1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499

Resubmissions

18-02-2025 10:22

250218-md9krszkhm 6

17-02-2025 23:11

17-02-2025 22:39

17-02-2025 10:36

16-02-2025 19:11

16-02-2025 19:09

13-02-2025 11:50

08-02-2025 16:12

Analysis

max time kernel
1800s
max time network
1801s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-01-2025 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnyDesk.exe
Size

5.1MB
MD5

aee6801792d67607f228be8cec8291f9
SHA1

bf6ba727ff14ca2fddf619f292d56db9d9088066
SHA256

1cdafbe519f60aaadb4a92e266fff709129f86f0c9ee595c45499c66092e0499
SHA512

09d9fc8702ab6fa4fc9323c37bc970b8a7dd180293b0dbf337de726476b0b9515a4f383fa294ba084eccf0698d1e3cb5a39d0ff9ea3ba40c8a56acafce3add4f
SSDEEP

98304:G5WW6KEdJxfpDVOMdq2668yIv1//nvkYCRThGXBJdicotUgwoAo5beyjF:y3vEbxfjf4Y8yofvktkLdurH5iyR

Score

6^/10

microsoft defense_evasion discovery execution motw persistence phishing

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Greenshot = "C:\\Program Files\\Greenshot\\Greenshot.exe"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Command and Scripting Interpreter: PowerShell 1 TTPs 13 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
64	powershell.exe
1948	powershell.exe
6096	powershell.exe
5204	powershell.exe
6080	powershell.exe
1308	powershell.exe
2800	powershell.exe
3444	powershell.exe
1060	powershell.exe
5128	powershell.exe
4408	powershell.exe
4488	powershell.exe
5208	powershell.exe

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 64 IoCs

Web Service

T1102

flow	ioc
3196	raw.githubusercontent.com
3323	discord.com
166	camo.githubusercontent.com
2534	discord.com
2717	discord.com
3078	discord.com
3121	discord.com
3131	discord.com
3141	discord.com
3193	raw.githubusercontent.com
3240	discord.com
3320	discord.com
3094	discord.com
3200	raw.githubusercontent.com
3325	discord.com
1102	discord.com
3159	discord.com
3194	raw.githubusercontent.com
3199	raw.githubusercontent.com
3228	discord.com
3331	discord.com
3049	discord.com
3117	discord.com
3120	discord.com
2698	discord.com
3085	discord.com
3304	discord.com
3223	discord.com
3266	discord.com
65	raw.githubusercontent.com
162	camo.githubusercontent.com
832	discord.com
3051	discord.com
3052	discord.com
3093	discord.com
3301	discord.com
2443	discord.com
2771	discord.com
3047	discord.com
3091	discord.com
3128	discord.com
3230	discord.com
3309	discord.com
216	camo.githubusercontent.com
2603	discord.com
3092	discord.com
3116	discord.com
3154	discord.com
3163	discord.com
1539	discord.com
1931	discord.com
3145	discord.com
3197	raw.githubusercontent.com
3149	discord.com
3198	raw.githubusercontent.com
318	discord.com
2458	discord.com
2707	discord.com
2708	discord.com
3081	discord.com
3122	discord.com
3234	discord.com
159	camo.githubusercontent.com
217	camo.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc
1153	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Obfuscated Files or Information: Command Obfuscation 1 TTPs
Adversaries may obfuscate content during command execution to impede detection.
defense_evasion

Command Obfuscation
T1027.010

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	Greenshot.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	XSpammer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	XSpammer.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\symbols\dll\wkernelbase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\ws2_32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\wrpcrt4.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\combase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\wuser32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_custom_stream.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\shell32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wntdll.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\msvcrt.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\combase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\DLL\wimm32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\exe\AnyDesk.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\msvcrt.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\shlwapi.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\ole32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_1280.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\AnyDesk.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\gdiplus.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_2560.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\ucrtbase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\DLL\iphlpapi.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\winhttp.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\winhttp.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\wntdll.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\advapi32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\sechost.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_48.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\combase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\winmm.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\ucrtbase.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\gdiplus.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\shell32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\DLL\iphlpapi.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wkernel32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\winmm.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_16.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_sr.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\msvcrt.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\DLL\wkernel32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\ole32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\oleaut32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\comctl32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\comctl32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\gdiplus.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\advapi32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_768.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\ws2_32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\shell32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\exe\AnyDesk.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\shlwapi.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\shlwapi.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_256.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_exif.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\wimm32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\DLL\wimm32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\comctl32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\advapi32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\symbols\dll\winhttp.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\dll\ole32.pdb	AnyDesk.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Explorer\iconcache_wide.db	AnyDesk.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

discovery

Process Discovery

T1057

pid	Process
5960	tasklist.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-MU9UA.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotImgurPlugin\is-HIO11.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-H669E.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-UTICJ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-HS03D.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-49PM1.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-QELRO.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-M7P5V.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-8NVCT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-QED19.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotExternalCommandPlugin\is-IJ05H.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-7C47E.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-9E3DL.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File opened for modification	C:\Program Files\Greenshot\LinqBridge.dll	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File opened for modification	C:\Program Files\Greenshot\log4net.dll	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\is-580MV.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-MOR03.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-72F9P.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-NTNS6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-MUE1S.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-F6DGF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-DAP9A.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-1NDDJ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File opened for modification	C:\Program Files\Greenshot\Greenshot.exe	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-LIL9V.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-NJOL3.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\is-LCFFR.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-C23IL.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-GO6PO.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-R5DJF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-7M471.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-OS8HR.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-7GSTL.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\is-0ICED.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-HLERB.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-OBF7B.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-8A5P1.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-H7SOG.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Plugins\GreenshotOfficePlugin\is-VU8RT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-UK3NM.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotExternalCommandPlugin\is-QVAV3.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\unins000.msg	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-DNF23.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-88EEN.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-K0FSV.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-8G8GQ.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-HH7BU.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-AE2PG.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-HQOO2.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-U278E.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-GNKUP.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-F0VVT.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-EELUU.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\is-EF3BF.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-S04JR.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-HOB75.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-VN4CR.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-QB47F.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotOCRPlugin\is-G4M31.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File opened for modification	C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\GreenshotOCRCommand.exe	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\is-TU2TG.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\is-GDFR6.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-NCCN3.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
File created	C:\Program Files\Greenshot\Languages\Plugins\GreenshotImgurPlugin\is-5F39C.tmp	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\log4net\559f5afd8f41271e6ea0b94abf3b75af\log4net.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\GreenshotPlugin\169ba976252c896f281f785e22029e07\GreenshotPlugin.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index12.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index16.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index16.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\indexd.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\indexf.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index15.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index11.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC936.tmp\Accessibility.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1fb0-0\System.Deployment.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1138-0\System.Runtime.Serialization.Formatters.Soap.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\indexc.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\indexe.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP873B.tmp\System.Configuration.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index10.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index14.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index17.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index10.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index17.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index17.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index16.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\2828-0\System.Numerics.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Numerics\ba90284a07d8bc0ce7e6273afa79210f\System.Numerics.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\20d4-0\GreenshotPlugin.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP8A68.tmp\System.Xml.dll	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA979.tmp\System.Windows.Forms.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Runt9064068c#\f85535a7092741215f67fdedf2846499\System.Runtime.Serialization.Formatters.Soap.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index12.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCB1A.tmp\System.Deployment.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index18.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index16.dat	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Data.SqlXml\22b31f1b9eca85580b198424dd16a98a\System.Data.SqlXml.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\LinqBridge\c57edae910cb6143ef6d7b1d57a24772\LinqBridge.ni.dll.aux.tmp	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\indexf.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index17.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCFAE.tmp\LinqBridge.dll	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\1404-0\LinqBridge.dll	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\indexf.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index11.dat	mscorsvw.exe
File created	C:\Windows\assembly\ngenlock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index13.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\index18.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\12a8-0\Greenshot.exe	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index12.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA34F.tmp\System.Security.dll	mscorsvw.exe
File created	C:\Windows\assembly\GACLock.dat	mscorsvw.exe
File opened for modification	C:\Windows\assembly\NativeImages_v2.0.50727_64\index13.dat	mscorsvw.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC9A3.tmp\System.Runtime.Serialization.Formatters.Soap.dll	mscorsvw.exe

Executes dropped EXE 11 IoCs

pid	Process
7232	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
8624	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
4032	_setup64.tmp
10332	Greenshot.exe
8088	greenshotocrcommand.exe
7480	XSpammer-Windows-Installer.exe
3776	XSpammer.exe
7000	XSpammer.exe
8848	XSpammer.exe
9144	XSpammer.exe
9692	XSpammer.exe

Launches sc.exe 36 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5204	sc.exe
5560	sc.exe
3532	sc.exe
3008	sc.exe
4460	sc.exe
5108	sc.exe
3208	sc.exe
1036	sc.exe
1948	sc.exe
4228	sc.exe
6112	sc.exe
396	sc.exe
1496	sc.exe
448	sc.exe
4072	sc.exe
1728	sc.exe
1112	sc.exe
5304	sc.exe
3492	sc.exe
1936	sc.exe
1336	sc.exe
1880	sc.exe
5276	sc.exe
5644	sc.exe
2556	sc.exe
4072	sc.exe
4132	sc.exe
1108	sc.exe
6096	sc.exe
936	sc.exe
2600	sc.exe
5732	sc.exe
4516	sc.exe
3492	sc.exe
5816	sc.exe
1036	sc.exe

Loads dropped DLL 64 IoCs

pid	Process
8624	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
4776	mscorsvw.exe
8120	mscorsvw.exe
6428	mscorsvw.exe
8120	mscorsvw.exe
8112	mscorsvw.exe
10280	mscorsvw.exe
8112	mscorsvw.exe
4408	mscorsvw.exe
9648	mscorsvw.exe
5124	mscorsvw.exe
8404	mscorsvw.exe
9868	mscorsvw.exe
9868	mscorsvw.exe
9868	mscorsvw.exe
9868	mscorsvw.exe
9868	mscorsvw.exe
5648	mscorsvw.exe
5648	mscorsvw.exe
5648	mscorsvw.exe
5648	mscorsvw.exe
5648	mscorsvw.exe
1548	mscorsvw.exe
1548	mscorsvw.exe
1548	mscorsvw.exe
1548	mscorsvw.exe
1548	mscorsvw.exe
1532	mscorsvw.exe
1532	mscorsvw.exe
1532	mscorsvw.exe
1532	mscorsvw.exe
1532	mscorsvw.exe
1532	mscorsvw.exe
7660	mscorsvw.exe
7660	mscorsvw.exe
7660	mscorsvw.exe
7660	mscorsvw.exe
7660	mscorsvw.exe
7660	mscorsvw.exe
7660	mscorsvw.exe
1496	mscorsvw.exe
1496	mscorsvw.exe
1496	mscorsvw.exe
1496	mscorsvw.exe
1496	mscorsvw.exe
1496	mscorsvw.exe
1496	mscorsvw.exe
7148	mscorsvw.exe
7148	mscorsvw.exe
7148	mscorsvw.exe
7148	mscorsvw.exe
7148	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
4344	mscorsvw.exe
1012	mscorsvw.exe
1012	mscorsvw.exe
1012	mscorsvw.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\XSpammer-Windows-Installer.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	find.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	greenshotocrcommand.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	XSpammer-Windows-Installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 4 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3708	cmd.exe
5440	PING.EXE
2116	cmd.exe
5204	PING.EXE

Checks SCSI registry key(s) 3 TTPs 12 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	Clipup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	Clipup.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	Clipup.exe

Checks processor information in registry 2 TTPs 22 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AnyDesk.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	AnyDesk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 18 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot\shell\open\command	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open\command\ = "\"C:\\Program Files\\Greenshot\\Greenshot.EXE\" --openfile \"%1\""	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\ = "Greenshot File"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Greenshot\DefaultIcon	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.greenshot	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.greenshot\ = "Greenshot"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	powershell.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	powershell.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\DefaultIcon\ = "C:\\Program Files\\Greenshot\\Greenshot.EXE,0"	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Greenshot\shell\open\command	Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{C5430F4D-250B-414D-98B6-13638EC4A775}	msedge.exe

Modifies registry key 1 TTPs 48 IoCs

Modify Registry

T1112

pid	Process
5860	reg.exe
1612	reg.exe
4408	reg.exe
3532	reg.exe
4668	reg.exe
5840	reg.exe
5712	reg.exe
5828	reg.exe
1096	reg.exe
6096	reg.exe
6120	reg.exe
1340	reg.exe
4256	reg.exe
1496	reg.exe
4516	reg.exe
2552	reg.exe
5832	reg.exe
3708	reg.exe
2016	reg.exe
3708	reg.exe
4728	reg.exe
5276	reg.exe
6080	reg.exe
4248	reg.exe
3116	reg.exe
3444	reg.exe
6028	reg.exe
5728	reg.exe
2744	reg.exe
5688	reg.exe
448	reg.exe
1428	reg.exe
4500	reg.exe
5204	reg.exe
4344	reg.exe
1384	reg.exe
764	reg.exe
5968	reg.exe
884	reg.exe
1180	reg.exe
1628	reg.exe
5304	reg.exe
4728	reg.exe
1900	reg.exe
2752	reg.exe
4132	reg.exe
2764	reg.exe
408	reg.exe

NTFS ADS 4 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\XSpammer-Windows-Installer.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\xspammer-updater\installer.exe\:Zone.Identifier:$DATA	XSpammer-Windows-Installer.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
5204	PING.EXE
5440	PING.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4920	AnyDesk.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4804	AnyDesk.exe
4804	AnyDesk.exe
4804	AnyDesk.exe
4804	AnyDesk.exe
4804	AnyDesk.exe
4804	AnyDesk.exe
3672	AnyDesk.exe
3672	AnyDesk.exe
4736	msedge.exe
4736	msedge.exe
3164	msedge.exe
3164	msedge.exe
3936	identity_helper.exe
3936	identity_helper.exe
2800	powershell.exe
2800	powershell.exe
2800	powershell.exe
3444	powershell.exe
3444	powershell.exe
3444	powershell.exe
1060	powershell.exe
1060	powershell.exe
1060	powershell.exe
5128	powershell.exe
5128	powershell.exe
5128	powershell.exe
64	powershell.exe
64	powershell.exe
64	powershell.exe
2552	powershell.exe
2552	powershell.exe
2552	powershell.exe
6096	powershell.exe
6096	powershell.exe
6096	powershell.exe
5204	powershell.exe
5204	powershell.exe
5204	powershell.exe
5760	powershell.exe
5760	powershell.exe
5760	powershell.exe
4408	powershell.exe
4408	powershell.exe
4408	powershell.exe
1948	powershell.exe
1948	powershell.exe
1948	powershell.exe
5676	powershell.exe
5676	powershell.exe
5676	powershell.exe
2032	powershell.exe
2032	powershell.exe
2032	powershell.exe
884	powershell.exe
884	powershell.exe
884	powershell.exe
1792	powershell.exe
1792	powershell.exe
1792	powershell.exe
6080	powershell.exe
6080	powershell.exe
6080	powershell.exe
5644	powershell.exe
5644	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3220	AnyDesk.exe
10028	AnyDesk.exe
10332	Greenshot.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
7048	msedge.exe
7048	msedge.exe
7048	msedge.exe
7048	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe
1352	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4804	AnyDesk.exe
Token: 33	1092	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1092	AUDIODG.EXE
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	2800	powershell.exe
Token: SeDebugPrivilege	3444	powershell.exe
Token: SeDebugPrivilege	1060	powershell.exe
Token: SeDebugPrivilege	5128	powershell.exe
Token: SeDebugPrivilege	64	powershell.exe
Token: SeIncreaseQuotaPrivilege	4488	WMIC.exe
Token: SeSecurityPrivilege	4488	WMIC.exe
Token: SeTakeOwnershipPrivilege	4488	WMIC.exe
Token: SeLoadDriverPrivilege	4488	WMIC.exe
Token: SeSystemProfilePrivilege	4488	WMIC.exe
Token: SeSystemtimePrivilege	4488	WMIC.exe
Token: SeProfSingleProcessPrivilege	4488	WMIC.exe
Token: SeIncBasePriorityPrivilege	4488	WMIC.exe
Token: SeCreatePagefilePrivilege	4488	WMIC.exe
Token: SeBackupPrivilege	4488	WMIC.exe
Token: SeRestorePrivilege	4488	WMIC.exe
Token: SeShutdownPrivilege	4488	WMIC.exe
Token: SeDebugPrivilege	4488	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4488	WMIC.exe
Token: SeRemoteShutdownPrivilege	4488	WMIC.exe
Token: SeUndockPrivilege	4488	WMIC.exe
Token: SeManageVolumePrivilege	4488	WMIC.exe
Token: 33	4488	WMIC.exe
Token: 34	4488	WMIC.exe
Token: 35	4488	WMIC.exe
Token: 36	4488	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4488	WMIC.exe
Token: SeSecurityPrivilege	4488	WMIC.exe
Token: SeTakeOwnershipPrivilege	4488	WMIC.exe
Token: SeLoadDriverPrivilege	4488	WMIC.exe
Token: SeSystemProfilePrivilege	4488	WMIC.exe
Token: SeSystemtimePrivilege	4488	WMIC.exe
Token: SeProfSingleProcessPrivilege	4488	WMIC.exe
Token: SeIncBasePriorityPrivilege	4488	WMIC.exe
Token: SeCreatePagefilePrivilege	4488	WMIC.exe
Token: SeBackupPrivilege	4488	WMIC.exe
Token: SeRestorePrivilege	4488	WMIC.exe
Token: SeShutdownPrivilege	4488	WMIC.exe
Token: SeDebugPrivilege	4488	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4488	WMIC.exe
Token: SeRemoteShutdownPrivilege	4488	WMIC.exe
Token: SeUndockPrivilege	4488	WMIC.exe
Token: SeManageVolumePrivilege	4488	WMIC.exe
Token: 33	4488	WMIC.exe
Token: 34	4488	WMIC.exe
Token: 35	4488	WMIC.exe
Token: 36	4488	WMIC.exe
Token: SeDebugPrivilege	2552	powershell.exe
Token: SeIncreaseQuotaPrivilege	5864	WMIC.exe
Token: SeSecurityPrivilege	5864	WMIC.exe
Token: SeTakeOwnershipPrivilege	5864	WMIC.exe
Token: SeLoadDriverPrivilege	5864	WMIC.exe
Token: SeSystemProfilePrivilege	5864	WMIC.exe
Token: SeSystemtimePrivilege	5864	WMIC.exe
Token: SeProfSingleProcessPrivilege	5864	WMIC.exe
Token: SeIncBasePriorityPrivilege	5864	WMIC.exe
Token: SeCreatePagefilePrivilege	5864	WMIC.exe
Token: SeBackupPrivilege	5864	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
3164	msedge.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
4920	AnyDesk.exe
4920	AnyDesk.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe
10648	chrome.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3220	AnyDesk.exe
3220	AnyDesk.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
536	OpenWith.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
10028	AnyDesk.exe
10028	AnyDesk.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe
10696	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3672 wrote to memory of 4804	3672	AnyDesk.exe	82
PID 3672 wrote to memory of 4804	3672	AnyDesk.exe	82
PID 3672 wrote to memory of 4804	3672	AnyDesk.exe	82
PID 3672 wrote to memory of 4920	3672	AnyDesk.exe	83
PID 3672 wrote to memory of 4920	3672	AnyDesk.exe	83
PID 3672 wrote to memory of 4920	3672	AnyDesk.exe	83
PID 3164 wrote to memory of 4024	3164	msedge.exe	100
PID 3164 wrote to memory of 4024	3164	msedge.exe	100
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 1448	3164	msedge.exe	101
PID 3164 wrote to memory of 4736	3164	msedge.exe	102
PID 3164 wrote to memory of 4736	3164	msedge.exe	102
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103
PID 3164 wrote to memory of 2240	3164	msedge.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
"C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe"
1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3672
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-service
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4804
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
    "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --backend
    3⤵
    - Drops file in System32 directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:10028
- C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe
  "C:\Users\Admin\AppData\Local\Temp\AnyDesk.exe" --local-control
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4920

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff99f6546f8,0x7ff99f654708,0x7ff99f654718
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,11110455468839228015,1802617976137835256,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4952
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05badad6-d63c-4618-a3aa-cd93fb4bc929} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" gpu
    3⤵
    PID:3568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {911ef0e2-daa2-4b31-9c49-a57d72e71dcd} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" socket
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2864 -childID 1 -isForBrowser -prefsHandle 3016 -prefMapHandle 2872 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89f17432-c573-458f-9ffc-69c1dd687710} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4020 -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3128 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7500814d-403f-41ed-b92d-d0862ec2541c} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4560 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4176 -prefMapHandle 4168 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50cc32ed-4dad-4323-8023-c7f704ee7787} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" utility
    3⤵
    - Checks processor information in registry
    PID:5704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5632 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d91d7f-bdc2-4e3a-a0fd-059f93a03019} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5684 -childID 4 -isForBrowser -prefsHandle 5764 -prefMapHandle 5760 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {354e37e3-a806-4a49-8957-0c05952ce62a} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5952 -childID 5 -isForBrowser -prefsHandle 5872 -prefMapHandle 5876 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ff5b4e9-ce8d-4a5a-95d2-ead6011adb9f} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6580 -childID 6 -isForBrowser -prefsHandle 4368 -prefMapHandle 3788 -prefsLen 27552 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a0a0265-78d1-496f-a11f-83d1c986c161} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3788 -childID 7 -isForBrowser -prefsHandle 6852 -prefMapHandle 6840 -prefsLen 27552 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fcf08fe-024e-43a9-ae59-0b58c4fcd33c} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6560 -childID 8 -isForBrowser -prefsHandle 7120 -prefMapHandle 6532 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6b7e336-ce51-40e5-949f-7aeafe39f617} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:3116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6276 -childID 9 -isForBrowser -prefsHandle 7272 -prefMapHandle 7268 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {277c2d06-b49a-4c67-8c2f-0ba0205c6a86} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6844 -childID 10 -isForBrowser -prefsHandle 6704 -prefMapHandle 6868 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30fcf602-0001-4e26-a044-762bbc5de4fc} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7432 -childID 11 -isForBrowser -prefsHandle 6760 -prefMapHandle 7488 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b0c7a63-887c-4fbc-8576-9aaf4b0b8aa3} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:2244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7928 -childID 12 -isForBrowser -prefsHandle 7940 -prefMapHandle 7936 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a80775c4-6e9a-4e64-a1b7-1c1bf186783e} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7868 -childID 13 -isForBrowser -prefsHandle 7976 -prefMapHandle 7972 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c396c8be-ad19-4e58-8d90-6a35d87766e5} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6940 -childID 14 -isForBrowser -prefsHandle 8372 -prefMapHandle 8368 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d8d44c-0bca-44d1-9858-161f0f9d6c8e} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:2572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7032 -parentBuildID 20240401114208 -prefsHandle 2728 -prefMapHandle 6572 -prefsLen 34117 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bbd3a18-c99d-45a4-9b03-d3ffaae3a695} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" rdd
    3⤵
    PID:6076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7224 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7220 -prefMapHandle 7216 -prefsLen 34117 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95163eea-667d-42c6-8f96-1149c3bdbf15} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" utility
    3⤵
    - Checks processor information in registry
    PID:1384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9300 -childID 15 -isForBrowser -prefsHandle 9208 -prefMapHandle 9212 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a59ff951-9ff5-42ea-af5f-051e512a2bf6} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:3624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9124 -childID 16 -isForBrowser -prefsHandle 9500 -prefMapHandle 9508 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1462d6c2-7dc9-43bd-92ab-5ac39c68f2ad} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9692 -childID 17 -isForBrowser -prefsHandle 9772 -prefMapHandle 9768 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d71caf63-5b8a-462b-a22b-3ce6f1cd1a5c} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9528 -childID 18 -isForBrowser -prefsHandle 9932 -prefMapHandle 9936 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {947a8a99-63e9-49c7-8e46-e08a837b52fc} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:4120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10036 -childID 19 -isForBrowser -prefsHandle 8384 -prefMapHandle 10000 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd5f0116-7dde-4166-9457-989ea7f353c4} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:2580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10160 -childID 20 -isForBrowser -prefsHandle 10168 -prefMapHandle 10172 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2d5c23f-6641-4212-848b-2ad1fac5b0d4} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:2180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10388 -childID 21 -isForBrowser -prefsHandle 10468 -prefMapHandle 10464 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e51dc19-64a9-4397-94b2-069efac9d5e9} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:1200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10592 -childID 22 -isForBrowser -prefsHandle 10428 -prefMapHandle 10432 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dd81b6f-4bf5-40f9-b7b3-fc658f93362e} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10752 -childID 23 -isForBrowser -prefsHandle 10592 -prefMapHandle 10432 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bacebe3b-669e-44d6-9801-c994d1d61741} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:6356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10760 -childID 24 -isForBrowser -prefsHandle 10744 -prefMapHandle 10740 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4720fdb-5267-4fec-9c0f-7c7c2a79badd} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:6364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8384 -childID 25 -isForBrowser -prefsHandle 11040 -prefMapHandle 11044 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7b89511-45c5-4aa1-b599-9bae8898eba3} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:6612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11044 -childID 26 -isForBrowser -prefsHandle 11192 -prefMapHandle 11200 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c496a58b-9fd2-4f84-bd7f-a535c32686fc} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:6692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11300 -childID 27 -isForBrowser -prefsHandle 11340 -prefMapHandle 11348 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25f00378-51ee-48a3-a98a-f7de81d3e824} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:6940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11660 -childID 28 -isForBrowser -prefsHandle 11576 -prefMapHandle 11584 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e15ea21-1aef-4614-b448-b8bf0b59d9e4} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:6996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11548 -childID 29 -isForBrowser -prefsHandle 11792 -prefMapHandle 11796 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29328cd6-bd3e-4737-98f0-117fa7a53360} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11976 -childID 30 -isForBrowser -prefsHandle 11984 -prefMapHandle 11988 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f28cd4c-9fee-480c-b91e-5dbf89e1a9e7} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12532 -childID 31 -isForBrowser -prefsHandle 12528 -prefMapHandle 12524 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9775cea8-b3d5-4081-a0e3-cedcfc5f68e5} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=12856 -childID 32 -isForBrowser -prefsHandle 12896 -prefMapHandle 12888 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ce855a1-905b-4623-aec5-62539a14006a} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13300 -childID 33 -isForBrowser -prefsHandle 13296 -prefMapHandle 12772 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d004633a-246e-4734-a02e-e411b4f50a11} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8804 -childID 34 -isForBrowser -prefsHandle 8236 -prefMapHandle 13136 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c098b5a-ff1e-425e-9e3d-2ccc32158a47} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13392 -childID 35 -isForBrowser -prefsHandle 13540 -prefMapHandle 13604 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f2b496-5f15-4206-978d-7e60dcc39057} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7804
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13720 -childID 36 -isForBrowser -prefsHandle 13772 -prefMapHandle 13664 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90dff2cd-aa3e-4f21-bc37-0231cc4062aa} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13896 -childID 37 -isForBrowser -prefsHandle 13476 -prefMapHandle 13948 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83ae74a5-59a5-43dc-b3e0-6a8dec488df9} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14148 -childID 38 -isForBrowser -prefsHandle 13692 -prefMapHandle 13664 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {812e5779-b050-4232-bec2-27c71ed888a9} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14304 -childID 39 -isForBrowser -prefsHandle 14312 -prefMapHandle 14316 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d05b6490-0308-4824-a3fc-39ab35c25441} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:7840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 40 -isForBrowser -prefsHandle 5644 -prefMapHandle 5604 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c338e874-733d-4fb2-ac07-441e34c658e8} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14736 -childID 41 -isForBrowser -prefsHandle 14348 -prefMapHandle 14740 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84010efa-f8a0-4fcd-b04f-c9bcad2872da} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14556 -childID 42 -isForBrowser -prefsHandle 5780 -prefMapHandle 5600 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbf1ae76-98cf-4457-b0b2-659d269d07a8} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6148 -childID 43 -isForBrowser -prefsHandle 12664 -prefMapHandle 6000 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f02ff36-6c5c-4c7b-9068-4690cc48175f} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=13268 -childID 44 -isForBrowser -prefsHandle 12672 -prefMapHandle 13168 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4f24cde-4919-4db0-b4b5-727dfb286d6a} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14876 -childID 45 -isForBrowser -prefsHandle 14860 -prefMapHandle 14864 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e87cb905-fa9f-464c-bd7b-07b890daa8c5} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14840 -childID 46 -isForBrowser -prefsHandle 15056 -prefMapHandle 15060 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07d6b7e1-0dfb-4389-9068-e4e44f6eb845} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15352 -childID 47 -isForBrowser -prefsHandle 15264 -prefMapHandle 15272 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e6c2b71-ed0a-46ca-92c6-a93e3175a771} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15568 -childID 48 -isForBrowser -prefsHandle 15560 -prefMapHandle 15556 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6e68628-266c-4092-8e2a-2bad2c68c03a} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15528 -childID 49 -isForBrowser -prefsHandle 15536 -prefMapHandle 15540 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2865966-65f0-43d0-8459-7c14241d27dd} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15316 -childID 50 -isForBrowser -prefsHandle 15864 -prefMapHandle 15872 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3500aa77-02db-40ec-bf9c-10b416ae7395} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16172 -childID 51 -isForBrowser -prefsHandle 16180 -prefMapHandle 16084 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {160685f5-226d-4c09-ad9b-2005449d9ef9} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:9592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=15132 -childID 52 -isForBrowser -prefsHandle 16296 -prefMapHandle 16300 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bdae874-2269-498c-aa5d-24260f32f66f} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:9660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16352 -childID 53 -isForBrowser -prefsHandle 16396 -prefMapHandle 15292 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83027ffa-2c71-45f1-9c99-04805c460a06} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:10032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16588 -childID 54 -isForBrowser -prefsHandle 16492 -prefMapHandle 16496 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a1103b3-c4cb-444e-81f7-bd48c19f3185} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:10092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=16852 -childID 55 -isForBrowser -prefsHandle 16844 -prefMapHandle 16840 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {53f42bb8-fa34-4347-a055-193fc02b851f} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14804 -childID 56 -isForBrowser -prefsHandle 14820 -prefMapHandle 16972 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {230b4aac-510a-451a-9628-e67d98bbca5b} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17288 -childID 57 -isForBrowser -prefsHandle 17296 -prefMapHandle 16880 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {995d728e-1cb1-4509-b728-0a1e476e0cd4} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:4956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17040 -childID 58 -isForBrowser -prefsHandle 17528 -prefMapHandle 17472 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f4cb96c-154a-40a6-8738-2c07f5255d81} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17024 -childID 60 -isForBrowser -prefsHandle 16728 -prefMapHandle 17476 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {860156a8-b66b-4a31-923d-099a59a308ec} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:8676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14796 -childID 61 -isForBrowser -prefsHandle 17024 -prefMapHandle 16564 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10510e96-764b-48be-a9cd-1e25a7331572} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:2980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7960 -childID 62 -isForBrowser -prefsHandle 15292 -prefMapHandle 17040 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {186af307-6186-4c6f-97bd-96363c3a466f} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=14804 -childID 63 -isForBrowser -prefsHandle 16176 -prefMapHandle 17036 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6fd280f8-2cb5-4733-92bd-f5a662d238f4} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:10708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17636 -childID 64 -isForBrowser -prefsHandle 16148 -prefMapHandle 16164 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03a2e904-0958-45c0-a2bd-2f4266311c9d} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:10724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=17028 -childID 65 -isForBrowser -prefsHandle 16652 -prefMapHandle 16656 -prefsLen 28379 -prefMapSize 244658 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acc90418-9e9c-4bec-9ff9-7424b2a42ef1} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:10744

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd" "
1⤵
PID:1928
- C:\Windows\System32\sc.exe
  sc query Null
  2⤵
  - Launches sc.exe
  PID:5644
- C:\Windows\System32\find.exe
  find /i "RUNNING"
  2⤵
  PID:2764
- C:\Windows\System32\findstr.exe
  findstr /v "$" "MAS_AIO.cmd"
  2⤵
  PID:5564
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c ver
  2⤵
  PID:5728
- C:\Windows\System32\reg.exe
  reg query "HKCU\Console" /v ForceV2
  2⤵
  PID:3208
- C:\Windows\System32\find.exe
  find /i "0x0"
  2⤵
  PID:2384
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
  2⤵
  PID:2744
- C:\Windows\System32\find.exe
  find /i "ARM64"
  2⤵
  PID:5832
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
  2⤵
  PID:5872
- - C:\Windows\System32\cmd.exe
    C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
    3⤵
    PID:5968
- - C:\Windows\System32\cmd.exe
    cmd
    3⤵
    PID:3940
- C:\Windows\System32\cmd.exe
  C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd" "
  2⤵
  PID:3800
- C:\Windows\System32\find.exe
  find /i "C:\Users\Admin\AppData\Local\Temp"
  2⤵
  PID:5980
- C:\Windows\System32\cmd.exe
  cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd') -split ':PStest:\s*';iex ($f[1])""
  2⤵
  PID:2692
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd') -split ':PStest:\s*';iex ($f[1])"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2800
- C:\Windows\System32\find.exe
  find /i "FullLanguage"
  2⤵
  PID:1228
- C:\Windows\System32\fltMC.exe
  fltmc
  2⤵
  PID:64
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3444
- C:\Windows\System32\find.exe
  find /i "True"
  2⤵
  PID:1100
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe "$t=[AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); $t.DefinePInvokeMethod('GetStdHandle', 'kernel32.dll', 22, 1, [IntPtr], @([Int32]), 1, 3).SetImplementationFlags(128); $t.DefinePInvokeMethod('SetConsoleMode', 'kernel32.dll', 22, 1, [Boolean], @([IntPtr], [Int32]), 1, 3).SetImplementationFlags(128); $k=$t.CreateType(); $b=$k::SetConsoleMode($k::GetStdHandle(-10), 0x0080); & cmd.exe '/c' '"""C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd""" -el -qedit'"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1060
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c ""C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd" -el -qedit"
    3⤵
    PID:5248
  - - C:\Windows\System32\sc.exe
      sc query Null
      4⤵
      Launches sc.exe
      PID:936
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:3960
  - - C:\Windows\System32\findstr.exe
      findstr /v "$" "MAS_AIO.cmd"
      4⤵
      PID:5560
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
      4⤵
      PID:5720
  - - C:\Windows\System32\find.exe
      find /i "/"
      4⤵
      PID:5712
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c ver
      4⤵
      PID:4344
  - - C:\Windows\System32\reg.exe
      reg query "HKCU\Console" /v ForceV2
      4⤵
      PID:4836
  - - C:\Windows\System32\find.exe
      find /i "0x0"
      4⤵
      PID:2384
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "AMD64 " "
      4⤵
      PID:5864
  - - C:\Windows\System32\find.exe
      find /i "ARM64"
      4⤵
      PID:5832
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c echo prompt $E | cmd
      4⤵
      PID:5968
    - - C:\Windows\System32\cmd.exe
        
        C:\Windows\System32\cmd.exe /S /D /c" echo prompt $E "
        5⤵
        
        PID:3940
    - - C:\Windows\System32\cmd.exe
        
        cmd
        5⤵
        
        PID:5872
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd" "
      4⤵
      PID:4772
  - - C:\Windows\System32\find.exe
      find /i "C:\Users\Admin\AppData\Local\Temp"
      4⤵
      PID:3800
  - - C:\Windows\System32\cmd.exe
      cmd /c "powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd') -split ':PStest:\s*';iex ($f[1])""
      4⤵
      PID:3144
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd') -split ':PStest:\s*';iex ($f[1])"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5128
  - - C:\Windows\System32\find.exe
      find /i "FullLanguage"
      4⤵
      PID:4516
  - - C:\Windows\System32\fltMC.exe
      fltmc
      4⤵
      PID:2252
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('GetConsoleWindow', 'kernel32.dll', 22, 1, [IntPtr], @(), 1, 3).SetImplementationFlags(128); [void]$TB.DefinePInvokeMethod('SendMessageW', 'user32.dll', 22, 1, [IntPtr], @([IntPtr], [UInt32], [IntPtr], [IntPtr]), 1, 3).SetImplementationFlags(128); $hIcon = $TB.CreateType(); $hWnd = $hIcon::GetConsoleWindow(); echo $($hIcon::SendMessageW($hWnd, 127, 0, 0) -ne [IntPtr]::Zero);"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:64
  - - C:\Windows\System32\find.exe
      find /i "True"
      4⤵
      PID:5300
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c ping -4 -n 1 updatecheck.massgrave.dev
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:3708
    - - C:\Windows\System32\PING.EXE
        
        ping -4 -n 1 updatecheck.massgrave.dev
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:5440
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.9" "
      4⤵
      PID:5680
  - - C:\Windows\System32\find.exe
      find "127.69"
      4⤵
      PID:3960
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "127.69.2.9" "
      4⤵
      PID:3064
  - - C:\Windows\System32\find.exe
      find "127.69.2.9"
      4⤵
      PID:3532
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
      4⤵
      PID:5712
  - - C:\Windows\System32\find.exe
      find /i "/S"
      4⤵
      PID:1816
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "-el -qedit" "
      4⤵
      PID:5764
  - - C:\Windows\System32\find.exe
      find /i "/"
      4⤵
      PID:4836
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
      4⤵
      PID:1336
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders" /v Desktop
        5⤵
        
        PID:5832
  - - C:\Windows\System32\mode.com
      mode 76, 33
      4⤵
      PID:2396
  - - C:\Windows\System32\choice.exe
      choice /C:123456789H0 /N
      4⤵
      PID:5696
  - - C:\Windows\System32\mode.com
      mode 110, 34
      4⤵
      PID:6112
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
      4⤵
      PID:5184
  - - C:\Windows\System32\find.exe
      find /i "AutoPico"
      4⤵
      PID:6080
  - - C:\Windows\System32\find.exe
      find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:6088
  - - C:\Windows\System32\find.exe
      find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:4248
  - - C:\Windows\System32\find.exe
      find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:2112
  - - C:\Windows\System32\find.exe
      find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:3144
  - - C:\Windows\System32\sc.exe
      sc start sppsvc
      4⤵
      Launches sc.exe
      PID:1728
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
      4⤵
      PID:5128
  - - C:\Windows\System32\findstr.exe
      findstr "577 225"
      4⤵
      PID:5336
  - - C:\Windows\System32\cmd.exe
      cmd /c "wmic path Win32_ComputerSystem get CreationClassName /value"
      4⤵
      PID:3444
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path Win32_ComputerSystem get CreationClassName /value
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:4488
  - - C:\Windows\System32\find.exe
      find /i "computersystem"
      4⤵
      PID:4436
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku"
      4⤵
      PID:5620
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); [void]$TypeBuilder.DefinePInvokeMethod('SLGetWindowsInformationDWORD', 'slc.dll', 'Public, Static', 1, [int], @([String], [int].MakeByRefType()), 1, 3); $Sku = 0; [void]$TypeBuilder.CreateType()::SLGetWindowsInformationDWORD('Kernel-BrandingInfo', [ref]$Sku); $Sku
        5⤵
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2552
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn 2>nul
      4⤵
      PID:2744
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SYSTEM\CurrentControlSet\Control\ProductOptions" /v OSProductPfn
        5⤵
        
        PID:1948
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c "wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST" 2>nul
      4⤵
      PID:5860
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic Path Win32_OperatingSystem Get OperatingSystemSKU /format:LIST
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:5864
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd') -split ':winsubstatus\:.*';iex ($f[1])"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:6096
  - - C:\Windows\System32\find.exe
      find /i "Subscription_is_activated"
      4⤵
      PID:3208
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
      4⤵
      PID:5184
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:5204
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 10 Pro" "
      4⤵
      PID:1520
  - - C:\Windows\System32\find.exe
      find /i "Windows"
      4⤵
      PID:5304
  - - C:\Windows\System32\sc.exe
      sc start sppsvc
      4⤵
      Launches sc.exe
      PID:5816
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$job = Start-Job { (Get-WmiObject -Query 'SELECT * FROM SoftwareLicensingService').Version }; if (-not (Wait-Job $job -Timeout 30)) {write-host 'sppsvc is not working correctly. Help - https://massgrave.dev/troubleshoot'}"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5760
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:4408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
      4⤵
      PID:2536
  - - C:\Windows\System32\findstr.exe
      findstr /i "Windows"
      4⤵
      PID:5200
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
      4⤵
      PID:2136
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment" /v PROCESSOR_ARCHITECTURE
        5⤵
        
        PID:2140
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c ver
      4⤵
      PID:3492
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c ping -n 1 l.root-servers.net
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:2116
    - - C:\Windows\System32\PING.EXE
        
        ping -n 1 l.root-servers.net
        5⤵
        System Network Configuration Discovery: Internet Connection Discovery
        Runs ping.exe
        
        PID:5204
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\taskcache\tasks" /f Path /s
      4⤵
      PID:3444
  - - C:\Windows\System32\find.exe
      find /i "AutoPico"
      4⤵
      PID:5208
  - - C:\Windows\System32\find.exe
      find /i "avira.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:5644
  - - C:\Windows\System32\find.exe
      find /i "kaspersky.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:3664
  - - C:\Windows\System32\find.exe
      find /i "virustotal.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:3960
  - - C:\Windows\System32\find.exe
      find /i "mcafee.com" C:\Windows\System32\drivers\etc\hosts
      4⤵
      PID:3056
  - - C:\Windows\System32\sc.exe
      sc start sppsvc
      4⤵
      Launches sc.exe
      PID:1112
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "1056" "
      4⤵
      PID:428
  - - C:\Windows\System32\findstr.exe
      findstr "577 225"
      4⤵
      PID:408
  - - C:\Windows\System32\sc.exe
      sc query Null
      4⤵
      Launches sc.exe
      PID:2556
  - - C:\Windows\System32\sc.exe
      sc start ClipSVC
      4⤵
      Launches sc.exe
      PID:4228
  - - C:\Windows\System32\sc.exe
      sc query ClipSVC
      4⤵
      Launches sc.exe
      PID:6112
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DependOnService
      4⤵
      Modifies registry key
      PID:4256
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Description
      4⤵
      Modifies registry key
      PID:5860
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v DisplayName
      4⤵
      Modifies registry key
      PID:2016
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ErrorControl
      4⤵
      Modifies registry key
      PID:5968
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ImagePath
      4⤵
      Modifies registry key
      PID:1496
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v ObjectName
      4⤵
      Modifies registry key
      PID:5688
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Start
      4⤵
      Modifies registry key
      PID:884
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\ClipSVC /v Type
      4⤵
      Modifies registry key
      PID:1900
  - - C:\Windows\System32\sc.exe
      sc start wlidsvc
      4⤵
      Launches sc.exe
      PID:3532
  - - C:\Windows\System32\sc.exe
      sc query wlidsvc
      4⤵
      Launches sc.exe
      PID:396
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DependOnService
      4⤵
      Modifies registry key
      PID:5828
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Description
      4⤵
      Modifies registry key
      PID:3708
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v DisplayName
      4⤵
      Modifies registry key
      PID:4728
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ErrorControl
      4⤵
      Modifies registry key
      PID:448
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ImagePath
      4⤵
      Modifies registry key
      PID:2752
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v ObjectName
      4⤵
      Modifies registry key
      PID:1180
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Start
      4⤵
      Modifies registry key
      PID:4132
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\wlidsvc /v Type
      4⤵
      Modifies registry key
      PID:1428
  - - C:\Windows\System32\sc.exe
      sc start sppsvc
      4⤵
      Launches sc.exe
      PID:1036
  - - C:\Windows\System32\sc.exe
      sc query sppsvc
      4⤵
      Launches sc.exe
      PID:2600
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DependOnService
      4⤵
      Modifies registry key
      PID:1096
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Description
      4⤵
      Modifies registry key
      PID:5276
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v DisplayName
      4⤵
      Modifies registry key
      PID:4500
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ErrorControl
      4⤵
      Modifies registry key
      PID:6096
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ImagePath
      4⤵
      Modifies registry key
      PID:6080
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v ObjectName
      4⤵
      Modifies registry key
      PID:1628
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Start
      4⤵
      Modifies registry key
      PID:4516
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\sppsvc /v Type
      4⤵
      Modifies registry key
      PID:4248
  - - C:\Windows\System32\sc.exe
      sc start KeyIso
      4⤵
      Launches sc.exe
      PID:4072
  - - C:\Windows\System32\sc.exe
      sc query KeyIso
      4⤵
      Launches sc.exe
      PID:3492
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DependOnService
      4⤵
      Modifies registry key
      PID:3116
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Description
      4⤵
      Modifies registry key
      PID:5204
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v DisplayName
      4⤵
      Modifies registry key
      PID:5304
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ErrorControl
      4⤵
      Modifies registry key
      PID:3444
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ImagePath
      4⤵
      Modifies registry key
      PID:2764
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v ObjectName
      4⤵
      Modifies registry key
      PID:4344
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Start
      4⤵
      Modifies registry key
      PID:1612
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\KeyIso /v Type
      4⤵
      Modifies registry key
      PID:2552
  - - C:\Windows\System32\sc.exe
      sc start LicenseManager
      4⤵
      Launches sc.exe
      PID:1936
  - - C:\Windows\System32\sc.exe
      sc query LicenseManager
      4⤵
      Launches sc.exe
      PID:1948
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DependOnService
      4⤵
      Modifies registry key
      PID:2744
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Description
      4⤵
      Modifies registry key
      PID:408
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v DisplayName
      4⤵
      Modifies registry key
      PID:6120
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ErrorControl
      4⤵
      Modifies registry key
      PID:1340
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ImagePath
      4⤵
      Modifies registry key
      PID:1384
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v ObjectName
      4⤵
      Modifies registry key
      PID:5832
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Start
      4⤵
      Modifies registry key
      PID:6028
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\LicenseManager /v Type
      4⤵
      Modifies registry key
      PID:764
  - - C:\Windows\System32\sc.exe
      sc start Winmgmt
      4⤵
      Launches sc.exe
      PID:1336
  - - C:\Windows\System32\sc.exe
      sc query Winmgmt
      4⤵
      Launches sc.exe
      PID:1496
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DependOnService
      4⤵
      Modifies registry key
      PID:4408
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Description
      4⤵
      Modifies registry key
      PID:5840
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v DisplayName
      4⤵
      Modifies registry key
      PID:5712
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ErrorControl
      4⤵
      Modifies registry key
      PID:3532
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ImagePath
      4⤵
      Modifies registry key
      PID:5728
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v ObjectName
      4⤵
      Modifies registry key
      PID:4668
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Start
      4⤵
      Modifies registry key
      PID:3708
  - - C:\Windows\System32\reg.exe
      reg query HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt /v Type
      4⤵
      Modifies registry key
      PID:4728
  - - C:\Windows\System32\sc.exe
      sc start ClipSVC
      4⤵
      Launches sc.exe
      PID:448
  - - C:\Windows\System32\sc.exe
      sc start wlidsvc
      4⤵
      Launches sc.exe
      PID:4460
  - - C:\Windows\System32\sc.exe
      sc start sppsvc
      4⤵
      Launches sc.exe
      PID:3008
  - - C:\Windows\System32\sc.exe
      sc start KeyIso
      4⤵
      Launches sc.exe
      PID:5108
  - - C:\Windows\System32\sc.exe
      sc start LicenseManager
      4⤵
      Launches sc.exe
      PID:4132
  - - C:\Windows\System32\sc.exe
      sc start Winmgmt
      4⤵
      Launches sc.exe
      PID:1880
  - - C:\Windows\System32\sc.exe
      sc query ClipSVC
      4⤵
      Launches sc.exe
      PID:1036
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:4684
  - - C:\Windows\System32\sc.exe
      sc start ClipSVC
      4⤵
      Launches sc.exe
      PID:1108
  - - C:\Windows\System32\sc.exe
      sc query wlidsvc
      4⤵
      Launches sc.exe
      PID:5276
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:5136
  - - C:\Windows\System32\sc.exe
      sc start wlidsvc
      4⤵
      Launches sc.exe
      PID:6096
  - - C:\Windows\System32\sc.exe
      sc query sppsvc
      4⤵
      Launches sc.exe
      PID:3208
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:1096
  - - C:\Windows\System32\sc.exe
      sc start sppsvc
      4⤵
      Launches sc.exe
      PID:5732
  - - C:\Windows\System32\sc.exe
      sc query KeyIso
      4⤵
      Launches sc.exe
      PID:4516
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:2136
  - - C:\Windows\System32\sc.exe
      sc start KeyIso
      4⤵
      Launches sc.exe
      PID:4072
  - - C:\Windows\System32\sc.exe
      sc query LicenseManager
      4⤵
      Launches sc.exe
      PID:3492
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:4252
  - - C:\Windows\System32\sc.exe
      sc start LicenseManager
      4⤵
      Launches sc.exe
      PID:5204
  - - C:\Windows\System32\sc.exe
      sc query Winmgmt
      4⤵
      Launches sc.exe
      PID:5304
  - - C:\Windows\System32\find.exe
      find /i "RUNNING"
      4⤵
      PID:4436
  - - C:\Windows\System32\sc.exe
      sc start Winmgmt
      4⤵
      Launches sc.exe
      PID:5560
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
      4⤵
      PID:3664
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\State" /v ImageState
        5⤵
        
        PID:3960
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinPE" /v InstRoot
      4⤵
      PID:3056
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd') -split ':wpatest\:.*';iex ($f[1])" 2>nul
      4⤵
      PID:1112
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "$f=[io.file]::ReadAllText('C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master\MAS\All-In-One-Version-KL\MAS_AIO.cmd') -split ':wpatest\:.*';iex ($f[1])"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        
        PID:1948
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "7" "
      4⤵
      PID:2496
  - - C:\Windows\System32\find.exe
      find /i "Error Found"
      4⤵
      PID:5864
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE" 2>nul
      4⤵
      PID:5688
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND LicenseDependsOn is NULL AND PartialProductKey IS NOT NULL) get LicenseFamily /VALUE
        5⤵
        
        PID:884
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "try { $null=([WMISEARCHER]'SELECT * FROM SoftwareLicensingService').Get().Version; exit 0 } catch { exit $_.Exception.InnerException.HResult }"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5676
  - - C:\Windows\System32\cmd.exe
      cmd /c exit /b 0
      4⤵
      PID:3252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path Win32_ComputerSystem get CreationClassName /value
      4⤵
      PID:3140
  - - C:\Windows\System32\find.exe
      find /i "computersystem"
      4⤵
      PID:920
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "0" "
      4⤵
      PID:3244
  - - C:\Windows\System32\findstr.exe
      findstr /i "0x800410 0x800440 0x80131501"
      4⤵
      PID:624
  - - C:\Windows\System32\reg.exe
      reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedTSReArmed"
      4⤵
      PID:2536
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ClipSVC\Volatile\PersistedSystemState"
      4⤵
      PID:2440
  - - C:\Windows\System32\reg.exe
      reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
      4⤵
      PID:1456
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe"
      4⤵
      PID:5732
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe"
      4⤵
      PID:4516
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sppsvc.exe\PerfOptions"
      4⤵
      PID:1624
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm" 2>nul
      4⤵
      PID:3116
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "SkipRearm"
        5⤵
        
        PID:3400
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Plugins\Objects\msft:rm/algorithm/hwid/4.0" /f ba02fed39662 /d
      4⤵
      PID:1500
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore 2>nul
      4⤵
      PID:3444
    - - C:\Windows\System32\reg.exe
        
        reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v TokenStore
        5⤵
        
        PID:5556
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE" 2>nul
      4⤵
      PID:5560
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' and PartialProductKey is not null) get ID /VALUE
        5⤵
        
        PID:2488
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State" 2>nul
      4⤵
      PID:2552
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe "(Get-ScheduledTask -TaskName 'SvcRestartTask' -TaskPath '\Microsoft\Windows\SoftwareProtectionPlatform\').State"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2032
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "
      4⤵
      PID:5872
  - - C:\Windows\System32\find.exe
      find /i "Ready"
      4⤵
      PID:1496
  - - C:\Windows\System32\reg.exe
      reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" /v "actionlist" /f
      4⤵
      PID:764
  - - C:\Windows\System32\reg.exe
      reg query "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask"
      4⤵
      PID:2236
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$acl = (Get-Acl 'C:\Windows\System32\spp\store\2.0' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow FullControl') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:884
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$acl = (Get-Acl 'HKLM:\SYSTEM\WPA' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow QueryValues, EnumerateSubKeys, WriteKey') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1792
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$acl = (Get-Acl 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform' | fl | Out-String); if (-not ($acl -match 'NT SERVICE\\sppsvc Allow SetValue') -or ($acl -match 'NT SERVICE\\sppsvc Deny')) {Exit 2}"
      4⤵
      Command and Scripting Interpreter: PowerShell
      Suspicious behavior: EnumeratesProcesses
      PID:6080
  - - C:\Windows\System32\reg.exe
      reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion"
      4⤵
      PID:3116
  - - C:\Windows\System32\reg.exe
      reg query "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies"
      4⤵
      PID:1500
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "$netServ = (New-Object Security.Principal.SecurityIdentifier('S-1-5-20')).Translate([Security.Principal.NTAccount]).Value; $aclString = Get-Acl 'Registry::HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\Policies' | Format-List | Out-String; if (-not ($aclString.Contains($netServ + ' Allow FullControl') -or $aclString.Contains('NT SERVICE\sppsvc Allow FullControl')) -or ($aclString.Contains('Deny'))) {Exit 3}"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5644
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c "wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE" 2>nul
      4⤵
      PID:4836
    - - C:\Windows\System32\Wbem\WMIC.exe
        
        wmic path SoftwareLicensingProduct where (ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f') get ID /VALUE
        5⤵
        
        PID:2704
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "040fa323-92b1-4baf-97a2-5b67feaefddb 0724cb7d-3437-4cb7-93cb-830375d0079d 0ad2ac98-7bb9-4201-8d92-312299201369 1a9a717a-cf13-4ba5-83c3-0fe25fa868d5 221a02da-e2a1-4b75-864c-0a4410a33fdf 291ece0e-9c38-40ca-a9e1-32cc7ec19507 2936d1d2-913a-4542-b54e-ce5a602a2a38 2c293c26-a45a-4a2a-a350-c69a67097529 2de67392-b7a7-462a-b1ca-108dd189f588 2ffd8952-423e-4903-b993-72a1aa44cf82 30a42c86-b7a0-4a34-8c90-ff177cb2acb7 345a5db0-d94f-4e3b-a0c0-7c42f7bc3ebf 3502365a-f88a-4ba4-822a-5769d3073b65 377333b1-8b5d-48d6-9679-1225c872d37c 3df374ef-d444-4494-a5a1-4b0d9fd0e203 3f1afc82-f8ac-4f6c-8005-1d233e606eee 49cd895b-53b2-4dc4-a5f7-b18aa019ad37 4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c 4f3da0d2-271d-4508-ae81-626b60809a38 60b3ec1b-9545-4921-821f-311b129dd6f6 613d217f-7f13-4268-9907-1662339531cd 62f0c100-9c53-4e02-b886-a3528ddfe7f6 6365275e-368d-46ca-a0ef-fc0404119333 721f9237-9341-4453-a661-09e8baa6cca5 73111121-5638-40f6-bc11-f1d7b0d64300 7a802526-4c94-4bd1-ba14-835a1aca2120 7cb546c0-c7d5-44d8-9a5c-69ecdd782b69 82bbc092-bc50-4e16-8e18-b74fc486aec3 8ab9bdd1-1f67-4997-82d9-8878520837d9 8b351c9c-f398-4515-9900-09df49427262 90da7373-1c51-430b-bf26-c97e9c5cdc31 95dca82f-385d-4d39-b85b-5c73fa285d6f a48938aa-62fa-4966-9d44-9f04da3f72f2 b0773a15-df3a-4312-9ad2-83d69648e356 b4bfe195-541e-4e64-ad23-6177f19e395e b68e61d2-68ca-4757-be45-0cc2f3e68eee bd3762d7-270d-4760-8fb3-d829ca45278a c86d5194-4840-4dae-9c1c-0301003a5ab0 d552befb-48cc-4327-8f39-47d2d94f987c d6eadb3b-5ca8-4a6b-986e-35b550756111 df96023b-dcd9-4be2-afa0-c6c871159ebe e0c42288-980c-4788-a014-c080d2e1926e e4db50ea-bda1-4566-b047-0ca50abc6f07 e558417a-5123-4f6f-91e7-385c1c7ca9d4 e7a950a2-e548-4f10-bf16-02ec848e0643 eb6d346f-1c60-4643-b960-40ec31596c45 ec868e65-fadf-4759-b23e-93fe37f2cc29 ef51e000-2659-4f25-8345-3de70a9cf4c4 f7af7d09-40e4-419c-a49b-eae366689ebd fa755fe6-6739-40b9-8d84-6d0ea3b6d1ab fe74f55b-0338-41d6-b267-4a201abe7285 " "
      4⤵
      PID:4228
  - - C:\Windows\System32\find.exe
      find /i "4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c"
      4⤵
      PID:408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call InstallProductKey ProductKey="VK7JG-NPHTM-C97JM-9MPGT-3V66T"
      4⤵
      PID:1112
  - - C:\Windows\System32\cmd.exe
      cmd /c exit /b 0
      4⤵
      PID:180
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path SoftwareLicensingService where __CLASS='SoftwareLicensingService' call RefreshLicenseStatus
      4⤵
      PID:1496
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Name 2>nul
      4⤵
      PID:3668
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Control Panel\International\Geo" /v Name
        5⤵
        
        PID:5828
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c reg query "HKCU\Control Panel\International\Geo" /v Nation 2>nul
      4⤵
      PID:3008
    - - C:\Windows\System32\reg.exe
        
        reg query "HKCU\Control Panel\International\Geo" /v Nation
        5⤵
        
        PID:4272
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
      4⤵
      PID:4056
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe [convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes("""OSMajorVersion=5;OSMinorVersion=1;OSPlatformId=2;PP=0;Pfn=Microsoft.Windows.48.X19-98841_8wekyb3d8bbwe;PKeyIID=465145217131314304264339481117862266242033457260311819664735280;$([char]0)"""))
        5⤵
        
        PID:836
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "TwBTAE0AYQBqAG8AcgBWAGUAcgBzAGkAbwBuAD0ANQA7AE8AUwBNAGkAbgBvAHIAVgBlAHIAcwBpAG8AbgA9ADEAOwBPAFMAUABsAGEAdABmAG8AcgBtAEkAZAA9ADIAOwBQAFAAPQAwADsAUABmAG4APQBNAGkAYwByAG8AcwBvAGYAdAAuAFcAaQBuAGQAbwB3AHMALgA0ADgALgBYADEAOQAtADkAOAA4ADQAMQBfADgAdwBlAGsAeQBiADMAZAA4AGIAYgB3AGUAOwBQAEsAZQB5AEkASQBEAD0ANAA2ADUAMQA0ADUAMgAxADcAMQAzADEAMwAxADQAMwAwADQAMgA2ADQAMwAzADkANAA4ADEAMQAxADcAOAA2ADIAMgA2ADYAMgA0ADIAMAAzADMANAA1ADcAMgA2ADAAMwAxADEAOAAxADkANgA2ADQANwAzADUAMgA4ADAAOwAAAA==" "
      4⤵
      PID:3252
  - - C:\Windows\System32\find.exe
      find "AAAA"
      4⤵
      PID:2600
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "Start-Job { Restart-Service ClipSVC } | Wait-Job -Timeout 20 | Out-Null"
      4⤵
      PID:1520
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:4488
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:3116
  - - C:\Windows\System32\ClipUp.exe
      clipup -v -o
      4⤵
      PID:5680
    - - C:\Windows\System32\clipup.exe
        
        clipup -v -o -ppl C:\Users\Admin\AppData\Local\Temp\temACF0.tmp
        5⤵
        Checks SCSI registry key(s)
        
        PID:3632
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:4272
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /c "powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')"
      4⤵
      PID:1352
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell.exe $AssemblyBuilder = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1); $ModuleBuilder = $AssemblyBuilder.DefineDynamicModule(2, $False); $TypeBuilder = $ModuleBuilder.DefineType(0); $meth = $TypeBuilder.DefinePInvokeMethod('BrandingFormatString', 'winbrand.dll', 'Public, Static', 1, [String], @([String]), 1, 3); $meth.SetImplementationFlags(128); $TypeBuilder.CreateType()::BrandingFormatString('%WINDOWS_LONG%')
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:1308
  - - C:\Windows\System32\cmd.exe
      C:\Windows\System32\cmd.exe /S /D /c" echo "Windows 10 Pro" "
      4⤵
      PID:1628
  - - C:\Windows\System32\find.exe
      find /i "Windows"
      4⤵
      PID:4232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path SoftwareLicensingProduct where "ApplicationID='55c92734-d682-4d71-983e-d6ec3f16059f' AND PartialProductKey IS NOT NULL AND LicenseDependsOn is NULL" call Activate
      4⤵
      PID:5600
  - - C:\Windows\System32\cmd.exe
      cmd /c exit /b 0
      4⤵
      PID:4836
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic path SoftwareLicensingProduct where (LicenseStatus='1' and GracePeriodRemaining='0' and PartialProductKey is not NULL AND LicenseDependsOn is NULL) get Name /value
      4⤵
      PID:2736
  - - C:\Windows\System32\findstr.exe
      findstr /i "Windows"
      4⤵
      PID:5216
  - - C:\Windows\System32\reg.exe
      reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "State" /f
      4⤵
      PID:2640
  - - C:\Windows\System32\reg.exe
      reg delete "HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform\PersistedSystemState" /v "SuppressRulesEngine" /f
      4⤵
      PID:5696
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell.exe "Start-Job { Stop-Service sppsvc -force } | Wait-Job -Timeout 20 | Out-Null; $TB = [AppDomain]::CurrentDomain.DefineDynamicAssembly(4, 1).DefineDynamicModule(2, $False).DefineType(0); [void]$TB.DefinePInvokeMethod('SLpTriggerServiceWorker', 'sppc.dll', 22, 1, [Int32], @([UInt32], [IntPtr], [String], [UInt32]), 1, 3); [void]$TB.CreateType()::SLpTriggerServiceWorker(0, 0, 'reeval', 0)"
      4⤵
      PID:5744
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
        5⤵
        Command and Scripting Interpreter: PowerShell
        
        PID:5208
      - C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        6⤵
        
        PID:1520

C:\Windows\system32\Clipup.exe
"C:\Windows\system32\Clipup.exe" -o
1⤵
PID:3940
- C:\Windows\system32\Clipup.exe
  "C:\Windows\system32\Clipup.exe" -o -ppl C:\Windows\TEMP\temAC05.tmp
  2⤵
  - Checks SCSI registry key(s)
  PID:3056

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Modifies registry class
PID:764

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:10648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9afbecc40,0x7ff9afbecc4c,0x7ff9afbecc58
  2⤵
  PID:11056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2112,i,12666989030452739137,1932442288680731903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:9448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2012,i,12666989030452739137,1932442288680731903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,12666989030452739137,1932442288680731903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,12666989030452739137,1932442288680731903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:2604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3256,i,12666989030452739137,1932442288680731903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,12666989030452739137,1932442288680731903,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:5740

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4844

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:10116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5fa80c00h8d4eh4121h931ah1ea1a6365831
1⤵
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff99f6546f8,0x7ff99f654708,0x7ff99f654718
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,3399443882484133533,8201165382900228824,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:9900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,3399443882484133533,8201165382900228824,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  PID:10352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,3399443882484133533,8201165382900228824,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:10368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:10500
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:10696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 28214 -prefMapSize 245025 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3691761-538d-4804-a19f-f38d02e7f910} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" gpu
    3⤵
    PID:9364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240401114208 -prefsHandle 2296 -prefMapHandle 2292 -prefsLen 28214 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {514160d7-1728-448f-a730-da77cc1fba7d} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" socket
    3⤵
    PID:9756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3548 -childID 1 -isForBrowser -prefsHandle 3516 -prefMapHandle 3380 -prefsLen 28713 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c617bc60-74e9-44de-ae1a-4287d8150772} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:10292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3608 -childID 2 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 32913 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {969a9036-0636-4ea9-9466-8c9e398dd656} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:10872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4536 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4548 -prefMapHandle 4544 -prefsLen 33797 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25ddb26a-b0be-407b-86d1-fb1ab00d687e} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" utility
    3⤵
    - Checks processor information in registry
    PID:1080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -childID 3 -isForBrowser -prefsHandle 5044 -prefMapHandle 5040 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24f913d1-3cbc-4d9e-bb78-96029aac584f} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:8744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 4 -isForBrowser -prefsHandle 6016 -prefMapHandle 5908 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef8c7db8-9dc8-498a-95e9-0c0a498d6f5b} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:3228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 5 -isForBrowser -prefsHandle 6132 -prefMapHandle 5944 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ccd74d-2b93-4670-8f63-fc5c8cdfa540} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:9024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 6 -isForBrowser -prefsHandle 6336 -prefMapHandle 6344 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6269f5c4-3f81-41ac-ae1f-888e743fb9a9} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:9044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7024 -childID 7 -isForBrowser -prefsHandle 7016 -prefMapHandle 7012 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb6e288-891b-4520-898c-ad725093fef1} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:7868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7016 -childID 8 -isForBrowser -prefsHandle 7180 -prefMapHandle 7176 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {442e3193-e688-4fad-881b-16a076aebe0c} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:9068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7736 -childID 9 -isForBrowser -prefsHandle 7728 -prefMapHandle 7724 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {419d913b-865e-4490-8e4c-4fce835137d5} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7864 -childID 10 -isForBrowser -prefsHandle 7856 -prefMapHandle 7852 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89a0c783-f45a-4776-8bd9-9fbbbdf47d94} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:1632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7884 -childID 11 -isForBrowser -prefsHandle 7876 -prefMapHandle 7872 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdf9fbe7-99cd-49a4-be70-118aab52a719} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:2972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7904 -childID 12 -isForBrowser -prefsHandle 7896 -prefMapHandle 7892 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3773ad8e-18b9-491c-a69a-1d9bc600dcc6} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:3800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8576 -childID 13 -isForBrowser -prefsHandle 8608 -prefMapHandle 8604 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c676318d-1a24-4a27-9d0b-24ef857c0ca0} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:7140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8376 -childID 14 -isForBrowser -prefsHandle 8424 -prefMapHandle 8428 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {045ad73b-139a-475d-ae17-80127455661e} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:8132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8728 -childID 15 -isForBrowser -prefsHandle 8800 -prefMapHandle 8796 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e50f04b4-452b-4d7a-a16a-38a23b82d315} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:3492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8988 -childID 16 -isForBrowser -prefsHandle 8892 -prefMapHandle 8896 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82ab3183-a71f-48ee-9aaa-e33471ec8472} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:4448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8968 -childID 17 -isForBrowser -prefsHandle 9200 -prefMapHandle 8976 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af5ad197-9922-471d-9322-e91c8d16d63f} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:2064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9332 -childID 18 -isForBrowser -prefsHandle 9340 -prefMapHandle 9416 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25b2b5a9-3885-4757-b6b3-ed921e594be6} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:9452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9564 -childID 19 -isForBrowser -prefsHandle 9484 -prefMapHandle 9508 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c59ce490-b9c7-460a-924c-1d7e4ae49881} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:6580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9796 -childID 20 -isForBrowser -prefsHandle 9812 -prefMapHandle 9816 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf1a73f1-73c1-45db-9442-972fb9660c97} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9972 -childID 21 -isForBrowser -prefsHandle 9964 -prefMapHandle 9960 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af5dbcf8-6f9e-4460-bc57-ed04fe750388} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:9892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10160 -childID 22 -isForBrowser -prefsHandle 10152 -prefMapHandle 10148 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6af9b181-34f8-4b00-92e2-34176a17ed90} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10256 -childID 23 -isForBrowser -prefsHandle 10264 -prefMapHandle 10268 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e262899-6b0e-4e82-bfb9-7e3e8af7c97e} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:10368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10512 -childID 24 -isForBrowser -prefsHandle 10500 -prefMapHandle 10504 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70bb49a3-e894-4038-b973-c6bf0ef138b3} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:4760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9896 -childID 25 -isForBrowser -prefsHandle 10604 -prefMapHandle 10612 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a76d857f-b409-4c53-989c-ea9c45583828} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:8796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10748 -childID 26 -isForBrowser -prefsHandle 10804 -prefMapHandle 10808 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc443b0d-8699-44ac-b9c5-eaf4bde303af} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10688 -childID 27 -isForBrowser -prefsHandle 10684 -prefMapHandle 10780 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3858fdea-0fb8-414d-9095-7e1e87047f34} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:10440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9220 -childID 28 -isForBrowser -prefsHandle 10996 -prefMapHandle 10988 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b7e4208-009d-4a21-9438-3ba2951fe1ec} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:11176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11128 -childID 29 -isForBrowser -prefsHandle 11256 -prefMapHandle 11260 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3fcaac-bc5f-4810-a948-821a753a9b38} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:10480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10996 -childID 30 -isForBrowser -prefsHandle 11328 -prefMapHandle 11272 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b65997c-8ade-463d-beb7-00afddfb11f2} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:4892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8772 -parentBuildID 20240401114208 -prefsHandle 4004 -prefMapHandle 3584 -prefsLen 33851 -prefMapSize 245025 -appDir "C:\Program Files\Mozilla Firefox\browser" - {27402d4e-8403-4c47-b9a8-cce8083bdb22} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" rdd
    3⤵
    PID:6156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 33851 -prefMapSize 245025 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c687b1e-bbf6-43c4-8f18-94af684d552b} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" utility
    3⤵
    - Checks processor information in registry
    PID:6164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5332 -childID 31 -isForBrowser -prefsHandle 5340 -prefMapHandle 8888 -prefsLen 28123 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7449b4e9-6f6f-4aed-a9dd-1917129f4fbe} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:3068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10464 -childID 32 -isForBrowser -prefsHandle 10472 -prefMapHandle 10460 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d21b64ef-a1b9-4ad6-9277-4ecfbd869654} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:3108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10556 -childID 33 -isForBrowser -prefsHandle 7672 -prefMapHandle 10912 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6cc6c47-ed29-4ee2-b9a7-2e71f1ab713d} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9536 -childID 34 -isForBrowser -prefsHandle 9532 -prefMapHandle 8504 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b82e71f-601d-4324-be7a-4440bf22bcd6} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:3800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8340 -childID 35 -isForBrowser -prefsHandle 7896 -prefMapHandle 8408 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32e6acad-bd24-4f51-a360-54709fd7bee0} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:2608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11512 -childID 36 -isForBrowser -prefsHandle 7904 -prefMapHandle 11004 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1eceaaa5-42fa-4f7a-a842-fb82d82d1683} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:3568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7896 -childID 37 -isForBrowser -prefsHandle 8500 -prefMapHandle 5224 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8eafa71e-92f6-4a79-8dde-13d13e24daae} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:10120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11580 -childID 38 -isForBrowser -prefsHandle 11568 -prefMapHandle 11572 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41db67df-e1a2-4b1a-8173-bbc3b268ea9d} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11624 -childID 39 -isForBrowser -prefsHandle 10260 -prefMapHandle 9832 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f242c985-d622-44b8-be63-8efc2dbfb21c} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 40 -isForBrowser -prefsHandle 10680 -prefMapHandle 10520 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {811cb643-fedd-4fdf-825a-d24bf76623ed} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:10420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8208 -childID 41 -isForBrowser -prefsHandle 9224 -prefMapHandle 9304 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84739635-8c71-4fee-a939-d9093633159a} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11444 -childID 42 -isForBrowser -prefsHandle 8984 -prefMapHandle 8976 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a912cfb3-5d6d-4d52-9ee1-31ba34d70ffa} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:1516
- - C:\Users\Admin\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe
    "C:\Users\Admin\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\is-J1BQ1.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-J1BQ1.tmp\Greenshot-INSTALLER-1.2.10.6-RELEASE.tmp" /SL5="$50166,1293027,131584,C:\Users\Admin\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe"
      4⤵
      Adds Run key to start application
      Drops file in Program Files directory
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\is-6D0Q2.tmp\_isetup\_setup64.tmp
        
        helper 105 0x4E8
        5⤵
        Executes dropped EXE
        
        PID:4032
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\Greenshot.exe"
        5⤵
        
        PID:10800
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1e8 -InterruptEvent 0 -NGENProcess 1d8 -Pipe 1e4 -Comment "NGen Worker Process"
        6⤵
        
        PID:2980
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 29c -InterruptEvent 0 -NGENProcess 28c -Pipe 298 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:6428
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 27c -InterruptEvent 0 -NGENProcess 274 -Pipe 278 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4776
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 270 -InterruptEvent 0 -NGENProcess 27c -Pipe 2d0 -Comment "NGen Worker Process"
        6⤵
        Loads dropped DLL
        
        PID:8120
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 0 -NGENProcess 2dc -Pipe 2c0 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:10280
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2b8 -InterruptEvent 0 -NGENProcess 2ac -Pipe 2cc -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:8112
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e0 -InterruptEvent 0 -NGENProcess 2ac -Pipe 2bc -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4408
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2fc -InterruptEvent 0 -NGENProcess 2ec -Pipe 2f0 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:9648
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 314 -InterruptEvent 0 -NGENProcess 300 -Pipe 308 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:8404
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2c4 -InterruptEvent 0 -NGENProcess 2e0 -Pipe 300 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:5124
    - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe
        
        "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe" install "C:\Program Files\Greenshot\GreenshotPlugin.dll"
        5⤵
        
        PID:6816
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1e8 -InterruptEvent 0 -NGENProcess 1d8 -Pipe 1e4 -Comment "NGen Worker Process"
        6⤵
        
        PID:3004
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 26c -InterruptEvent 0 -NGENProcess 278 -Pipe 1e0 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:9868
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 28c -InterruptEvent 0 -NGENProcess 280 -Pipe 26c -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:5648
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 1e8 -InterruptEvent 0 -NGENProcess 270 -Pipe 284 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:1548
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2ac -InterruptEvent 0 -NGENProcess 270 -Pipe 280 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:1532
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 29c -Pipe 298 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:7660
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2a0 -InterruptEvent 0 -NGENProcess 2b4 -Pipe 288 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:1496
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2d0 -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2b4 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:7148
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2f8 -Pipe 2c4 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:4344
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 2e0 -Pipe 2dc -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        Loads dropped DLL
        
        PID:1012
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2f0 -InterruptEvent 0 -NGENProcess 1e8 -Pipe 2d4 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        
        PID:9528
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2e8 -InterruptEvent 0 -NGENProcess 2cc -Pipe 2f0 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        
        PID:4992
      - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
        
        C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -StartupEvent 2cc -InterruptEvent 0 -NGENProcess 2fc -Pipe 2e8 -Comment "NGen Worker Process"
        6⤵
        Drops file in Windows directory
        
        PID:756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://getgreenshot.org/thank-you/?language=en&version=1.2.10.6
        5⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:7048
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff99f6546f8,0x7ff99f654708,0x7ff99f654718
        6⤵
        
        PID:9656
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,9815250893276664792,15015097634883842490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1928 /prefetch:2
        6⤵
        
        PID:6900
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,9815250893276664792,15015097634883842490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2716 /prefetch:3
        6⤵
        
        PID:10608
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,9815250893276664792,15015097634883842490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
        6⤵
        
        PID:10760
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9815250893276664792,15015097634883842490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
        6⤵
        
        PID:1828
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9815250893276664792,15015097634883842490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        6⤵
        
        PID:892
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9815250893276664792,15015097634883842490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
        6⤵
        
        PID:9008
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,9815250893276664792,15015097634883842490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
        6⤵
        
        PID:8784
    - - C:\Program Files\Greenshot\Greenshot.exe
        
        "C:\Program Files\Greenshot\Greenshot.exe" /language en
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Suspicious behavior: GetForegroundWindowSpam
        
        PID:10332
      - C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe
        
        "C:\Program Files\Greenshot\Plugins\GreenshotOCRPlugin\greenshotocrcommand.exe" -c
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:8088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7984 -childID 43 -isForBrowser -prefsHandle 7164 -prefMapHandle 7224 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1384dfb3-6775-4871-8bc3-75e3687ea16a} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=11112 -childID 44 -isForBrowser -prefsHandle 4776 -prefMapHandle 5440 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cea38577-2b23-4c30-882f-ffaea2e2734a} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:8640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10804 -childID 45 -isForBrowser -prefsHandle 5504 -prefMapHandle 10128 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec403a77-7041-49de-ac5b-52e487da68a4} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:8216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10352 -childID 46 -isForBrowser -prefsHandle 7992 -prefMapHandle 9532 -prefsLen 28173 -prefMapSize 245025 -jsInitHandle 1076 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25815a09-594e-40b4-85ac-c1f7d6fcd59a} 10696 "\\.\pipe\gecko-crash-server-pipe.10696" tab
    3⤵
    PID:1956
- - C:\Users\Admin\Downloads\XSpammer-Windows-Installer.exe
    "C:\Users\Admin\Downloads\XSpammer-Windows-Installer.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - NTFS ADS
    PID:7480
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq XSpammer.exe" | %SYSTEMROOT%\System32\find.exe "XSpammer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:8156
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "USERNAME eq Admin" /FI "IMAGENAME eq XSpammer.exe"
        5⤵
        Enumerates processes with tasklist
        System Location Discovery: System Language Discovery
        
        PID:5960
    - - C:\Windows\SysWOW64\find.exe
        
        C:\Windows\System32\find.exe "XSpammer.exe"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:10120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5216

C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe
"C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:3776
- C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe
  "C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\xspammer" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1540 --field-trial-handle=1720,i,13281974491877302360,1618013051869672411,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:7000
- C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe
  "C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\xspammer" --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes=app --fetch-schemes=app --service-worker-schemes=app --streaming-schemes --mojo-platform-channel-handle=1936 --field-trial-handle=1720,i,13281974491877302360,1618013051869672411,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:8848
- C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe
  "C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\xspammer" --standard-schemes=app --secure-schemes=app --bypasscsp-schemes --cors-schemes=app --fetch-schemes=app --service-worker-schemes=app --streaming-schemes --app-path="C:\Users\Admin\AppData\Local\Programs\xspammer\resources\app.asar" --no-sandbox --no-zygote --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2592 --field-trial-handle=1720,i,13281974491877302360,1618013051869672411,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:9144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.com/api/oauth2/authorize?client_id=1331430683754762351&permissions=8&scope=bot
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:1352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff99f6546f8,0x7ff99f654708,0x7ff99f654718
    3⤵
    PID:7992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
    3⤵
    PID:7756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
    3⤵
    PID:3720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
    3⤵
    PID:7492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:7604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
    3⤵
    PID:4328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5040 /prefetch:8
    3⤵
    PID:8212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4476 /prefetch:8
    3⤵
    - Modifies registry class
    PID:948
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
    3⤵
    PID:9464
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
    3⤵
    PID:8428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5668 /prefetch:8
    3⤵
    PID:7364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2376 /prefetch:1
    3⤵
    PID:9772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
    3⤵
    PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:6744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10513941194538058187,4364733656147705233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4212 /prefetch:2
    3⤵
    PID:3200
- C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe
  "C:\Users\Admin\AppData\Local\Programs\xspammer\XSpammer.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\xspammer" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3532 --field-trial-handle=1720,i,13281974491877302360,1618013051869672411,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Executes dropped EXE
  PID:9692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Obfuscated Files or Information

T1027

Command Obfuscation

T1027.010

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Greenshot\unins000.exe

Filesize
1.1MB

MD5
d1a078992e232919ea834226aea627a8

SHA1
53f5af8c06721ef5b62f56037e3b57dc4b517eaf

SHA256
655da9c7f64ef8f0f48160c76b8dc5443aaba63e8c6b3534a266e9cd5a18489f

SHA512
e056370322e58725961c024d1f322d31066bffd8b8d77f80fc14d2b5861788ef00e5ebc3fa6f51a6b0a94bdb02e8fffea48926716275754dd77bbe0fb8e221f8

Download Submit
C:\ProgramData\Microsoft\Windows\ClipSVC\GenuineTicket\GenuineTicket

Filesize
1KB

MD5
67a8abe602fd21c5683962fa75f8c9fd

SHA1
e296942da1d2b56452e05ae7f753cd176d488ea8

SHA256
1d19fed36f7d678ae2b2254a5eef240e6b6b9630e5696d0f9efb8b744c60e411

SHA512
70b0b27a2b89f5f771467ac24e92b6cc927f3fdc10d8cb381528b2e08f2a5a3e8c25183f20233b44b71b54ce910349c279013c6a404a1a95b3cc6b8922ab9fc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
e9cd960dd1a8f1c37a93a0ee085c0c57

SHA1
1e9c8180482d23c94e90f81e0a76dd233eb165c3

SHA256
a585800a6a604dc6f640da11c33ffaaed9e42368971c1f26222d9016182cbb6a

SHA512
60c4add5eb06a5c20798523ddb8e22de4da00151cbbd2f1c57822b873f6bf225245797cbd6b5581c7ec271250f39b3d1b4ed29ec5d69dd1ca2e35b5133a5722e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e2c87b7c27e20b07e6a11dec60071367

SHA1
e7e3a127ea3a55f253462a81b3e5ac15c4e2ac20

SHA256
a338ae6fa8cbea1466f0042de3bf74750f24f11af64beff5d7757aa7c87646ec

SHA512
8b0cf2703852604766b929c78642d6fe4ecb3ffca2bf2b85183e19ef9ad47681087b4af21a1e885fdc90f99cfc713a5f87469ffa97719ac44aba9e1c8b2d9be5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
8c0febeac3a73f4b2d3bbdcc2cdd7a03

SHA1
f9e3df1689d37fd3d8428fd87c5c2201874d9e5e

SHA256
3850dc88ec9e1854aa83c003bbbc7536f96aca25bed49aee32aab43b82db41e0

SHA512
6a5ef88b534f654a444822a3b1791d51788d8a3746f0351dac15e59d210dbed08091b69ed6234c47329dd8aa9a3ece335bfbbdee8d1c053f272105b62a27e90d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9926a509010e92a065e8d61e35273677

SHA1
b30859d4d456119ccd145a6ee0d9cfd1291543d2

SHA256
cf7439b8ecd282dc4f0aa34893fd78630d052757271680978807d3954b691f12

SHA512
b7300344079bc7dc7f9aad8e6699719e212e9a1b5071484034f5fb4ec4228351a11f1e4e37d1f923aec99775f3f8113e150711823993ff93f1ae8af2343281b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d93dd703e58ea959ff9b1afac352f46e

SHA1
4736e238b367eba6646ef10ca0d738c8c260dea4

SHA256
a81eba28e762a83377f6db739532147ba45415e4386eb484e539697cfc34e928

SHA512
a3a8e106a7664fbfb511b5f8f81b09a7a5d2eeae9627ad6a22c676e73cd1d0f8c2bd6a72432c622dfbcaa5749eb178b44cd18effae79c3795893b6ab12e10782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e26da1b29a3c8cc97fe4711eb07a2b3

SHA1
b5152b6130757f920c2e20a55510b2e878f6a17e

SHA256
4fb90f4906bb05bcb697a13269ba075f02a7b3b9b1c9630fc10c34d336a0fc7b

SHA512
431ea106b2059d9d31649a82e7fd76d9e3097f88df466c50fc1a8c289b999c34d54297e0a8c0704924f4cc93a8bd925c29d782fa24be6791d2f472ffca286148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5bf5c93e78963c50b471adb48706c41

SHA1
a8b119e854b9e8d7dad2c42d98a596fda1b0409c

SHA256
86e1a5d7b96d12f539f55819fc194b8b516e7475e170f909402ee4ce43caead0

SHA512
d9d82a747a060970c1b400131af675b9b46c075d34e927235028b51dae49e198b633fe90cea581750e1caae22e072e2701e9be811997436377c1fcf9cf45e757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c23d8501ea92ed8b61abb431b6e457e

SHA1
849b4c9f5c68ab1fac15e74b2f8fac4f72bc958a

SHA256
5a49dc0e396dea7f699c4f82bfcf403e18b4475ad1ae838a43cfcd6444e5e1c0

SHA512
7a759226965740dcf252ef85519223a0153072e017488af62311e0b1dd88f4942ab195f32406e60eb3a20deb0f1dd5ad89c1969b2ca676eca71eeb885d00638c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0064c84f-2d00-4c54-b803-1894bdc1108e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
29KB

MD5
674b847b91b54605881f679e4a57384d

SHA1
49279a9b38b0629e6f9ddc745bb0821a5e462d99

SHA256
1b2d044f43fa14d46d571f956231797dda83bc4dcc8b6e5e5e202738307aea68

SHA512
fd33d41983406aa7190b896b52981caf1d55de47b6c60d8174cbf6c729c773f66ccd9ac29db5e5415df9dfdb30abb884e512b32767d61ef912a48791a0a7785a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
144KB

MD5
0b97f8fabee9e9f62ceb3d252538b3b9

SHA1
30ab82e39df235cad7cb2aba102fc536b9b9455d

SHA256
ddf0df379fccb090774c57ee9693e4dea26caa273e09c8992f0bfccf08cd509a

SHA512
8501bcaf28d3924bdcde9608e929389d0578c1a449cbb48b755627713b4583e72d70d66c4efaa0168533c25178fe7920bf71c1fe5bc0bcae210b8c43f9720157

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
34KB

MD5
910dca839ce8964a11800234cac05461

SHA1
a613af06d2f63d8838615a5304877102d9687914

SHA256
34ecff3438bff99922816ad863ab5afca386269ce1e9f9da932388bf06896788

SHA512
3fc08ec87d44235aa61a4688a593afcb8202c8abd43400db1bd077f5abef0da790cc1240c1fd1f2fa460e0969622a498b8060e30be6c6fc8d21a02e798b99b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
1a3454d02494e5e60f8f349e37410881

SHA1
6a19675398aba629581d3fb62a1df9ad18abb705

SHA256
8f21c4622ddbc3982f7057f4f2b2a41a4d4a304e25ab180533e864d3aaafcef3

SHA512
da3eccde7d31f1fe9d9597d5ea1055ee2b3bed9a8b28bf72f7f0f1d2f577e701a1ca9732b1048fbf7da545a3ec033adb21a323613c5e3ee2d2c39ee142f954ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a491d469da3f6a8e0d49f6aa09682f7c

SHA1
6c6c6d85528efa5bb9df9962e5debc124b737f29

SHA256
7440077042bd3d0a160abe8a923bd63d5bf511778e3fd60d937970d45b6cec97

SHA512
81b963957e05c9052828d401ab26517b9922cc5264855bb223020adbcd37b2e1c6cbf15e0e7b39ab276d516e8135f2f1b652c801378db7557c1733b762eb003b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0baa584f78fae6d1f08518013ce9f917

SHA1
5047e1245e476bdda1288ef65284d1e60e028b32

SHA256
6241dc7e713b7d88182c5ac8622928d78d8678f91e3ed9243ba3b642b8d0b2c5

SHA512
1d3ca27e523ce74094031dfee3807c3934157cb59783068648e151a893d67b7919d9c0f8156889a9e8f73e913ece186845a12268dd2dded5400008bb966e766f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
2854c05721ee8f7b1e20035a8601d80d

SHA1
2fd3d4ae6000fc7dacbeaf692e61a01d6b1205b1

SHA256
c100f8e3fdfb9adbe131352fb3916f22fa8f9585fe6fef60616c4351cffda464

SHA512
c824f4e1f4dfdad543d643073c69aa7aa367bd229ad5fcb496401ac5bb4177ee8567c857726c47baf83082c1528cdea0ea93dda92110b19b504a641bfc48ddd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3a226ed2e65cb830cfa2efb16a8207d9

SHA1
71262f873a628c9f0738bac0df4ba71c5dabc6df

SHA256
e60ca7905ba09eef7c9438766a0586ca6c92e677932c69275f468a3b1bbebe44

SHA512
3b29ca31785d1a66ad10718cc1808efb8844cd347f0682d89959beafae29bf7a9dddb0b944688bc0e30da9d473287beff7ef6283bfd3b853fa15c7f1bad992bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b0de60c3a64dc4689c7725e5719857ed

SHA1
0341532353db4b9e587666140733589a4d5f54c5

SHA256
b61fa31b70dfedfd24980da21d0966a5a3bd99442bc74a2a3e0c7d366559353f

SHA512
d9235254389ea694e7197f68d2f3818916e70431a1bb3437995c29fe969dd89b8edcab55fcbbb60a51029493908f4e44fa2bd97fdc498405b6a6796f36f36633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cec84e88aa82440bf70df339a60e086c

SHA1
e50997e742555ad15444d8721dd72cd0b5317b08

SHA256
7647cd2fabe112b367081e602f8da2f42f21d8ca34217643b9f80369877da51a

SHA512
1f478fc58805f0a2a36ab401c2cb1510f594a495186c6a5ba12726b748bf196e29bce188e285476297c92fa39996de8d0fcb12053f379111aada42d541ee29d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fe5b11c0c399fdd86d80894479f690d6

SHA1
9ca0a009b40b2ad81836d235d829a0d42d2bf2f2

SHA256
e1b88fda08ec28f1fae94cb1be95d9ae3fa9f37fe39d6562abab95cc0c4d6b40

SHA512
1b916f89a60bf274bbc06314615dfa1e2dd67c112c29a566b8bb2d4eb2a5c0789e8a0e7d068771b4fcdc5bc800d5998aebc91aa448a92684969b0d49415a0ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6111037b090229f05e60be0ad14a7af2

SHA1
220b4de549216f08c492db43fe64e03bc735a026

SHA256
766d24be6df9542c6d0ec527fea566c0278f569f7b33a1ee755cdb609b8077a4

SHA512
d9841a9a35bdddc0046f537918ced54fa94b880c377fb8aa0f3f0b74efe3bba30521e1648f77984f0869a43e8e07d6de0313c0371123b70e533b31adf735daf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95e989c8b160f8ec5f5042d0a8fe705b

SHA1
3ee9024530c3444ff1302705d4c01b95eee71c07

SHA256
2fc31bb8a0fd13f9029cd316d0fab799ddd947a66201a649b6368430bde38814

SHA512
5ad549e0c4b272d22c2f9436219a6e3a1939ee882642167b482dbfc099f79ac3b083bd0b8abe0d2a9ca6cf5eaaf9860a5409aa3ad32432c76d11bc207337cfe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e921af97484cd885767a6f61c52d71da

SHA1
fda49b50908d07cb775b3a5aa44d40aa040ec2d8

SHA256
9212ac6b3d097b48b280affff598eee7ea85b1c81d36b936189d5dbfe3e2be5d

SHA512
c562dd0d384940a03ffdd873349d512c70c9753af4158895998f6ba781088143a3a080a9393bcf4dc52c88f5b8a229144efeb5c6dbeca2cff391d77ea69d7579

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8e25379a23ee3967f1521670e818e45

SHA1
e6dd95e56e5036297cbebf70a4aaa22d0c30ed62

SHA256
afec83216d838de8cb59b49ae92c10f30f8318a701567616fd99fa73811bc296

SHA512
431229d1974fd7f5c1849f2c76289eb559e1d5347df9ee7ecbb166fe06120eed4c6a1244a65bd668376e7267815fd2f9eeeb7654e61774b4f7d0d556820957f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fa004b4616cb652d6bd807bc9de78f3

SHA1
7c4f680ac77968d4bfdbf334a6b41f47df26d31d

SHA256
4b6923faf53ec11c6f35e1e410f713806b45878de58692760ef050e14550886e

SHA512
3eacb872df00bfea24df37e3e6d6b92967b3cc1373523c4216661f3364035ce5246b7d34a968984f6114e35f85047a6e339b174b3eba72037b1869f5973dfbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f7817845de020c5c7c3a0aad4997a6aa

SHA1
b53af065b946200f4daabe67fe881e141e5bb0c2

SHA256
1177e285efec51f428c8b00e65cd9fbbd97c102196deb2821b152dd6f57f3d46

SHA512
6b30d81121887682621596a6793023985b1bafb494e599fb37b34ac2bd794017e25b66c66621d470c8c7c6ce2bec1268f8a7f080cc9e853679b9f57c721b97d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
72166c0750bc26d70ab44bc715360c0a

SHA1
bfa5764eee00664f1ea2eb29502cec186c8d12da

SHA256
962f80f87521672f6fbbfc60408d94e79db5e4bbcafa603291a248c2a1e17fe5

SHA512
3ddf62d8dc070ff4640cd6e2c11aeec2c6aaf1300dc5d2a679225e06de448f296d694b92018f2de95a7b6f848760be0f18f7f4f53825c5c293612e57e19e5b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
0fd4221a9fba79f538bec9e469044d08

SHA1
8fdd4bc058b75b1fc208f499161fe07cd9cd9c13

SHA256
8db07a9573016ca13f21703305d92937efe724f8106bf11dc5107341bd9acb2b

SHA512
378c57f661acff45a63d5f4b201196d55cebd6e66cc715cd9cec5ea87e8a67d231431d659d5bde2916066ab952902470e08e813876a2bd38621a437f1ac5fb9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
61c39f0f814aaabc5dd8625cb467300d

SHA1
4fee44248bd35eaefb47e5bf6de67a24ed977a19

SHA256
c79d601359a5440541e7b4cd063087f6231e48b00e603d6d601fd67bb92e3035

SHA512
4249590844f0e720e227c7a30d6ec60c1750da6316950979e2d8139237e93f5a4f5cd41ff500a602180bef7cef3b746325719c0e583abacd5769344d09e4f00b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
b8573b30b64bbf462c7eb9893dba5467

SHA1
23c9e977d728454b9b00ace5054f671ce2396184

SHA256
e8ab9d05cfc7887905c73df83a3f02ceac9fd37e1d83e8246e996775854b5ae3

SHA512
e37bce051437ea51269ed6a5482f64225c4fdab58e51a545cb8f42526fe827863201cd1df154bb7d22029974ce111646db465c61290720b5cc1e6b5e44bbe691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
85399ce41f0c8a0835607872a5137565

SHA1
afc122a9de2d498b16c924937ac1edb2af9e47a4

SHA256
a569326b99b4fbf9a9cd693fe9c37b8fab1615b49bdf134a93ee36d6dd39021c

SHA512
be4b253f9d56daff272fe885fa4f00f922894a39380515db4a451cfb2f218d2b4dbe281f20df7413c5b1dc275b39926b46a845160cd59e1ebeafc71c1a4f6048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
451bc86a2464c68aabd00759ad322960

SHA1
0d513cb947c2b6be6c34f27942eb82367e434cce

SHA256
e7fb07e1772af200fd17b31a522f170e025729329a7d527df153b05497dc1d11

SHA512
f1f011a7966790f4e27f20090f0989337aacb1d2dfcaf060ed05628a14f240273435400221e1a4fabc158f0e32ba32c5b67cf0775dbf2effa93280fa17e8af7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
90c8806ee0eaa9c1e8f18e56e22272b3

SHA1
e12c342a4d2943e8b6c76d038981b133d1f03a46

SHA256
bd23a71625033d8f0ab06dbfe3655383a6954002779487873a380d851d6f7bb4

SHA512
059897bc6e40cd5055ff97af2e505215d4ff46d26e9ffc31fb252c7d9a2764f6e59967278b64ceaf1869127ef1285f59047f34086c4f037ec648e4afa16d4556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac77637c20a155d7eca96203c730d751

SHA1
184464b050deae394e92dc86afa1af95f880500b

SHA256
6c05f11527a5e08816b36ebe0ac5199d9d38d03da8db48415f1b2f94a47fb838

SHA512
85b848733b90a79eea67ba9d81d14d96f89e65f2192801057bfa52d8746e290315ed37acac11bf334199f8429821d2b865609bf388925d186bf212aaeb0dc891

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
ae8f2295c6c27c7b241a0c0ec0b44f41

SHA1
4a0068d64bf730a90610121765332f025c71e31d

SHA256
4f89f4944522ed9f8305509f380046f01a18985518ebab3cf79251c3194b702b

SHA512
7c4cb7695865772edad7dc4567d8d7fd7f542d30eeab1a43621d31097af903a18c92ea7905e4643de65b7715c8cd7b24ad09622e0eac033b4617dcb1b8b80d4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\doomed\10953

Filesize
13KB

MD5
c748ff90e55d136d1f17d8a4418e1384

SHA1
3bc556e21c0e0f4f03c36a4270045e2f3470ba48

SHA256
dca60c11aa371840531f44f441e4b9475aabf820bd26bcf84e1ddc358e552c6d

SHA512
5f8de935cca87a4d665ac55b9e6aaa9b5e6ad4b6aae18bf2f6351585384fccab34f336bf62dcd99b966ed89f82f51b4875fa19d82683443b07fdb014fb10a833

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\doomed\23233

Filesize
8KB

MD5
4fd5b7f3ee84680e004e8f70f5c74520

SHA1
aea681385f8f2a5d1d352309fa828bb9b052b54e

SHA256
149b0e0802ba0a7293945a9d6c1d67ae6cc1caddf11583560d28e08501875160

SHA512
b2e0e85c775752f22b73be43d4600c26e5802d3ec43f492e0212da345cbfc704c334e5402986b8585404d3a77e9358b657046a29b2dbd106c7e5f32c84bd3958

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\doomed\25530

Filesize
8KB

MD5
788a4c6aba448a00758f1cc7a980a2d1

SHA1
fd508b9e20801d7a2a60b05b342c914d3f6d4036

SHA256
af9aa4017bcb19bcc69f002053adf96635ae101546ffd89a7068b0a99ac680c8

SHA512
8b8a96991a5a52af3dfcf035d1c687b0512654f23379710e5493dceea948b171f64cf37d31902d2ef39d76d2dda72d9356b760951e48700c9037fc830b00cd7e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\doomed\25598

Filesize
8KB

MD5
a9fa2a82e92b7796c7fc77a7f378d698

SHA1
4b1a7f0d7166086a5798e6b968c29ea28928548a

SHA256
9ed9a87c391e2a3332315c2233d34f2d6d4286582f39bcf11f568b6abbb0f57c

SHA512
abe4e73fcaec31de6b988e64ff41e53e3c73be3ebb7827299f8cb14ade29b416d4ea81cab46f92f9ffb9dc47b307c8f98dea4aea54c6b74673740723355a2201

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\doomed\4388

Filesize
64KB

MD5
c8331c0bd364e381995df9145bcfd1ee

SHA1
bd1e903a8edfff5b37c978b6fdbe478e89986e7c

SHA256
3d8203c940a3fedefca8248c8cd9d0daa93c40ee775788482c6ef8c57b22cb12

SHA512
6038d812523dab8d71a3db95cafcdadb57350a8a4afb4d4ef1b5632e79b1c23b92eecaa19575d2700243e46ef211e660b07f2db2775f6ee198b2362502739dea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\doomed\7655

Filesize
56KB

MD5
c26f9db01a3599fc491925de501b1d15

SHA1
8d4f9739db43b44de27f71ab4bb4b388844be3be

SHA256
6ef337f4ec3eeda0b77895a4cb4a58d909c706928059cbd4d19fd387a7010be2

SHA512
218579f0001172da2feea2bdca1df8efedc13b4fd6afa9090b7c0e9649b7180505032161855682c8203bd60cfb7f489433c9fb73cbda60587fd1c6629e2cd72e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\058DC013D9579B050702C8305DB95F37DB77E02C

Filesize
57KB

MD5
62789a294a5b8f4f172023df14b4a55d

SHA1
b84dffe5e3bcf0e037b58aa00ea6314f50200016

SHA256
68a1579da7efbd99a1d0935632983c2fb3709f2f52cee14c5bfd794bc426f97e

SHA512
0cea5230c06b3b6b403c16bb5756316f15519baa50512891f0073c764a0897f1caec2ad338562857a4eb96a54d4f08fa6c45a9abaf1e92e862ec87425ebc9c90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\1019571F777E8767F909AE9A0F77CA29639D27FD

Filesize
14KB

MD5
922feab66a0970c83dfc0ea90ab716eb

SHA1
f079cd77320e8265d9d9d85ad1f402d70cb0a842

SHA256
b51187bd0a099b9c7a499bc670c5f4ba2299491540511c55f845f8e21022b205

SHA512
2888bc98ecaa0e510d52a797e2c9d1cc6148c08b8dd09c985f569359528c56ca3a73171cb335ffcdf161b0148c032e41eb6062d12caa20d75e44602be61d0a68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\10FEBECA475E5DA7924C49753C3BA5793B0A1F6C

Filesize
1.2MB

MD5
869a0fae165f5fd3630a0f08d7fe86a1

SHA1
ef9bd7a22c3bcc3faf4494909247b625f85c88a9

SHA256
a5d0d23265ba711e794928c202a4df5d3c610cc629b295e21c290e84667076cc

SHA512
6d23139a584bce563d829981cf170db83e89bc1ea958c5bc5575877fcf3eccd11a0ef3ab4b4ea740ab0113a7e6f61c8c43d3a5915516392355d1269482b093ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\158C79E2C8E0D77D6EAE9002F1E601BF445C1EA6

Filesize
23KB

MD5
9064072aa5fc62299354e030df4e9599

SHA1
e71effe57c064a2a8e2a746ad81563d7f1783316

SHA256
48f9f16f76ca1bc963587e6b1a50daef79e230aafe324c800b4263de29962e79

SHA512
6f651edb1552a6969e203b2a04dce031b79de141ddfe70521fe752c55a24f9bb500ca5ffd3fd6ff5e5141b95cc2c94bdac7fe8ee4f70b81884324ab4a54b0ad7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\1ACD8429C6600F09AA43A5D3490E5BBB010202DE

Filesize
55KB

MD5
8243a0e80d3f89093caff58111694317

SHA1
c3a0baceed111ac8da381de9de41885ed00725f0

SHA256
24513820ea3c5ad791cffff458e168346020b71e3bff87ed69a728b39857b8bc

SHA512
0aad0c62229f89de69d3af38e48adc28b2569a38ecf103b50b38689e84e2ee279f7b23ba3a46bcef363b82b945529d419f794fab66f4bcf23a9e8ea84d21018e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\1C672F5A141657A2756D771651982232B937763E

Filesize
94KB

MD5
d2bf73d1e8f1c51c3927bec48a6fc173

SHA1
754acb80e00fd341b5e34450c5994567b9dea5a9

SHA256
66acf56350cc1d7638916ce5d721035df432ad8665c17af16ef8c0ab72a6992b

SHA512
19571ffe6ebdc9c677289dff83c199aed25505e32cec3127f618d2c34397c25e8282db30957c5f81db728628835a009a2c706072e2b017e5f8dc2138c5d13f9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\1E674701354CAC1C866AD30A8FFFE5A3CE9D2AF5

Filesize
11KB

MD5
371e1c50918536e71c1d94af6cd858f3

SHA1
bd2c0a9dcf44a30955ba72c59135709721a55a6b

SHA256
fb946ff530cca8634c2b1f9454e34ff97c99dc04612a51d90a5f716b8a22f080

SHA512
35a4dd8696cc5d841c1f89831852c44c46a50f5d0f131827fdbcc70b9716b2144339293cb0062741e4d37911d9fa37d3a1090b03e769f5cf760775b05a0798f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\26A27054A6E463ED2446C8AE35A5F63BF50BA612

Filesize
170KB

MD5
df9df7d605ed1ee204adfd0529500795

SHA1
3dfe2851e5310ad6d497432fe5b1f4cbeca3e673

SHA256
d88ff63a7c651aa9fc00bb64fcfd92d5a141634526b6817b96247e2170b56de8

SHA512
6fca5b517fb644478f924ae69327955db9104a60db38733b5404f038666cb296c66a75cbc605fdadb4e01d32fd42d053b1be62d62d09c6bdcc88850c2838e91a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\26BF2B033A1805E2FEFDFA10342D76FE314D04F4

Filesize
430KB

MD5
34768e389d4bb600d8020b2f1020cd3c

SHA1
c9deeafe2f30915d923b6758168e2546b8f71c7d

SHA256
53f7d432268b6fb3590f1cfd1bc58ab74aad29f1c70da8b041a551b7b240faad

SHA512
d7c2aa93e723773e5cdc5c584fcbedcf5cdfa96683109143ee7f7f041ce20c475af5dda8ad09585e1421a7fc4164461821bb7f7983c131a08f589d3206633712

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\29B16AF6C87192A99BC5A2279521147D91267757

Filesize
144KB

MD5
4b60b39655067c20fb8d7526302c0f8c

SHA1
c35187e70a587bb8591764f0ff32413a437ec373

SHA256
3386f49719533343da4933f721dabb2d6554329ec4881263f99fc05a9d058e24

SHA512
708b88e2b69a601445c360d4de179c180b28c5a663b70a345f66c82aabccf106e657be9a5885d8c035b7b2f0b4c2c2f46c5b5d6fb6c4bba3700d4e1c71a7e0b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\3230D47157A9D3045522F14F8EE7EDD755AB424D

Filesize
188KB

MD5
004ffafa4283f7345a18e5ab731210eb

SHA1
39d387f1c3d47631c8fc335a2dfffef13d51eb1e

SHA256
3ff5e14ab428ce72ca92e660cd542b4cc67fb5cde88a6d9fc8ecc88ed97fe1ec

SHA512
4ce651266529be76d493b8d341b63643f1edc0ea57b951815a7f540e646a4c2cf9b98b6d32638e850906cb8dd46895fe07eb18c467a113f0bcc7e924825550f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\394A810C1EB630BD764595EEA51439E40157B3BE

Filesize
13KB

MD5
ded32ececcd32968ead8318227ecf1b6

SHA1
656173fd7bf5b62cddb90bee1cb4592e3ff798ad

SHA256
8f1952dd34bb83d769d53354195d3e69825dbf826204ee025583ba274252103f

SHA512
07bca6cd7bdda1a6548f8540275e145e9cbd1891df050434bc8aee73b2bf4ef96abfe48db0795543f093f37a9cee34d6b410a885a9589f6c956d90c17571355c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\3F69FC3F1D2D49D8070E7C00BC7A3613FCE33A2F

Filesize
42KB

MD5
898bed32cf356e3156f435b3ba8655c9

SHA1
fcee4af2dc4316e40dbdef1291499073a3ca1a11

SHA256
fc1613733a33a635c49b1c9be52a9ced6789797de1ace76c261c6ebf8ac887b2

SHA512
1986c303efa0b910528c13e0f1ab1a066811240ddba56f8b2a1835895b9083f30e110d6424e08d33c2035a39ff859c0f317e04b762ea58944a6b4373b3a475e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\4B8D420F9147B227BB9358693702A707267DDE96

Filesize
1.5MB

MD5
9a54ba08af6ddc59ce1322f626bb1a47

SHA1
ffaa8276da00bbb7f557bc63a7abfae88dadc582

SHA256
7ce8ed13da2139941a20f1e580d44cf3a235098b7fe5f0218f46a15559db0b83

SHA512
0caea70c83ea4ede90c2f1dd2d91e797d2b844655caa14905438a740642146a587b06db512f2f7c616d0cdfd0a5d0ec87942bbc67f4ff88de997655c353e5299

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\4EF464361884FF27DA877BFB59D10EA2A4BEB579

Filesize
132KB

MD5
ed3acce301d2b6d2708cd27f36fba837

SHA1
83abf7095ab99a3cef460b78da567829856527a0

SHA256
e17c252820965287c6fd4ed256c83aaf7c9102eaa1e8aa23e6465e777dfc7e76

SHA512
b906f8b468305a931830905fdfdd52da2a3c4f0def74ff95a6970e2ebb201cc0155acedd5a9829a18a0b513d096154e0acf47685ced751d0bc71dc3d8e4fa487

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\53842BD3E5DBE1D28667BF825F253A9978825554

Filesize
56KB

MD5
af0895eaa284c08bdeefec1d8f9dfb9a

SHA1
690687f9d614a925972522c74dcd56ab8a68ac86

SHA256
3c0915bae4d6ed80d0087753bc2e95f676b60cda93c133514466e74b81d71101

SHA512
0d72e9c023f8b0cd64dbb8970e25eadc3689e6d62e1d331f23e150abbb19ff0337c678ac938c50e569cfee2f93c0710b0f3504c19f7b54fcf1370ba475e620bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\5F99ABCE3043C66DB793769495CCE3C6A718B7F3

Filesize
209KB

MD5
a3a750df989f3ea3efc1c523c90bd1e9

SHA1
3187637cea5332c92173741d6f99f169418aafa1

SHA256
97262749646de0b5ac07e5793b89e6ee69f8f82a20976d5ed29046af0f346ebf

SHA512
5586456a9ec0e7dd803ace8e181732bb1c9371d1e4daee9f02ad32ab60aa5f28ec985b941ceafa2353e655e4a1a87df6ef0ab58eb7607a9cc68bf7ef56a994e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\603B6D89B20D05C210A83C1B159EFF343CFC68C8

Filesize
133KB

MD5
afb0b7cdbd87948e00f2e650b1a07e1d

SHA1
c14e0f15dced7e08b9886714233bcfabc4722253

SHA256
d1b70556e22cd3bc7eedfcc8bf5308e77e1923ddf15b414e59f715fd57b7d04f

SHA512
ff505b273b7ae54a4d14ec1bfb4d9ef3f65580d2bfcf6bcdeb257f0dff185f21b70387cd8a49b59a315033da50a46cca480fa6f025b1409ffaf8b6a5ece152c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\61CDE3B04E44D3D4532A80ADDC10F1B276F2BAE8

Filesize
490KB

MD5
5d636f1d750f82f38073d5ba698f8981

SHA1
6270f6328411235a237d8f44d37dd49645791ede

SHA256
db04d8fed8452909752cc019c4b797397fcce356818a171539a7806acbff30e5

SHA512
ce8f2f947bbb66cf6de33c19ae6e2200c63b7e97cceb95f4873cb9c3048939a74f36445c52e0118050cba0c0522f969509b1e1dbf5b65fd82fd76c96759161ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\638728300759137DB1AC3A92CB6FBDBE65C57373

Filesize
14KB

MD5
b89f5dd798ba056723a37755380e71ce

SHA1
60c4c4a6df987594975dcc7f9b690a32420bc4af

SHA256
6513e120fd02a1a502a5798c53a1b058e2f9ba6d0a88a75eaf9f0f82d22d05fd

SHA512
447c46cfd7865a2cc70ff0bfd74cadbfdf04b1a8737f810e2815e836423d39519105f625f28bb4c5e80352f4d2eaff14c340917179a47fcdf87bbd431395e9b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\691DE72B468452E4C90A96D5D8C9537DEA1AAC70

Filesize
47KB

MD5
694c39a7971a3609f2ee9eea4e7d88f8

SHA1
859e997aadf327da916707dd9b496d4d54dd0113

SHA256
5f30ea988699c83978d76ac9ab043c1551fad9fb012c63ecb490d9b92f451b4e

SHA512
668cdc7c2b0e5d2dba386846a5825f721fed96478402610470e569752853bd3ada1edc63f206b39a4b2bb0d53a255e83b202cf96c90d31675c61af4a985018a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\6C8C5274AD62C113E3D46D794E437D78A56A063F

Filesize
33KB

MD5
529d0952098f8cf604aa68bf5000478a

SHA1
c2fd98fb1dc114f67f2314523027394bcdba2354

SHA256
85aa7ae88865cf9e2cf33d59d87a1b306ea114441ea97ee100ff61be275e7400

SHA512
c714a596712643f902987fb1249d82f9d32cb548291e45c903186b2cb47921aa0da2b1ae31f6957d816f24f9da01dced4ce24b819ec8958dba5b8e0484655881

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\6D91D42C6FE1ACAC6989E38C18C5D1B4D6D9C40C

Filesize
17KB

MD5
4a5f979d702a64768a673d61a16e2417

SHA1
c155bf9cf554347b813ade7638e700b5e22391f0

SHA256
ed95601b127ab9145db58d0a874983be16d4f1055365d9079cb9eb920ba9149d

SHA512
765bd2fc6c65e9671ddf0238711975dfe84c74176f07757ae673e2982b3491823eacd26b21cb8ba1362a2edcb42b74f142c07bb3c03892144fa3844d966c49f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\73430C3AA6D2273E89FB129DBADC17DE6F84EBFC

Filesize
13KB

MD5
3f967427c25e0c25fb7386a79132bdb9

SHA1
14d1496e1f6f961557c536b90bb04bc355efed72

SHA256
b6563a53a6dc1b1eedfd11bfb6a19a9bcb8936e5acdf30f905b5d0eb7dd16ed8

SHA512
20ef02286e2bf578073ef58552330b3734eb05106c7014a032e2777e67b5cdd116bce11a38c45235e64462698a2e6263d9dfbfc450d97f59a6664aa1dfb80ed1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\73EAA0767ECF1BFF6C0396D2598362046273B2CE

Filesize
30KB

MD5
66dec9fd2c29a4faa01503e4a976caec

SHA1
d18a0d3a5c037e91b2b3c76804e27efdc22f232b

SHA256
d16e10fc583a66425d21cca50fcaabe366bd824065be201405e635780f1571f4

SHA512
2eefb82e435a11fd1ae3c6c38b5297db30f1fe42ddad650d536c9f1517273cc4c6c23a59091825fec65067d23d83f42e0da2601d3f0642cad8b5969491581f36

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\766BB22EF7CD0FAD332793D359A4C7A427EAC2CA

Filesize
140KB

MD5
3e4910536dd32d66d4d1b5c5517934d6

SHA1
2c160739e97ff4b7680705c2ec9c798a9363e521

SHA256
67e43151c9e6ea8317ae44628a854407d433ab34e9292d5619cdeae5a4ca406e

SHA512
ad0de7d7a704ff639e60d9c71eccb0055cdfde1f33355f87c0a8eae4f750bf82156a194ed2ffc0f6319c38cee3c1c9e6469eaa728fb35fd367e8e2ca6a2a0f76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\87F13221D8790CD48B34DB74FFF6EFEE74277D1F

Filesize
16KB

MD5
5899fbd98b38a5d3d5505a513a9d17db

SHA1
293a5aadd517344ef652a6ad675bfb8e60d7875a

SHA256
2465cc74f73d2446eb3dc5d232709ba226734ccdd21eb62b239f101906da6cc7

SHA512
98782c5a02e0ad6a2d6db946b467eb394979d84e50cab1aee67db72ac2afaf723e6d5ea219aae213029e2d2511763760a943fe3d253107befa0dd139ec1c79ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\91BD15E2B449F84A20D8BC72AD491252F8B054A9

Filesize
122KB

MD5
ed76c3dfe829b802d2aef18fba43b7dc

SHA1
ebaee549034a7b9ab74105b68680696d49a4aeaa

SHA256
c29a334bde0b260978ee5b162270beeb74d7e5d619531e25ba8e9278f13f3dd2

SHA512
5e3d2e1779b585ca31198c72dc5b2839977b5e01bdb999dfafb58330d7c1eede745c3c82cef9a21c5603e2ad8563abc3479739cd74e3a74ba53335a703bc3c8d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\975D25C8B71712B76B532E5889BC27CEE17760B2

Filesize
30KB

MD5
6f3600a838d95e71a0c468c63009d1bd

SHA1
edcf0788954649bce4c7ec91a0bb02ed98e305b9

SHA256
24f723bdc63e6c379d71c0a1b152cabd0fc8304dde5154d643bbcba83a21434e

SHA512
fd3b76093b17b3de6103f6248691ea4f6f615507688e50ba46e432ef3a02af7dc9da4a9a16583414855f7b222090432deb911ee1dd57fafcf4e08bd01bbbe965

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\97709ECD4A17F313D9549F60EC3F09E27A28341A

Filesize
15KB

MD5
61ba0f461f9b7d4cfc7b15a9fbcb2e92

SHA1
4ed49ab1c01ec697e743a020064af3e4d11ecc4a

SHA256
741c7c16e558e0eaffd7919e896b34fb39a6f8b6387a483e9e1a4e50c5827882

SHA512
9cdbc7417ce5e9cf7660165cd915aa60c45a9d62be905883f39094d3b36eade11c5a4c2aba9f593a33a6c00298283b75726dff64af4407d80a9e5b8db5624337

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\9C8A193009F1C012A1972F3F9BD976BF2D6212E4

Filesize
44KB

MD5
21cf9267c330c64af89a452ba5945644

SHA1
e80fbf4aee161dcb0e85e94fdd228efe2b2700b9

SHA256
526e86b2c1cd28f4e66a28a07687e31525682d277d89741b2ca0f27469b909fa

SHA512
df40149094742adfcb0c2b6cf0c3b2d618980eee3264d566dfa3d3b5e41cf6169634614ba9bb5fa458ef55324ae9f0569b12aacab79d2065435c182c9fd494ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\AA0E70D8F9439794FE09B3A89EFC6ECA80A8D4FC

Filesize
210KB

MD5
478faeb70f1da470059e7e42d1d896e1

SHA1
a00c0070fa667525b4286cce0d0eed793c29c99f

SHA256
8e6fc368a68f8aa9091f537bce06d0de25028faffb58a984d0b30dbe13c4eb5f

SHA512
144e47fe87bd715f9bb4bfce7b8e4a8bbfce88b4231dc9d2dd3e745ffd06db5e304fa3f9d0b2397dc87d9d5303362575fb8be1534d7d6e47f841402e5217bc63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\ACAE0E06A0FC373F38BD2EA0FC36E00714CEB3FF

Filesize
91KB

MD5
13176dd173ebae21e7595fc28f8fa2cc

SHA1
80f3d640870550c3df14cc414ea33649b3055c87

SHA256
e37e7acb570abe947b3fb8a2164f497a2377615276f52349dca6dc7fc4c00121

SHA512
77f2ea5eb279b037ca46f9076970607658d925f9c2f8f59bda798bad4b9653fe183bfd0780ee2b8da088f6ce12ffcceed993a1bb8bd284eb2dc26a4d7d965c02

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\ACF71ACDA3253153B27DFC492C06190B8503EB22

Filesize
255KB

MD5
feee380e56962c3763203e42dcc5bfc1

SHA1
7854d466a0f9b8a02e00c0f9b8bb6e233c55282c

SHA256
779582663e8a31f8d7431dd059ac77559f7737444d3633a0f966c23cf738d266

SHA512
27a075616a6d0c297dbe6eee0d6205037f9647230249c2df0375afb68d5b47006e93c94f5f42493e032dc418a8208f2084055e73f7a3d4a7ad5934363fd78cdc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\B59F3498E5FA6E8934112489952F0D30D53C7F02

Filesize
189KB

MD5
7ef6dc7db59c8a2d5a110da0b71610f9

SHA1
29a0d4b11b1296eef4d80f9ce58847495407fe20

SHA256
6de069003a34191193571a5a07045dcf854e223c37c56827920ef86eef4eccd1

SHA512
16733df18646c450583482019f75e08b207952f2ed4a5bc7b8df506cec21dcc8ed52dba7101b55c22ff81cfcb807ad880f579717905c1e72d80eb8557a4eee3a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\B6BC3E93ED9454BFAB39CC60E1A9A5B8C3996D5C

Filesize
76KB

MD5
2e8fdc3cb381d23dcf4d7810e1eca2cf

SHA1
b1954b0a19b46615fe34652671341a60bf14d72c

SHA256
1ac2783daa6dc40aabb1e4c18df5e041c96c581597ceefdc259659d834b07980

SHA512
fa1f3225e80904a4865d7d1dc72d3237b29c2828d5ea92c4a187b672fe236e552190734081d439bcd52173f92246195c67bce04e2c85286682a76166cdf96875

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\BA30A8866A8313A16394DA2599448520494928BB

Filesize
30KB

MD5
45460cfc642250102387ea7c71770aa7

SHA1
9b64f6a92cb1e86c4efd67e41ca2a491ca893cac

SHA256
c67a6ecbe432de68ccf30a8523951d0c9c4d1d489654ddcc95da752f5039aaf1

SHA512
c424ae49042de513cba1322b9f7e1c8554c7b05a4b38bed30260c6b1112dae8f6f51b9db322b04f7affa39d3b34436542206e0d4f273e0962af8204b72ef0339

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\C02983ADC988C2AC89B4BE109620C0FEC1A381C8

Filesize
72KB

MD5
5ad945ea051aa5b12ac9ad13920d73d9

SHA1
ac7101a6f99cdead7be9d18c3aeaa62d5900add3

SHA256
9784324cd501f41321291a273ca19aed2780ae96c5f56af4e5bdba2cb8f5dfd6

SHA512
2984f01db9a6d81c0a3e02d9495b048ac61b6e52e00a8c9c669912e8d7b9d8d211fb68fc98404b2b4ffe70394af771322c0932aa182ca11a52362c48b7f23da9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\C7F27F1B728D8DB7CFCCA0B5822E7997A8F337CE

Filesize
57KB

MD5
713cda08942a06fe0d1244dbf7cf84a4

SHA1
81dedb77f67f695d33eecca85922c5fcaba0e274

SHA256
aa28895b91a8343b897ea062a7f978971aa529f1c3747b5978d9c19dfa48906a

SHA512
52593d16e2006c5e890b09dd8918540e421914949a2418344418558aecfb37f6902529d5f7b317fabeb06826d3e798a4b2910186400f3b447a1009989a7cce01

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\D2B31D1A5F7193369E378ADB9DD344BBFF155559

Filesize
27KB

MD5
97992c199f9267e0b451946c64e830ef

SHA1
091af66398d9de6ad989acb641b85a0ef58066b3

SHA256
ac6dfda626cfa9f6db171db2fdb20c2c5a3c3be10435468d32eb43a209089944

SHA512
6d052b6f333728910a52b1471b6fe179b3e1b1871f8fb0241f4c324b682a6789639397636f823bf0be35e59bf276638eded2b84dca1849751e57cd89bd079234

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\D8A90F99DDC292BFCC0B8FCC1516F58B10C13FB8

Filesize
19KB

MD5
0e95881eb2050f2dbd620643ecde2796

SHA1
089c62ac2f45a7f733a34b77ccb2a68e45c4c143

SHA256
23ce628ebb807c812920e74fa34e8f7e187ba52eac7b1f46382a07d33de3cb95

SHA512
efacc33900e48b15fa650166fcfffd6a0fe3a8afd49bf7277b9f0946fe53a9ed434e81c81fb1673bb4296ed52c6846b90b6f2c90ceb497a38e753511a31b8ac0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\DB6D871FA535B87F82555A5A2F167D1FE7C98E74

Filesize
18KB

MD5
ea4245128490b59789d32c7d30dbdc6f

SHA1
e938b3178875c57c47bbc66bedf0472c771d6afd

SHA256
fd56706ae3b09f22dc04a58e8842805573e05522a9aec072074ebfb550e83831

SHA512
c6f9b04b2ca178c1e9d3906584665cb45c0a69978aaa3ee51f06b70e83bac81ee2054e77dea46acd61f2c2fc8b284c92f85e9ebf5acf60a8deac97d61e611ea9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\E151CFBE01DEC84D6546F514F2D4A4B2152A0C0D

Filesize
423KB

MD5
d6483da891cc488f63cf93ff3c3eb828

SHA1
033864e17ede93cec11bc32ba05977f7d14343d2

SHA256
46b87a1cb40d46c70533bdcb6120c3099d3e4bb8fcec3457c5cf7d979b396adc

SHA512
4643b053709c74e19649e9e55db0872936f4b7f25a26f216c9588649a16c7001045c399bf84463bd8014d52e422490b5bd66e9eced9af51a6b1d161a51e07c6e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\ED9DDF5CA5BE243D1AF1BD1E9D9622EC4BD5AED3

Filesize
165KB

MD5
afa9af7351642ff199e9bdb2c15fba2f

SHA1
63339da41ea64c3b57cedb4d29bfa560931e3fb0

SHA256
9a3426e0dc10af36a3d5351f0a26d2f62e6c2ff8d0bef0b97e2e66360aa5b3e3

SHA512
b9d055ea585a801203d88a8e963c923344850b4ef8df4aefe9085e4587bfc039b5a60594c491fd70205cd76bf5d3344ded7046e0967108a80e7dda746f26b11e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\F32215C24B84F355D029FB315FEF7C4343DB8387

Filesize
1.0MB

MD5
12e6c888a32c443468fe3c6e2c18e4b1

SHA1
5808d6d12be03113e3c7c9eccf8648dbedf51883

SHA256
cc0f5498dceee5dcfd81cd42f482a6a05773646f8041b131d5b71030c54f3bc7

SHA512
cb68ec1e95160fee2e32d33b85f94b7f36ea019e4e0e7a236b24a8e7922ed841dad363b6357ef24f58c5968b9f5af412bc7eca921ace29f51e01992cadc949d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\F99DFA18F6BBC668D2FA346625474D4AC5F9C90F

Filesize
3.9MB

MD5
e0a514a9aa925d1526c1d974fa71d41d

SHA1
5c7a1bc27bd24e67d5e99eff46011d2622d1b01f

SHA256
a6bfab818320ebef6e8d5eb7c0cd968e00df6b697645b0417a941f582ef999ff

SHA512
deb2ad1887cfe6558637a8c10e896d6084142b697cdc9df22163bae30b62eb2e472089d642302fdd8cd7497c41bf65c9d7fc38c28e0baac75dc1882838fb1ad0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\cache2\entries\FA93CA3CDBBD87A775C6C3CEDB6FBEF2DF47040B

Filesize
48KB

MD5
33c921c57cb3804ed333a83d1b0fcea0

SHA1
d1911afdd3ad915832fbcc8225499a9b27b1142d

SHA256
9b6d2a0d757f840de7c3890b34ba60bdaf1a9a753afd6915bca8421f5d8a7c37

SHA512
1a21d23e5d0302bf6a469099f7c9d60b1d30f7eab10654de2eec02caddfc2f93b45d104cad0be6ad2a0c9e5eb9d9b355581cc59b6ecf20188042f143aae96a96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\jumpListCache\2d9_XxICM+rgXTF0rvw_pxwc31M8zhtfO2qbU0uJqTc=.ico

Filesize
609B

MD5
6e62ae713951b6193d202ddc3d2152cf

SHA1
abf75bd80bd84ed39792adf69dddb5a8b3b84bb4

SHA256
e5dc5320473de19e5255f32d0f9f352fcc23a03c254e82511999deac249d91cd

SHA512
8dff4541bb496449c0c0e93a1c60108dff8e8f7cea437b8027ce51bc22881a687597c511df4c32cabdd1c165aeb46b89c410e58563e18c449e84eddbbfa8725b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\jumpListCache\yC3BQBcQ4f_Z4NO3AcJjAYlkYWxi4Sc1c1LocwvziCU=.ico

Filesize
965B

MD5
c9da4495de6ef7289e392f902404b4c8

SHA1
aa002e5d746c3ba0366cd90337a038fc01c987c9

SHA256
13ec8c9e113de6737a59d45ea5a99f345d6cba07f9a820bb2297121b8094790f

SHA512
bb72f0cc815e7b4c44959808b153aad28dbced8d97e50f83ef90229d19ea1c4b3fffff650bf49efe562451fcae0325cdbdffc1a5c4ec5d2c7c70ae9d1a0d8a16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
6315aabb6c0dba0b90b68871f230232f

SHA1
af8a457452cfc5262b771a3c47b64d8e66286197

SHA256
81e360a9bc4dcb8b027698bed7cbc6680315ab0dc33328e5e16312fcc8a311e7

SHA512
8451ef00b142ae6a6aea4504831e3570015acb84df1e9753c1a094789b9fe60b0960334fd81743c923b4c6991b6b2767adae4e0285f1f941188c8deacd0ba32c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\thumbnails\8b7e759c48456068ad85aa6fc0ccfd89.png

Filesize
57KB

MD5
18d7cafa5f42829a57bd3631d9fd32b3

SHA1
449cbd623724d28e809500780a93cbe72f5f287c

SHA256
17e28806ba44b97a8907023aa1b564f53cd047d0f59aacb2d68632e696111c45

SHA512
70ac8266f7c3c3865581f18364bbf404f855cec3dde5db34b761a02443c98cc08704686556354cab2722a80f4ccadc8bc71d22139d8ac2d902cf829e07bc31f3

Download Submit
C:\Users\Admin\AppData\Local\Programs\xspammer\chrome_100_percent.pak

Filesize
126KB

MD5
44a69827d4aa75426f3c577af2f8618e

SHA1
7bdd115425b05414b64dcdb7d980b92ecd3f15b3

SHA256
bca4401b578a6ac0fe793e8519fed82b5444972b7d6c176ec0369ed13beaad7b

SHA512
5c7bdf1f1deb72c79b860bf48f16c19cb19b4d861c0b6beb585512ad58b1bc4b64e24edfcd97233e5b91dcd0f63ed1c7b278d22ec062fd0dfe28fe49cae52049

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lcegpkzq.il1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\gcapi.dll

Filesize
385KB

MD5
1ce7d5a1566c8c449d0f6772a8c27900

SHA1
60854185f6338e1bfc7497fd41aa44c5c00d8f85

SHA256
73170761d6776c0debacfbbc61b6988cb8270a20174bf5c049768a264bb8ffaf

SHA512
7e3411be8614170ae91db1626c452997dc6db663d79130872a124af982ee1d457cefba00abd7f5269adce3052403be31238aecc3934c7379d224cb792d519753

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\LICENSE.electron.txt

Filesize
1KB

MD5
4d42118d35941e0f664dddbd83f633c5

SHA1
2b21ec5f20fe961d15f2b58efb1368e66d202e5c

SHA256
5154e165bd6c2cc0cfbcd8916498c7abab0497923bafcd5cb07673fe8480087d

SHA512
3ffbba2e4cd689f362378f6b0f6060571f57e228d3755bdd308283be6cbbef8c2e84beb5fcf73e0c3c81cd944d01ee3fcf141733c4d8b3b0162e543e0b9f3e63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\LICENSES.chromium.html

Filesize
6.3MB

MD5
34999967f735b07e9cbcf6c397cea4db

SHA1
8001fcdd6ce0c6e5a3d91fd45e4c9726fa67f3e4

SHA256
c5a05048505c00af46c75fb5ca22057f09dce001eada3a756c3839d59011758f

SHA512
b6c2f722b6551231801e453bba8f9593d9f1a82edb305869ee07ef77f286968eb6ad5db1abbe750e88c8af973c362ee161aa5c591ea04ff39e4f4b34e6fa4baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\chrome_200_percent.pak

Filesize
175KB

MD5
9c379fc04a7bf1a853b14834f58c9f4b

SHA1
c105120fd00001c9ebdf2b3b981ecccb02f8eefb

SHA256
b2c25fb30fee5f04ccdb8bf3c937a667502d266e428425feeb5af964f6167d48

SHA512
f28844dba7780e5f5c9d77ac3d29069dfcd6698447d5723886e510eadd51d6285e06adbda06bf4a69f841afc161c764cb2e5b9ad2c92f0a87176709b4acd2c13

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\d3dcompiler_47.dll

Filesize
4.7MB

MD5
cb9807f6cf55ad799e920b7e0f97df99

SHA1
bb76012ded5acd103adad49436612d073d159b29

SHA256
5653bc7b0e2701561464ef36602ff6171c96bffe96e4c3597359cd7addcba88a

SHA512
f7c65bae4ede13616330ae46a197ebad106920dce6a31fd5a658da29ed1473234ca9e2b39cc9833ff903fb6b52ff19e39e6397fac02f005823ed366ca7a34f62

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\ffmpeg.dll

Filesize
2.6MB

MD5
f7478ad3e40fcf468bb7218a152c7dc2

SHA1
c81ef6dd8ddea5c23ad1afe05ff830720ffcd80b

SHA256
906b781978ee1524039abc6eafea3c66e7fa45748184e87fb4cf2931e774b6f4

SHA512
eac024adaf1958c8b858fbca65da11cf35b244770567f4d269bb90db9da65dd5897e9d431bcd5d5d8787631f1eaf3dedc71f5a1e2ec710cf296e386c9370383f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\icudtl.dat

Filesize
10.0MB

MD5
cf9421b601645bda331c7136a0a9c3f8

SHA1
9950d66df9022f1caa941ab0e9647636f7b7a286

SHA256
8d8a74ca376338623170d59c455476218d5a667d5991a52556aa9c9a70ebc5e5

SHA512
bc9601e2b4ab28130bfadfd6f61b3ed500deb0bd235dc5ca94999c09f59d10bdcbf278869a9802f918830041f620c88e2c3b506608ade661db48ccd84c1977eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\libEGL.dll

Filesize
464KB

MD5
4b1c6fae4e5ad623642408f029dbcd93

SHA1
9a5e55ef7afb81061b0be90c183957db77268511

SHA256
71e4896016446bb46984a4cb11741a1fea9f2da40fcc2808847206147530fae4

SHA512
ae69e3b782ddfda96b8d168be0839c10bae5eaf297cf3a2f8676329c513259f9c31c81e0f1ea59ed69add79196c2793a5465da2a3ea12948ecc2629cff548232

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\libGLESv2.dll

Filesize
7.0MB

MD5
c4f82de52f2f0e59720c982f12c0dd35

SHA1
e9cade984f41a1e476b2cbdc65d1798245037326

SHA256
7de7578c77d402fa646ea6d051ce6c31e1c133bd44e45ac013f1175d2ad7fffe

SHA512
84ccda975f8b714f6e1f9c617ee0b32be18d304c2ca2785c2f467fae465801452f45562cf012a5b543fdc553ff850519fd8f14a44849e5db500de17e27319074

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\af.pak

Filesize
327KB

MD5
c9312ff081e600e5fb4483b46ddd7c23

SHA1
1ff05a6a06cc73caf2d7545a3821d90c228ac0af

SHA256
b1987cdcbb8d76598422aa1739a246ed6690dc1b211f950fcbf2f040491ed7a8

SHA512
20c136b44770aa0e06259687656675a3e14310ea4e8ba214726b216bc1bcad6026267bf0132cbca642c0b5c49293386d0a1bd93ba40e1c33b648ae70416e8898

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\am.pak

Filesize
531KB

MD5
e8bac983607c5432f789afdacdda42ac

SHA1
95c26f47f7102be338263fd7f7e365632651f22e

SHA256
ee363b88697a26d486c77bbf05f5f7f62d4b40c235e1d85e11448083070576f7

SHA512
5e26f40c8dc088d21b9b6a01041ece3bd4b2899ee33fdd85be995545c7a24860fdc9c672da8c9345a08891e0bac04ccf4d65de543f4cfba0bab0ae3fb32354c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ar.pak

Filesize
574KB

MD5
d1d99f4f2045531edc47d37a367402bd

SHA1
825385e524ece779c641a4ce2a57d14ff126d509

SHA256
bfa2a3c3ebb3c6afbca42cb70b4da8f997068d511cf40ee8a952a893b8f9d7cd

SHA512
4255b02c19ed373d711068a2d4639d462372071cc2aadb6afce459d9fe19bda21ffcbf1604e4937617cd5fee996f9b3786be1c2bed4dc4919d849c7a988a6ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\bg.pak

Filesize
608KB

MD5
96372403a9ded96f3a699262029a4580

SHA1
07069b20fe303f6eef1fb6c8c0a19266a0c705c9

SHA256
6c10b64d31e0dc2c4befc6703ac17343ca473b4350cfb3c6e01833f505b69590

SHA512
0df60fe13818f0c3c6838e77686c5de9fa03b97cbf0943f7a2a4ae2f3a0890d3d64b3a7652d8c81c23de876ac92e4c6b71d584fb106c3520c96ef76ba30250fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\bn.pak

Filesize
780KB

MD5
cb203032925be270222dc2c20fe771e2

SHA1
2f2f20bbbd07ee01cc996247bd9c2f40037dff80

SHA256
297d52b252df0912490ddf26fa58706895e70c2a0f3f09d0dc756706720095ef

SHA512
052be75c51051949c84216566b462733b61026ba74e212b000cbed7d93cb852e74ae83d64d2eaadc3093af4265b6783184cf8e0368a75e077d4b75daba40f9b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ca.pak

Filesize
371KB

MD5
de21c7d001b771d4d59e2acfdd67dd44

SHA1
ef5870e9cf34416edbec6aa76a6feb77b70b9acf

SHA256
78bbee9bf6c95d239418037fd4660d081ebc0f369e727e613b6b652e380e6dd0

SHA512
3276a84a4b4d90b47789a7ce6a3ae34afec187145a438fbdb7f398152b182e97ba10acda4941456ea2387c03c101bc2b1716a8950897ea3be180b3d8c073902e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\cs.pak

Filesize
377KB

MD5
3e2c49143f4718ddd9c1c74f8599fac2

SHA1
7cce45de66a3895c3493b998fef7bedf045b29e2

SHA256
08e40f5efc616cdc0588fb4b1a706d997c69d17ddaf97eb91a4aabafaa11cee6

SHA512
a849ca0d09e0d4c025d9de6c8008c13e13581961c321f53a552deeaa210db891914386fd51673615aec8b5d8d68a921a968db5d0fe447963892ceb0948861e3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\da.pak

Filesize
342KB

MD5
f3a47e259c59de0aabef03e6b5a263ca

SHA1
c45bd961c8bb84331d652f4399675b365f5dfe23

SHA256
13c9583127d9d723801c946039e60f72dbbde898dd23fb9f675b9e299d0ce72a

SHA512
4249456e572403249580905f1b4b4471b6a8d84c6c71201c42adc862d4e0d33f957ae1057109e900a10a029a8dfc45257b0e0e283ad9eca21a30498a0795eff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\de.pak

Filesize
367KB

MD5
cfc9d90273c31ccf66d81739aa76306a

SHA1
ecab570041654b147b3dd118829e2f7ae668f840

SHA256
8bd127d689be65e45bb8d2a2ff66698200da97835809c6b56ec9e2929b70618a

SHA512
c9a5058b34c4045ff1b7ae25f1f47bff14d06b3a97b7b1f30da65618ca7aeb0638d79f4e1cea4773cd92d9dfa7f9d2203e5734d0cfe11ee2d2a460d6cec18380

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\el.pak

Filesize
664KB

MD5
8f5a15560710db2af852512b7298b93e

SHA1
30a13ebef10108effbad8c24b680228660658415

SHA256
bc07e403272a4d65305fe24a827404d7b931d01cda547f8c07a840d19e591430

SHA512
e3cedc0eaa82b10a68a40aca8ec1379a6bb924766e1c5abd97e39c621dcbc195d6c1ff80921c2320f0f1c87d160bc2a6258108399876339e5104f98d90a861de

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\en-GB.pak

Filesize
299KB

MD5
05ac84aa6987eb1f55021b6fba56d364

SHA1
58cb66bba3af0c6cc742488ccc342d33fc118660

SHA256
e1e357c853eed83fb6c4133f8f4df377a8eda4fe6f0e55395f21c5ab6e38faa8

SHA512
c615e1eb01412c5e2c0402242d442a6cf08965318d1c0d261ca5bc6df9acba5efa2c87ade20e1e4740d2239ea56d1ce4d3fc7a4c3eabe81b876ecb364b3e91b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\en-US.pak

Filesize
302KB

MD5
3fef69b20e6f9599e9c2369398e571c0

SHA1
92be2b65b62938e6426ab333c82d70d337666784

SHA256
a99bd31907bbdc12bdfbff7b9da6ddd850c273f3a6ece64ee8d1d9b6ef0c501c

SHA512
3057edfb719c07972fd230514ac5e02f88b04c72356fa4a5e5291677dcbab03297942d5ecdc62c8e58d0088aed4d6ea53806c01f0ea622942feb06584241ad2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\es-419.pak

Filesize
366KB

MD5
13c6d0a268545541f325375d431b41ae

SHA1
5f5c41348f00c5e5539d261c2b76ae6e3ec7af83

SHA256
943fa8774ade38d57349a5d27869097a782bc06bd34c40864a85ba829457d127

SHA512
09cbb2b21304ca8afa8b760b738adb5422e83550085f1aed8e8590eeef04a2b0e131e1ead6723c3e85383630c483d7720e55f71305ff4821d7822fe6d7aa4252

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\es.pak

Filesize
367KB

MD5
c8086dc25cf0a3c978b2c3b37edf8d67

SHA1
7b6d2ce8b3cc5a33ab2bcd23114fe65ccc568e7a

SHA256
11ef2c0229c1fe1c10be08e3d5f36c973bc3c272f37b40e05c534a118757461b

SHA512
230e6999a6fea1df3b2708eb331a2c25ca53677b3453745ff9cc7fbbc013b69148af5609166720255a2db7e63b25e2d0c599fb07057a6b47bf61f63ea9db9e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\et.pak

Filesize
330KB

MD5
054865950b3b9e8312a7f9490268eaca

SHA1
28b0176112eddb7af58386b4f8aed4a49b9a2661

SHA256
3599e7138a24a31839da877cc9718b9c0c9522437ea93a6222a119080f108d14

SHA512
bfc72f19ad1a52c0da82409accb33a27b2844ed29010207268c7d695ad7562a8867a87b70ac50142909b50b81a5c84d6f6a43968353ae7a72bc042aea8cbb59f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\fa.pak

Filesize
535KB

MD5
c27431f2de37b9643b83e383f7eae5a8

SHA1
16d068d9738e1aa9b94658299a4eac3972520864

SHA256
bb28ad47e95aefaa2d8d7b6a7f449f9707cfadbcd4c21bad8bd8a6578108d2cd

SHA512
4ccc46dc7756ea0e60e6d278bcac1262a54ba03742fd0eb4d9f1f962486394fa56491844871dacb4cb0501c6f594334d3f23f3db82bfdfa1f938e1ae609d6600

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\fi.pak

Filesize
338KB

MD5
aac0554a39bb1ae91e2ed4246e04c30e

SHA1
031785024765eda1534fd9504eccbe1b471ae618

SHA256
df8cefa4831fc2fdf817dd6d49a6373edee4f51f23cf990c690e72ce348f69bb

SHA512
a6afc9464047c75157dcb8ece086c1c5bf4dccb48d33da24e35c43110f300cfea503c4cca093f3d4bcc7a0fdcb306138da5be288ef646881b625751e40d93689

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\fil.pak

Filesize
379KB

MD5
f989a7215cac1e3fb4759e5fba9aef67

SHA1
5ecf35f160e1f8242b3bca163673e24cf6d77403

SHA256
448bc8eae353c188ffaa4c2466956598ad807f0f0aae7f12e1bc59584e1aac2d

SHA512
b872beb5b1c2702f4eae616f633318b4575f573c06a3f1f0f1e1ab83585a52caf2f3c788c0c3a0d499c381fb7f06a3ea355b8686ded2ed1e392662f2746db01f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\fr.pak

Filesize
395KB

MD5
13968778147dad5af68fdb7464ca517c

SHA1
42abb9873c472a82d400e6896e90731b7cae06b5

SHA256
7af39af49846fba6d6b8ee18b2a212f1323ebc1cff1af0053194d01d8d5433f6

SHA512
c1f54ccf4f82e158173d9db8464adca64a88f8ddee23afbb51d80535b4f25f138dac16a337504ca3ff8c3dbe9aff05ecc2aaa40afe8d77bbbd4f141b07e39100

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\gu.pak

Filesize
755KB

MD5
7b476c423ce29e61b0b21d7b6a2a56b2

SHA1
5558dcec5b2580345b0797f1f2ea41952417335a

SHA256
047da4dfadcfc6bec8f4dc7d250b1757caf31a23bcfa2ea3e1f3b1cdbe9a3995

SHA512
a494ab32e45cf74e2b7e0424b4e3740470c5c6cfac8f6cc980a681eb8c21cab76255391b6884134593dc7b1029ffd861f74b47130533232881c137c41ef92cac

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\he.pak

Filesize
468KB

MD5
f4dad4f97b5f75d6d7219d43f630c2b9

SHA1
ed8c790b3b5e3faf683aa978895f266eea5b823e

SHA256
6649a844f222cfcec01e75d3de3cb3658f1347ea3851d31b8124597b87e7b57d

SHA512
f00e7e38ec0da1c110b4142dd13b3cae8b912c16518eeb4cfd7f19a0cef2c6601ec1e4959597066703b12b7dffb44fd918c7170231c2b42e40b0d90241b85133

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\hi.pak

Filesize
787KB

MD5
1185163466551aacae45329c93e92a91

SHA1
0dcbfed274934991966ce666d6d941cfe8366323

SHA256
eda355e3785313e3d982c1d3652266dce1b6e08832056fe58854b825e0712ca5

SHA512
6fad3e24eb868acf78db0591c7ba77abc84e92cda28e8bffee435ea89940a8607e7628c6c5159349377a8d933f373db2dfa4e5715ca404bc3e67fd4a0f22a606

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\hr.pak

Filesize
365KB

MD5
04fdc1dac2cae614b0f566310dc83bd0

SHA1
74e460e19a5e9c8b6181fa37cb9085f93bbc6233

SHA256
bada5828fc0d80c842d1409b54e8da516ae737ca30d86658b3fad5c8ace4722e

SHA512
a07bebd16f00b0b46059a7b80454664757687a59903bc36cb837cfb55e69bf7f683157372f74ff8355ad50c3b747c9674ee942aac95a9804c39acb3841721d24

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\hu.pak

Filesize
395KB

MD5
410d8966721ff8817eb3a57f95a4b885

SHA1
f0fbe70c772bd635b0c4a927420e15b96dae05a5

SHA256
688312f38488c7256370b1517b84963a3ff886b31692cc504fe169db241a43f0

SHA512
d0aa167ee919589ff3b80640e8db4c6d11f9159e4a246082f0a564482789011c260f124b9a7102649d998c6a89cbff58cffab5a40e33769b990e64d6cc703378

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\id.pak

Filesize
324KB

MD5
0e82cf23475ab7328741670f4dfa3093

SHA1
fd854e31f4ab212d0b3bca676420d5600d8daa83

SHA256
21368245d99265e760b1b57a3169feb72e6b5099c3f1855155d147b2f788eda4

SHA512
52d694afeb3e7272740192e6b4cab9acab460ae6e66912f090b049a1f431a5c17a4c3d037fc9c450b8a224ed793605e234b4d649a95289770997acd43b5dbb32

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\it.pak

Filesize
360KB

MD5
9fbb2f5d9c70d9e46368538853929f75

SHA1
45daceb422478c5a7b7b61f5ee68cc08a19f2ac3

SHA256
13dd077e5e8c8b04ac0854e4466ee074df67c74cd29cc48a0c2c9f96f768fad5

SHA512
77d8607ba52190258ed2e7c6e43a44bad1669294a441cc6ee9d91fa28c26c6675225e41cc309200aee01fecc1a0d369a8e4458c0095c297ed237bba50798c4dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ja.pak

Filesize
440KB

MD5
67a379c826f0eb60750bfba0b8e10468

SHA1
62662d8efd773b18c99169752996b11f30a64ca3

SHA256
2c5457b0fa6fe41b7b524aa726dae4dd69e7072864f73f211c731810d00b9323

SHA512
38c44dd6c83362cd118543b7619811c671283618a3081f07a015f8110388d71b7767eb0a7a49c37c8e2e9e900dae6aa7f8560e5494afe6b29e01ede402e4944e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\kn.pak

Filesize
872KB

MD5
8a3427385226ab72e8421d84225f7adf

SHA1
701a85bc6bca0ed33dbe1aa3a617ce26576c7421

SHA256
c315e791770cea204c7e49ef5b68fa46fe42864a33e77fa5a1d42f87ba85124f

SHA512
310719fb102c1f892d354f1478bba06e856bd45da08416be970a0a76e44c7d81aaa9ddd878234b2348b625e0d18cfe7c966379115f35d51f4ee78a986c1243b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ko.pak

Filesize
369KB

MD5
3340fd0a5e8f97f122e1d6e9a2052ca6

SHA1
9c8504b78633b6d6e445723b351a08392916c7d0

SHA256
3ee7d79af9ec226bebfdd9d79907f1bc97d528d2009dbd0db23d74ad655e0256

SHA512
07eb8dab24ea8545cdaf38e35bc23a71a33bf87a1c0ac78ac564c103c6ae53357de2d4fd635b22995cefdc9d8e8241c66d78dd44d68a9f2f251be77c0afa7704

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\lt.pak

Filesize
395KB

MD5
c037c0d80be2c913c20e3fe96d9cdaff

SHA1
8dfd2a42fb2e0041d6ac9b90c78b3cad0283c757

SHA256
e7c133a8dc438870f97112587f5f223f5fcae4f1510874b95b72cc281fa150fd

SHA512
0a90dd7d39759e1e63205a827ed6611dc6e54b37c668795123de7f35c446ee41174675a0d813974dba7353c0a1cc4320049d4fd1368cdfccb9cf9afa47fcb4f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\lv.pak

Filesize
393KB

MD5
b14f9d61e064903bc73d18e40846e1ac

SHA1
5a3da27335194707ffeb07add46662df1fefd76f

SHA256
6e99a3ef823a651f5187c5c549a6885002a2f8523c014f989ec6d53d87e7aac7

SHA512
dab97f5d75d5f60c82969ac01dfc1ffffc0ec5fbe2063c6df0535130ea1432363be1475a440b6075440f68217cd6840a63bcfea0409586d755ff8e57c029baf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ml.pak

Filesize
915KB

MD5
fc33673850c17a865cae7695fd3eb5b5

SHA1
72f3241ea35554c881e1849ba53b8f64b04502c1

SHA256
6295eb0b0d05d26b3fdaa19ad390ba30f267b7af7a60a214db558dcdbdb436c4

SHA512
6845293c0cd4ee1aa94972da1d58fd7085da5dd664d4031005200ae38fc4ab20f2c5cf44fe07ff80e003ef072f7f1cb23a452d6ce47124aa1efb3d26ae86b279

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\mr.pak

Filesize
743KB

MD5
d1f1c482775f60a868ca094108e3ac3c

SHA1
ba4396e5b585735e8505263ed42884876bdb564f

SHA256
f63460da44e2f71c237b2555eda621c8c211c13ae68927c27ad121f03daa0599

SHA512
2686c406b29750ee39b83247e4a4e6a0ce3325c1284ea11fc986696b43c672eeb0c5259c4834e4419c131941b9d1d35e53b05606168c766d27a614f49e223dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ms.pak

Filesize
339KB

MD5
52c793391de0e946616d31f7d5b90761

SHA1
50e014d9715df658221edea402609d7b09c9fb10

SHA256
ad044cb5cc56f8cba19ea3319081c194661f072d6b1193509e3690769bbfc2d3

SHA512
d5db7fb23779bf1b258f949ce6af5115adf3bd93760041ef70f1e2f599ef3be6a7a1ec871b18858a1eaca906b98b0a04348a427d5ecd26bc99d8e6d986843478

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\nb.pak

Filesize
332KB

MD5
f15c568a9ed8b2ca497571453ce6bce2

SHA1
957ffec56ce14f33fa75f493936552751e966d16

SHA256
18512064afcc3fb5a0e1f36400e592ff34e8c6c9a7ed0bbe3432255c4759ad8c

SHA512
3bd27f9612b39836e5e7654e6f07c2fd5a31f2c338db36daa51e2c1462986cf4b651d555245ee2e97acd044e44a5beffb8cc9d56c1af11f52fedf9f7fbf7da97

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\nl.pak

Filesize
344KB

MD5
ae7b592c5885481f7bd8c382cf90bfa5

SHA1
fccf9ecbc0e9f3259e805a243928d80e8f3fa672

SHA256
bdb8fb52d8032a8f9cf5336698ca715b4beb4d567bf3657e12a47c36020ae256

SHA512
95dba1b426e4c396c4c4730d8cfc3f2fd1430864fae753423799142516c1d424c8534963676a6fad4061887754cc2b24fcbd0327f67de67b39420b96019e11f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\pl.pak

Filesize
381KB

MD5
cd2d3406f70bbc5ed427295da14cd92d

SHA1
cb9828b0ecf5db97cadb259b746590f03ed7c013

SHA256
65b6dd63aaba1692f36774413d372f6c6c66088d7ec4009a2dbee1648ca133f1

SHA512
bb18f667991900854d8e021e38b799828117f56c90d4d90bac1675a1786e5d1fa33186850e35f75de433f4c5717ac19cd81a424a692aca8d311d98d748e6e568

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\pt-BR.pak

Filesize
360KB

MD5
e4b1fb0229dc7a913012cb5313123c3c

SHA1
6c137b91712593040c6e02bedb82d90d85cc2b84

SHA256
7b171f2a6d46295147a8d10e475048bac4346c6a5162b32a0336334baccad520

SHA512
7224d310713d94f56aafbdb80a4a7ddab5e19dd18a7880f93770b86204e323072aa8e879d2f7e1fea25a6506836e8ca9ed73068e76f4ff9b74c0ecfb807c37cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\pt-PT.pak

Filesize
363KB

MD5
1df331064ff162d97dd13a78372487b3

SHA1
8c98bf3d6964f667df6bbc326c8bcb95ac264441

SHA256
f374bd5c54596aacbc35f47bdd4c9ab4045bebdfa479ae386fd2fdd2d0041216

SHA512
0dc4913b56900940d17c0780dccfff344b2b7f918b8c00dd1beb3fe020b7f61bb646ac636c152ef0bcb20a3ee9c4ee9a1ed6e01c9b7efa414022e4da3df5f160

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ro.pak

Filesize
372KB

MD5
efd3112d1eac487bb3dd2839385eed39

SHA1
d7a45ffdc10d24425c8b1590ef1239de34737a2b

SHA256
c50f824e63806e5782b693f7d474c48684b9e5174e93463a9bc2876c94990879

SHA512
f604f37f59c17e7a231ecc55121620138ba3c458f532889cd4b70a6046f0aa3ca0d53e0f342977d5ae0c1edf23706806ed429f72442ff90603b896125243e406

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ru.pak

Filesize
606KB

MD5
ac07a58897f578635b29c5d7bddaad5d

SHA1
d506deb804112aa690c60995613cd9e49496dce8

SHA256
44f0cbb2d5414b6dfca6abb40a435200670e2a71607b158fcbaba67fd6b3ba08

SHA512
ecfa1cd37782e76a5685a385222b87884dd29ef63059f389ce8efce7e814ba50ef8ae03c7bd7b18bd7a8502f29ff6f1fa168ce6395baff2b59cbd434ff400cec

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\sk.pak

Filesize
383KB

MD5
989d000fbe286c0fd4bfb35305b52f48

SHA1
5a30a2cc1abe9977b1ffc4c4712452e6d55bc7df

SHA256
dbd82a2a08f8e9ba9581b2672bc49e0fa5c89f073b58f152225f9e2815228ddf

SHA512
ed57c66237d5226d4d5cb63e98248c0df9d381ef86b6d4ef339523f430c54aab14f84121e05e9fedaf273323ec04b8a539c0aeb791245858890126de2ce38283

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\sl.pak

Filesize
369KB

MD5
234e628a62f822bd7b3546b91e79cab2

SHA1
10f48382495bdbfa3b30c15b91768817df13d828

SHA256
d0415bfa061b36a6eb93fa2c78563448da8b63c91e0523086c7eb2714933ab99

SHA512
51234fc3fb5199a3a86dcb7ca68d3c471f1b97897b1a9f90139cfff9846a6c6fd039a0c817e7611e0e59637746cc51045f6ce493cd6f2d4e144fec1c6a561456

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\sr.pak

Filesize
572KB

MD5
aa4e2e54b648f66794f485318651b730

SHA1
18c1d5badcc5c05dfcf9e68df66f53c69e33e0ab

SHA256
d459c1a781ddc344de76558211983dd07d47e3ca6cacffb518043bd78dc48fbe

SHA512
cda7b189f48f28463d045174f3641f16737288b159adcf41da0c131a05a396a40e562b2f0aa10b08d323290f19d864755f238b074a698efa3c573d2b5512948d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\sv.pak

Filesize
334KB

MD5
c5437bb175fed93e85c5e7caf76ff352

SHA1
0d74f7df049ea73a47fe93b75c98e356b9bdd4b7

SHA256
3f0acf6f6319636c3e72cdc392b7b80ab0cfd8ae1a5a8e319624e4b46bcd3c42

SHA512
00af14e7d89a12f4f39fb45a3f9c136e20c06752f98fdedbad426ac9a5b820260a329059659cd82fd089ab1d94c1f51ab4202fb6b142b27538d0139e67877239

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\sw.pak

Filesize
351KB

MD5
e37fc1c3dce484bd0ce496f548f14a43

SHA1
02b088a11363b0a4c0527053669af32737f1403b

SHA256
dea6947693fceb6457801d912ea7c716add3c0cfb4c34782a9cfa4c4e06b9402

SHA512
c5c39d54f4eb6b0659903ce9b5c8804a750a254bf88cc7c6e729e7813ecbbcc88df882af9294b5b795ef5b8afe8f1a60fcb46b3929a9b2cdf41c84188e5852b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ta.pak

Filesize
899KB

MD5
5002d84bffb908a2dcc7e1b69836c265

SHA1
4cbbe387a6744aa6c51b15b5a3a223135a3f6115

SHA256
e0421b4cf2736bb465ec02cd85c2df09809f86479cb7624195373f25edbcedd3

SHA512
c2a4a46a27304eb080b066f049d2eae733470dbf0f8107220049eaefdd73fd8b41abd1b02b4a2ee6934b4cae18de97bca5360022a8e295427a0bd63603bec410

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\te.pak

Filesize
836KB

MD5
b1a4d471fd8af54dfb8ff252246bfde1

SHA1
2044ee38f8d8d76176a735e726de189feac14985

SHA256
f53e06181c9fa0f6028906a7388fd4e8f000ffb7277330634462433d34572395

SHA512
18248d3fa8f4cc409788d28a244889230b074fff416ba5998f25f3b67ad0c627172a5e7e3947e61e72ce28a5b4cb2134d6627b6252b3d282b54f84b424136c87

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\th.pak

Filesize
704KB

MD5
85f59bf2f1167e34ab2b666608805420

SHA1
f0d8e8fc644c15c52c5f9d3419f88e6072799736

SHA256
4fe2b7b6886e3ce068be0b7a0a71d45756eb797eda1e7d4fad52ab8a370e8336

SHA512
86d6061895c996ad1caa3f3871c014b656e7ba7bb91f05c72a591cb5877c3db61965bc1a5094dcf7c4127d11f8106622355464704fd0695372627d8400a16ddd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\tr.pak

Filesize
357KB

MD5
da4c47bef469c086cdb7e5b74310304a

SHA1
9f0569659eb21261003a232d5d92d3aae8d47b7a

SHA256
5df18798a35b502a18fb4f82e9b03b7ca100903ecd5d192ab2a3f0bc7646c366

SHA512
55c745cd8d0aba6f4a2454c494b80eb4cc74f733771e7279b9033d52716551a85154e9eb31eebe17dce05ba71e0213e581c4b98b59a6b88aa8b9569c411e397a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\uk.pak

Filesize
605KB

MD5
229325584cd98c8408f7fc5c5603c6de

SHA1
dd31356ede30833a138fc3a6b8838cef89344a00

SHA256
3fb15957c77f3635aa7cfca796b045a1ee1f1abfc0c12c163cfb537364f3c80a

SHA512
3b57f57649877700f03aee73bc6e6e863ad65ec7c13b9851a3fc7e5d06d11ea154ce087d0a64dc689cfc55aca9eb6492154c9eb18130f6d17b8d94ac8c37a6df

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\ur.pak

Filesize
532KB

MD5
6310a289e55b1022f12b4f3cc29fe831

SHA1
150d81ec8db4d9aec6c0e83e5577dcb7f1956b38

SHA256
06a0c18d978b54dd163c7f77b7ee0f2ecf3607c5dc14032326f21b4a1f304d81

SHA512
acb538fce25486e6a01401aa0e9204a6f519cd1dfbca48663d6142e1fb6280bab271dfd2b4c5ddc858de6920805e539b791c48eddcad124d0aae298d479dcf48

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\vi.pak

Filesize
424KB

MD5
1b1b14f542bb4a9f014d1801fb2e4007

SHA1
0f56c35b2515fc92690126c54d57aa763a5c3288

SHA256
f1602637e7f3e0a908d7a9a3f630b8dd38bfd26704cc64ef432d2c88a1ee7017

SHA512
3e98c44ad74d905fee06851eab16576f6261a15336f1c1f625f646af725988b75957ed89c16876ec6127150e2b28778a5b65f897b9540ad1e4cec98be705cde7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\zh-CN.pak

Filesize
308KB

MD5
32b1659c7abe8a01a702e46c69f0a3ce

SHA1
43eba1f94417109834f25006a81653bf635ce9a0

SHA256
97fe793b325d0c27669f62235bd157c51a3e1aeaffba30e7fe028c9d64939c5f

SHA512
72b932cb9e19788a67a1a7beaea0b9b076af0a5f1c568f9d2d6e8653d3c9fd4bc17db1a39db1f12b8184112b8e67125f443b8b2b60f31e62e16ef9c6a8e2c4a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\locales\zh-TW.pak

Filesize
305KB

MD5
14f3f547a54713f91251b38459a096b5

SHA1
02ac592a2eb4a7c6631dad5aae83726ef9c33ec0

SHA256
280ba35171dfb6a54efb13fc4ddedc13a0283a9a6eebff4c15275767beb4ba77

SHA512
0ad8c6a6eb0dcbcbbf6f9e114c93bc2cf6004dfa9ad7b68dba31c2a9856c0a56acb66507f65b1823434b1ad362c1ac812b72c254e5329a2858e888a761f45ec1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\resources.pak

Filesize
5.2MB

MD5
f6dd61d802bfe64545deaf4c93eb6db9

SHA1
96be1ec4723a6dc2b1dc6e073a7dab026443b1fb

SHA256
f7fdde9650504d8872a7aa2b68e1f5b3cedd100ded1e19e44c2b6282eb637813

SHA512
33585e7f19222e43926bad8cdbf36bfd395feb4d043f524f82053920405afd933eec4d294b6558409ee9419c977553e513549470638532dc19bb93296387cf76

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\resources\app.asar

Filesize
44.5MB

MD5
a3d2e83fc4ce0735593e6608462059d0

SHA1
e5c1ecb03e934cfb5fa05652aa8656e669bbf21e

SHA256
50a52161cd220c98174231a8be7b9c215d4067398c03cc40575c4ac85aeccabc

SHA512
b9fc93269a737a8d2cfd53a6265efbcfa4f3a5895b2786ce7d3dcbd7495e9d05c84630993ca3f822470baca93565eae9290feddc79d71a28cb6c9b762fe322da

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\resources\elevate.exe

Filesize
105KB

MD5
792b92c8ad13c46f27c7ced0810694df

SHA1
d8d449b92de20a57df722df46435ba4553ecc802

SHA256
9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37

SHA512
6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\snapshot_blob.bin

Filesize
410KB

MD5
c5d06bf7a12109e49dce962b6888f051

SHA1
63189d373271fd89079b4f55d035b7746f96ff00

SHA256
ece191beef3b53272a925c1f5e8c02a0dc78b00559799d27a0665fc480380b3c

SHA512
622854c9310ccd84dd100ced5eb3ba3d52f75dc68597cfb550b9b84e3798bbb90d39a41d3f9fa7b0fa58654e2ba0ac657d70b8dd89677126d39889abf9e0c008

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\v8_context_snapshot.bin

Filesize
710KB

MD5
4d582d568efb15b489a15be358d9a68f

SHA1
295393f0707d04ed60ebda8ea7c0297c411c7f33

SHA256
ea2ea0f97ac908fd127a423f505241ebf4acea0ba5d02635cae40f7cd9c2f464

SHA512
ed8a6af3d51904020abc8e8f3e734ccbf1663d8bd3c0f526e1d69ebfdf47b6061fcf3660b70239ba755f1273f6c608054d6dccd3721a4bcd81e7e9f3a3c7daf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\vk_swiftshader.dll

Filesize
4.8MB

MD5
78063ec6110108c74579751e27276989

SHA1
89a45e07df44bfb2802938efe1415a3d9e0297f8

SHA256
56809fc84c83b7b651014df670631399546e6c335fbb69ece77681cbf0163866

SHA512
2fdc6d61a7b12c432458b9d6a47487b294f3ab0cf70650958306bdc809bdfaf27241ace9970afd8b686edd4e4ba2bd5ef7cfd5ec69fe078805f467d66efee977

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\vk_swiftshader_icd.json

Filesize
106B

MD5
8642dd3a87e2de6e991fae08458e302b

SHA1
9c06735c31cec00600fd763a92f8112d085bd12a

SHA256
32d83ff113fef532a9f97e0d2831f8656628ab1c99e9060f0332b1532839afd9

SHA512
f5d37d1b45b006161e4cefeebba1e33af879a3a51d16ee3ff8c3968c0c36bbafae379bf9124c13310b77774c9cbb4fa53114e83f5b48b5314132736e5bb4496f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\7z-out\vulkan-1.dll

Filesize
858KB

MD5
7935f27952b085cd1298323b3905d4ed

SHA1
08ca6df7475ccf536178fef17114b6e945a03258

SHA256
7adaaeb870b6c3220527cfd971e75c22567d8f921a0737dc2574419b36cf8b4f

SHA512
775c33c56aa29854883e496c27dd8d3d1bbdf53612bec78cd8fccbc2625cc18d479629911590a7de36fad214b93e86ee17f0f67080732ccfd5412c0eb1dde8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\WinShell.dll

Filesize
3KB

MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56

SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c

SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6

SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\nsExec.dll

Filesize
6KB

MD5
ec0504e6b8a11d5aad43b296beeb84b2

SHA1
91b5ce085130c8c7194d66b2439ec9e1c206497c

SHA256
5d9ceb1ce5f35aea5f9e5a0c0edeeec04dfefe0c77890c80c70e98209b58b962

SHA512
3f918f1b47e8a919cbe51eb17dc30acc8cfc18e743a1bae5b787d0db7d26038dc1210be98bf5ba3be8d6ed896dbbd7ac3d13e66454a98b2a38c7e69dad30bb57

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsr33F2.tmp\nsis7z.dll

Filesize
424KB

MD5
80e44ce4895304c6a3a831310fbf8cd0

SHA1
36bd49ae21c460be5753a904b4501f1abca53508

SHA256
b393f05e8ff919ef071181050e1873c9a776e1a0ae8329aefff7007d0cadf592

SHA512
c8ba7b1f9113ead23e993e74a48c4427ae3562c1f6d9910b2bbe6806c9107cf7d94bc7d204613e4743d0cd869e00dafd4fb54aad1e8adb69c553f3b9e5bc64df

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
36KB

MD5
2665486385de20ed37a5fb22e036d20a

SHA1
60655425c752a70e19cdfeb4b385b93b3334eefa

SHA256
e2e6c0702e2289738ea262843d5f0eb64a51d3449c252d8c65d953db923e265a

SHA512
ba2246c9570e33e44d140e711a2cdfab2d03ff9d3d57f3e00ab58a09cfa708931a024ccc3d3b4dd5e941860c35c5b0318161ec1574554041ddd9e33900ec3af1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\ad.trace

Filesize
10KB

MD5
bcc00bc710799ceb45d2694e425e11e5

SHA1
9d919c7fdaad8ec4a65bfc17ab2e1b83131a15ae

SHA256
c14ba0ac47fb7e560b4ef43f95a4012bc5e55d2bdba6a8ddfb40bfcd2af9e1e7

SHA512
0ab22a18d428f977135dd0c862f1be8ca89637f9431c4cd7974a1b7be885e3c9c6d61571167689cdfe616ec533d4e14dd2af0ac799cc178fac7d7207695b14d1

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
02566453da075abe8876292ba50505b4

SHA1
dc75af08c0811df6da043279c8b4e7bd341006dd

SHA256
77a8e53093ac21ec3d66a0166ae49830de69107ff7c8557947d46b2ee94b46f8

SHA512
0c1ce55496474a3428b7a6ea2cf3788767f3f1a9c14c787a3ef2d8318fcde40f2c3a58e1080af2747566878ba13da4c9c0e61c41428abb60395d595d2dd3c165

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\service.conf

Filesize
2KB

MD5
3d0512ddf827c6109483552d33d28dfb

SHA1
893321b41f7b326118a78c2ffd00106ceb95bdc1

SHA256
0f24bfc9f2747cf72c5e1e459ffe1436406a8675c0d8ee7336ede8bd791406d1

SHA512
b3fa7caa51339248159f1d83b1c59604fb0f72197d039823936551c1b2bf141feed9e901b10eb5ff984d8821cc04c95098c6be74a3e85a5e5726a1851d0d4ed5

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
632B

MD5
0ad260bc95c5dc2bc5194290310b1a01

SHA1
b937ed7869e3366d229e8bff4f3833055832e055

SHA256
d53d00937b3af3012d3da72871a33d28c4e4a7ad7705822c09ce04199e2c832f

SHA512
46b187e9983c34b2ea5e549e42e81af39ad8465ede0dfe4c95b2e919440dc660931d7b58e39dba3043e6ca8802a67066872dc4efb3d4dad15417a8b1b9749523

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
689B

MD5
f9365dd6478de51306265be98718533f

SHA1
b7ad08f615eb2bbfd55a978a27e71fbb7d703b75

SHA256
edebafb56a817ab5214f0702fb192b803b882a6a5e69024fa6d27e940a2f2841

SHA512
1142ae7e49860bc68b02ad3f29027b64010a68101545f22b9a3566dcea8e83fae1f45b4b9910863cf6ca51c8b4cf0b11cc0b1866c05781d1ff6f81e6461cbd89

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
758B

MD5
5d295d2c7dd66279281df43b1ee9597c

SHA1
97edced433cef4201173a9a7edd2d8271725417c

SHA256
5be5ed8ac24a300caab3b7cc74811818281742a2a315911f92d6d5152ec0a81b

SHA512
af0acaa4d47616d0c52baa881f324ddef8d255051af7b9d46854ea7f3f2b217ffbcc1eade29ca5e59998a33abc5aa070b502fe9202cf63e25fc73d0e3719024c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
312B

MD5
0c04ad1083dc5c7c45e3ee2cd344ae38

SHA1
f1cf190f8ca93000e56d49732e9e827e2554c46f

SHA256
6452273c017db7cbe0ffc5b109bbf3f8d3282fb91bfa3c5eabc4fb8f1fc98cb0

SHA512
6c414b39bbc1f1f08446c6c6da6f6e1ceb9303bbf183ae279c872d91641ea8d67ec5e5c4e0824da3837eca73ec29fe70e92b72c09458c8ce50fa6f08791d1492

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\system.conf

Filesize
424B

MD5
487f718207643d559e5dcf6c28ce3d93

SHA1
e42d5c62291a4ff3c089489fa0e31708b2205fdf

SHA256
4c2075018bed92b0da5fddb0226b14ad50e5cf9f155f113af3dc83d43cc19956

SHA512
b26b0cdd51144159af95040ae7f3270fa480f454b67fc5ade9f7305f331b0b7702ed7f92b0384f6bb751110dd4bda2e9466e498cdbe99daad71751462e69635e

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
d5c21dc06bf851625f39abe051672cc6

SHA1
20f80b96d92dfdaf6d5e01c3cf387b114cc92e8d

SHA256
b748b268cdaf9f1ff344576280e62f346368ef45b9aed022f66f40ba41e82299

SHA512
84a794d49b01a9e94db81d68683f0ff9a7fff315d7b06539f2e2eadf70dec4e490b6b1e028aefb438326c7a06937f8fdf8d072eaae39f79929255bde57cf68ac

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
5b7fab3fbb805ddc1d52a9dca2e05594

SHA1
992f5be516746adbdc0863911034e1ae6bf21e1e

SHA256
440f99615f3cc0548bed587df3a8d8216afe8717fa44f08745f0c2bfe8fe7f1a

SHA512
54c9dedf8523f0c878e243637cd9112751be7e8582816aadd792a94eed59558b91971a87bcc226c5d255ad6b9083fa2a393fc9728f3a33938f0decf043e4b3ca

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
ed8eed265307f924b62aafbfa8c59286

SHA1
482a43d40e53d19eb3e936245022417247595201

SHA256
bfbb1aae88e013cd47d24036d12fd88cf791dc7dde2ac2dc27a566633f6eb7ea

SHA512
734da0ad644b8a1ec251f4219a8b29af9631cbc9977eebb996e769218c28bf6403b27586821e87365b4b35c028c28077896b154013cdc19e947e35ae7600935f

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
6KB

MD5
1cc33a14db0734c8dc4dc03f84509969

SHA1
6973be0827a0630cdf85a3efa960c3c3e3403960

SHA256
d5bdb857fd3c47aa9b0ddee37eb5c2d5348da2304bb5909ab89fa6ab51607885

SHA512
cab384a24f5d141f1bfc3679679ff293490618d93937b6981bcd8ed1ccc866a2f0a5c3f0ec85bac9c8a910ab2e920efe047e39abec08911e489878445a747295

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
a25a9c4fcb84d9cfb114214db1742268

SHA1
6d1bd8b012098242001d41aeb0d7b1539f7a0c35

SHA256
a79ad24e3d54a1f768fdc0db53ab02ca4b53d7086480191cd8f7789ea6bcdd45

SHA512
af5e2090820f78aa5891398ee4b7426c83589e5634a8df2e1d743571d94a93c345b43bafcbb486804f62315bcc3be1cee1f6125d2295c96a53047d04d7f418db

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
d04e9cf4fd3a4ab6fb7e8b53359f7799

SHA1
48e87a62258c59add5f3854b6817cc66450e719a

SHA256
5a50cc0b93ce81656959fd00cb8657fd64216e4375fba11185c462c28cef8f68

SHA512
62684b7136aa3111e9ce93344bfc40a3574e46bb8ab551322c447563193411cdd8a3fd148208ba6cfe07bddc27c8c06c27d74be00f4fe6d6f3e826c6911b7228

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
7a7b11eb9f439f0ed76eb000b9c40356

SHA1
4e1582d92a88ff79cd576c1fc61ed710a2a9ea66

SHA256
ef27e6a6a5b10c5587c5fb2b64a285008e348d31b7b98964e48cf677cad0ec59

SHA512
d4565b958fdc2822d7b114b33df1ce0cb03e3f956c8d1fb96f3289977d0b76e41c744a8ef34b7162e0acb76c166368e8b2433e16f4f5e4a9ac9bced1a7b8147c

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
3da1a50fc2fa743c5a98423619284d65

SHA1
69923a804dd6e0676fcc635451ebc2de4588f276

SHA256
1a19b140d6f1f49d235133dbeb9f93f4c6d17c0e841d5423d5a5a58435a98649

SHA512
f0e893f9d32bdbfda7a210908a7ffc9c64c1d8e48601d96e3e305a6161c058ba18cd609eba537789e3c5c2ed2c29863c6eab4b192ee7876d00685c0654c4b42a

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
20a25421da3e9f8988e2b0be3f41d4e6

SHA1
9d7120434882b4801adc131f573ed4bead56af28

SHA256
68c4791931644868fffd65ce82584ffe3856288a2a3f04e9556a6288bc531187

SHA512
634beb9906bddaf060475d4433b274a1ff573ade3ada0700c3bd3e6d91630a4a2f629017d30f5d0b739c61f345f89dd611fd0abc61841d6df5a2483c7d4b6748

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
7KB

MD5
145f7991ccede94fc0ce9fee2122cbc8

SHA1
f8224909f434e808be7ae763d45aa0275696424e

SHA256
13d40403be01a33453f6ee22cc84ec1f467d260ffc89b0b0fbf0c13587b1e7fe

SHA512
06d79439bc0207edb54118a5bf03d8a7b969c63e00f966eb934f6762d427de17735dc63f4d44643f7333e2b90b36174790cc60df4046649c5c555f954dbb7d73

Download Submit
C:\Users\Admin\AppData\Roaming\AnyDesk\user.conf

Filesize
1KB

MD5
1b61bb442b509c17670a4590767d36e8

SHA1
c15674d77e6fde8a35b9130967530e81b44741d1

SHA256
585776a194324d8c60e76d757141dfb1d093c919e3aca668567bd08109f1a9b4

SHA512
0c5a27c6f1528e279d34b0393a6a858c07493e24a4f8fece7c541ae2e995d80e23382c80149c0913640b14ff57fbe6fd3a9d1e2ba639cd1e0477be9af2c62247

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms

Filesize
5KB

MD5
ce80e2403f418c0a30b0a83bec731709

SHA1
9570445e8882a3eb9f0f38c939ef47cb68e93b05

SHA256
cf365ec611af0ee597e9bee8465665cd07558c65a63e840025ca9ff9c4711aad

SHA512
c079a1b2a47b8a9de2a595261295615f2f50fdb03b2276be4d962b7ee5466a46e69095c213d7d11692b3886d2f6a913fa776af6d827524a2bed01d162a91724e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
fe3524a4a65e4fabf9f390c5c33d3061

SHA1
01a579e0d8891b9eac9755f760cdc92bfb80ee6a

SHA256
3cc17107fd7451f930861dc4d2c668c430c4cdbf2cc6ef99a826c42982df931b

SHA512
baf43102e307f4c293530d932eba56bb11256298db722517e1a65a6c90857c7a7635a1f8ea98b5febebe0fe5be2fdf1251bf311e89401bb5a2442e20ed3725e3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
8f778737cccef4da27bc30cb4f18b53e

SHA1
48c6d6e71b3fd16c33e1362758f67f134ff5b03d

SHA256
3a22b982adb57736cf6472854220988a950d6723d61f15900533c26f934d7a94

SHA512
ab596d37a3a363f82e2ac3e60e99d2618e0e0ed09791ab2f65463fe1032abb18f7f5daf5e2269d3a6a2799b3af8b2d0695cb7902a57f63b99093a2fb3a9d1c8f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
7fe376cb06b492d30506cece46b69adc

SHA1
507426c36575e199473367ddbcfb553f3904a686

SHA256
78c9836feb7803b80224a8a60fc60d145947f938d37adb3c736de82aa4d6197d

SHA512
7bfc928b8c6e93645793bc861efd84d4cc839c8e231b55ac6000a175c295635669dd3aab5621d0b153892e44cb97a1fe8fa7a6933ed4381a6670f6d3d2f3d787

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
f6b80b953ef91767bd98fc62e0546633

SHA1
dbedb908e085f70a3fa0aae6d355c96f806dd4df

SHA256
33ec095bfc91de8668aeacc21b7defa9a8c761719cea3ed76f1fd94f7993f8fc

SHA512
09810c282d4ef879b43d0f5d6f152eca9165cf159462a4a3db97c61d1fa32907cfd1fec0c1afe85c104b96e4220eb13e3ab85336ce30388894d89784be624c65

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
0dd0a46ff18500a62a9917a50b3f9e39

SHA1
a07c41f978236a5f9e2139a9cca6acdeb2acdfa5

SHA256
b7a4e9907d019faa7e1b1f1858b639408c7d9a5c60762002140006de9429ed40

SHA512
9e06c93bddf170e9e281e2e4cfcfe67723ef79e5d4a1aa1a84a3e576a8ffc8f22891611c415476dcb853a0cf486c6325301419d137050e1b1ed43a1ee0e19f93

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
242ea20c1994d7a6f97faf214932f0ea

SHA1
b62b81efc5b313b8f58794df903a913fa0704e2f

SHA256
329e1efd68eb0d386d304928e1d375adcdcf7d130de2e4b153c6c96aab517cdb

SHA512
bdc897d161e03dfc7acf5fb70215a128cb022d8a7e4d252e25ecd68eb7b302fb7279e9e25aceb3973ad21d28a3008c8cfbf9f06ddd1be0938972ba74871179b7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
feaa05c942e49c6358c91ed98276e7fc

SHA1
bc93b2443381d4c68e906f9a6f8722a42536c30e

SHA256
6f801cd4072eee0e9ce800f50c2ef6c7da0988cb91b7d61890e32e994f147af9

SHA512
c9accf7f2dd1343f2e9be30c5b2365556bb648858ae46baeaf81b22c600eced0aa08bacf094bb7ab7c008a7db1be6a73b346b6b2bbcfc10e0784addbd3af6d9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\75fdacd8330bac18.customDestinations-ms

Filesize
3KB

MD5
f35951de9ff75f07403a64aa16dc9f00

SHA1
5d37776232a1f056184b92cee4d994db26eaf2b9

SHA256
231969fe2d84023e87d3e9556cf6e8d5d94f9c9083a49cf457177b24ec1762ba

SHA512
378440f0fb2d5199c479590942811864642f12edef2c06827b1e017d739ccf04f8a91f0eaf4cc954250f585b821327e2204345ee1ac78d0e3f90457c3e166396

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZWZ44NNRJ8QO92T0AWE2.temp

Filesize
21KB

MD5
e1e8e4a482cf665e402203723605710b

SHA1
79d97cafc8ef53cd0310a5c7add67f3a78d45aa0

SHA256
b4ffddc29317a78890f6d034c83eb548c10d6b97f50bc24fd880aa4631b2163f

SHA512
2f97d64d7166128a4e886aaa81cea376995a0048cd4eabd8cba8950eb771ee2f32d21fe80e3d7f6b58fdb442abf61c263137666b48a5d42323731f5d47dd89a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
8KB

MD5
a69408b4b335a2aef8002b8ccf07f2b7

SHA1
7505a21616cb7a35882ac7140d01efcf9c73a7de

SHA256
76ef8bbf99300c017c2178ea3a47d3925bd35648e5774454839ed19b5c046cff

SHA512
c4d0b879879255cfe49553e770677195df9e2aa4174ada9abd0709c86d1e3c5c6dd9eb78830f6eb4848d75f6ce21ac6a3f0ec936bb50cfdae4c3b818d80e9c0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
76KB

MD5
cbbf864655008e8b6e00e1f8082a0186

SHA1
1b26c83672a32ef249c62eb95036ffbb261a0206

SHA256
985ba308f4a55fe5779f81659df516ed45a9ce7580cef53bf4404cc87481703e

SHA512
63091d94826374f6708f8ab40e57745064eadff5fcd088c36fad2f0b18f3cc285d628533c4814ee224318a6760b0026abf99d869f5574020937ed038e4055d88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin

Filesize
145KB

MD5
f2ce3fe39def2dc91c2daded712939b5

SHA1
61e4769fcec7138394478331ce3bfa80ac5f13cc

SHA256
e36798033e361b17a4dade2d3e9f89c6c28483dcd16196c4476e194bb2de5095

SHA512
48abea2ccbf4df707c61707462e7a54aa2af3f968c317b9512c475de1fce33ea9012cc99fb47e5c7873992b0a07858e31b09acf5e694aa111a05875ec30315f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\SiteSecurityServiceState.bin

Filesize
5KB

MD5
3635075d6c801fe42aaf23bce98049bd

SHA1
3ff56cfe64de73e70ecce6dc72251e788f736bec

SHA256
3748906d73377f5f3fd121e8eac31700811a39153f11208855b7d96e56d63022

SHA512
60dda05b48944ca7bbefdc6ee7e0498f50a22e0ff297adff314f0c8df169c3a77520fd8a43290d1fade915b7d99f3866e59effca8ef503992f5c61fed6966b70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\crashes\store.json.mozlz4

Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
29ce0ae7e5d80224201ea1de50edfac5

SHA1
96a2f885d7a28d5172aa7ddad7c54eceaaf6a298

SHA256
abb86392c1ab46962343e140cad67a2f88f5e9327e9691ee60f4cdaf2957c353

SHA512
abc209e49f741d8882c7e0c91de2715581342c796708e3b62ed3154189c52ea66dde34c1b26e2791d1e10b543de5bd30ef4939f76caa1649bd8409f0852b1ea7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
7a04004e04625a6d2d58386451987a7c

SHA1
16649954a3bcdbcb53e0d598cbc78cac40c14a8d

SHA256
4bab395f655bd3bbe51ddbe6b3d4d59e0584c7c4f91d7044ef0325961b3ba533

SHA512
5985b91169f76ff11d5625b169aefa3539ab4a0d1e8a2c956fe5d25e8e5425fbf109d91ef49cebe7cb85c9027282925c284277c9b8c1e33fc7fe4484f078d54b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
f0261a062bcd997cc2bd67c428f8d2c0

SHA1
27984017a33b565d1994da2dd0c3944ab0a4a445

SHA256
607b6d135c18c696a9259fb3beee424881178694460d73bd9909fb629d1e5fd0

SHA512
78c338be70bf2a50f585468d6d009753d9e16e3b1f0d937428b29208f8bfe470f5e20b8fd9753ee7ed67ec345dc238d99f3825be8b104cd6ee7e8886b9d31799

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
63KB

MD5
e403c364356912fc8fd81d8c004acf11

SHA1
7de454e447f4f6738dfd07d9aaacc0a1acdaca1e

SHA256
30c4c4d990652fb5a5d696a8638e1e51e936db3a7daee312a620ef701fc37378

SHA512
5ae25069c8e5c1973799642dd065614c4a871c27a7cc91781d1d8bfea0620a98b271658741e99f192170ff1d237090a791298098d8cbfce556355636635918dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
63KB

MD5
1dd2519f74ae87c4cc3d1d43266dc6fe

SHA1
5e7d8a4d0242f9c42cc2e1e2d0e0267f50792706

SHA256
2967371c1ca53ec6c9ad7adfbd21df6c4b16de6b21cce5474f8fdec5f25a95bf

SHA512
4dedda09f1cbe6b4132af478451fe27a1f8a8534c3357900523ec1db6c47832611e4b50f051618d79856ae23bb9f0d41c9359698f75b79e781007ccf3ca2e473

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
65KB

MD5
dd72fba720aff50b4ffb87473e12c731

SHA1
ba042c769a2b93416bc663fe847cf3524df98d8b

SHA256
478629eb1ab4fe0bba915462a1b7c2a52cc453186c95734c3093ed8007f88dd7

SHA512
64ddc8215e8d60dfae123e1f8c13d71682306ee51ffbf61f1dfa466ccc51aa7a097233f617f64e1911a531823cadbbff0ec1acbfbb17cb9dec58fb5a894d0538

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
160KB

MD5
2f448d2fe65f991437140601bb338f0e

SHA1
32f8471a89f301036d9a7d6a32712ec70091afb1

SHA256
45f76170339933de0e5a6f6d816b246d0db51b667398c978b1801a74d84d501a

SHA512
bec29b9ba470e19e088bff4235f44bfa6f6552920a5112ab5ecdb761f919d23ecc7f5a61eba18ddde39f022994b8f6ed7c7692134e2bcfae86cf1da42a6c2741

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
63KB

MD5
27cd10455eaa2269001983850ff1727a

SHA1
ea6b0a7d0fd7cc11f3f0e3a3b5b2224276d43fa8

SHA256
3d690649ca40dbc2449ffebda956f18a4cdf6b8fdf50260f019ef093aed3170b

SHA512
bc004e7f1eeb7afb1e05d56efc7f6fd669f1a00714652314621414f621d19082e42845eb5929b5e6a1a5044857d146863bfa233d63e34fca6bc1ba04164cf084

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
164KB

MD5
46fc96d3163c74c8f0bfc441a879ac0f

SHA1
30c65f087aa7eddbc57a185de318d135f6ae3da5

SHA256
c9f060210266c6435e585d20c07d1969afbda86df06e3d8a548733dee5ba58c2

SHA512
6117b3cebd8954a0152fa22231a2a0dca075c1d1200cd3f85c84d7aac3c25255019b1e6354afb1f180370f7122a29e1e27c970bebed1f77123993d3c8baea1ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
162KB

MD5
0903df45d4ebe6f76db59f62cbd17b34

SHA1
df028a3656b1b0a245ddc10c8e646adcd87a718b

SHA256
cd0f44b9fafe91580785df81a647eb30bdd6d004bffc7ae4a680f313896d6ab6

SHA512
8591f1da568d1f406b6dc68e3b1d7182e0c2b83ed20471ed4e53f9b9482dfcaa25a501f7e5a0b6a2d8bf1fa4402865d7a514f7388e5701b9b1b9dd358b431572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
63KB

MD5
26bc7026a5a2266581e7fcda03919bb3

SHA1
8a5d243f0c6deb2f51bc72458c980f22b0c4289a

SHA256
4863e6cde07d8e26cdd50d93ee8c2dbcbbef9fbfac8cc7e0abfd0ddc1887c0d7

SHA512
a9685b34d5f2e2bcc6fb103dcd4df1fb6cf5d50134299a0d2206a4a2817892dafad206a86fea1d841a541a5af27502ba37f33a75e8c27a029acf453d43c0199f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
62KB

MD5
87bea5ab7fabb96a815a5c0d7c032acc

SHA1
71bd36e8c585f169754246f9b05e1e2b954a828b

SHA256
b68df06f410b6fe0f72a69a2af04282ea59ab1380bcf1bb3e19a8561aaefc560

SHA512
33d7343b620a609cd4c4a1930bdda958e3ddbcafa807704940a31170a45660e8b8fe8d279fe966d169b3af2e0255c9e970ce30f0f4290ee46e86ac6197270637

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
151KB

MD5
17fa40c8fd76a28703766b82ee10eb2a

SHA1
97f18bfd7e712c99044f76751c14023baa29653b

SHA256
1a12449e5415e7212392b212d46fa37e6ae444bdfa42e991beb1e957416cf513

SHA512
4d7c84194532032397c2bf7005c6529f54819155e6b0084a28a1486f60f82fd7ae5bf76fec904f22f1bf8f08dc17813fe0e73c657f54aa5c8804318c770a1980

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
7fd1f968d3bba9d2b8da82f00e5aaf5b

SHA1
a908f7a249bd30701fce855d583ca12a5b7febc0

SHA256
99e1affaeb9159c94460309b7a63dcfee3c75dfaa57b65d0262112d1dd074728

SHA512
9e570335e4a05d6d2ed61fc1d917b38f2a52ff384d526ac5acfd74d51aeacc00996916f3018074190d85cec46dbfaff6474588b86abfe588805714cda7823424

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp

Filesize
64KB

MD5
ae14439c0ac2206ebbd61d7502551aae

SHA1
18e3e0e2c7c5beefb2eac514c7049caec8a09983

SHA256
8a74f4d80fe69e113c2d21c55a865a32d83bf6ee61a5b5ab843cf032d4b582af

SHA512
a5afbb73ba3f3a5a6f13c78ecd0c7f8eb692bd181fe9edc8ed29520c10c268323d171c60eb92f7453e31c80b1fee76e7de98956314c6c33a1436a474ba8f4bf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\18935ce7-e08e-4d40-be18-dd80f8c212f8

Filesize
661B

MD5
93320cc589dfa98466c44b5d6837c219

SHA1
9a60a0b6c79a6b1cd744edeb8fdaca8560a48055

SHA256
a4763d322d140a7f449f884e77056aa0433df2a1de90fdcf90757a24947761f2

SHA512
9bfdd8a7897ef2df6f22058780db6f4bb48267f04fd5ad78cde880d11ce5f807de25d2d78d96f8c429e319bd4a196bdd4f0df92f9768afe045f292fe166634ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\1ddd81af-aca7-4d8b-af6e-d3217fd74a5c

Filesize
982B

MD5
23284f50fac743d507cf4d1227f4e5fc

SHA1
401a8011af912598e28541af95f4d09634c063d0

SHA256
b173ea294637e0d16a0ae62d461de2de5b1b6731dab068de1fd8e9058a1f1cf4

SHA512
41580a72bfbffa85b2b20396e7d7d90444cdf32244d6aa40b8ddbf50b76fe7882f90f3c398d5a9d2c405df8ddf5611407d4653c23e808057a140f39b616f4095

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\27a72d13-613f-4e44-ac69-e81132e376b1

Filesize
4KB

MD5
a347427ba0c2734eb4ef23250bb3ddf2

SHA1
9c72ee48c2fe35a8337e64b8f2d051ff58d7b19d

SHA256
e53eeb4216839b200f0ee124dcfddb4fb613c0a1f7863fa58bd4fbf1624f73b8

SHA512
f34f5cbc21bd2962c4267f72f7a8b0f7eb69af75cf7c55c75cdf94b2d34dc34ef3aec225cfe8172beaed87522fe21d635001e8fdd14737c4f0c3961b3b2fd8ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\38a5d877-83f1-4827-a32e-bcd349643026

Filesize
2KB

MD5
79bd7937b0eccf84f52ec31a505f8ac0

SHA1
9dcf2bd02d54dcb8b0ac500a5a9e39f0cab6d180

SHA256
b6995422f9b3408744e8b7f2785616aa9f41f7c7117b9697562eac0331767c13

SHA512
6ee3d894c384fe704c5320155b9e2facc2ff9b11772e12bb9207efdab9e4a2ef9c45e7989475cf3d189cbfbcc6380ba5b336dc7d145c4379857c76363e3bdfd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\4b089294-090e-4fc9-a7e0-01f19903e79e

Filesize
842B

MD5
ec0924308915b491cd014017e877e427

SHA1
20b7c33bd3d028e81848dc569cde328b44b6b78b

SHA256
c71cafb4436d47e396f016d2a38916faf97fb5630be69228d8d7b127032caa29

SHA512
ca32972bab8f61c1889dd5c8212262a403501043da08f7cc8ca84409fb3423e7081c35ee68b729cc114f4f8f9dcc1d997a343648064ac0804efd694056873afd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\5ef465f8-be98-4dae-87f6-e750486896b0

Filesize
2KB

MD5
15cdc97c79c40609da4473e87216b3e3

SHA1
ede3052d88be1590d2873b4cf99c46a76010ea97

SHA256
384faf2848ae2d713fcf9ac323774563b0c5eaefb85200e5a29ba1a87015ec94

SHA512
9155bf94d56fbb37b7ff66a0ebe951993ae259d992214864be27be0678dbb8a8fb7e7e73c4b158dbb36704906288ef38739176ba64cea050f0fd1ea2cee3ade4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\61fc8904-9924-4764-af27-90f3d8553b44

Filesize
1KB

MD5
b560dab7508a19f78298a30c787e8424

SHA1
e6439b6b552bf4273a3e2e1709bf14036d045b11

SHA256
347844c75ef513159abffea241a9c30de5b929013ae102249b20c3fb3eaf87b4

SHA512
3cb891764e38c5109d528bba180cbb4d1f010bfcf47ed29aa5c65a9d37464517ac3e871bc89f9147b226fdb6b8478790b7c0ed3f25190f7eae2dfeaf6f6fb015

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\6e3eba8c-1d8a-4822-8eef-eb76ae7fc392

Filesize
3KB

MD5
b48ac17a3268a8e614d83f3c7fb242d8

SHA1
9547db448c62bcf93f26f8917c7277a222be8226

SHA256
aa3ce6222bc24691b3349c0d842a24742f9f2aaf755b2dedc1f08acceaeb7fdd

SHA512
f2016367ad5f9985629d6a2054cf5570fdaa4426ff8435555c82eae24bc98482e7543c8fb5fcd112d92ec651715be37e0783d6567a855fde2cb5115e359f9704

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\9cf55fbe-b8bc-4fb4-8bcb-c688ae085c63

Filesize
789B

MD5
d0d01be13615145bfa9b9d818f5fc420

SHA1
7d4d9aaea434b213e5ed56ff35bc6f3a0c5bd078

SHA256
9505d155b513a92d74eed175a809438e11bba43dc595d6c0dce9edbebc7b5c6f

SHA512
573f3446bc3ef3f89b4c5ab89b758ade99c4d88c8a0ee864ca4e19462bb6f353d8162223553ae79ef8e020994c5bfb47de81aa19d24d5bed153593547c4281e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\b1a8c247-eb51-4458-9cdc-dedac6a16ac9

Filesize
842B

MD5
d0ce221801a228a3811ab061a43fda87

SHA1
e5c90d366f026caf4386ea9b7a960a85302d2f46

SHA256
5fe878e9b02d679147e30f7f8e56d37cac5e5ab4a5fb3c8c822a420efd3a0b43

SHA512
12fd1f802b1118685842e54111a7ca53581516fb50bdd5d6be716431ef56df36d2a614f03836f79b50ca56add8d1554bc8f26cbb88aa7f025d312eedf08f1f30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\c8a90d07-105a-469d-a7d7-2a8f7ff94aba

Filesize
659B

MD5
7a01c58a78f4c0fd55ded796cebf4dcb

SHA1
3a85c5de09e489bcf31347f761a7cb0bc595007f

SHA256
2f4fddd48187e0a565a884d395122d7330a015dcc75b330426ec0e6bef68221e

SHA512
62ec5a3d5571d4f4e8856a6d667b3bea6dbffc524edae271976a5f58a8d3b5f020ba14e457ef8a1ae49cab530098927b49f516b1e3dba95830930a572224f509

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\f128717d-c8b9-4a2e-bed7-2f0ae2f514e1

Filesize
847B

MD5
f208a63971553b628b2ddff8aecbfa4f

SHA1
db52623a136bdf617262ef4094030f82fdbe617b

SHA256
7a9258854346add27692f87c8803451ae7a9a31c20fc5aca9733398ffeadfff7

SHA512
a8cb34349b47b67fd37278a954938a701d4859794bbeb92bd0e036214149543285bed4a7d72c93e2c31ec8f3e405a466363dad6084bb8b200dd689dfa690c7ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\downloads.json

Filesize
784B

MD5
1e14f3ec52ae02502f90e13ce5f7c4ee

SHA1
f1595d3940a4f2d34389c39a3f55a3b852ce1a61

SHA256
219642b82d4879cc98f1892cbe0e76d8163d2c24d4cf17f9bfcb7b6e7dac5d01

SHA512
bbe1db863ef703aa8516fa3aac1d5aeec01464e577211f0aac8ebe3f0c53b250ced5e509deb9e92f90e35cd428af907ce55ab2235fa27266309a2369dd09c887

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
10KB

MD5
87cf591ce8922a708deae16200cf9a8e

SHA1
8194954402ae14b5592bd0f5502d62c8487dc9cd

SHA256
a2f5c861a841e58a1c8dde1b3948568a8750fd889abbbdd08f397bfe2072ac0b

SHA512
6f6630ec958af5d3bccb8bc5330436d7330baef29482d2e7d72d91ecfc58048b8801947f5f1ab85cfa251530eb1053fbe37a0398074b411e03f7f2c9cb995319

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
10KB

MD5
4048faab313f18f35373f34122e0434a

SHA1
32ab102ca5765b1c48c02b7da31b2595e79fbdd5

SHA256
f991d16912d9edb452d7d3162178d49cd50f054fcedcf484f4d5d9c5c9cfd4ce

SHA512
95417c4d90c5c86c959505bad8214e5c80c5d9f477e68709b193c2dea5adf8ea938289fcb6e6dbac8a7fc8b476ab9cea2284124164a97212307b532bf8fc400d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
11KB

MD5
91f574cfef5d1543af083172c2f84d4e

SHA1
37675edafe14375acf7b4d486f9f7d00967e8243

SHA256
e98fddf93860832e40c8a1ec9bc688c09b47b62cb4273acfb2e6405cc6647b56

SHA512
2a79775c85a3f5a0a66be67b7618c1dd3afdce3bfddc6a3224e08263787c9df96b006c7223b12e6b6174caf66808a75f680f74485c39d8d90dd3a5362bb223d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
11KB

MD5
1de06cfc3fdc636dbb017803dbd721dc

SHA1
b4112b3b05988e51bac2760075b8137f9e86e04f

SHA256
6ce4577779297d81b0c44e74e99d4d0e1a9a0349291f3ca587f43f675bc56a86

SHA512
47367011681795cec32282c8c4f97be4b9a24469537dd978802cd118926c2f1718e412863f738446bd9a6288b793f0fc6f4a9b5f953bdf8baa56a5456ed4892c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
11KB

MD5
839c565c906b7715e030356057980ba7

SHA1
7b205e06130411190cc3103d76f2d309cf3ddac1

SHA256
42443bb544aa83b288f6b10e9de94c8c6a1e2d5cac0e689a7d20f978d1fe45a5

SHA512
83b1e75ee0eff38ae9c2aed32dcdafd220d4fe775c7af49974a4a0c0f73355ec7262146b977757397a534cdd13166b4332161f1b0973e2a95a4bf65527389c6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
9KB

MD5
c85084ee0afa6875a498cfe624da6ce5

SHA1
f90765e20e246bf96e29ba67aef373dcda29a78c

SHA256
1facbf2d16243ee87522ad93f2dac17b88bca435daea16f12974cc50b2002d4c

SHA512
9e3c1f7d47ab471d3d83c871f1f7b2d2d8955bfa989f73a462dcf7c0c42f61f2110478abac0a623238499a28b8fa30983957626020cd6934090fd0905911f108

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js

Filesize
11KB

MD5
6648649c4e207fda81b573674b96dbb2

SHA1
fe6677d0d66d8caa8a0cc6110bdec7472140bc3d

SHA256
939c4d7004d40322bbdbd70fcd2ff7a05f352e19e76a02e1c7962ec5d1d26630

SHA512
c8359f78c54702b8ceb6c05d0110b3610c4ae6a2ff0ffcc9e40422f79d3817778dd770fd2951348056a2c34f1eca0e4d04a5e2b0aec49794d79075cc69d5e1d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
10KB

MD5
dc9c2f5210f4758d6284227aa6e26533

SHA1
419352824aeefb44e3b6b17aa11964da5e584b0e

SHA256
52bec846d7b0be96a6c9e026d05c0c9ef9e5c3b415082b228f1b53d84e2093d3

SHA512
addbc5f50dd7a0b37a7e1987bf489764c937e1f1affa7905f0c9afe46da4fd6b838d8f13b3becf85ed48e1958d00a21f714b1ae44bf6a110a5f1ac07b417d8c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
11KB

MD5
3ea8fd5135962b6328ca5e399783f1e6

SHA1
402c75ba60f723fd132f553af09538e3fbd9fcf7

SHA256
10b14d5d367682f217004e60c3264e8cfe7d43cc0237cbc5154df04bbffbbfa1

SHA512
6033a573ecd76c78050ac40fed71632278d6382fba7dc91812e753dc9a8f6673ab31e4027d4e2e0a28b6dc3d1bf88a8e220c15b9166395edd2fb6e4ce9df28ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js

Filesize
11KB

MD5
95d6bb0e4c82cf93a7e0228458fd15ee

SHA1
8d45356a4d1152fcaa179faacef66ec855728a36

SHA256
2cbf8ad1783bbbecdf79144bec9e1a8a4ac8ad54df0c5d03fc2fc53f628d7db1

SHA512
9344f4505462f1ad943748ee0d619aa539648e2f3e384da558604aa396f0ce869df75c3adc604f59cd7d95ad4a85dd8ca6e7040d49bbeef9a672dd14447bb7cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
5f8f5ad33a3d44752c39787220699b04

SHA1
90df701f14282cb96b596cc966c309ac8d5036cb

SHA256
7d24c5311f384faa976693f8873f0cad779e02e72478f3bdce60b401327f1cef

SHA512
000aca7332eb1e447334b6d3f6133d140e3a2db5bdb128d2ec0d523492409b1fa003fe5cfc989c6c131f6325e94a7891ddb631c4fb44d8c11f14be24e2888891

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
a2dfe0d9e684f96e411e6a1d44bd489d

SHA1
5935091a539ed23b5f850749a42b760036701a77

SHA256
63c77f8cca3550349b7c702d00b4ecd67af437517248f6c2116d3d7ddbbd915b

SHA512
c822753914b142142572b853109e86a5813326197eb31b9598e48a020669e8d4b2a4db153e9c694369249115a90c4a591425d8067b0951087bc0c7908bd2f9d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
5c356b6055b8370b14073962066ec901

SHA1
e1f74cd07311989e92ca2cf1098ee555ba4a5df9

SHA256
9b3899ac90719cbb8292d7c5592cea9f46eedd484ebdfcdb35c9c47ebb7f64a1

SHA512
36405194600cc6b888f41ed51645a2e8ca97ea1b22ba45fb52ba7328f460e1bf861619b89e4f8b5aa85657b1d41846f472093f6705f8b11aa459d5b50e3a62ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
7428859dfb6ef37bb52bc887ce6253fa

SHA1
4ccd1a05f9a17a6bc5fc0fc88596a190717075c4

SHA256
65790eaa28c8d32007b4fa8d80738e82b875f12bc5db440b7f24eb483342bce1

SHA512
0492ea8ec6c9656b177df0130aa611088249f6e9074b573fd44f7e03dd313645e7d1a1be211bda9da4fff92bab4a6b1c4f87ea28e97bb869f60a708c7faafd50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
9516c57661e030d40ae6f8092b6a4cb9

SHA1
b19fba45966fb91485a1f4b340ceb7d99aea125e

SHA256
e221141ebc49e3e55e2ae71aed9d80885efd549f93ff2b2ba2b7e9b75429aa98

SHA512
f0ea8acbe952123f168293e105f291b8041a5979747f1069f1c8b7c28e88ed27a2ce32fcc9daaa6cdf6e9ed4d0cda75a6694a2a1aeacc625d8e4fc9e7f86b06d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
6d008c1f63b0e567849a306d9e14a1d0

SHA1
10e103a6cacd0fc4a39ad397b5074739cfb90098

SHA256
421991ae9f99533ca6d48c0881085f92b79f108c7718a2c8b718eb21843c5a0f

SHA512
b0ad5b26a422a3704367ea2e2f5961cd4eebca2d1e4bcd6d45879e06cc03f744cebb5092ae6cca99d54d9b9912270707736c8bffabbed9a1d947a0f5b08bb37f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
713cfe723ca0dd2ef0ee64e13d6cb7f8

SHA1
6fbe18fd9401f293393fc1f5b6c29debd1a245f1

SHA256
5ec7a120ca3d45c6e2a5aee8a1a0c5e508345f2cc8c1499d8074615788ba6851

SHA512
974fd217ed024012e15c11c184df1e7c93c30d5e0d0d3a67b4c15f710bb007f8a8a62c7c5e786a1dc841cd737051f03db398f84290a7371d829604121bdaeb85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
0d4c973dcf5e6e7bd88303426e8bebe9

SHA1
cd559a0cf93e0a62c97c14f35c9a23a73876acac

SHA256
12f420d1ae47e8494018ee6d73c84b1194d6d49387d26d93ec1432a38533961f

SHA512
2a418d3151b9f96a5745947cd60e7ac240b2fda0e1c59476d461decec9aae48cf93473a461c4086e44a82b52b52a3f088dd4923575a62a1ec4c2c5ce0a5979ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
224e57482f7c18308e2876fd24b9a676

SHA1
22ac4ddce325c5a40a418d7d8e8c74c36b94d662

SHA256
f93c5ddc4bf39ea5df871f90a1cffff3f58e3965fca587d26cdb044622ddb931

SHA512
d3be37270d536ddecd385fafe773611b5f43dad313a610b63d290bf46ba01fcb463949bd48b7be99f785f26ba4a34e15fe4c7836d76bdfd1ae89881fb0714556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
2fa6a3b44de1113bec52c845952efe17

SHA1
17725a66b912c68f0c66f11f0a0472119f87a301

SHA256
1be112882f711a840a8b3a0afb1427ab933aac61be8b377cc33882d21f8f8dad

SHA512
61447ea29eeca7a48bd521ca9405536d0334701e4cb7b84df7049bfc02194d5f84776d0883c1e3edd93bdaf7adc54a0d9b76b0146ba1548eed5bd2a4b6dd91cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
118a9c132bf2d401d4d021d349aa1874

SHA1
0b74d4e60df3bb16a104f5db43d1f1e5ed1305c1

SHA256
3c737dbcda7d5cf6f4dbdab8493b9f1ca4fe1757f90a9a3e42837f993262ffff

SHA512
e4bb6af4a3a1dbdf4d9a6b7fa384c5dc9dd617874524c2fc09401a616138206309af8110a352f08281f27a052cc5849426b6ac2edc4e0656dfe2a24fb4db6cbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
96d72fe1aad760a1f710c452f27fdd4f

SHA1
af22f9e7ae137f74d8be577ba5d27d7ce4748ef5

SHA256
f334271bb69fd59cc678020ae77257b8674c9c1b83ea7877fccab8fc9a5b1355

SHA512
d79b2b925f4fd7e580a9a10775cdb3bc9bd1459c18e9c431d28547957e78202126800027d85e8eb0442e296aeafdaab4c730a0abf71615d08bfbe4ecc8724aa0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
d72fa5265d0f0874bc72b51258501b64

SHA1
01084166156042ff049e96c6802572b71c35c2e7

SHA256
9673407e0215748cc9116ee522b8467c4dd840a20b8b719f9aabef815578ddd8

SHA512
de89b95c61aa915d5394910c379c77a142995471effee6e7f5331c47047561a5350cc886778d8a11c82771b9392c670d45b897bd720cea6422b1fb9959e8e9dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
11KB

MD5
2f54d8b49552704b622a6e5fb4979453

SHA1
e97afab105141d1ece88103058759bb57473c141

SHA256
68c671e73a230ce2c8cd28c0b5555525bc1f567c130e48adce144250dda333da

SHA512
a0d8c7db9d0f2f434447b43df67de7a63248b4b0e3f85d5fce45ed022fb692d471b343dfacaa283c975548123ffc82945821106fa7d5dd9912c7ab1be988fb6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
6c4e49fa2feef1f1cf042acf76be0133

SHA1
95ad753a0e3c0a4bf894f4d40dafa830baba5f37

SHA256
63b3631a5e098f78ba8b62d3bcc8471d5336024969150194e801f4af24f05696

SHA512
e9002b8f14630c8cc5392c397ba61a56f61aa2ed7dff6a20fd0fd3bbd9a34cbbf572893087f51e15a71d2771ab8f99c90a6a96d70430bb2dab3ce66454a0ecdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
4fa414dc96835fb3946ad6307db42601

SHA1
6981b14e03d33a6c16d143c552c6dde9f13546c6

SHA256
d56265a16d737ab99b57d2b3199e60b400f061855d45c370c6ff7545ccbae69c

SHA512
052bee11a24738f6211243588685ff60c62a8f5404b02c438b35f5f572617544dd387c67dbd1f7653bf5ae99ae3df47dc16e5d33b1ef76fd31164bafc9722a8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
39KB

MD5
ef7b7ee06caf046c59a1f72fc77219d7

SHA1
64a98eaad8730d6384045fbdc4f52cf80a918369

SHA256
095069d4e21f89e3fdcc7d78e78e39a5746f5e86a28e99e498792b43b64ba4c8

SHA512
f1c51617809a47819902b9b69c5a92387ea7875a9e97d1d7d6c1185713a1406fa236bcbcc767909d492b2bda7099d06befcf57a93727ddbc79f94a2d0a12d88c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
57KB

MD5
6b94d8cc77869655b4a4b685dd9b57be

SHA1
e2d2d5cb955f18faa2ac28a3d856a9c0a14e4a45

SHA256
35ec63e0b038a80ed58f72dfd48d7abe12dd3bf8b814b024459b63c0fac35e5d

SHA512
bdff04ebea14f4c62e53fd9811978d65e3920c88d9bf33b1f1ef766c497c4e473f7380bce85c027466902164effc5fdb22390f5a278964e787966c09a7d65955

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
39KB

MD5
a682ad4f2fc57459bbc9c91355c0b157

SHA1
06b13bb422e680219d236ca082ac74add09625ff

SHA256
9b2b0beefa8753ee8b3ca377a860922480aaac1613f48bbbfbee862019629933

SHA512
2a982be93258cabedaed85241246bc1ba3d472154bffff023ad0b122171ac4753e0a4917045f453bdda5beea737916eceafd593f2bbbef57d0d8421b5900ce00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
56KB

MD5
3538a0338927ed1c208fe1df7deacc79

SHA1
39cf99952c94369c1769249867188bbbf92bc672

SHA256
6b7daadf8ac3760eacc3769acafbd45f0a9805626457ab1c0f2abd37f4504898

SHA512
3092adc478c4882045366cb392e3f3854c646c8b40d06ae4c6af9d09132e53a554738fa1900d30f97a9ed9c8757a4d224fb9219f1c151dc39ed3f990c0e62e44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
a74871e494d66cd95ab490d5a9e840d6

SHA1
060efb5877d1956fd6e296840b4c785f0eba35a4

SHA256
82352ef4e836bc9a3e97a4eca7deb80d8bc2ea9c2733bbc88da8dd38c5fe03db

SHA512
abaf2ae2004c93167fce754ac9395cf3b8a976d03dfccec55c138130dce562c85bb8974f5f0a605f22e9041e5bb8b57c89370d65c0643a01385c45be809c05ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
57KB

MD5
f2b0488ec1cf0f3e5ed3faa9f3c11a20

SHA1
b80f7afec34567376671822b32e24e5caf60032c

SHA256
f93da0d387f83b3086119d03fa3db5a4844bd2da1d38d43304e31ea458059c1d

SHA512
c49bd01c9af0165840a6a576d3fd4f0824ef4f226b9cfac9f7f138f39f3f110e387ff733ba6065381b8b6ffba1db09aa249eaca17b9d93d9887bbf9f55353301

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
56KB

MD5
e910aaaac8bb04973715f32171faee4f

SHA1
0cd76ef49c3ae1c7bf8453c0917fe405414c1f80

SHA256
b7910a40e7277418faff8d7a4e4fb8dafd73256fd54273b6c70ad6e8e77fea1d

SHA512
421232d9322a50a7f6df4c2f139663a6af1d570b9c9517befe5ea61ee570eed5c62385466a6e74c15ff4747a4737382625bf4ee1d01fa7bb6b24bc2616aded91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
57KB

MD5
0f1595d6135ea94ea63236038318c983

SHA1
25978b3814a94e60f5d5107d092078a5c34753f9

SHA256
f3443d4b941ef3ac96027a68e3c34dc545a12b4a4887bd3835faf186c930f6ce

SHA512
834d4114bcd0598777918c9b0df65af5722462e982dabac94d42a2eadc4aceda2f5367fd02dcfba7d848b4cedaa1285eb0575e399e3e615fa17c7e018d732d73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
66KB

MD5
ecfcbe27ed4ec285209022af3793ea08

SHA1
f6d49b6b1fe07ebe5378d5a1d0ada52ce2082332

SHA256
08de46a86048192887561f08cc89a592257a8b2a9e5a51960cdb7c77c77b4888

SHA512
f1e58dd15f9ebab559c6ba5dd45f99db6da39ee4d4888c833892e6fe7168ea855ef703725be5ccd5738b383001733d5ded99be28b4103a9d79c3d360b22a70fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
65KB

MD5
8722964f5f52c5ef4291eb9a55ddab8a

SHA1
6edb11ccbdf5603b8f1deca0e93251e3c8deaba3

SHA256
9ed235d9e769171ebf637bea9aa87dcde0f35ad973fd26c5f8ad4dd49a0228ee

SHA512
eb23167cd7bd20522d25a98c91d46c95951ed8a25f30394ae6d6bc550443d750f817065b44d7e23dbb51c76da02079b7dff11893892be50bd32a4d6bd32c8186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
70KB

MD5
4dd82cbab3de3426c21acf20de6aeadd

SHA1
1b2a8c4024768e8926ee341db6830847323278cf

SHA256
99496c72e7bc102885d4ed8dbf1f01449dec20ae1e45fa8f19d170b67f7f83ea

SHA512
effa22c9dbae72750cce43c89d8226747f88cafcb43d71772e0ca633dd14f4f8c0ab3984455d50096af31605db4a16030294f3a9e4600855b1e537bbef576186

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
66KB

MD5
f39e70d1a71a7768bd7a9c9082d067b1

SHA1
4fd8064bdaf654628cd192a8e9b29b29563ea4be

SHA256
e36e5f1c91040d8ff7e65188d9cf2b225e91263aa45bca1c53ce6842c88d9b65

SHA512
837388b905d9ca6fd19175d388bfb5a5964b877907034e5989be69e16793e027296bcddf650f09bb459c02c0eeaf7f819068b7a4a38e2e30805794d51e502d81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
78KB

MD5
d6426029bb44b5814b252ee6db8b9a4c

SHA1
2e5c78e6bcd76dabba3fe7003a2c1f3c9e3bd787

SHA256
e480778043019bf6edc4332a7e3ac11c70f0e7b3bf9a111854fe47f2b98be05b

SHA512
c9803b901283c1e57fda5c608a6f15091a3c090e2a6044c6f21d8fe930c94f01727e9ccb266e20517e783dff78b50aec5f35e49bb207bc28c3f8614ed10e0eb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
70KB

MD5
6ee03b66b3c797518b8e4589c19f1183

SHA1
4f148fd2672cb5771d16aa0a6e02eab9377f4095

SHA256
88110d7f3ebd633d59e3730f402a3c5d7ae61fee71bdea521282ff645f8612e2

SHA512
fc65044f79d85c1b8e85bc449d832643d5d4a629e2730b76a4a94a63ab0caae80d0ef95df952adcd0195e38540b5e10d9f4eab34023cb5a32af0b2be8a6b78a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
86KB

MD5
3a2a38c07db2b75349ec7b0abdedc107

SHA1
ca9d8e4385ae97bba66c4433f3d76ed979a404fb

SHA256
f627bff4fad19a4ea43be942fd074c78bdf2f89a42a024ba45590413dfd0e43e

SHA512
6581a18c06ada9a3a7b4e58d7c388278536a1871ebc4eb4063dc72100511c9a90a7eade782ee46970c6c3fddce80e94e94de1e155a543bc4f5d2c16260358f3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
77KB

MD5
ebd045985fc4294f4ac119a91e50c955

SHA1
cd0e86f041a3caf21965cf59e5bf7556a39eb547

SHA256
0303ddaefa0e3343a09b68d64cb9cf2d49619a0ed2f08f2246f735e63807d322

SHA512
09b44048d07f891450b2c455429211fcb674b323976eac8e21bf80d29be952d24f619a7c66dbdac08429c90f8abbe82f4577bf420c2b22392ead6929c180a3ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
94KB

MD5
a795f105e8ed90e0fd1d503b30cb7656

SHA1
b8a6291646ed6a6c8af77828681bb4f306cb8744

SHA256
add61d1fbca83de7696e5c7d62b958a2c24726458bfcf8be88abd3595747b5c8

SHA512
f54b029f94fcf98e413a1fb6a7adcd11da668bbeae305516d8c13e88f11f097d38f16ada02fa4eeaa884ef5415e80106878ac443e434b93232c25e474d3c92c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
78KB

MD5
45366831a7fec9de8f4a4fa536376036

SHA1
e882696eb75558b28090499b2c6e12db982b1918

SHA256
1f73c34174115bfa242f49b30edf65af7a8d2b909a9231a71ce6feb984753c87

SHA512
8a50a1a5d26d867850f0a92d90d5c413c332d16ba76034ad2496ca7c5c1ae21ada7569adf3f9cc98956cf80b4b8bf1ee91454d1ccbdbb9524346b65a8d00e3d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
92KB

MD5
e366416236ffc699062ecbb97e6f9289

SHA1
0252303cff52544dcac54d69a60fa3c5c4c15929

SHA256
49d5963c97a26bd159d90f1f9f4f0c4448ad2607c1c0ed217289eb4045b02b2b

SHA512
71681c961b07e06555dc5c8cde6c4c5505ff8d8dacd751b7ce29ea26d86db47c7ec38747ffccab6a6cf815b99445b880f1342b66c4cea1cec5b88c378a723789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
86KB

MD5
e3c3ca3a7f4f5e1058fad631d54fcf49

SHA1
a64a6c1aa5d76aeb34b0694835e96c7a40708890

SHA256
d65968f318661973b22d6a7d190e3771bc1f6a5b8621b054d974f170e5c6d628

SHA512
acf0ac26d2146b85af4586af789a744007251574cd26053dcd6b8f681a4bc9d866af58f5aa0b904c18d3d52a736f9b73dd73395c11a9feff8d2101316ddc97c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
95KB

MD5
35720df69a065a8ac3b01e3598c10a7e

SHA1
d1243214d094665ff8d433237498d9baf60fa4fe

SHA256
576617ebad9e844ea0e28a46f9e0cd940f968188d1a135393a66997b8fe8ffc3

SHA512
7e0740ff5a82bf8ae29acc917187363caf9b46b19e236db6a6b5a2b542bc6ffcdd2b5e003490b61d3d9063e313722c481243a301000f8554e9a2742b5a6ac1d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
104KB

MD5
cff2b569308fd423e53201fc3cc4e50b

SHA1
b678b6d027ac80a9569624e7e2de3e792c4be603

SHA256
14a812621d7e3515975c5ea35ac8dd1e19f16a65c325379daf6816520da71e6f

SHA512
c60dc3da6d987171d99a5b1f94295e8f49b1cea4e40eb1cdc07f6bb4275c9ceaf40a7363bbcdbfb0b9927f686f0a6bb5bc10f1453a7ca55356df5f79079dd004

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
96KB

MD5
ae72f44aa341a091d5bef7c816494f3d

SHA1
9394ff59da5e75246170818ed20e92111e091019

SHA256
797fc601e8dcd8768fa14c73b6b2c16b4fb78a824864e955ecdd7f3cdd4073d3

SHA512
04ca9f96cafb2ef3946978a4f5a46cb10953acff51d01735ae2a70b6c26276741b710caf6d992df3909e95918e25ad584b7d301ecab45ee95d32a76cbd3f0b91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
95KB

MD5
242b74b3e90367bd41d55f8bdb424df2

SHA1
c2969e7ccd080da678160ca04a35214875773d37

SHA256
4b9f8f2d8199b0e9416343735ce57a9096a5fbd47cba5fcd4c13179256f39dab

SHA512
fcf456e312d981a241aa4f1ec0be6111673c84897caa2783434efb9afb16a8179f30276c3a762cc4ee11b8512bf9b5f3a09fd76724adb4046d13c8673fcb4a59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
124KB

MD5
b71d13d057d77bb9a7d97c33fd4e1724

SHA1
9c870a0de266cad9484b070183b5e72a21485a0d

SHA256
ea20cdbdfb9450f5f2b30e175ee3c3b1dde0308126a2ccdddf0b97d4e74b77e2

SHA512
d0628c97c6c297c7484f46fcb63f19a8b56a46cd44ba4add770115c48a642867ae843d60c2ef59b8e6fa8c47123e3c002b6f371196a1076f02c674ef706d7275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
114KB

MD5
58959c0bbfe0f4c2bab520b6bd7dc155

SHA1
48664bc9d948a6189d9930ab3b270649896ee7b0

SHA256
fffdbd31bc2ef1152bbbe19768d142ccebd9d0a81cb1a9d3702361f77d451a85

SHA512
88471c426604a4fb50f2a5ca033481ac4fb010049ce11e83ad03764a4203e3a9bdfec31c4029e95e2b1bb6604fbb371810b9106952d5c0e1955c301f741c8d84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
118KB

MD5
5b82310498b2675abae17670c65b4084

SHA1
a863c22639960930f2879a564451868e454200c6

SHA256
2aa3dbd9214b5f1c3fb0a56c5e0e17ae8a5af6f1b7cbf6ad6a88962d30399ae7

SHA512
6796a1a904ad87b33e6b734cc91f6d1381d681379491f20202df32ada7193c01c79e771aa09537b93be9acaec8ec05e35fa6a1b92b9e9d350dcb6ac240451e64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
117KB

MD5
1c025c665949ec05fdfabc305aff569a

SHA1
3b10f7f371c198c97542ce87a9b945bb53fbd120

SHA256
70e342d34d99b3fd7fbe3e35963cd657cd4206b92233864a097e9d6f598f55cd

SHA512
1ac62c4b0cb3e1fbf45dbd885adb8fa3aaf0b3c41bc4fdb6aef762df0fb46e3d522ad4d09393a94dc3121a3ecb16a21384eba39fde9bf4bb18780e2bd44a2c57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4

Filesize
124KB

MD5
bc2099236701bf971e842803cace5416

SHA1
4561ba57d22b7681be9bd3e6892a20707ceba2f2

SHA256
60d3644e7dc38d5fabb1c387488c51e345a051d4409177ee5890bd424aef3fde

SHA512
64ae453d52e395fc700fba0b7cc2b2d5e9dba9bde1c946763efcf0f80225fc65641cae1daea202f5ff4fbb4511d74e6286dde3bdd4e5a30538c91713ee180f2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\default\https+++discord.com\ls\usage

Filesize
12B

MD5
6d449e056fcc2e5484f2ee34d0b97b39

SHA1
dfe6b5a2a9cbe9deb2745ea099b66550b7560a8a

SHA256
8e5920e7b3e6eb94e5ddc02d5b498ae385102784e3a6063cde2100a5a21379e6

SHA512
ccfe100877d10f6e3054e3cb52284ed409385d703f55fcc031011778f05ae4407bc806c8a2875b2f4479cb9340f3a4ac84b1be7672b75f2cd9262abcad51bdf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Csoftonic.com%29\cache\morgue\232\{64544ee1-9b29-4157-b910-59c9cec245e8}.final

Filesize
11KB

MD5
acc7212edf22d33d44510b7adcbc082a

SHA1
c4e32d7bfd04d11f62d59b4e33c5795944c7b28c

SHA256
2bc9ecabd7e6d75335df5913e6f367255ce81758dd5d7a723c452839e45a90c0

SHA512
a807b33005744a994c8dafc5d1cbd8538024fc915469d97b283e1cac664e7f073f2a09bae7a8a4befb315cf23bc9c4f421ba26ed8b6010f7e3063a35f075b1f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\default\https+++www.howtogeek.com\ls\usage

Filesize
12B

MD5
f9aff0158ff5efd54ff6f261afe7d667

SHA1
41b1c03d0211b8d512a8652a2a82edef7538f5e9

SHA256
e974d7925e20715c4eddb93f226434fbb0d1d441b32c51dba75ee66aa6407cfa

SHA512
d69a33a7833b45e96d384a41f4685fedc730c8f259e0c58cb9f15e0b593d4b5cc33d86ef03fe051f37b7f0074560cba5ce931d0da3f1ae72f9ff1fa260ce87e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
592KB

MD5
57532cbc0b97ea7f57b9f7de5f7b07a8

SHA1
452277b4190b3d0b5d5a5212b4db40f5bbdf2b46

SHA256
aea68741e60f8f6bb4c081ddc366b0ea5d504de495012bd113f90f25ba2b24b9

SHA512
c8e1afd9650f429b04cd5bb7710f963008ae909fab4eae111935d827c3bc9ea2684c862652cfb22b60d7b842afc904d14c893b1b9d3c22e4ad379656140126fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
c692f15989121ca8f133a2dbef3bbe54

SHA1
408f337af8aae0784444a0dc9f26ca2a35898bcb

SHA256
21127f11114cab9586a4c1b50c859098a561818b63b0d73f388a74ac7f5fa265

SHA512
889ab1fd82fccf289975d5a156520770658def0c19e04193255d7b5a15078b3b6f7b3a7c627b8e92de7d2a93a6657c84b20cbb244a91d67e61f7d83d20bb3504

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\Network\Network Persistent State

Filesize
580B

MD5
3f37e942cc8073c2daf1297d61672dbb

SHA1
1f79f4b872764b6f0543a3614b2cbd0e7ae4a06a

SHA256
fb104c9dba6a55127cdb88b2fd59b3e2cddf71b4d2d34f6bd457907d8c2abdea

SHA512
3438a94bc84fc69c71b3410f7f68fcf9c50e6d476f317d18af53d138b62555501f8a1da90c657c34d64699be4f9df1799dd70d57074fd7caf94b8c2050676be2

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\Network\Network Persistent State

Filesize
549B

MD5
93ce550b55af3cea797d264d35415875

SHA1
ab8b5a385f194641ec378d2328698b0945d7ca41

SHA256
a2c2853d398ea8c7ce94c62090cf3ee35c7ce6f6115c23408db984311178a1a3

SHA512
b7a268d06de3bdcfce861070dbaba2943db78f2803b0bb7b3d958de5efcbf3c24b50898dfc8b41256f0ec98c852abf2f0363dc1fed77f6d034ceeda7b0f1d4bd

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\Network\Network Persistent State~RFe6f7e91.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\Network\TransportSecurity

Filesize
370B

MD5
649d898020be7737acdae0f227f50a0a

SHA1
f2aa2a6d68e0218e9b83856a1670bf5716d90d45

SHA256
74be504d7c14164a37aead4f502310fb3f3abda161d47efaf2e7bbe5f9d89c99

SHA512
867b9a7e20388e0229e18f1df6a33acf2797d653ed893764e9c2e4c66ce41356e36e5bd24a70380fdb5e205f9bb96bcc25c33d2d2281e67f9cb6646d15d1dda7

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\Network\TransportSecurity~RFe6f6cde.TMP

Filesize
203B

MD5
63d7ed18c0836c38e09cfb2706269586

SHA1
5474b50288dcd97c6024f08b5f6cef39bdffa1a5

SHA256
d9583a4a74ebcfbc8c30c187e332b50fbf8ad313ab7e214761fe3f45d04cd7bb

SHA512
3846190849661f69de79a16b535f8f2df1530fb40ce3f9375eebfa040fde000816f506ed5b11cd68fca9e72e2cac9a135bbc4b78815e218f1728aa57444f0659

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\config.json

Filesize
20B

MD5
f764024250af39c9cf3b838ff829f5db

SHA1
29ccea1a56d8b15bbb8d56cca598d479022b282a

SHA256
4145699a24320c45400298980d00bea816f09a0ba918c8b41d1f6548be684575

SHA512
520899c37272ae05e0d0e6be49eac36adb15ceadda3a0f74860483918cb85ecdb50eadebf110c456648391c7258795113f3cac5a495da50664a9637e3ca50fe5

Download Submit
C:\Users\Admin\AppData\Roaming\xspammer\config.json

Filesize
395B

MD5
09df6ee331621781e3bc1dd5b417ba0b

SHA1
35cb27321143f9aecba05ee3f2d951bc9fcc7a2b

SHA256
073445666e244223bb8729cbecfbc9f0ce84c18f09d58793f4bf4909fd74621e

SHA512
2a90c6acb325e3a530f13ad8c07705d08871e32195c4ea14cc85f68a0f1f1ea6269369717710ff17f8a8c968973c045d7fd72eb04c9b7d1f77194cf5f9f8ae64

Download Submit
C:\Users\Admin\Desktop\ApproveStep.mpeg2

Filesize
456KB

MD5
4fa2ece0821abec812001680f8909254

SHA1
6774845be8591fa9738d1e1f18ade4d80f8b69a5

SHA256
cb5623fde9492b0c2c8ff35d3b593cb4f48610427f023ee71096831005a632a6

SHA512
5be1b5f3c72feab20766e3b53b17930adb873cde76bd704bea2df1009af4ae4716a9e2036d3116af0a3de9e3899769cf89486e0a2affe9e18654e8089dd96b16

Download Submit
C:\Users\Admin\Desktop\BackupHide.xhtml

Filesize
266KB

MD5
30eb7e1f3307f10cfee24baaeae36206

SHA1
bdd177473eda0ad3c42f9e823881d7b25ca295c4

SHA256
973a55420a0ccbef95a131856a9e94cd2bbea444aad3e88b4eafc73519441dd4

SHA512
13eb6eac18a935efb225d1d521b930250085b865ae80e49913b43f96bc0c7b49d711e9ea3c716bf9037791f48fa91adfe5041c8a07d9f449bd120732b389014d

Download Submit
C:\Users\Admin\Desktop\CompleteTest.jpg

Filesize
323KB

MD5
2c909b5e34512a654e234740436cd5ca

SHA1
beb77e0f0123b88a193efde47387f88c586e77b6

SHA256
005f736dcc118dd3b9e717322a4a6fa1a9c84c0d435f67eb7a8568776a913c11

SHA512
dbf8ea76c25aa11997641b11c98d561967c37a990c2eb1a65d6c1254abd5acb44bf43e52b1cb92b9011aeee325d7a6dc8bc0d895c51ba470f64214a839dfb7e7

Download Submit
C:\Users\Admin\Desktop\ConfirmGet.avi

Filesize
399KB

MD5
f1f97d8736a2802c70cc6cc895ce62bf

SHA1
3d958b9e06eedca344431cfc5089a8db15da4dec

SHA256
1fcf3134b4159f0d7d395b11373bb4dafa117e654b57deb556c7b9e79a4d3b62

SHA512
dbdb79621faf2f2ac11716b8d571f3f9a1c79234e8f857a80ad64e74c4408c16457024ceb873ae7ba7f0be959f548414775cd7c990a3392b73cbd14ab40e8612

Download Submit
C:\Users\Admin\Desktop\ConfirmUnprotect.cr2

Filesize
285KB

MD5
c03aa837049e58fedc68c63aa26f99de

SHA1
a6fa40c64eaa8294e41528548656b3a30c8ab7fd

SHA256
2e485b404f4bbb98d020b82f84c6bffdef91bcc262073a2c792645241bf7eaec

SHA512
c04a79a7e29d86f768a31ac7286495dc152c29b0d24870b7172e92905824225b66d9a25dd4dbd8f9f15e26543a6374863665600a995cca0ff5186f357535db6d

Download Submit
C:\Users\Admin\Desktop\DisconnectUnlock.xlt

Filesize
247KB

MD5
65f72de3e44933fc04b641f43d2018b7

SHA1
62be8554ddf61521cc528907200c662a76f1605c

SHA256
7bb1fbd42b417f5c60b0ea4b2563a459aacfa9eaf577f65d2d1f6b489d21d3ec

SHA512
ca5d7c81301d7d12ce83bb044756c02160d78bca751bd69ebdbc05d3f4b3ada33819b27e0f04d8b2a30ad81d25c960e4102ac7ba295239400c61749ef142f6b3

Download Submit
C:\Users\Admin\Desktop\EditSend.txt

Filesize
342KB

MD5
9659c05db583a26dad011ce1db907cab

SHA1
6cf880c385c310a6f4f1fcd2f5037715dd096575

SHA256
b16668e70795461ec02addca1308b10c19292ed3a1ed6be0431ee173886192ae

SHA512
e1a461a1423f56526c6a073e8c80bcaf93ac6f9a71dcfa98b483b7994394ec4417b0351e76fbc5525c5a585fc4f218cdb050f2e03c7a944dd741923b84168933

Download Submit
C:\Users\Admin\Desktop\EnableCompare.vbs

Filesize
552KB

MD5
5ad04c3c925321be47ec78c152d290bd

SHA1
5010b6000db6cf3c056922c94e9cbaff14c7ec82

SHA256
88e23a7a7ac3f710b0c8973d906811f9f31cdfe4994f4690780ae13a0e6d01f8

SHA512
c6d0f9e976b19e50b6153e8de05dc26dafd6c37d63eaddc4639f5c194d6522d7ce5e5828b6a092df2c043819dcd94c68c000a763d10aaa1fada23aacf340b5b8

Download Submit
C:\Users\Admin\Desktop\ExitUnprotect.ps1xml

Filesize
818KB

MD5
0953bed919392b056fa8363340dc5e52

SHA1
521b52364c81e65c6e28f887255cd9dae3e8f077

SHA256
a22084ffb32a735d6136bbc0efa09f66eedbaa071d8cf45fb6f6affbb64aba5c

SHA512
e6e5330c3c4be7161bfedb10b4889b80848eed6178a6cc6452f1241ab17834ece00d499357436540ed54605374fe4c6183be4b2ec26e6122327e7e25a91afbb6

Download Submit
C:\Users\Admin\Desktop\FormatUnblock.docx

Filesize
12KB

MD5
a84ed163b8b3fc8ab1816164d908c21a

SHA1
eed0e3303c21d062a1cb470813ffe998034cccf0

SHA256
b4a67b2cbefcc9febfe63510b9fa596ecbd310bab99cbb4f6ed6d4ee6dda7e0a

SHA512
0e36f56f3e54e4a635257b44af12f77a9c72a65429c4cb81614e387f27b23de65b9b50f47dec99ece394ccddb475e56b87246972fe7149a1897655d7bc0983a1

Download Submit
C:\Users\Admin\Desktop\FormatUninstall.potx

Filesize
437KB

MD5
669bfc960fd9c3c572d8baba669b8728

SHA1
f17aee9db73b055bde5739166ad61a86f0c1b6af

SHA256
db594fa1c5abc1b3722ae89c304c65cf4e0ac4f2a28991ce3bc0c7708248e2b2

SHA512
5e43b02ef2df667d3abd9e19b3de50916354a55be62fad9e755950b67bf0b1d98c4d8a291b1d4b867f8a3946bc16b261c330a8b4bceeb6d34589da02ca578ab7

Download Submit
C:\Users\Admin\Desktop\MountStart.bin

Filesize
514KB

MD5
9f5e54d80b2dcc87a2fdb8d94063cf6c

SHA1
b905e6c8b3d9af94b81dcaf4f9b28ce3100c97ce

SHA256
a2f18a2099d1f7f3f3abaa7d0fbb1344e43eaba4055d25e425b7e3ea6dcbb3c7

SHA512
5756fabfbf5f099a75250c3c4841af288a8fb8c322d545db4da1df7cb8bb08a421231de0b5cb60c9020af9d5347773de01947364cc04bbcebca11f3e27611a48

Download Submit
C:\Users\Admin\Desktop\MoveBlock.sql

Filesize
495KB

MD5
5afcdda2c4ef32ef6de5fde47019d725

SHA1
7d05405ddcab88c50cdf94c0715557063755f26c

SHA256
7ed64854606296efaba3d5370ce58d4b6d9cec863dda587b519cd323e53ec899

SHA512
f2c46ea839b49b577a68e328e0dfa9dfaed5b022100dbe8cd35bb890004d5cb9ade0789795499e96b63f03cf44b8afd33a5f5aa8f78eefcc94cab18a6bb84cb2

Download Submit
C:\Users\Admin\Desktop\MoveConfirm.xlsx

Filesize
10KB

MD5
91e18ce84127d01f11b90d3908f66b5c

SHA1
a28dede2af40885de2105dd0075e378a83d609da

SHA256
6792be90329909bb509f4c3c1c117bb7bc72e43d0aa71f9d3baf4c9a608bde68

SHA512
dd6b947ea4dbec74f57dcb1d11e78d97d5a9d5f26ac24bcf4701070e5d19a31f064197a3cbf45ee55d935924dc8b0d52b771ec07ad6d648c7dedc6f75378e9cf

Download Submit
C:\Users\Admin\Desktop\NewFind.dwfx

Filesize
476KB

MD5
e400bbef65790e59f57023c6a2c8823b

SHA1
4832b6e19e8e915fee508af322979c97b86d87c9

SHA256
d70352198fafd2ebed1d2fdc53b84e007201829999b9b135ca71aaeba190f8ef

SHA512
48e9deab392085ba4b9dd772dd7242bafddc233eeef32dfa4adecb9a6f0485e904af64619fba0953a7afec1adb842232bc3c475598443b946949935b9d265cbb

Download Submit
C:\Users\Admin\Desktop\OptimizeInstall.7z

Filesize
304KB

MD5
3918956a829e9464f9072bea3223ee72

SHA1
3a33764adc09e50fe3b3a02aa8d19ed71877b71b

SHA256
dc83e97f4fa1bdd373babd6a45d2ddf07332378c4f856ce7d24aa4a3c9e7191e

SHA512
65bbb21820af41c02899f66910fb1fd25fef31aab3a2a87fa04681873a9405ee0d80be46d757830dadf66c3652894bb881337c3e5ab28cd48b93d03357561936

Download Submit
C:\Users\Admin\Desktop\RequestConvertTo.vdx

Filesize
571KB

MD5
e2483a904050c1abc3a9ccc27cff8ea9

SHA1
54e324f22117c0815bbb5b05f955341df7649b72

SHA256
2e0e829b8d368fb301ce68a579a9167ecb8873f0d8c5708ff77862e81c038513

SHA512
5ec3d9d867dafb6972a5dac86c726ec8b3ed1ac2cf31b92b71f58fc7dd88f74ee69647c87f8c26a3f304e7888ae682cca90f7e80aa9cf4e464299fe69728a9fd

Download Submit
C:\Users\Admin\Desktop\ResizeRepair.ps1

Filesize
590KB

MD5
1ac66886a524d9a1071f04811c81c1e2

SHA1
1cb9d727117e8b04faf0bcc963d1a4b3d463ff61

SHA256
a0e5c17e6f015bb88d3968fae0d3ece12e91fbf729f303cc7c0599bc42c23e12

SHA512
0ff386de23656798ba4d1683830580582bfad557dd8d3b9b73bb33740d83dd78d14d8d180df014d71ab27bf756a12aab648f4996d24044fc4cf0cb6926f449ca

Download Submit
C:\Users\Admin\Desktop\ResumeUnblock.ADT

Filesize
361KB

MD5
04d6b19267ca7faafca3bccdf42cf161

SHA1
c81e2486a15912e7e10a1794603c78f9a4045c1b

SHA256
370624c7cde9da3c54faa84e5997c64b548291de36196c9c332444e4623e2dae

SHA512
0e86c103a942f2bfc4ec9540946752175ec29241043fd96a37f88acc6d3fdca5f0159923feaf1b2206101f0b2bd583e617986832d2cb53819f6eafaf14761d9f

Download Submit
C:\Users\Admin\Desktop\SetMerge.xlsm

Filesize
533KB

MD5
c202af6ecdf30082938f9a454c4212a5

SHA1
713ae9c607ec9c6bb77c28ab2d8cad1e31aa48ea

SHA256
63d2d3d0ab9c0ce296bca8742ccbdf2b30d959b5a9e5183d534a4c347b0b5a52

SHA512
845a265903064644c0c2b8f867ab635aa6d5a49cbfdf9ce08f577a6a651880432c4170aaf930aa4a3f5d8bd39d38df0643adede118f2fe4e02347154805b7a50

Download Submit
C:\Users\Admin\Desktop\SyncGrant.xlsm

Filesize
209KB

MD5
34b7fee86564ab05e8d227b2a54185d1

SHA1
c5806a047e0be441f535e5f45c73c0148fcf95c6

SHA256
1611010e559601d30b76dd82a608ca8e5cc18e32eda78f920c599afd54fe051c

SHA512
7bf7cc0bdd26849df207441908b8cb257105932120b41e15a4f562da69a3d3e62fc30f8397be03c1fcbd96b6c0387ba8cd092bf61f9dfbe9eb4631a6bc603ffb

Download Submit
C:\Users\Admin\Desktop\UndoNew.svg

Filesize
418KB

MD5
29e0aada2d5941f12d57e83e8d30aadc

SHA1
b7ca631ad5b09b3c111001709907aa7ffe7300a0

SHA256
e4c77773358e071d11078a4390efbb8b2c4c1bbb38c752c6d29c0001b05b7c84

SHA512
77c63da550b47c863f7b27d7329c0a8ca66ed12745e040efeb1791e8f85f019d491272f21ba8e755d7187013e083934def7c5648f8eff6ca527a0c6beeeb2678

Download Submit
C:\Users\Admin\Desktop\UnprotectPing.xltx

Filesize
228KB

MD5
148a54d28b6c1894d747f1a1b0680e1e

SHA1
e541e83feffdfcad6d5ff1d54c53c93a63d41d41

SHA256
5127dbbf46b69462660e0f3f0873f612d68c4c525f68c89ea12dfed4bd78164e

SHA512
b64f1d8f4165a7f911074af85dd5676e3ef47549597d409a2cd8fa8bc5803e19a1fec4258c2b84c61370e19252aae4bc373b9be4069b0db4b693b60598bb827b

Download Submit
C:\Users\Admin\Desktop\UpdatePublish.sql

Filesize
380KB

MD5
d37d802bf20542be484798a9e6ea71b8

SHA1
2ecb46457861bc8ab573edd19e71c0822f964ff9

SHA256
bba35996e77cb0e6bc48beff63ec6e1f959b30f191ad06a02231a0afe2312cb6

SHA512
c98a8dd7636fe7369684f21bae38ec8ff08dd93e4d93c3c677d4ef7b7b807f87e6c1da9e23688b3132c6af24181d67279290706a723fc91f29c5cd610cff4e95

Download Submit
C:\Users\Admin\Downloads\Greenshot-INSTALLER-1.2.10.6-RELEASE.exe

Filesize
1.7MB

MD5
c16f86882d5a102ed7a0fbbc0874d102

SHA1
4e3ac7a53f0f368b9218bf717162d5e073a0f7df

SHA256
1687311b4e7a3720be20490e8ed6cc772a32336a7bed8896e475b8ec616c6b81

SHA512
90b7aac54467b266a9dd9ce7c83a156d3d99f7aeb1ad0e3e2ef5516b38270112dae07892e3e80765c3508484e3ee66e7439db0512a63b48f64e6b15e83285f67

Download Submit
C:\Users\Admin\Downloads\Microsoft-Activation-Scripts-master.voYmZXqj.zip.part

Filesize
318KB

MD5
44cb53abaef2277c9d63d998ef9001ea

SHA1
438a80e57ab9f414c25ca9b749f39057076ef511

SHA256
1d1e2aba322d36c431f99658c766a292d50614580c7dd16377919626de2e7b7f

SHA512
d4a6bf20d6913ebaede4afba44711107d7f19a10bf1cac972c9b4eb4b6b4d35b81b17f9efc104d346b203e254e2d287899f6c9686ee88daa027451669de78e0e

Download Submit
C:\Users\Admin\Downloads\XSpammer-Windows-Installer(2).A5Kc5Fxh.exe.part

Filesize
20.2MB

MD5
ec84480a8f81e980b205d06565cf1f0f

SHA1
3494eed14f3452c94f46314f811fcdea4d981c27

SHA256
c1b4a44ebb5b7689626c27af9c2bef7563d6cdb0e6cd9f5377e347e7de456fcc

SHA512
fb05fa2bee6e61cc174ca8fe02495029bf5f973e65015837440a87e8ad65001d441f2aacbd3c99a5538cdbb5eb1782d7bace10b620867512ab98cbf63ebeb443

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\Accessibility\c19a7a7adf0d77544aeeeae1e7f3dd99\Accessibility.ni.dll

Filesize
77KB

MD5
e34e4b385cd2277080d73902f59ea692

SHA1
6d6efb23cabe263d67e951fff91bbdb48c78056a

SHA256
bcf3789274b016b735d0d3eadc610912b9b0c032ca446d95cc33eedc727966b0

SHA512
4ae959826b4970ea1fbb159c71dc849f4b295d49d3b996ceeb1dda95d6bd41e222a03af33aa297f24feb9e1328664cf4b11e89d68410ef75e94bd1668807aaf9

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\GreenshotPlugin\e75d07bb7b96868ae95157bf81615986\GreenshotPlugin.ni.dll

Filesize
2.1MB

MD5
de1b48f848674167538f9dbc90e0b250

SHA1
4075de5c06a9f2e797cc8e06c9202e0e9b7a99d3

SHA256
a7840d7e49d61934de653ed3073f3a903a8819b4b9f23562491f63c94296d427

SHA512
c1055d69d73918db9ce9bcc97b69a360e209f42c9e394120b9c80de5f0f556c1f9d4b79a73555a112d5dadeb9d3fb55a6082bd89fe560ac3a891695ee15857ba

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\LinqBridge\25b4aa56a4fefc5f57ec698b0d3d1ea3\LinqBridge.ni.dll

Filesize
746KB

MD5
c6d1307ea9fd7183625c0e2ee377059c

SHA1
151de00fc11103a0abd6c7dacd6adc0de863c330

SHA256
5fe58b194c7da3be4ecd51f049a120b101c5d4fd699365c1c0c97505ef6b59dc

SHA512
f6ad12d1a836c1655fae65da48c230542bb5f15b06c24cab5a8fef26cfbf8e4bed62b42afc472b49c1c9ea482007c9d49ba7be7acd4b15a31b66192a21adf818

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\83b3de096c7d1ad7f55261b2fa759278\System.Configuration.ni.dll

Filesize
1.3MB

MD5
097d48009561b75c4d11b4a6d5fd3173

SHA1
ac4c4f0ae1769e01c6adcc284aa3859626fd6523

SHA256
d211f04db43ea60dd27862c9eb79c469058b99cffdaadba8ade8dd543daebbfa

SHA512
9d523db62dc353b1583287059ea5cedadbf460462d39bd05df1963afa2f4126174336efd2f7664942f6306e39da4853ad4e8629a4b895d96aae338d030962bb1

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Data.SqlXml\c61d6720421b9bbcfdef7f99298b2a39\System.Data.SqlXml.ni.dll

Filesize
3.3MB

MD5
417455f60c847da77e04c183eaa6e86c

SHA1
90ea4534a5ff124304abd1b5f2528222fc5d88ad

SHA256
c6022e4dbd3d3436234517a15537cdfc85d9916de0d3e9caaa45ecdbe7f09966

SHA512
432793bf4e56378db8d8599e2cbff7da5c308fb8a21cc7e459bb8150eb9d7ba955b4333ff3c20eb1944e9ce35126283ba3d2f972e2adb38ce73b4f47840748a6

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Deployment\8cc6d7fa85bab2e1c74909bdfbf0e0ba\System.Deployment.ni.dll

Filesize
2.2MB

MD5
959ad404fcec8e0c31dc6114a05a1209

SHA1
25abbbbb307fe063b05b878887ddf4e2e7c6c137

SHA256
1396d15132be9c06267bc1c6af4599c70de28664df95d67ca5f47db4927e76e5

SHA512
117aa0259ee2595de42a98e0c7d28b0d6c5b0a4efb836b25cbc221768e1e2482fc317de8b2ecc518aae49962475cb0144638a2987ef6164212db69afdb455615

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\2f9efdc3eb510064e3306cfb866d7087\System.Drawing.ni.dll

Filesize
2.2MB

MD5
9410df01b0585798af6a7160aa6e7bb8

SHA1
fef0c3cfc15647cf3e58b1a79a397cbb016dd76b

SHA256
d1dd521563e2a72c242356b37596706400d7ff1ec1c86bd950726631b9f2ee85

SHA512
a6d90e09216ab258bbbbaeb7360a8685a1a88823983925092411af6fdbdfc3b3dc05a8aac7a3da3d1deac0382d13a48c097ae875a998c340746643a2f7d6ac1a

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\fe8bea3cb0b5a25f64fd32a56fbe93e6\System.Runtime.Serialization.Formatters.Soap.ni.dll

Filesize
387KB

MD5
47b1f0c7b1c508ba0ad519f5f22a9007

SHA1
92e3508a82fed86bff130c81261000c21027741f

SHA256
d4f7e64f8a041a47fa8539eac1558c51cdee5dd1fd62eb3f0992669c553a947b

SHA512
5f3f40322eff38679cb195885ab8982ff6b100ce27ed00abfd7e3ec70b4ee68042b4c295370b156e458ce1b40d5a6f4ed2b6c66dcb483503b20601efe5a682c9

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Security\4e7809708e6ce6278d566f813632f529\System.Security.ni.dll

Filesize
960KB

MD5
1f4c9ee0580e3f1e5bc3bc78afbaafc3

SHA1
0e6f8c67b815441a0b4dd350330d7e4787b0317d

SHA256
007075251cf40e660b7fc191200c4901b46bbd39eef32334a906900a8a0921ba

SHA512
992a15da93ba145052b375cf3978e9d7ca50bdc01cfd0c1afc3411c1b8d9efb96a71d2ace079f18ee23df75cf43f7f691ab7119bb55204db9f7b768da5aff95a

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\c51b9699a4331e7a06aca7d313280a0c\System.Windows.Forms.ni.dll

Filesize
16.6MB

MD5
41403a721e377d4061af3c79c980da7a

SHA1
753738914cd20cf1205a1318bcee63bcb4eca7b8

SHA256
e1f0e664e41aba2b7b5cb4e9f408bda11f189f630304c0b313c6dd63e77e6b9d

SHA512
ef97ee2793608918f6750be91b59b9f4177d210c1f6d54b6cbe0187cc97b48778976989ae643ae95bb882605b39474c40859b42618644ec2315445778d943f94

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\1c894d743db153e61c62439ca9f82116\System.Xml.ni.dll

Filesize
6.7MB

MD5
1bef61f497c8fadde9252037321358f3

SHA1
073285903e8fe3f00ac96d90cd34304579507321

SHA256
b536f29fdaafd896a418a09e95aadbf060192b24eac7c756dc7c25860cf7fb8a

SHA512
77e6b4061e0944f2962094446e17f2b431d71a1517c71d2c2385aa45c6d6e6e1f13f8ce15b2e33151228f83ff94e61aabe7ccff204a989982a57c624b6bc62a6

Download Submit
C:\Windows\assembly\NativeImages_v2.0.50727_64\log4net\3dfe9b3c85a403d3713bf1994eb1dc89\log4net.ni.dll

Filesize
870KB

MD5
31ffb5771eaac0894cd6fd3a42a75a02

SHA1
94e0130cdb62e9970dab0b7881db87438cb697a0

SHA256
748bbdf6ea1ef7f26d418eafe81425f0c924ac35f86e9cf2ea85d64be2c32bfd

SHA512
01059727e8167def6815966a32c0e0b7db4d339e5a0b8998563100ad13d24212e111e0041f751ffd56f71a3c812275db79c3a2e9546f499a72d3c5bcafd2c681

Download Submit
memory/764-1823-0x000002CC30770000-0x000002CC307E6000-memory.dmp

Filesize
472KB

Download
memory/764-1822-0x000002CC306A0000-0x000002CC306E4000-memory.dmp

Filesize
272KB

Download
memory/1532-8275-0x000001D9654C0000-0x000001D9656BA000-memory.dmp

Filesize
2.0MB

Download
memory/1548-8267-0x000002B161800000-0x000002B16186C000-memory.dmp

Filesize
432KB

Download
memory/2800-1173-0x00000228DE040000-0x00000228DE062000-memory.dmp

Filesize
136KB

Download
memory/2980-8091-0x000001A6857E0000-0x000001A68581A000-memory.dmp

Filesize
232KB

Download
memory/2980-8092-0x000001A69DB70000-0x000001A69DBE0000-memory.dmp

Filesize
448KB

Download
memory/2980-8097-0x000001A69DCF0000-0x000001A69DDA2000-memory.dmp

Filesize
712KB

Download
memory/2980-8093-0x000001A6857C0000-0x000001A6857D6000-memory.dmp

Filesize
88KB

Download
memory/2980-8094-0x000001A69DBE0000-0x000001A69DC30000-memory.dmp

Filesize
320KB

Download
memory/2980-8096-0x000001A69DB30000-0x000001A69DB52000-memory.dmp

Filesize
136KB

Download
memory/2980-8090-0x000001A69D970000-0x000001A69D9F2000-memory.dmp

Filesize
520KB

Download
memory/2980-8095-0x000001A69DDC0000-0x000001A69DF46000-memory.dmp

Filesize
1.5MB

Download
memory/3004-8254-0x00000245BFE70000-0x00000245BFF42000-memory.dmp

Filesize
840KB

Download
memory/3004-8239-0x00000245A4F30000-0x00000245A4FA0000-memory.dmp

Filesize
448KB

Download
memory/3004-8246-0x00000245BD920000-0x00000245BD95A000-memory.dmp

Filesize
232KB

Download
memory/3004-8247-0x00000245BDA40000-0x00000245BDADC000-memory.dmp

Filesize
624KB

Download
memory/3004-8248-0x00000245BEED0000-0x00000245BF39E000-memory.dmp

Filesize
4.8MB

Download
memory/3004-8250-0x00000245BDAE0000-0x00000245BDAF6000-memory.dmp

Filesize
88KB

Download
memory/3004-8249-0x00000245A4F20000-0x00000245A4F28000-memory.dmp

Filesize
32KB

Download
memory/3004-8252-0x00000245BFCA0000-0x00000245BFD58000-memory.dmp

Filesize
736KB

Download
memory/3004-8251-0x00000245BF660000-0x00000245BF6A6000-memory.dmp

Filesize
280KB

Download
memory/3004-8253-0x00000245BFD60000-0x00000245BFD84000-memory.dmp

Filesize
144KB

Download
memory/3056-1398-0x000001769D020000-0x000001769D030000-memory.dmp

Filesize
64KB

Download
memory/3056-1395-0x000001769D020000-0x000001769D030000-memory.dmp

Filesize
64KB

Download
memory/3056-1394-0x000001769D020000-0x000001769D030000-memory.dmp

Filesize
64KB

Download
memory/3220-426-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3220-1194-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3220-200-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3220-216-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3220-269-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3220-872-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3220-709-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3220-296-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3632-1412-0x00000254C8DC0000-0x00000254C8DD0000-memory.dmp

Filesize
64KB

Download
memory/3632-1409-0x00000254C8DC0000-0x00000254C8DD0000-memory.dmp

Filesize
64KB

Download
memory/3632-1408-0x00000254C8DC0000-0x00000254C8DD0000-memory.dmp

Filesize
64KB

Download
memory/3672-196-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3672-4-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3672-1-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3672-0-0x0000000000DC4000-0x0000000001FFA000-memory.dmp

Filesize
18.2MB

Download
memory/3672-263-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/3672-266-0x0000000000DC4000-0x0000000001FFA000-memory.dmp

Filesize
18.2MB

Download
memory/3672-197-0x0000000000DC4000-0x0000000001FFA000-memory.dmp

Filesize
18.2MB

Download
memory/3940-1393-0x000002063EE00000-0x000002063EE10000-memory.dmp

Filesize
64KB

Download
memory/3940-1392-0x000002063EE00000-0x000002063EE10000-memory.dmp

Filesize
64KB

Download
memory/3940-1399-0x000002063EE00000-0x000002063EE10000-memory.dmp

Filesize
64KB

Download
memory/4804-793-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-1027-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-198-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-731-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-270-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-209-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-19-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-321-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4804-264-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4920-265-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4920-16-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4920-1163-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4920-1226-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4920-199-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/4920-18-0x0000000000DC0000-0x0000000002509000-memory.dmp

Filesize
23.3MB

Download
memory/5680-1407-0x000001C2DF8E0000-0x000001C2DF8F0000-memory.dmp

Filesize
64KB

Download
memory/5680-1406-0x000001C2DF8E0000-0x000001C2DF8F0000-memory.dmp

Filesize
64KB

Download
memory/5680-1413-0x000001C2DF8E0000-0x000001C2DF8F0000-memory.dmp

Filesize
64KB

Download
memory/5760-1273-0x000002237E0B0000-0x000002237E2BA000-memory.dmp

Filesize
2.0MB

Download
memory/5760-1272-0x000002237DD20000-0x000002237DE96000-memory.dmp

Filesize
1.5MB

Download
memory/8088-8564-0x00000000001C0000-0x00000000001CA000-memory.dmp

Filesize
40KB

Download
memory/10332-8563-0x000000001CB10000-0x000000001CB2A000-memory.dmp

Filesize
104KB

Download
memory/10332-8562-0x000000001CAE0000-0x000000001CAEA000-memory.dmp

Filesize
40KB

Download
memory/10332-8561-0x000000001B3B0000-0x000000001B3C0000-memory.dmp

Filesize
64KB

Download
memory/10332-8553-0x0000000000610000-0x0000000000692000-memory.dmp

Filesize
520KB

Download
memory/10332-8560-0x0000000002940000-0x000000000294E000-memory.dmp

Filesize
56KB

Download