token: SeDebugPrivilege	948	firefox.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeDebugPrivilege	4872	explorer.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: 33	5976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5976	AUDIODG.EXE
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeShutdownPrivilege	2036	chrome.exe
Token: SeCreatePagefilePrivilege	2036	chrome.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	6876	chrome.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeDebugPrivilege	7088	explorer.exe
Token: SeShutdownPrivilege	6876	chrome.exe
Token: SeCreatePagefilePrivilege	6876	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1376	7zFM.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe

Suspicious use of SendNotifyMessage 60 IoCs

pid	Process
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
2036	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
6876	chrome.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe
5584	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
4872	explorer.exe
4872	explorer.exe
7088	explorer.exe
7088	explorer.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
5476	OpenWith.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
2112	7z2409-x64.exe
948	firefox.exe
948	firefox.exe
948	firefox.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe
1052	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 3456 wrote to memory of 948	3456	firefox.exe	81
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4092	948	firefox.exe	82
PID 948 wrote to memory of 4868	948	firefox.exe	83
PID 948 wrote to memory of 4868	948	firefox.exe	83
PID 948 wrote to memory of 4868	948	firefox.exe	83
PID 948 wrote to memory of 4868	948	firefox.exe	83
PID 948 wrote to memory of 4868	948	firefox.exe	83
PID 948 wrote to memory of 4868	948	firefox.exe	83
PID 948 wrote to memory of 4868	948	firefox.exe	83
PID 948 wrote to memory of 4868	948	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\YouAreAnIdiot.zip"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d9844f7-57a4-4ca8-ad8e-a2451dd16dcb} 948 "\\.\pipe\gecko-crash-server-pipe.948" gpu
    3⤵
    PID:4092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4139c25a-468b-4f92-bcc0-0b9e2c6df46c} 948 "\\.\pipe\gecko-crash-server-pipe.948" socket
    3⤵
    PID:4868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2632 -childID 1 -isForBrowser -prefsHandle 2756 -prefMapHandle 2752 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f17cb8a-06b4-48f8-bf16-599fd6927842} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:3168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2934877-49f5-4272-a955-206efa7611fd} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:1420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4772 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4856 -prefMapHandle 4848 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b99ad6e-c6d0-4b45-8613-90ca7e638268} 948 "\\.\pipe\gecko-crash-server-pipe.948" utility
    3⤵
    - Checks processor information in registry
    PID:2200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5452 -childID 3 -isForBrowser -prefsHandle 4852 -prefMapHandle 5404 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcb20f3b-312f-48d5-a14f-83591d57a085} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:4592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 4 -isForBrowser -prefsHandle 5660 -prefMapHandle 5656 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c77f6489-3fa6-4357-8716-46e647b47bee} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:3080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5856 -childID 5 -isForBrowser -prefsHandle 5776 -prefMapHandle 5784 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fba886bc-2f5c-4ac6-8ed1-a4a55322f5f5} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5068 -childID 6 -isForBrowser -prefsHandle 6212 -prefMapHandle 3600 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {456bdf39-528d-41e0-9a8d-6fe065c0edaa} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:4624
- - C:\Users\Admin\Downloads\youareanidiot.exe
    "C:\Users\Admin\Downloads\youareanidiot.exe"
    3⤵
    - Executes dropped EXE
    PID:2972
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\cmd.bat" "
      4⤵
      PID:2748
    - - C:\Windows\system32\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:3800
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" piv.pivpiv.dk
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2036
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9f6b3cc40,0x7ff9f6b3cc4c,0x7ff9f6b3cc58
        6⤵
        
        PID:4380
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2348,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2344 /prefetch:2
        6⤵
        
        PID:4588
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1660,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2380 /prefetch:3
        6⤵
        
        PID:4772
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1744,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2484 /prefetch:8
        6⤵
        
        PID:2520
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2868,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3020 /prefetch:1
        6⤵
        
        PID:5320
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2820,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3156 /prefetch:1
        6⤵
        
        PID:5328
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3576,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4388 /prefetch:1
        6⤵
        
        PID:5752
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4564,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:8
        6⤵
        
        PID:5920
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4732,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3520 /prefetch:8
        6⤵
        
        PID:5244
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4956,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4968 /prefetch:8
        6⤵
        
        PID:5612
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4808,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
        6⤵
        
        PID:668
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
        6⤵
        
        PID:3080
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5004,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
        6⤵
        
        PID:5476
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3260,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
        6⤵
        
        PID:5328
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5292,i,11035081809322415508,11356440990610470414,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5436 /prefetch:2
        6⤵
        
        PID:1676
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        firefox piv.pivpiv.dk
        5⤵
        
        PID:4776
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" piv.pivpiv.dk
        6⤵
        Checks processor information in registry
        
        PID:124
    - - C:\Windows\explorer.exe
        
        explorer piv.pivpiv.dk
        5⤵
        
        PID:2580
    - - C:\Windows\system32\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:6856
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" piv.pivpiv.dk
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:6876
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff9f6b3cc40,0x7ff9f6b3cc4c,0x7ff9f6b3cc58
        6⤵
        
        PID:6908
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2264,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2260 /prefetch:2
        6⤵
        
        PID:5328
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1592,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2304 /prefetch:3
        6⤵
        
        PID:6164
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1924,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=2480 /prefetch:8
        6⤵
        
        PID:6168
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3044,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3148 /prefetch:1
        6⤵
        
        PID:6300
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3048,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=3136 /prefetch:1
        6⤵
        
        PID:6344
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4372,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4340 /prefetch:1
        6⤵
        
        PID:6604
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4612,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4616 /prefetch:8
        6⤵
        
        PID:6068
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4788,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4796 /prefetch:8
        6⤵
        
        PID:2580
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,9720840439625747082,8834607272963087150,262144 --variations-seed-version=20241225-174432.450000 --mojo-platform-channel-handle=4884 /prefetch:8
        6⤵
        
        PID:6204
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        firefox piv.pivpiv.dk
        5⤵
        
        PID:6888
      - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" piv.pivpiv.dk
        6⤵
        Checks processor information in registry
        
        PID:6920
    - - C:\Windows\explorer.exe
        
        explorer piv.pivpiv.dk
        5⤵
        
        PID:6928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6596 -childID 7 -isForBrowser -prefsHandle 6804 -prefMapHandle 6788 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5250686e-faa4-4281-a34a-049e91fbb41e} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6960 -childID 8 -isForBrowser -prefsHandle 6968 -prefMapHandle 6972 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {326b3710-9f55-4b0b-a2af-c8ccbf6f27b5} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7012 -parentBuildID 20240401114208 -prefsHandle 7212 -prefMapHandle 7216 -prefsLen 30570 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a019e7ad-9b43-4369-8a3c-67c8ee133e92} 948 "\\.\pipe\gecko-crash-server-pipe.948" rdd
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7008 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7200 -prefMapHandle 7204 -prefsLen 30570 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37019df4-ca6a-4ced-a59e-271cb9785742} 948 "\\.\pipe\gecko-crash-server-pipe.948" utility
    3⤵
    - Checks processor information in registry
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 9 -isForBrowser -prefsHandle 5924 -prefMapHandle 5748 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {909a836c-19e4-4b41-959a-3c61c45829e4} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:6380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4528 -childID 10 -isForBrowser -prefsHandle 5888 -prefMapHandle 5880 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2430f31c-c5ae-433a-8b30-ed2b70d0bddc} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:6396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5068 -childID 11 -isForBrowser -prefsHandle 5256 -prefMapHandle 1436 -prefsLen 28038 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c628744-b74c-46c6-89d3-17a6102ce280} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:5464
- - C:\Users\Admin\Downloads\7z2409-x64.exe
    "C:\Users\Admin\Downloads\7z2409-x64.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 12 -isForBrowser -prefsHandle 5568 -prefMapHandle 5904 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1db079c-4bf6-467d-b3eb-aecd03a97a37} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:1176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 13 -isForBrowser -prefsHandle 7640 -prefMapHandle 7636 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e59e8a94-6c78-423b-a5be-00ac85704a3e} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2624 -childID 14 -isForBrowser -prefsHandle 5704 -prefMapHandle 5584 -prefsLen 28094 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c443bde8-91cf-495c-a0d8-81335f5f2a9a} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:6600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6660 -childID 15 -isForBrowser -prefsHandle 6300 -prefMapHandle 5828 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b53406bf-06b5-4264-a371-788c87e3c52f} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7744 -childID 16 -isForBrowser -prefsHandle 7652 -prefMapHandle 7648 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e35c311-3144-4dfc-810e-fe72fb0bb0af} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:2204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7548 -childID 17 -isForBrowser -prefsHandle 7900 -prefMapHandle 7800 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3a4aa77-8471-4665-854e-5e890caaf9b1} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:3088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7800 -childID 18 -isForBrowser -prefsHandle 5920 -prefMapHandle 8016 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e75ff071-b10b-4135-97af-d7c2d15f6aaf} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5236 -childID 19 -isForBrowser -prefsHandle 4776 -prefMapHandle 8088 -prefsLen 28142 -prefMapSize 244658 -jsInitHandle 1372 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79731e3f-5083-4e3d-8a67-8a1dc009c3c6} 948 "\\.\pipe\gecko-crash-server-pipe.948" tab
    3⤵
    PID:4660

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4872

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000480 0x00000000000004D0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5976

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5352

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:7088

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:6500

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5476

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:2076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4644

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe"
1⤵
- Executes dropped EXE
PID:5336

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
PID:420

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2592
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Win32.HelloKittyRansomware.7z"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1160

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:6048
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Temp1_Ransomware.TeslaCrypt.zip\3372c1edab46837f1e973164fa2d726c5c5e17bcb888828ccd7c4dfcc234a370"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e91ee655fc370fc76cae70be75eb4da7

SHA1
b1c2a36a252373b78768ff0b8c7c414975f8230d

SHA256
2119db0210675f0217218459520534d0442fb93f8d2ad66ba4b20c8d2a430ac2

SHA512
6295ce62fc97be1ee529b0c4dde9d8b806e7972d89378d527740c3865bae85e089883634ad2c3a72b0f0c63f0a0758645733e9e8d9092fb87bd7cc3e95d6c7f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\5555301e-4522-44ef-880a-d2c5f2da040f.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3eb194f81e3abeb4bf7453b9c81fca0a

SHA1
8b943b25fb9bd93af5b11dd3ea79e4cded5efbba

SHA256
c6810f061c650e75359f09511ab3e84cb6fd2269f895a086eaace8b28938b73b

SHA512
3b773176dfc0902c6e5548994748d807c4b74230894f7fe2005f6acd97243dbb79daf356b456395d1005e5b64bfe4c928f597321ed3924c7ad437b60ad061bc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
74c8a4b842aa2367578b46fa2c42c1d5

SHA1
a526c2d1c9ad598aa1fef0c0850f5f77bf4f2a83

SHA256
29e262aefa5276cc82679e2bdef1f73e452a49c832ca88b1ee33c4e2b579a82e

SHA512
5d7490cb9a7806117bb20b0d1d984ffd578dbd7e4cf69bd182acf2fe20923283aad8cd13064bdcc66e4ff6f713a2b3ea8e6ed666dc964a9c50fc9604a2577cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
f54ef3b584adaae6dd079523d1c622d9

SHA1
fc6c22094a5cfe1d4f32b98346fda82ef2c5340a

SHA256
68f3a20b1dba43e04cb5f33883684561594a51e2c5540ed910ad6cdcac5b5c31

SHA512
54cdb99beff9ec06c20de34fdc6abe5d005604b07527926050870b3f57536206391855f7e87533f2586b3d27f6a3b42c7de7ae435693bcb80b6e702a7f54797e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
018bb7ed4edd01ce9e4f682919dab085

SHA1
a948368f08888aa51fd17492130dab15f68d196f

SHA256
4bc97c940ea086a700eab578165e775e6108c87eb3762111b38902b1ab23d17b

SHA512
7012229a005fe8b212fb294c1b5030aa2d30954b688c35803c349f8f1e0aac0e5953e2d7fb29aa329ce80863a9b07cc51bffcb71c36a14d036ff4a996956ad2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
120KB

MD5
161c9f68dd6996c770efb065a6510e07

SHA1
216f7fed5f5db07efe6700bfb4d8f4b79d266336

SHA256
f2a1987a069462c37d8e2379af3e7ef743ebaaac9226d2c0cdf676c5388974ba

SHA512
7431b5c01e499f7c818e1f7f8e377b16278150539a9b7c45dfa1d9e96d1a4469d7bf6c9239dba993878cc8ae095beb985329d0a2db61c87d0ac161bf0e9d6036

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
accd7f923c9dce49ca47ed50d481b06c

SHA1
258f8df29a88683f96caf45be1e92f51e229dda7

SHA256
c16ee9535ac733bd7b7a2ef8acf97ea9f564130343e35fab2ca9c2296685017e

SHA512
0756e162b05643b3c8c65502b818b8dc4338055fe28a1fc0cb017c7e770b477db40d5a8a01014c48e2f548f22d369fd4025f8fd5c51ca670c0dc078c55787f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
8da03394c36e6bb46f43611734345672

SHA1
d590bbdbe521fe45b4054b3ce828d2705633fca5

SHA256
cfe29e8d640db0181d94da331442e828332bd437f16eb09e6b54ca9d8f878360

SHA512
5c8baa83877d7b00daa34b5c217c425728940c2cb3fd15c71edeb546c2b36d6f7344ec6f9bb7e47096db04985cc52d7c066ddbbcfe9f92326a235c171536a221

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_metadata\computed_hashes.json

Filesize
5KB

MD5
b60565bcc498024ac6b314bbde5fc51f

SHA1
5a56ef1f2db4075458d28a8cbfa8c2016e132d12

SHA256
2789f5c2c30836bcd23b16b56bd75e1adb34464d81a0985c7f4333d851d5d0b4

SHA512
5089f9447e4f942109fa4f6d178269ac112bd404376561b13360e4fc2dff852b592e8880fe4e239f2cad83d718ce5aa079eba5c5bbc620fcb23c3217a048a847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_metadata\verified_contents.json

Filesize
11KB

MD5
0a68c9539a188b8bb4f9573f2f2321d6

SHA1
e0f814fa4dcc04edc6a5d39cbc1038979e88f0e5

SHA256
39e6c25d096afd156644f07586d85e37f1f7b3da9b636471e8d15ceb14db184f

SHA512
13f133c173c6622b8e1b6f86a551cbc5b0b2446b3cf96e4ae8ca2646009b99e4a360c2db3168cb94a488faebd215003dfa60d10150b7a85b5f8919900bd01ccc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
671c366435107baf0a04a47ad00f737b

SHA1
3784f664ef0c003d077020245a13612655676d95

SHA256
f56a72ccaba0cc0abdebde448f08f36e79ab268453f2e018b3790b454967b61a

SHA512
ef27136385bc38e0db82dfe23b8aed0816ec728d3f64ca20250a9a45a1b816c2e633e2cf84435cf4278fb7875b1032a6c2a6e6cd198f7f65673cd9aca8717a95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
1e61ee85508b6c2c085a954e53f1dd76

SHA1
77465f45db73cddddb5b22c675552101ad979ae5

SHA256
b21d7622a324b4daa9235eef22bb147d1e3974f1a18ac8a1e4a8b58e84aec362

SHA512
8438af9e64b0154058b2d933c6b65b3543c4a28cabcda3ca33d7447ca31d0276a49541fa743d24eb0f046e7befc40d49482a5a95309eae8461ab19f65587333f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
e1668298940fb550ff41375ffdd63ed6

SHA1
e5e8a095327e763c9e3965d00b19388a0d6aa188

SHA256
c1461c6ee92167a2929719216009bae9e156f1812fcec379e055fdc1d3f923e6

SHA512
82f61f1a6059e50019504c640d62f09471815d2a907ecca680988d9c24e776d2297117e3bb109fe41cbe842ac6fdcff7cd15fc85f49fc2aa7b8282abcda6d2da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

Filesize
1.0MB

MD5
bff90cd413f7b1e801a0a5614b72a259

SHA1
42741155fe244ca6d911de6ef928cfc27264cde6

SHA256
12db9bb9c2b5ac7915d25e812d81b4898b012319625210a826e96424d2168b07

SHA512
88e191711e54769d9f3b4b01b862bbdd6efbd578cd70f5c71b3fffa1315e6e6ef82576a08f9637324925e70248c63b0bf59bdae53cd7babae2793295ba33ca72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

Filesize
4.0MB

MD5
aa2c0cca70f45fb33307dd584bd64691

SHA1
a2bf75b2022ed6feaae9d47f5fc114f250546f16

SHA256
02cc816cfadd963cffe5cc4af16b7851e388863d41d5335a9751282a3023d8a7

SHA512
f27103a04af2dad8b8964d412c1b5bd3fd4a483dcb6a2378c04efc742b1eecaa46269a4b702e32e1b7e125e64f57a0882b0651d9c30d7ea2ae66c6d9502959ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
f965e8f6d951f943ff94f5559e4fd5b3

SHA1
bc03a539f232dc3d1c4db04a4a54dd878259d829

SHA256
ecafbb8e8955e5cc4b9954cd3c8dc8e643a03b9a14b6d83d99109e80fae90c8e

SHA512
b7aae8b23d03b77f16621c02071db481cb482ae72389be4b6e069a60e8816c93224664db3e6533d6b65f7ca4b72c9c5cb618137975ba505ce093d6a4cdafd924

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
59ef078c54f7a0eb6efb0e2acef3f441

SHA1
7be7f66fcadf497a45ef80b3f70fa4efaeffd0f7

SHA256
67e987889464d6e5ee138616b73ffad9140b9e24f7f133e396c622cb049aa5a5

SHA512
a2333fdcac3fff578335c278277053d194c079ceed0013e6707cbe3c81682cd2313faa9125a2c3d1fda6d5098c54f38c9a818ee3580dff1c5c3da882b2337815

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
686bec2162dbec937faf3618573efc76

SHA1
fa8173e837c4ecbcdfa03204a826d75d6e12bdba

SHA256
79acbf70bb6a69b0fd658e618a48a27984920cca517c58e9b00c83e0e5a285f8

SHA512
8d105cb1eee3b272578ed11d2bca54cbae73ca8b6741f8b556a901891704a854b2c7857e366a5cc02bd7b1a54d50a2175ca7671ef1f77bb4417cdf72cd69efa2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
e24ba827fc8c507d9dfa49eb8deff617

SHA1
8fd04605eea937b89bbec96b96e9412e91c4743e

SHA256
8c0be3bdc0486503b1a80221d85a282a27e75fa1f3411c74a2079b637cbe4656

SHA512
36b51e34174252bd1edf2fff78ea6b2adfd2215c06b151ab8fff228e668d7f8e87c09713885f825699a579a4cd8015bc1985ad07c7a889a8c62f9f8a53027fd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
4bb278cf525e1b88de4ae6b868209f31

SHA1
3b8d145d992ebbff725579c5ecce5772a9f4f949

SHA256
0ddc9eadb33a06825300aa32f6186d9dbb45fa130093ba53958e7c5a3761a368

SHA512
3e750ab586122dda152d345f87df716bda7732ec55e38539428b6e234c11d5591e8f04a8b4044528c5f30676db7cc60cc79bea57a824b3c7786018ecea352c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
e5eafac54aa3e4c668512bc997ab1682

SHA1
c63d49959c17439f06dceaec486d9968fc863197

SHA256
c848dd479e36abe81c45d913a6e226b3cd9e7a816e0c632129c18f1dd7b3bdcf

SHA512
b4c1a412a30f1d98fa498edd371149b9a280a7fb4301c508a8d8d83981e0b9b8d8f506c6e71e38fd6dc053d2dbe9b215f6960a84a3d36d4ae0553be239a03b28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4361ab52b4c9164761aa2ef8ba7034d1

SHA1
30c4aad303fef5946a50bac061e3ea762c8130e7

SHA256
4b72e2f1b97d0c7a9b734ad62870c1bd604b7bb4ef4f9b20727506c26d0cb3a3

SHA512
418db8504551819d8068918cf17f41e9ea6f78cd68b1d77590844bbf735db74af8a998fb9191e4bdf11e982cd0f68718db026cbb0a1566bbde474c33cb8c7155

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
68efab4f4d8ac5b044ca8f8a75d37bdd

SHA1
28f9b5849f90f946cf4b6584d49b3733bda46e98

SHA256
69f34b3f63429676581ac28aec3e6b34d6f656712a52ba0fbe780e414194a481

SHA512
6a768207c11f8c6d712f4d23e4ac75a77a2035255e5745dac6cfe078ecadd62573a329baf8fb8904abf8bc4d67150fcf91fbe6547b70f1fe5135386a81406696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
2eade2718c9af49183ecc55120dd2682

SHA1
01e04fa350a6d8071d9bcd6cfd0cec469c7fe133

SHA256
287df761a1df53518070516d280bd60425114e0628de89881fa474a8921c9afb

SHA512
4a6c12e0fb1e9a5d31bf6eeee071018978af27a9668a4be75e0fb49e5afe2bdb640824d7b45690300185d2f2ec43f2f2ff9251940084934e3f4957144bba7e49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
95a64f4a55eee07c8b2f2ae472bdd3af

SHA1
b2773081f1557437c6ce3fb88f355e92114ff64a

SHA256
7b1d314d0bafbe5580846237c116c1f0c66a302fd5bde83562196d922b4181ce

SHA512
ac9224edf9ca707a8c4a88fd447c0bc5a814ebffaaf9dcbd303e97dcc5f97aea8691d70ce52aaa4e5892f7abc5a53aa28bb68cac8b426f8abac5279cd72223ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
16c80248c039173d7160d3a141f0a703

SHA1
87d55cf498cf89c64524bebb1d556f15e41effeb

SHA256
73a0b50deeea3e1ca25fce333ad3308001328105789fc8a04c500824abbc9930

SHA512
ce0e4ec9a519b9c70e98a2f1fdc2b2cf66e4102822217867995a28c80f310fcc0c25452ffcb2f1513e8477419f2864fa4be24778efd1d6b82c0b35a586b1f620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c74e4a2f95eef11db5243fd363d14c37

SHA1
5656d92d2c6fc5992106f688bda202e779e36f12

SHA256
ffe8c8e77f1758a5d618661c7c63413d62d605d51b7a9a14d6deda94b67dd800

SHA512
e89c1e616c4fca7465c35f5f198fbddd0ba57dddbb009eb6662d1fd514276a6d7bd1ea0da2ccaed03653fd9aca912b811378caa8fea2263185575a73b54effb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13380666779365763

Filesize
825B

MD5
eee0d20e29c7acf25f66a17b9bf88d21

SHA1
0f4d300434402967fab799f420e67e1f9603ff07

SHA256
2cf98b13fc8c3372fb8ba8e86d9086889b9b531da02380e6d5b4101bf0ab5724

SHA512
c98ba868165354b1d6a6bf575bb9ef77806fb7fc0ed367d792bce2e68cdb0f173e46a600181579f33bbbd7fcf191d8955c599551ad15a45473603b2cacae5ec4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
d8f0f062b6cc1339e9346fa7eace3544

SHA1
65372193ea39f305df884c9ca8353d76d9ba66d5

SHA256
fc7019583961adc018fc1bf562fa428cd241d8443135fe7213ee189235633ca7

SHA512
ade514fb85da4e1906d0efc5fb8db36647fbc2884a62ae78b945b4007ab0114f27dba0ddf0e892d2846fadc3c34fe5abdf5da28bb6c5567ac27c1e0915c01c57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
348B

MD5
b009fd51422f71fbe7a3a657c5a7b73c

SHA1
fa1f8fc7335b101bdaea1db4d90b1d25d416e09d

SHA256
2ecb2bde9b9bbd3d77f584827de62fc9385fb9828dc99dce676c0db35ad45284

SHA512
afbe1175e26a05beb07c0825529f67e5da280df6ce2bdf131da7d6b1235dd13a0d50858917d49816152c17beeed65e72bd1f7fa2e09b0dfaa5fe19a2284d7329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
321B

MD5
fb1aa6985ad2e2fa5f81cb998350d0b1

SHA1
4581c2e514b048b96c3d412b2508bc8d5ca6da90

SHA256
fe43d0b2e16fe9456ac6700b0558eabcfd8d6402afaddef33fd7aba189c022f3

SHA512
50b67bf7bd0ee83d3099f438327625b986e3eab536e2739ebd405f3a8241736352a8229660e4f889f387cc1a06013acf836bdef9b5154d679ab16d19aaa6fb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
a174a67c035011f3c986beb20fe1c70b

SHA1
2933332bf52af92c520d460e531669d53c2c7464

SHA256
b2c9cb18a039477407f848c6bdb6d0711d7222f96ced76c09f25753015742f08

SHA512
10e42135cfc8d16aff21bedca9a670d3eab12bb4e85c0908bb81bc7ddcefc7561d6aa7a91dfd639289caeb0813c913a4f33ffe941441a1e513d3efad8de8854e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

Filesize
40KB

MD5
91392bcb7c5ffef0f517eeca31b4e5f0

SHA1
48db42ade2fd6832ab96ecddd41f75d2a26bf860

SHA256
73f4e88f2ef719fb2c3b037fb0985485dec402acaf25a02e6b3a253ea7fc89d9

SHA512
76aae33b3c412b83a1199e68407812b685da598b9173ba7337df7e18cd482e7434dcd3702eed93c36fbe61a89c77147b33a89c5515087701548b549fa93ab41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

Filesize
8KB

MD5
7e101830faa48a542d44fca2be48ce89

SHA1
fc7601cdf4eaba3922be2cbb94180122ce2a4e5c

SHA256
8cfa090cd650c8cf466ff2d4871ca4a5707e27941115c58679bdbabba712895d

SHA512
7c9bd34223270c2b63e69ee81177b8f3c25a9da3269420bc14eb23264a7a862a5fc18c9452b1e268fddf28524e11525f73b43120f22c0f6833a084c6c433ee76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.log

Filesize
18KB

MD5
5e562bf4516b42b144f88bcae62d8523

SHA1
f7c92a2354ccbed149759eba3b3e7acd76c4b207

SHA256
d99a36a22a85ff794b73197c9c0c576304da6b518c04b605d97640ba50e5e7fb

SHA512
6b2dffec8a5910d6aead2ebe971ded2c3d122067a7a5b736ee8999ddf88a9ef88e3a3844dae4599205dcc5e0620358c8ad0f4a2693708ec8ae8939f82076ffc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG

Filesize
317B

MD5
7ffb14c6d2245fad3f1ffb544da2aa14

SHA1
683f1aa57ee1f82d90296dbf92e28a2b09a64ea0

SHA256
7206ca57a38f31c39cfb64a7e2d3d8589d9bdacb86ed1467392227bac3c80d78

SHA512
d5424ddda099c0ab49c69fbf98538756770ea655d755b5ccd396baa153fba69201c3e94d44ad7aee71c120d242ced70be1ccee164a1298fea2f3ed272064fd19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
87e150ac07b8c2151e038afacfce0d3c

SHA1
5033fd042296cf1c3e6e40a39ba34355858cbe82

SHA256
da491fafbf84f8b2e7552459a8da2f392effda03ff28442efb6418691017d87b

SHA512
406ff08e06776a0a217b868aaa0ed53b931a20cb75ac5286189ec9ce066f8e46092f9e6f906aff6184b6975f267d57c55f919396dee632bf88f131a66439d28e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

Filesize
335B

MD5
26a23e453b3ccaab7f202fb960350f92

SHA1
3e7fc3935cef653ba6125032f63fa8be327e1d31

SHA256
c9003834830750cd3d6c26cfa0b3b3dbb7f903882a150539285b434780879315

SHA512
57a80f2ab540e9d9a1ac35c7c9d0933696ca660c0f7fd0a5232944fb092942d85ba877452c87e8dd74363cbe378fcf7cee83f96e8efc1ffa6122ead226409100

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
79adedb2469d5b2376d7e15504a94e5f

SHA1
35744be34f0093905e680432e154398c93b1c1a0

SHA256
ccb8d92bfcd5311cf9de6aa6d1a63ba535a2942a1245f92332056d2bcea1ea4a

SHA512
a6316773f44d4bb893e10bdcf417de3800b59456a01fc7903475b65dd6ad95036cb96d487e295eb46d54a32ecaa1bfd98d570b26fbd26c95831602f15d9104fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
119KB

MD5
93b09c368a520cee25bced6ceaa74aa2

SHA1
889263cf765d946034432d1a15e8cedc36846ed1

SHA256
3c78edd54d8f0f231bcc5aad6648bcafcc8405d754074a580210135f5ad49cb3

SHA512
64ba3fc2353d9b0e3ebe33537b761b30ffe0c7f361de158e65aafa41a7bfe40e6f2e3c2fc57b4ab763123c11f7398755fcbf5aa2b2ac43d23f0edb9180fc090b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db-journal

Filesize
24KB

MD5
f66f23947a1bf039709ec384cf357f4a

SHA1
d571016d09edc875cb089f8ccc680b94385c93e2

SHA256
1119f2a0939268d562fe13c7a687698f9d8cc20bb3541c9dc232cb0a3f9ce5a8

SHA512
217f6378ddb1f2ec1f35eba5e7d6dda2017104786f7a95ee48d2984f6935ad5ee00a5f90b81d9398cd3f74cd5df9ae19f3877597bbb5f7dfe3327e8a0dbc108c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db

Filesize
14KB

MD5
d36dfafb2c70e6090ccf6b4717121292

SHA1
46c8ebe5b99a5442b4df96977fde6b9adb0edcc9

SHA256
db844248e78f755b741a27ce0021a44b34295e555e279e46f858897b68fe3be1

SHA512
c6526744653273962c0594aa232f215f24bebe2ecef20c7103b07e12eef9c29d66310dc0be9fea13e47d041815b5e06b2a34580d0af1fc646663fa02f8025897

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\activity-stream.discovery_stream.json

Filesize
21KB

MD5
3336e271f9a184e19df4a672066597aa

SHA1
83d27e23e3ff942e15f5c49f9141e2fc345e261f

SHA256
e537b428fed48ed3e68d1707c7d5ae27eb13acb6970a7a31ed06769e3cf99465

SHA512
f0fb771ed1e45e261d11b5ff52691444919c97324ac8c30d3311c9143c2c2f1fbacf843377c5cf9f4706a5f88082a37806064e406b47de159bddaca2eb3309fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\doomed\16177

Filesize
65KB

MD5
86feeed15d7edd2f8190e823c031570e

SHA1
4ff385895e10d1b05f15204ee74d607564950f0b

SHA256
03b38d04f5832f7b2b49e54a4c75d78edac5fc24d3b3d8d754a7193f6299e3a9

SHA512
77763802ec2fd9e6acfc8cd0b7d82f966c9c9f07eb61923a4c26f7204f583e903f6a5e5568e143dbdb2842b8f4b660a36f560cffb866a7857d2051f0db6a8bee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\doomed\19162

Filesize
38KB

MD5
ca7fd0890c2c49f2496560192d5afd42

SHA1
a78eb74c803b7c2f2e755c08029165293478fde6

SHA256
360ef8dfffbd35fe8195cb564dd9562b2a3f3c924eb10b4834846bfa7808928f

SHA512
5aa253c20b49ce407ae335b3e2dcfd4fef70189047659762604456bfc8d34dbd733fa128d779092931a8974aa052a32954b042c9e1c38133eeba31b1cab76b3d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\056FE22E170EFCFF3E57BDF811DC6A550115DE80

Filesize
173KB

MD5
5ce019ccd2af9b204bd905d05bbdffa3

SHA1
dce9b455313c1583f562593c4979fcefa7e6fbae

SHA256
7b53bbdb389c4a076b00c16d90b4120b2c72410e0db708cd2908864ea981a631

SHA512
8fda9ceb0ec48cf3820f61e3db3eaaf241390620ffd5122a4bc4a99c8b4b000807e29f5ef10b274560fa634be688067bcbbff5385bc391c959645ff01fd79a0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\0DDA50E47C3B1638095AFFB5BF8E5028FA90E3AE

Filesize
81KB

MD5
87e45f3a293c40b58eee065e54ca15ce

SHA1
a537f698d7351276a2499230fad33635cc45fa5e

SHA256
f4ada1a779ae456f5b458c374e927869e77b43c89da5bd07605efadd92514ea9

SHA512
25197db24e6caa2913574e914b355a81809e6cdaffdee9f5fef536519a54e4c8f74976eb0a26f83d7d5917f6d8cb630d4099edda21d663ab3b656a59c96de6bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\105D8D3E5AC972C7DF3C14D8D7F690E034131696

Filesize
89KB

MD5
cc591ddd6853ff8666a3a0ea9624175f

SHA1
c12b313188f049c2cee31b5736d811eaffe821d8

SHA256
84774ff9bd473f31efeffd76f4f6d41b3b48a54384722c4c595817809151a71e

SHA512
68cde218de9825bd9e9f7ffcfb59968f176034539f6b69b397f32a2616f32e373f85774db1fdbb2f74f692b29adea6a89867ec323fd16c781eb0b0bffbb54f8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\1CEAE45C047B1428410D2893720062C74BCEB3C2

Filesize
78KB

MD5
326b7c05ca350f749a6b825152e27d90

SHA1
5f9d8dbf6ec6e29ae8eaaafd9ede6480dc47a6f5

SHA256
3f83c722807af0653133305a4a7485e7bed9af06969ac6c2201393d500450b68

SHA512
a30c0ef7f1fdf80a3f10dd895cfe799891156facba99c84628f92e240ab1009a6d9ac9eb3ab944552355e30080a65115e49e785558c1c5aed3f95ee918fe7ccd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\239E4DF0FE01543D43B482C56D4582301178FFC0

Filesize
664KB

MD5
22abc9b019e8dc5ae29a55fb14edf23e

SHA1
74bbe009d2c8da197301ac2a6ba7f36743190e59

SHA256
bdb610b1eaa0eac774759f18685ff50e0cf3c5cac793805c00618e8e300ac2a5

SHA512
8cf8b5219e9060bb3be690319dbf20cdbbf5820e56c098aa9e8b165cd77a50c75a55cee2627caafb44e197e6d1814db70d95b6ad205416bf8d76994ccd657dd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\23CEB874C1614FA973DCBC9276A9CE1C863E1A0C

Filesize
123KB

MD5
0827091fc45d3f28fa450c9d829269b4

SHA1
4b3669ba428360c56810552f63357ba336fc66d1

SHA256
53c5df52f3b7ccbdfe324ad230fd1d6e30e8f29dc8e1f2b8804acc46394e74d7

SHA512
7998cd3aca6cfb74b956683cb11568d0e992d18f1234c33ed4996b834b9ec3b91b53f51dc0a98a926921a175eca52797267cd335780e19184977a623d01c8785

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2414A6066737CA69A54306C268BCE79FEB27EB99

Filesize
129KB

MD5
060373fc906ffa266341ac6a1db3521d

SHA1
9b94a84de6345a6d9b95d052188be92edf3ff435

SHA256
ba090153f3fae97051806e1632ce8b302a6487d51bf161ee47cb4b73a5a25759

SHA512
b092797b840e50348730d8e55acfa70cb9d5b8651e51107657f99782c393bd938c2a68fb68891552f6dcd4c25fa18d51c1db56c79d58b198abf3d2ce3b8a8c94

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\2681DF1C05D8B1BC372A0505C935A59887AC240D

Filesize
44KB

MD5
97d7e5ee9808cf92d85dfe144733a02f

SHA1
ea7b71b0a90f9553cec169866f71b19211b306a3

SHA256
b5b32885ca5ac9b37b1fc348f7dae96423fc6e5fa9108c7b9e768cde7eb15465

SHA512
d46e36f6b66b167227d3431a6efc37964e0bcf1c95d8c62e8a6625230c627af077a6768ca17f8bc99aee6ea143a9f630a15e5ed0c6cfedc9088a2198cae5d4cb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\28C80F7CCCBCA07AD3B3CA41AFF9F6BCFFCB2CF8

Filesize
132KB

MD5
d54548ba179a313bfbd5e207def9b8b3

SHA1
aa869b7ddc858a3e90d063c54ba9368c0dda9baa

SHA256
831ee3d7cbeafdad4ff7127171c1f3881e54499be6ae9dbf3ddc03c374ccd0a0

SHA512
f4ad706da9291aaffa83958193eee194b974667aaa0fe440fb6a40ea070e3bbb1adf1d6d748079e80e5fb765f3ce55090e21a459a6cd9e8de3f201257047b5ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\37BB0D118B150620421D3CEBDBE03FB4F91BD82D

Filesize
541KB

MD5
92ccb858b3a7c149b9adf6bbe8045309

SHA1
1e068ff6df67f328a138004e98a4a19913a7b7d9

SHA256
2c47541e31827315ec1ddf76743111dbb8126439cadbc7c0099cb5058dbf4682

SHA512
fc5e3db36d70665b305c2a108fd3e052fc5cc4d314f6e1c64721f078a4787efcf6b6f3c1f3be96e424dde99514429ad74cd990e2bb152b3585ff7734c8c81422

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\3D7CF4DFAEEC3AA879D34373997914E7E15B5D5B

Filesize
74KB

MD5
fbe217e0ea2dd3cc8f707422f5467d7c

SHA1
88cf7939023fcf001a5c6b943256dc8e654c75a9

SHA256
b2b14d08bb8cc13d6b98e9cde5a4f66845d6acac2d45e8969d79dea79fd0c743

SHA512
1f26bff8d3f0b668559c07bd85c00013eb5dbbad8a9f4aea65d2de935df721019868896ebb2fb90da165ba29a4e358604c0f1da68c25baddd786543f6e96a2a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\40A8F58CFC1A23A6BAE836E45F467F9B93975806

Filesize
41KB

MD5
7e5a474d5767dbdef49307c661cd2983

SHA1
3057e73ef1b0821ebf887fc73044a00d686e9763

SHA256
9b14aa6c9edae8ff5e605b197af275f4a0f1c7558de851368039820b5bb1438f

SHA512
988967063bcaadd6badd02bf862e90fcc4e0d5b4a4566afecbb0325732ab1f948ed863e0ac766cf0142cea6e064f3e337df21c623e0c87b7e785893118f34bfd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\48A773B8B92BFF039D7CB5A9DA03A6DC953D7D7B

Filesize
43KB

MD5
fa00cf60433de03c3515f359aa298eca

SHA1
3d8bebe0e904ac714b4a3dd6679d8937a7412404

SHA256
a808e3a150e6becaabd0cb12927e3add0e4d93e433e2b5eca7ed0f1b51317a11

SHA512
b7fabd9eda0d1b302e90c32a19e08fadd84aae4862a8e431206f53a41bed3b33769d865cedb513c1204f53316ccbd711d3f67a5f68f8f2be7c8ea73b5e353ce9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\4A60037773EB0A765C644134CD4086966064E9DF

Filesize
80KB

MD5
17c33259730b6bd45ab2d63d62f48881

SHA1
63bdfa037f99070d04a8e7400abd91302a78c247

SHA256
3da2c5377289f226ced0b012f03f760f9715f2dc76818da29b74d8190a453ef6

SHA512
aaabdec471c495c35dd71f9c9a6a22631e6b2b43f45f00fcce90b88d33a48705d8811d48b448734b3eb738d80e33713ab665ede457ff04bffe97cf427c3be642

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\549C94847E35BE89DCE95DF86EA39378F22E5078

Filesize
1.0MB

MD5
41ae7166a6110d4ba6eee985a77fa006

SHA1
412b1e98464bcec9933c54258cd1b101fe809320

SHA256
3bded70c739d9cfc54778c64425849202f1bc5b4747dfbe49d9528c2f7ade03f

SHA512
73d6066cb7ac79df03ac338abff0b732af8147d2549a1211ecf758010766a2e05c9e9444bf5ce6a046ec35d00e547cc7d67e798e85484db0bb0d253ec37deab4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5B2229BDB395F90BD36DEB8AC6207436CAB7997A

Filesize
76KB

MD5
40982484b26ad3affc3867b49ab72d47

SHA1
114d404ab87d05adda781f3ec36600fa13cbccd3

SHA256
5fb473eccc3bac6a159c9c3f7fe294564c59299ebcc22ef9429eebd088d693fc

SHA512
e3b91d63ff0f63ab1b50d982e176e6377d5ecb783c11af89de1644f5de97466b0eb1baf575b17c23c73826f20c8febc470e50cb9a5b19f00cb0fe468d502ff4a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5B5F81C77EA4A0D4425E62E3D6F82E571526EBF3

Filesize
34KB

MD5
93c047b4c684a3cbbd8f9b82ce758a29

SHA1
69d4845fec2707a38b5a96881bb74681ab5cc467

SHA256
c5f49226049b3b2d8092a448dde92fb9341ce217a7d5ef96377c839d2f758c5c

SHA512
3f912b87521153bd16f57bcc6fba934a30bb7ef72db7ae0c8da9b6a0e0b3ff9702917db79d8336f08c77198490cabb3b2060e0676e7b6fc025b2e9247c62a830

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\5DAB5021D00EB38AAC2852C057275F611A27280E

Filesize
91KB

MD5
90a830f293097f775e467ab33668579a

SHA1
ad452f1f2e9ec2030fa1a1c3b55a12d96f32408b

SHA256
90a7a53c7ebf6f769a9af78e0799f2bae7602e85c5bcf1dacc5f59f84396bd40

SHA512
39ba1d0c14b17ab70983ee27940138fbdde42a13f8c03ffe3f625d3d464b67e4d21067ddf288b675c08c5771a18e1a7ed0ffc6172740a0c8c9971c2f10016129

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\643973A72CB665816E627CECAEEAC7166A356FB8

Filesize
114KB

MD5
47cb0c82e01a86f3bdab68dc56443103

SHA1
82e8302115f48db6e0ab5d661141ec1c47ae32e0

SHA256
cfe2f5ef32fdeac85fcfa68f9abb0cd168c5c67e6a0c5a9607ecf880af56c82c

SHA512
dd42d979309c23eb4d2eed4a8560c22c1a4d0bc14623a0a44245013568af130925ac186de2c543fd7fb0d3f0992a8df6dac29a1528a046c566500bda6d1cf93b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\6CB8DA195B83F1EE369C11A33C63581DBAD64D6E

Filesize
96KB

MD5
876b59ca5b86934b6872b794f1c84c9b

SHA1
516b79c7f187451cc24b3be90d7d68be8683d64f

SHA256
82f1c95b900d5c3e4daa8148a460f24cb67ff97ff0078e1f477c0ae6e19a1689

SHA512
4bffdaa1afa1d63cc23a7f3b6264b2f0fd66ba34e60d273b44bce671d17c54898069f5af4b716a32092cfe08b5e52aae8f14b6577ac1273c06db72a8f1b17af2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\6CC018184AB2CEDE13A12B468231840323786EF1

Filesize
75KB

MD5
a2c5d5159370ae145ecc5c6b7c1021c2

SHA1
75cc5a2b7f9f212cea0f5c510a3032f3d265dc8f

SHA256
aec6310c3291f4ba9875201767a289d0e11ba2dd9a80ebcbd7bc492686682ff4

SHA512
547d1e52cbe1f77c16090ef432e28e897e27b05adf8259e5e14c3f3a974767ef27703fee909a34f48354867ee56cad2d95f0c529266c8c2f04db2bae3b11347c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\803878AFD184BDA1D778F93EF1DF4C2879F75E91

Filesize
30KB

MD5
c0f50ebe387439970f49867d97e95cab

SHA1
bd40c2dd8129d23cdf792991f8a9229bb414a139

SHA256
871e53a97ebac63c1599d246f2ac372ea7ef36bc5bb24d9168e3112fcb08567d

SHA512
e55fa1722c41de0d054eaefafbaaab9b8c86e575503531a910d1118ba676b2d8b24a7df6dbfe3e965e470d248728d864413330b1275e63acd19e00db0281f834

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\8FC913831B9FA76A287AD81C3AC6702280163985

Filesize
115KB

MD5
80dd2529abfea73db2dbba8426d1ddb3

SHA1
d0a6b5ab551bdcabb64e2d81f335e54b154f1e70

SHA256
6aed43e535c38831094db1a7ba888e8bf0081b0e6cd44e4ba1960ce2779c8b49

SHA512
9bdb2c496f6ffde5c35e4badce204563861198eabd6cca9df6411ab458080a3ceeb6ad089c52a589e280270296c7c6ed05819805164b9757aee10949ced8afc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\9B4ADE18D4C6D4D7D38F8A06CC927B6E10CDF2A8

Filesize
96KB

MD5
3e2a385dedbd5878811bfb2004347b5a

SHA1
9c2ae35339e3389773285fe6d3ac711b09b70499

SHA256
73c7ac65d76abe8cf333123397c42ce73278052a3b7c2c567bde7c70d1ad8758

SHA512
d949e76fc3df821c4fad37175e6316b194c713c46d1cf2bc1f027c1013d85b81929129b07b6f499214495d41a3c13f3b105ac2776b7775ebb2c5dbfd0197a17e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\9B5DC42D011707A272F4010AE622B8F276F1ED8E

Filesize
45KB

MD5
3d32378df92b250a213ef7d2f426108f

SHA1
9376a6d5675eded5ff1b0d04463ea0f900dfe0be

SHA256
6bc7f5a3d177b5e844a9c534eb024869770d7082c941fcd9adcf17da9efef7f2

SHA512
42d54b94f87ff09c0cdffd9fb2cac6c45d73a9311ed4e689ea467c80507cfe82998b9fae4f4c21406ee92c08da4ffb7208baaafff807310c9050e6ddd9360ba7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\9D033246B88529920FD93FDFF568F2C5FB4176D6

Filesize
137KB

MD5
64f11af1983d918708b548ef3c0ed0ae

SHA1
c89b83396c1fb5559d851fa4ea8c960860342643

SHA256
002309a3ff5ef64f7d232b346382a0eac9b8086a84eb96c17c1167771d005a27

SHA512
b135a71a94499bd49560cb9e0a9c1dabab52dc09f7451db560a28df68ecac00f433cefbe3f0ac28f5f88453cc96e0b47568a050edda0fd29f31069956d78657b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\A9B08356EBD30B2479D50C01DB7627B8CACDA442

Filesize
97KB

MD5
e44f3a9fd02f641b540fc7c61db91249

SHA1
0acf527f0be60690deffbc5256222c47098df910

SHA256
b64c1ca8121caf6d6511736afab136329e866a1acc864558677f2b533a4415c1

SHA512
854aa616d69648489c88c0d3e0288859e4e035d3e137966c9c5b17f9efb19e0594eb6a53d52487cf6cfad1598514a9184092744c219be4ef892eaa1f6fffa97e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\B187790100BD56D71A8A1504C32496A1DE5913C6

Filesize
335KB

MD5
a778c12225e5ef42e0a105c2947db9c4

SHA1
4ef1e7f480bda921d450e414a46b8a05c3932de1

SHA256
31eff09240a015342adf709db470993d6215349904e5a323244771285d208eb7

SHA512
136fe8ab1604c1ad18b2a1d2619e3c7cad5a65b52d511774f70ee4fc41bb3b5ee989158002a7b007b9146524fea1cd01e04880d50c4f1ee5a6dc47037667f5ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\B3C793F1D7ED3436B198792C08E58BC4D83E2D98

Filesize
102KB

MD5
46e77f160b63755f3977f91635900bb7

SHA1
9755a63cb69d679903b2f043da7d8e6c4b869855

SHA256
64cbb1123ab7ebb9d9f34b9d79f168f00379c894f5f7282ecf570ca358481737

SHA512
509e2f70bacf05e1241f4e89ddc94e3ba017e1a3c2ed346ae608096e0d53b8f5ef41e74f46b3413371d6ef3bcc1bdcbfa035f68b5922f02aa51ba9e1edbc7610

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BD8367294D6A3B91023781474AE564DAC5FADFA6

Filesize
182KB

MD5
aa5c6edb3e1873aa73cf6a06a49d885f

SHA1
46c8e07243216c01b09b042282d180d9e7466cc4

SHA256
2b482a3606cd9a3edf24d1b2c9508b28254d496a68de2ff637575ab4adab91e0

SHA512
b81245a30d743d05d9abfc861b77cacf8690f6a55113576f1d22e2af273d386f0d3afdbb944deb1dd6327ddec738f3af71a68c289d158233300fb300039524ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\BEFE11C9B3FC844F26C5662B326E4F9B52127B12

Filesize
1.1MB

MD5
4de878125facedf8cf376c8b0fc9ac4f

SHA1
abc2c37b01f8689de524705403abd118d16d293a

SHA256
0dec0d542d821f00f7b7c7e1816d0afe5c815b816c281f28a23de333625bd824

SHA512
1488b72241c14d838c5b1aa982d4ff7f821769245560fde94d945844c2b78ede028fa48e001ac6e66cde61bf3b040a3429e768e246b4b832d0217de9442c59c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\C42D37CFCDFA31FBB385E2983E55D302B07DDE65

Filesize
59KB

MD5
a836ee742358bcb8b57260c56a5e1b36

SHA1
53a750b74368d0db4c89c49c35390a477474de53

SHA256
95732b7ec8fce0175a4e1ebe3c022a39e8fd6d3979b5fbce81426241b26ad5ce

SHA512
4d2526757947bf364d1ef990b1bad0ac0795c107db46231e061dccac1e977376b3495448ac7dc06f4ae0de31e8737c3c5c64f6782b62c69d78e03c5f9f8b1900

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\D7E34CA819B833A4123CC06D396546D15F17AE6C

Filesize
311KB

MD5
4798e946f58590836b06817f4a4839fe

SHA1
aa11484a9cbcd087104278763d94072c6a13c71b

SHA256
7d290d1b74003b227db89a42f39269e31c332b9f8998b6f8e8cd84b2f4ee7d5d

SHA512
3fc7c8923f9417d4f74443ffaffad4fc61382737645887bdf426b0bf00d5f589ed407bd6f0a73ae09210a6c88c688736902ec5b4221a85e026d9cbaf425e782c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\D8A81C26ABC76A2A15EB1824D896CD970576C9FB

Filesize
59KB

MD5
ad88c0fa96cafa496acdad5779d60011

SHA1
1410fe68890646777e10f01ec627c8ff5247162f

SHA256
a43056d0cf39cc9b8414e121c7c808608c1e040740ac677dadd9022123a7a227

SHA512
4239459ea55668284612b3f20188e1e343faa9bd172bc211ef77f9e990aefc563087c7d542adc7bdecfef69c0fbe918ac8e07d09391d754df040de59fd8c59cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\D94A678A2549B8A6C46FD1D1E3BF56749C7D416E

Filesize
368KB

MD5
84981d564a2120aaea3e6ed66e82464a

SHA1
4033d08db81b78df22de5c7c2ddf16a9f946b783

SHA256
934d900781f4699e6bfbffbfbf6849b3bb5a997373ee6e768ebefa11bf109a7d

SHA512
3faf077918d8efd0db5d001fdfa290711402c3d9aff60a84933564372b5047430983ac833de7e8f6ea89a2db3458848e2958f5c2200122367c4e29df1b006f3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\DF456E58304C9DAD83ED69C2CA536AC36867EEA1

Filesize
2.1MB

MD5
90917784f316fc22c980c74dacbeb8da

SHA1
180174858734d997ac6ce503889f2300f191919d

SHA256
386caf3ed76f53195fcc62b32341dcf8edc25e528cc4f7c400f1662aceaabdae

SHA512
241a4c33e332ac65d30a43012b3fd22c23966fb6090048dfef602ca32a57a6d2777fe30d6687703113692baeae71aba22861de7e518d1d59dac378200bd29017

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\DFAF798699EE7D2494A7287D4CF123272A2A18BD

Filesize
1.1MB

MD5
f26032960d397a2266313e160e5b41e7

SHA1
dafea4688828d21c3f3627606bb8ef0491ab76a1

SHA256
6959e267f824905c7b804f9b12f269118034c1393bfe0f2e55ebf24d414cd3f7

SHA512
59254043b7cc5a423b9cc85203f40fee067a8cf2a23fc7d8085fc0de7143baf84d8e26517870a7658beac7d87b18efffa5a804721db4f620a20a2c91c576c745

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E087E5921E38BAFA525BF7A3E0205266B7790BDC

Filesize
90KB

MD5
a551061fe11815ea839a53c21b043abf

SHA1
45fd203d7ac0534bdd0142746cf6206b69f74f4d

SHA256
35b311d7f506b8c9f366a6c74e0d5d0403f09502b9bd9b299f6400a320176ee1

SHA512
549d827f9bc9ab1190c20ba9c6efcc5371a8b953fd6fc58056230a553fb269d90930d375178bc00d771f8b2d78e2c215dc4b70747ea606648e44cd3ddcc76c38

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E3E096661CC12A0FFB4E42A32E6157FAAC411A71

Filesize
98KB

MD5
3c2ad55cbc664bdf7ceb142005f97ec9

SHA1
a624c9140d1ab87417b30ff8c9a04a084d35d361

SHA256
e9b6b01cd64ea3b616f75853cb3b4efb6dd0141e7ae0e6bb4a02520350d0c7f9

SHA512
d0eb85325621611c9e6a3b00db48eee994a0148b40e206af884a6e9d572019820762d563976b45f93fec942633142ad0ad79bd12436029f336c219178c3146d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E48A6030CCB01B925230F7A8F97D73AC3AE3CEF7

Filesize
84KB

MD5
ab6ecf1451f7001c174d26a6e5f37429

SHA1
08ff23e6903445d4cec601e5f22b4cf1eb55eb5c

SHA256
2d1669405d91279d0c9eae8eac05eafcf0863d1daaa19a28fd703403485bd9fd

SHA512
8b488a44b66654d565649969c49dbc4acfabdf65cc97a8fd7240301bcbccd3a86aa930aea4ef94d07ba3b8f682a0b74a4f4117680a1b113fe1d5080b77a60df4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E7F7A560FAB7054050F81D89B8B3096A4AEE843E

Filesize
112KB

MD5
59e5902eae84653ef69522fdfd4494e2

SHA1
98c2912239167122cb92088860f314f7b0ebe967

SHA256
7d997391f4f0d7fa92bf7936a4fe8cc56a0bf8d20686096a44b410a15f13e44e

SHA512
492a59c6ca3d32412b6e4cb3850c1de1df3a8ba84ddfa3ff79b5067d68bfc9b6f41cb64026df5382e337df9ff1bd7a33d03b8296c4039f35483ff20a1b1024e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\E92AC28E50E32A8C4C06575FB15D30B7E8FC4B9C

Filesize
76KB

MD5
4dfd1ae25a250f724f242e7791af6290

SHA1
14b93ccb305be84dd6b65dc436e9919702b3be98

SHA256
81f3df7eb8f0eaf30c1444e3328fa1f1b0b57cf37e3963801c0115b5f94ba563

SHA512
701a46164950c29abee47189f501f4b82f4b27b3788a0ae8d4f4b106f1181a4d56c873c91e96f53d6b3e080d86a0f95a188876bf7f1b07d1628452fa893aa136

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\EAF17210F28F22D6EBC808C2C1515A0B71A3E8BA

Filesize
163KB

MD5
4f9533658b8bdad27c288f38be634d8c

SHA1
6af46991e1cdc0c1605cce0eedb2b039ae11080f

SHA256
96fb44b5fb259e26ac311a0a91065fc06bc7aea036e1a31891e4b815ce5fad43

SHA512
0c1c1cad14a2a6a2d83e871d857a2df10b75eef1d06123de7d0a0b4955188ca099d68d663cef6661a8b1b9e07c9f00577cb4077dc1060690a3c8fdf22868758f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\F0A9881C2DEBC616F3198E74FF74D276244D0325

Filesize
42KB

MD5
b20fef35b6e284b29624eccc07b3ff15

SHA1
3ee8ff0f9afd2860c9890c74d7ad30235eb865a4

SHA256
2c1242fbad7af7dc5e46a4f5f92619c505cabca677fb2d09354df0935dac2a44

SHA512
22da94de6f6b47039616a85d95009719f719fcd108542db92a10baaad43362891d8ea91437d578097b4cadb85daa19ba3c2729ca3f95d58c4dd12a8b751614d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\F0EAF5000FD9C2A30FD2826A9F349C1386795C38

Filesize
70KB

MD5
423b324fcaad64757c861068ad72b00a

SHA1
ab5121fa0fdf29c0b790f05086d97f56f367955e

SHA256
73ad282c5f166da09f273cfbcd8618760ca89c7a656d12ba5d51f9aeae0ee5b3

SHA512
7e8d26504d5ba3f6e030c6e19af748e456cd9ac3b2d4cf10bdac3ef7b1c6a93229078a1f5eaa982734d8556ae27b96dd103db92febafc071b06974312eba55e8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\F37C1195822A75A463BCDB86AD26C84ED9EF9D34

Filesize
39KB

MD5
7f6bfac7da1b927d7940dc7182c3811c

SHA1
ab09ac63ea8077431412b756f0cb7b9846406719

SHA256
5fe5b74c1f0fc40d3dbcc01bc51c5ad43167a874a8fc3bed4f35f7334a86c1f1

SHA512
475c853028d041b8ef0b73ae4c2ac5e1a77b5073ac55f0cef631b6a2bc850931cf10b3e4591a14fbb18fe3178f735ce1cc4bd88be457a95d185de9254cc9c521

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\F7238E2D6FD33D777BA92C46B87D7C03780BB3E7

Filesize
792KB

MD5
79f532207f4f54b78d22e6e3578eddd7

SHA1
0e8f257c822995528e62b7ec64481374877ce7d1

SHA256
005bc0ee681fd27acb29a4b692e069cf34169ec4a672ebd155f4935cc5ac2a15

SHA512
1a071bc65046b4758f42e4394fe38ab2b020b2e57bfb63d9c5bf84130622fa4b44a69d347a8f83d0a788cda84b9a3011df5229d6d1f47b8938ca4fd190b9657b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\FE4E0AD9AD5C7DFC975B3B894E66CF3DE2AF3753

Filesize
15KB

MD5
045b4aff410112284d65e9b3ba0ff717

SHA1
c30a066959134b133617de857e836392a888323c

SHA256
932cf64fab2f570ee2e02187b1692b3f4af1453914ef795e00079c81e4a67501

SHA512
3544cb171af00851b02574ef047c13ed4cf9522f7a4cbe32d2f9c6e65b568d759cc080585fcb12a038c5f6c4cce49a753378bdc0d0a68ca36a6d1a472bba9767

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\cache2\entries\FEC5072251450DE099C22F79BB84B123D6D904E7

Filesize
145KB

MD5
39d399a93348103b40c0ef2cc9396f94

SHA1
a36f01aba5662d0a614bd77fca2ace35f22af2d9

SHA256
a153c34e9b6d566377c6d20769d07f5304dbd9e34007a5b8565502131a97b4ab

SHA512
983291c3ad033d30e3914d3dba5670657d3291198c033853874035b1235cef0c9e367dc7a2445f8b8759aa30954995e28da1845d6d070932b571a5c946d7e9f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\jumpListCache\mZ9DVySILtF3i2TjFw_98szgp_IWUnUGE6Ef1YvaeF8=.ico

Filesize
25KB

MD5
6b120367fa9e50d6f91f30601ee58bb3

SHA1
9a32726e2496f78ef54f91954836b31b9a0faa50

SHA256
92c62d192e956e966fd01a0c1f721d241b9b6f256b308a2be06187a7b925f9e0

SHA512
c8d55a2c10a2ef484dedded911b8f3c2f5ecb996be6f6f425c5bd4b4f53eb620a2baccd48bac1915a81da9a792971d95ff36c3f216075d93e5fd7a462ecd784f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\thumbnails\683ca52163a6809f7ca5becbfda0f9f1.png

Filesize
16KB

MD5
5e0001b9799b943039e2ab3cb0c5284a

SHA1
8bdf899e9f21db3e7875fc2b11eacf29db5c6a17

SHA256
5728cd41332c734f91b12fff15877c530395dc86336b0d81cebb84b6e01db1fb

SHA512
91b5c7cf12503014621d0a2cd0a1f84836f4fb0c09587aee62f60b38f09af3c2d8dac2eeb2a96dbbac30c4c1dc13471c32e5bbc3953c453a6bff288338a4f1be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\er3umqpr.default-release\thumbnails\9294853175f532d0b72365d3ddba3d57.png

Filesize
60KB

MD5
010fd84102e9e1a993db894b7e5f0fc1

SHA1
12e2c2283d2730edc479d89c59366877cea346d0

SHA256
08ddb7c62870045b961d9b6891fe01fa564e5f9c53354525ff3bd04e77d9eead

SHA512
a829e0d252d10634dece83663b5d0d6ec4a016bea66dfb68ecdba9d6e02de2bc6af04cf18bf547997f4e0924ae8a42c1010eecabe6ac3a97986edfeee631e05e

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\e592f8bb-4731-4b70-adaf-420685aac382.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\cmd.bat

Filesize
2KB

MD5
ac870b71d21ff69c6c019488f4ff0511

SHA1
905d4925c4af148abe2ca3414df4a2ba38455df5

SHA256
4e04087ae266d22fb2586fded3e8529d36cf68361de88e7990f7bc584ad98932

SHA512
e5cf0f25f1a2a9942dfa0dfca6a4edcab416033323818756b49e13335f65233e72ab210719e9c33238037e99eae3e38d08f94afebeae3c0581454a88376696a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2036_41872606\828ea836-e91b-4cd4-b695-1509a7fff85e.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2036_41872606\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
4b4d2e3f58b49e7765fc08f2852eaa21

SHA1
39c1a2c98ac9eab6b990d44240ad9d39dfebc863

SHA256
1c67280daadeea5e42c4566d99a14f43790d622edf572e2a31ad00b02710a9c5

SHA512
57b1b2f0796a1e07f6f8f71e59e15daa121cdd85e7f883293a37771245541380efa76161e7c2dca2d520c58c97022736381fcffcb7f4cf2009582b38d1e7037d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
04f025dd7b4c3c6609f11f6035b7fe18

SHA1
d58cce4d90a8039d887b0619fe758001f955034e

SHA256
c44bcc0df12c4b202ae16793dbc37260f3175b7e5a9b75a1b43f150ea8db87ef

SHA512
007e3d155faa1851a6def1fd917686de15cebc2d7049d81c9a7a7a75997be6ff7a52e1d7467310aec97673a088935706ab7e2dca4ac419a20b329c914b1677c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
d9af38f1f50d25671e62a09244a3ea3c

SHA1
91cd4e10d7d3f16fa34abd8c0356946c800f7ac7

SHA256
c3ec8bda2610173d946c3e13ec563603ca8eee0592824a1e249875cfcd5abf7e

SHA512
5fce442bfa74dcb4303d13d9552a274f7319810c76d592af93c1104ec2b62a2ff48fba8d113bf64408e03facca0c5a2eb28d90378e7c33bfe4d6d0b1da68e348

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\MFIY01VO12T3TTTY4OL3.temp

Filesize
21KB

MD5
2ac48f7759f11b65f36302ea260e5061

SHA1
a8dbe6c54a634571ae08fe28f67a1f81ef14a8e3

SHA256
055fc1b27d7727fca55223c17aca907b82838d3ef99192007f70e54c1477d76e

SHA512
4fbb0b23129277860b51bdb37e56245e9a4346296f99c930c2e63aaf04c91877ce819874d3e667289f25b67f359f05123bf54913a92a2702f304e266971f5224

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\AlternateServices.bin

Filesize
8KB

MD5
cee71d6085bcf2abc0342f535d4fae7e

SHA1
37ddb9b9a2c468b5a5472d3ed463058217c969ac

SHA256
abb7bdafdea765db247be5dd9faa17f6734c0f86adf2e4371156625cd17b318e

SHA512
cf2cbe0601c324c82f5203abcd03f63e1cda8c636db9b714536b93e58da336cf596efc787ad6050e5594c043cbecdc0817b1ebaa0231a65a485487683a57ecf7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f4fd70464ff4e0f62a8197e7aa318356

SHA1
439cd49c743eb3eb067baa6313def4d899f78d60

SHA256
56a5b0941ee33af5baf7414e304e8aa772a5850109b1388c3f951ce676dc1a48

SHA512
3b5a517ddad747357d20e313e8063d56922befb2f39e5dd249ed44f30f12da92a16b77b4dfa1c6eebe2c6fe67da063af247b8892314431e9879dcc67d9b7d738

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
7d68c9f13c848bd25c31a43d6fefdbc8

SHA1
d66199f7b687956058cc2e130d47158a34eca7d7

SHA256
305b20c91139a5176c6b1f72adff7b94effe055affd0e0b7d6439c632d0ded49

SHA512
8ee1720d37aa00832cc655669bd02de1eb38e233cb3cc13556cfaa561dd38f5b0c85915751b3f24175d3becf6f4fa73900a95b5aa62146aa26c6ad887f5ccaee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
18KB

MD5
262d9d2b43c7ab3ad3df0b1ebd14fe18

SHA1
bc6b571c55b71dec234311e37d4e4a563c140607

SHA256
ef80dc7c4ec78d0e30f073619c0a93a7a19c4ca1d87f7627f6db8d87ff44731b

SHA512
5708ec51ce894e39b81703593beb478500276427864243fb6e99ee1a75cd22f92f74d03c7e89ebb46d67d4a96169a0d2a29392227f2f7dec7695818d0ba7d52f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
ff3bc28e042312513cc36fe8e31ff6fd

SHA1
62e17951c00eca86f1aa4be489bc0d3ce613420b

SHA256
ae888889af3b3114a959fdb466cf1484ca9c7d4fa0886a586ea74916065cfa6e

SHA512
176c355e3b0eb481bc7d09287aa7a8f1a682d1c5d53a4c6edea050ed443a58847a3b0414d5b2168e899b22ed361bfc8a405143b84602ef260d447550f779b85b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\46af7a93-94bb-4949-9afe-be5389ce8ecc

Filesize
25KB

MD5
0baadfff5c2b51f88cf4fb8adb0acd46

SHA1
edbe1c017f155da4c863ef686ab04fe9c14c6cf9

SHA256
0ced4e4b46c0db55f4f63fbb16a93ed74ad8ae274287930f71e972b46072be8c

SHA512
6cb4f83d1c0e8c49eceff2656ec094255295dd4753d58eebab9d3c11a85534b6a3cc72bdde8f0512a6d282ce4d29ff2aea0b87825820fca4d17e9325c8392eef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\65c1fe73-1fed-4dc5-a6b0-62e977b7dd20

Filesize
982B

MD5
416595a3fbe77ab8fc0b3fa89fb64dda

SHA1
ad98f766346d0eaa64943e799da99f2fbd993e2e

SHA256
2d0c6ca9ff580d9a12676b6bdb9dd914f56133190ec1a73c0b6aae835bf4408f

SHA512
d1f6a3c10b4d546833af977bb9ce1f336ac4305789df538c4baeefb2b278ff3ba337e9af782f20d0003cc979217a6fbc63201e8f5facc9ee1f1cdfc031d53bed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\82b79028-35a8-4f94-a842-186d0a1dae62

Filesize
671B

MD5
808e99ebf48c879b847300e5fa9cc5b7

SHA1
ddd6d1a72f335d65c6046f0392de9fe27753a0fa

SHA256
bd56e44a4e3bf5bc2d3902da1d508179ea3e1571a969ff07f64ced4675070235

SHA512
4d7c3af24cdf4375499ae84ae63cb76177ec7afd65af5e11b6c0772f5286b6bc61727a4882cafba6501abfbb50112c54125059f446f0914cbdc2967ef8a184a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\9d2ddc69-91d0-48da-af09-8ada50ffac49

Filesize
2KB

MD5
121b543ddf5bcd6a5ec5d186dd165dfe

SHA1
99fa08a095a9308e6d74283d6ca9ea004c4a3bb0

SHA256
3f0e45ab6f9207aa3c5930b3ba11d67c906fabe1ff15a21a02619ea8c8747370

SHA512
2c171debcf853f7417fbd834e57ed14fa396b93d95744c9737c49eaef46c0b81db65b9626001c1bd24d621da5ad436b5ce45a71991011a454474ed52318be739

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\datareporting\glean\pending_pings\c3aff93d-8ec2-47b0-b847-b6413cd8caab

Filesize
847B

MD5
56bc4c5b07c56d42a261ed3fb3932293

SHA1
96898d609b567886da7fcfa9e1ac7a2cca22527c

SHA256
1fa4607e1dbb57c8da34efa99a662ce69f2c04a89501616e58cda2d470960f26

SHA512
cc22d0103d103422cba1abf7734027f28de80413f602ad7ae4594c199b0d95da59b03309ae0486476366661187355969a747dcfb46a3952579793d17eb4de034

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
12KB

MD5
158a9f08b232cfef08ca490368f5720d

SHA1
4bafb5272774bb8c30b90b4834421724a152326a

SHA256
f620cee0133cc635c2684dd3a5ff4e68f5c25768ee1de886ef58e8ea2000ea38

SHA512
322f412fd7030c773ebe1aa8e5b526d437ddfcfc850d2e9676c502f847cccd7abcbcb26b9f24e0bff9b6e40e5da42025cdf9806dc25254885540ae411d508209

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
12KB

MD5
d1dc4d097109d13cff7280a0c9974388

SHA1
09ca1ca4f5ca441f288ac8654b29cf0a0b73b7ea

SHA256
27e68da3e27834a46afcefaef86416b8cb45cbdbbd3e32df22207b42cb60dc7a

SHA512
fa6c0d23cdd82171d550cafc6a850dda55e386e4ef46a93e04bba39c050619b242e5fd5137bc6834b0909a5213a41bb99b70ab6b6bd4a098a891dfc13b2aa702

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
10KB

MD5
de1010afd6910c96db124385e5a976db

SHA1
a9934296a8091c900be51a2dc805d0d563d5c471

SHA256
63e7da0cd2fb7380ce98d11b426fc172de76ddb4b4c8568fbfbf107358b99203

SHA512
b66f4d43bff55b75781d17b867634e87198f0578af4b99c01224d260a27983071b3b3558e5080a79a534aeb805a8be7b18adfae58e2b78876b851b89d0a34a95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs-1.js

Filesize
11KB

MD5
c281de0bfedd6443a9f8dcba4bed8d70

SHA1
f128eba55d92b81bbeaeaa208c66f994ad154d70

SHA256
8c3b531acd2116ecb28d169f9f149f5e6f84971c1aeb05b17b4397306193711b

SHA512
7f8b7dbda6a9a977db078026b96b3f547d61e24cc23c438c42484f36f36b1495aba028e85491c2b4826eeb1c5d431bd72b491a10d94183b5e8c387dcca1d51d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\prefs.js

Filesize
10KB

MD5
dcab1cec40a206c498bd15e4fd6b4c8a

SHA1
fea90d52850d0a106473a324e46673e40ac80598

SHA256
0080fa867c9109e573c294fa9a5356c93c60fd28eda4881227fe8f78c87a396c

SHA512
bdc8734060f7682cd09ca1a227a5dba10f91c8564665994200a9352e8bbbcea99a806d85940a03a8aeb466bf240521c34e709774f139f507465a199d6c8c2615

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
7d272b96a980922f30fe9e039f322c09

SHA1
32b394c821440b06a3ea9a2c2579c4db4061b134

SHA256
9455de3e746a6af9ccaf1794d8de0ed189d53c9366e71b4c28ba2bdb111c1863

SHA512
9c2a2e723d458d1497031a9b9f51129bb32f256ed550f17d56afa436ff866277e65af13e95ef0b32763742488299cd56ce881bfbfd391d239bb63bf394ea0f49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
db84485354b236363e277ba51e0f4661

SHA1
9d688bbb03dd255c02af2feea5d075a3b6f6f543

SHA256
e5483ed403826d5c907c3110e8595ec22c96c5f5c3ba281a469139d820127657

SHA512
1c1ed8a11ea00485c822714d3dec839dec0777548a5951ac2bf5087f2d19bd58bbe62b5ac995417670dfa71433bc65f6e0589f30131431541ad5b6a980959bc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
e7ac24247a9454d9b74b798c0219184e

SHA1
f4bbcdc7be8314a93875e7bdd31de70ee6c286ed

SHA256
f79daeed4fa23f5ebe95ba5241715256236faf082b5d44f6c01f78c34fa37e14

SHA512
2f771fe54c23bde79f75c80e87f59669655a1fe65cf2e553b1c3ed2adfa59812644512ca1e6c0ce46b7c4513e0425662c97b552f9359c9ef0fdbe0f5a23e5da8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
e10d1a4aa0f8560dd32a3b3ab4276b4d

SHA1
f11686f04b321b7fc2a7e3af4c1b151cdea7fd42

SHA256
5833789dcdeea5b69054ba59d0593df39ef7ca1c13e4504a32c9131c1c39046d

SHA512
66b843e2e3f4474dcc8fc85ae508e0666eb75e276e5dfe5ac342fd64c48b57f39a8c4eb6f677e39ecebd19cff61dcf26accef247227c492f686802acf2bd791d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
af88490b4552124a95f36cf08ca943d5

SHA1
b3243cc7e131beedf1a577c14b7462e09ef33a6b

SHA256
ff6780ac705dd408a62a44c8c1ff461fa2b28ca35cda093f38a4054d7f2d9fd3

SHA512
5deba50cae609a219bec02ea60a0043275b0f106a70626eb909d7e760888f17a9d6ba3a7b6774bdfd17d069ba03742417cbb767f75eb4a0b2ebb4b2cedb363ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
89de16c1ab84c2952bd4794e7884fd97

SHA1
4e8337e84dcace696fd94eabb5e409ed7c34d491

SHA256
5a0a4b546d113892cc93a953b121278c5004f8a13d7c29a180360897450ab647

SHA512
4993226e1ef9d05c2b5f3a6950102ce347d37aaa6ed067292d44618da40282ba9688bbe8c70c50c9c577c92b26f6d859895b003f015c4006b2cb5dfa351518b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
24a270224ca1e3133bec6a30509315b6

SHA1
a759f4a686fe22bb19d6ea460bf4585ac13b87eb

SHA256
e702206892e7926f1d2c81207f70ae4449ff03f5a60b5e60ace10166bd6c78c8

SHA512
d3a11c9a191de71d7541c8bf9896b77cbaedefbe881f8a6cff632407883bb9a06d964784c3c2c582a1fcf693b3e9a14e84af609c3a0f17ce7837851783dd4152

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
2f95ba2707f90707101647c79ae3f9d4

SHA1
163a7bfbec24e4e3b03248119978382cb25f8771

SHA256
ea619d0dbae6ae1b05af0837b8bf9b13af265a046ffcae026bdba2e4b1d94d36

SHA512
2001c62e0c94b440f4d2f9c89fca54b2521a174d02132f8ab9a73636bba31c2308d77be4a432ac527aa507cfbf16c1369bc25bf26d507f6c3fb63f9e46ccaeaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
c72d2e04cd09c18cb75b668dc5a77940

SHA1
e2e3456666def3e63023e7c23fe85fbeb20cf0fb

SHA256
ad23996e819f1fb2e1500c5a66dd5e0f33d566cab25f7a29d8af90e065103ad2

SHA512
3015f9e066579c7a1aaaa65337c6237e440c4da4dd0b66a184608e1f5fc5b3c274f662ad20d0a5b840b0451ed830d3b8fe23cd463aa5f7903b62320f3dd45944

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
d09ea6afb1ba43a56b73a313a95370a6

SHA1
e5ba5397d975fe910a58821fa59dc61d2b5ed95a

SHA256
bb036fbd78d4fbd48f930805886bdf1208336982e65a391e0a985124292a7a12

SHA512
c8b71d4ebbc33d52c1f511cacff93c3627f8ac6c33bb01a4a9a0ce77cebf988ea15723459ac09504e2e1870bfa7c40a1f14842bcd96de1f37a11481e02183678

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
fe67883842ca6003bbc0394ad5960212

SHA1
212ff33a49a37d4be3fce9a98de5a482f74657fb

SHA256
6aab16f48ae793c100e1e5bd2fdcf33105ddceb01e2ac045db64ad9807099b93

SHA512
40935f209b0ab114052025796a134533d772d6c48bc224717f7751eb584751b8c72ce2ac01f9033203896dc9d584bc1a87508a5443ee91807215dc3a2846e064

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
9d4277986b38321773dec0ea8964486b

SHA1
7271b14c7e7c8a94542d5ebfc4d28375d59e05e3

SHA256
0cf78c7196ace71224a61dde2de2badd0f92c0ebc97cf8231166c27ef45a44af

SHA512
9d0ffec50afb26afe1504d86a70d993416050451a9b249f79947cb12e3f46945941e94a61d856cff500a394d3d9349d3126d4418ffd50ccd911c1e9d5f99cd4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
4c57db4d83f4f9599f15da80bc170f34

SHA1
383b47d3396b61a5dd17ca9a87650f80ba7f9ff0

SHA256
e0d111382a88dffe6a9ce815b4145af5e4f5fa925c83b924a6756008ba0313f1

SHA512
350690993dc04c5094aa0e61af6a6a797c792e3b170f381aaa46bbdb4b4900828bbaba2ba4b773c0deb1309c8c8e047853c4cbc4d17a88e80e561a6f4162ef6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
6c270f699ddd829692101c7f78a31ba5

SHA1
2dc2bb048d2b73c9d92af1f83a115007a027ae6c

SHA256
11b2da944c5cf9a942c062c01a420bbcac113ef46933cc9f01df9eed47550311

SHA512
f1a27653bbfeb56a44e03e519d8e8b511215cfb846b541a449ccddc134a77adf2bb07baaf783b07b2c790ce2d28199b6659bfcebadd800dcaab4be0b0c6a2229

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
197c63c9c4d686e17ad3639650a811d4

SHA1
2d688ff3157028565241d3556ef1d6ca28296597

SHA256
aa5e3dfe77f1bc90150c152cb6fb58d3029cffac57f6f760f9da14158872f22b

SHA512
24f1885914ca157ca7b80eacc2cef8ba8ccfc8f525bc96b163729df73b221abcf500f045e8ac6380a817e021e0cce296835973297271fbf5a52f942f84435f00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
395822e1f18caa40d71c849b251aafc7

SHA1
d10d03513a17724a0e0eac9a1832bc794bbd3038

SHA256
39124e324bc87672747a58b0abb5721431fb7114a235f298df8e7684ab4e395b

SHA512
9fc2c0b323f8c7ebd13f5d56d7bd2b96da9aa4f560b79b2fbe07bcb82c3c7070fedd9deea0055b5ce7614ca9778233de723f2ddebd42ec1875f2413ab9ebd2e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
16KB

MD5
9df2ed3b0bc3f7869ab5231eb8260126

SHA1
17627cc19ef29d8a7a662959ac755a3acc103697

SHA256
cd56262f8de7c8d4ddf9fb611c24e08605036520fa902a3b6ccb4b5bbc4a3764

SHA512
721eda9635e0c3dc64891581b9d86e9ac7b1483f56b472b70302211eedb9150d828af6a887728d7f618bf2393bf545171659883ad58d2915552a2f5dcdf5f3ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
ac475f3bc757f3db3c646751eb20d881

SHA1
d36ef7840ce271d098a4c5e4a1e2207adffcc768

SHA256
4a58f80ac5408e15edd0659ac173adf0925eb991851919d15864221bc97c6548

SHA512
8eace0cf82beaf17a689e3c711af595a35a6ef384467f54851770d03ec11167e19e5913e695e619ac0fddae1897204cbf6746eb7770bc5e050fb57cef10c8a1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
9fe81f22d4f3857aa7dfc9e6663da727

SHA1
e692865b46a739ee376823ac75f178a325c7d944

SHA256
9780eecb638370da55e35b0d5d978fb32e5cb679692eba589390390d631c44a7

SHA512
8f25cac1a6e2da8d46b1278c770c47c41abdc5e95dfc782cb0123716fb57036fa9ff01c02d598f0037fa188e15279833a2b3fa6081e9813e33a0ab7bbe7dba84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
5e656321c173c0eb1c9ef6e78502b2e0

SHA1
8dc405570a5be5194757ffc93afc541248bd5fb3

SHA256
581f8a3bc4e6b643e24b0140f2d5375a617eb42a9302cbf1db905f9f741df00b

SHA512
90a0b57dd2fcacdab96a62c9ee602a647661850d76400a55fe41b1891c5b2e93818f0601e0401cb7df8b556eb6ad05fc7cef27e710078c6258dc1b02892d46e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
7987ad67cd88281cc81802a4e571e4bf

SHA1
c03960b4dea1370e2ea0dbc22019e994a8876a50

SHA256
1573fc33383e3618294bf6a638778909534bfc39d27a8bf60a85d38021589e0d

SHA512
b9dff20d832caf044bf338de98fd1c32b4734b26244d37715fe59fa679c36d6b61fef08a491fe0698f0ddec3ce4f952b5122bdef55d7ca1eb0afe7404ff4fcb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
31da7ebe45bfd200f534114dcdf0967e

SHA1
547081867dd6dd254c34c1c76d5b5db52aa768c7

SHA256
ff8f4d45579fb4dd8b643c33f85080596b2987552fdce872b09021ed78ed4285

SHA512
9b3833b90fd7afb1f99ac5615801f9feb7415e7e826e607d44694608fb34513856534a14cf21a01f96e617c5edee282d2be09994405abcec623dc99023484df5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
9c6742555c19d63583a696d1f9ac7c28

SHA1
e325dad3a1997c3a0f34abc7622f0e7adcbaeace

SHA256
700f5292cbed8ecac661818f76c05731728f03b03c2a4de237aba5cf12eb9ca9

SHA512
98ce2988843eae033b59741aefefd233fa7590917473142a82481e44227ee9f1202688fc5364975efe9b82a9dd0083a9d18eef95564e64432d9950248b52c93c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er3umqpr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
9ee1b93269bf94892086ef58f9d4a7f5

SHA1
d7e1a2749cebdbe4696eda65f161c797e57d204e

SHA256
4f10b2a6bfdad26b529a8a2acd2b6a038f6bae1689e5bb7d058a3dc6cfee1089

SHA512
dde1cf36a326ab4d1ce7deb6e083c3fd915bdbeb7335d5eeb9bfc8ada3897a80b213a83a2378fc519ab4bc842b23a82f3325b2c06b4a4146e0b4cd4e252d76e2

Download Submit
C:\Users\Admin\Downloads\0q8o3kvY.7z.part

Filesize
728KB

MD5
7417a04acf1b90b14217922aa3789728

SHA1
267082934a3c462661b7f173e75247aba6243f87

SHA256
bb4a796dbe5c54ea9b5983652aedf7ca06536c34295ae796635ca0a0497019a9

SHA512
845d16e74e895a527b07ddf9cd8cbe247edcd2ffb900ae3c39717dc9681493eaa6d69af00331d095206c6269a79ac9d26e76d44653c64705110af53002b8362d

Download Submit
C:\Users\Admin\Downloads\7z2409-x64.AxV6G0LH.exe.part

Filesize
1.6MB

MD5
6c73cc4c494be8f4e680de1a20262c8a

SHA1
28b53835fe92c3fa6e0c422fc3b17c6bc1cb27e0

SHA256
bdd1a33de78618d16ee4ce148b849932c05d0015491c34887846d431d29f308e

SHA512
2e8b746c51132f933cc526db661c2cb8cee889f390e3ce19dabbad1a2e6e13bed7a60f08809282df8d43c1c528a8ce7ce28e9e39fea8c16fd3fcda5604ae0c85

Download Submit
C:\Users\Admin\Downloads\7z2409-x64.exe:Zone.Identifier

Filesize
579B

MD5
7df530d62444a63d67d99797f520f493

SHA1
5bdcc1938e0c9ef22ffe87a29a0ddde6439af2dd

SHA256
ebaaa7913ea66d28c23497f0fb815b625d07c5aaf98def578e51ca8bf20b90a0

SHA512
176c93516c942925c7ea0d664d3d8792f20098fab97e0d2c673e9f0f9d9a88fa6fc9802834d0d9a274543b48b2aed0fa3546c4201278499e24799813ca99ec3f

Download Submit
C:\Users\Admin\Downloads\lZGkyHei.zip.part

Filesize
479KB

MD5
f755a44bbb97e9ba70bf38f1bdc67722

SHA1
f70331eb64fd893047f263623ffb1e74e6fe4187

SHA256
3b246faa7e4b2a8550aa619f4da893db83721aacf62b46e5863644a5249aa87e

SHA512
f8ce666ae273e6c5cd57447189a8cf0e53c7704cf269fa120068f21e6faf6c89e2e75f37aee43cac83f4534790c5c6f1827621684034ef3eb7e94d7ee1ac365e

Download Submit
C:\Users\Admin\Downloads\ransomware.exe

Filesize
901KB

MD5
4466bd55a558f2f4c9fd03116e8cf0cc

SHA1
079857ca2232d3b06a6fc1c9c6e88e7d2d7e8918

SHA256
f77f7d9cee9b6d0700d5bf6672ce3939e2a85b70979052f87f412f4a3e7de073

SHA512
56287960a562c280032596764e2b2f39740e6a4e5ba8808999ac1da3881288882b66211bcb202a4aa0863391edf7fbbbd5effcb9ac40a3fc367b01a3f09c3ac3

Download Submit
C:\Users\Admin\Downloads\youareanidiot.exe

Filesize
13KB

MD5
837ec4ff4fc8c54832540435d67ee566

SHA1
5eb73903ea7dd2864d6308f4de1a0832aa7d2e4e

SHA256
fac93c9588050866b43c882faff3921f8b5a587db20682c66ce2ad3284b88db1

SHA512
a8e551676c987a7df5a71dea010b5e646325bf7301683827c4791306acf49a6c215c6d3283c2c8020eebf604bf83e21620addeca2a6eaff3f794724819f642ac

Download Submit
C:\Users\Admin\Downloads\youareanidiot.exe:Zone.Identifier

Filesize
50B

MD5
dce5191790621b5e424478ca69c47f55

SHA1
ae356a67d337afa5933e3e679e84854deeace048

SHA256
86a3e68762720abe870d1396794850220935115d3ccc8bb134ffa521244e3ef8

SHA512
a669e10b173fce667d5b369d230d5b1e89e366b05ba4e65919a7e67545dd0b1eca8bcb927f67b12fe47cbe22b0c54c54f1e03beed06379240b05b7b990c5a641

Download Submit
memory/2972-746-0x00007FF9F6013000-0x00007FF9F6015000-memory.dmp

Filesize
8KB

Download
memory/2972-747-0x00000000004A0000-0x00000000004AA000-memory.dmp

Filesize
40KB

Download
memory/5584-1538-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1541-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1536-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1539-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1537-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1540-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1532-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1530-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1531-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download
memory/5584-1542-0x000001BE882D0000-0x000001BE882D1000-memory.dmp

Filesize
4KB

Download