47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f

Resubmissions

20/02/2025, 10:26

250220-mgk2kssrbl 9

20/02/2025, 10:13

250220-l868fssmds 8

20/02/2025, 09:48

250220-ls8rcasjaw 10

20/02/2025, 09:41

250220-lnzymsskgn 10

Analysis

max time kernel
511s
max time network
513s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
20/02/2025, 10:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

qr-code.png
Size

21KB
MD5

48405ae35cd148c57494edc4bac3d387
SHA1

8032d3501fcecd4cd50259d24835ca6bc2996164
SHA256

47310c56561c49371d9365b765792aacb7613c8ad566e3f6aec43aa8517e041f
SHA512

928ff81abf044e238cfc21b06b543673baa2198ef852bc20a7fbf58aacfa3df16c4458632714f308a4841070a6478f20f737cb65c1cef423d83ef287c657e670
SSDEEP

48:sQGcxn8CTL6QT0KNHcRtWSt5SmVjCuqJXkYQEB11ov5N:HLnFL6QTZNHQWRmVjck/21S5N

Score

9^/10

defense_evasion discovery execution themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Solara.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3208	powershell.exe
4728	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
513	3676	firefox.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Solara.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Solara.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000\Control Panel\International\Geo\Nation	BootstrapperNew.exe

Executes dropped EXE 7 IoCs

pid	Process
3076	Extreme Injector v3.exe
3784	Lagswitch.exe
4952	Shutdown_Timer.exe
2672	jjsploit.exe
2680	Autoclicker.exe
5956	BootstrapperNew.exe
5212	Solara.exe

Loads dropped DLL 9 IoCs

pid	Process
2068	MsiExec.exe
2068	MsiExec.exe
3784	Lagswitch.exe
3784	Lagswitch.exe
320	MsiExec.exe
3584	MsiExec.exe
3584	MsiExec.exe
5212	Solara.exe
5212	Solara.exe

Themida packer 9 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x000700000002856f-5069.dat	themida
behavioral1/memory/5212-5070-0x0000000180000000-0x000000018109B000-memory.dmp	themida
behavioral1/memory/5212-5071-0x0000000180000000-0x000000018109B000-memory.dmp	themida
behavioral1/memory/5212-5073-0x0000000180000000-0x000000018109B000-memory.dmp	themida
behavioral1/memory/5212-5072-0x0000000180000000-0x000000018109B000-memory.dmp	themida
behavioral1/memory/5212-5074-0x0000000180000000-0x000000018109B000-memory.dmp	themida
behavioral1/memory/5212-5075-0x0000000180000000-0x000000018109B000-memory.dmp	themida
behavioral1/memory/5212-5232-0x0000000180000000-0x000000018109B000-memory.dmp	themida
behavioral1/memory/5212-5289-0x0000000180000000-0x000000018109B000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 3 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	jjsploit.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Autoclicker.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Solara.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\D:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\D:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\D:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs

Web Service

T1102

flow	ioc
625	pastebin.com
502	raw.githubusercontent.com
503	raw.githubusercontent.com
504	raw.githubusercontent.com
507	raw.githubusercontent.com
536	raw.githubusercontent.com
624	pastebin.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
5212	Solara.exe

Drops file in Program Files directory 31 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Lagswitch\WinDivert.dll	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\Uninstall Lagswitch.lnk	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\walkspeed.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\jumpland.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\chattroll.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\levitate.lua	msiexec.exe
File created	C:\Program Files (x86)\Autoclicker\resources\db.json	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\noclip.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\magnetizeto.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\teleportto.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\criminalesp.lua	msiexec.exe
File created	C:\Program Files\jjsploit\jjsploit.exe	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\removewalls.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\infinitejump.lua	msiexec.exe
File opened for modification	C:\Program Files (x86)\Autoclicker\resources\db.json	Autoclicker.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\walkthrough.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\dab.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\multidimensionalcharacter.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\jailbreak\policeesp.lua	msiexec.exe
File created	C:\Program Files (x86)\Autoclicker\Uninstall Autoclicker.lnk	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\animations\energizegui.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\beesim\autodig.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\fly.lua	msiexec.exe
File created	C:\Program Files\jjsploit\Uninstall jjsploit.lnk	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\Lag Switch.dll	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\god.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\aimbot.lua	msiexec.exe
File created	C:\Program Files\jjsploit\resources\luascripts\general\tptool.lua	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\Lagswitch.exe	msiexec.exe
File created	C:\Program Files (x86)\Lagswitch\resources\db.json	msiexec.exe
File created	C:\Program Files (x86)\Autoclicker\Autoclicker.exe	msiexec.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\Installer\e5d1527.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{967EAFBA-179E-4AEF-A956-879C88C6CD6F}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBF0F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI17A1.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5d1524.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI99E2.tmp	msiexec.exe
File created	C:\Windows\Installer\{6A8ACD21-60F4-4550-8D6D-DBB3FFA8C7C4}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{6A8ACD21-60F4-4550-8D6D-DBB3FFA8C7C4}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e5d1526.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5d1527.msi	msiexec.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\Installer\{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e5d1529.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}\ProductIcon	msiexec.exe
File created	C:\Windows\Installer\e5d1524.msi	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File created	C:\Windows\Installer\{967EAFBA-179E-4AEF-A956-879C88C6CD6F}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\Installer\{967EAFBA-179E-4AEF-A956-879C88C6CD6F}\ProductIcon	msiexec.exe
File opened for modification	C:\Windows\SystemTemp	msedgewebview2.exe
File created	C:\Windows\Installer\e5d1521.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e5d1521.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}	msiexec.exe
File created	C:\Windows\Installer\e5d1523.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{6A8ACD21-60F4-4550-8D6D-DBB3FFA8C7C4}	msiexec.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Shutdown_Timer.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Extreme Injector v3.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Autoclicker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MsiExec.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Lagswitch.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Shutdown_Timer.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000f3d8afb90f3f3a760000000000000000000000000000000000000000000000000000000000000000000000000000000000001071020000000000c01200000000ffffffff000000002701010000883801f3d8afb90000000000001071020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d083020000000000c050e1000000ffffffff000000000700010000e84101f3d8afb9000000000000d08302000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090d4e30000000000000005000000ffffffff00000000070001000048ea71f3d8afb900000000000090d4e300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000f3d8afb900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Checks processor information in registry 2 TTPs 14 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133845212166200244"	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\27\52C64B7E	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\28	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\29	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27	msiexec.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\28	msiexec.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD\External	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\AuthorizedLUAApp = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\SourceList\PackageName = "Autoclicker_2.0.0_x86_en-US.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Media\1 = ";"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 0100000000000000ffffffff	Extreme Injector v3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\Media\1 = ";"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\Version = "33554432"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\Desktop\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\F49FC0AAD49A93B448B5480EAB5E6ECD\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C\Environment = "MainProgram"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\ProductIcon = "C:\\Windows\\Installer\\{6A8ACD21-60F4-4550-8D6D-DBB3FFA8C7C4}\\ProductIcon"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC\12DCA8A64F060554D8D6BD3BFF8A7C4C	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\Clients = 3a0000000000	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\Language = "0"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1	Extreme Injector v3.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Generic"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Language = "0"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\ProductIcon = "C:\\Windows\\Installer\\{AA0CF94F-A94D-4B39-845B-84E0BAE5E6DC}\\ProductIcon"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\71C388FC42905D351AB32BFFB7A0BA94	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Media	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1\NodeSlot = "4"	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	Extreme Injector v3.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\InstanceType = "0"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList	msiexec.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	Extreme Injector v3.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Extreme Injector v3.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\71C388FC42905D351AB32BFFB7A0BA94\F49FC0AAD49A93B448B5480EAB5E6ECD	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\2294C8C9A96F9A557BCA814D87DFAFEC	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\Net\1 = "C:\\Users\\Admin\\Desktop\\"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\ABFAE769E971FEA49A6578C9886CDCF6\External	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\ProductIcon = "C:\\Windows\\Installer\\{967EAFBA-179E-4AEF-A956-879C88C6CD6F}\\ProductIcon"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	Extreme Injector v3.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Version = "33554433"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\PackageName = "Lagswitch_2.0.1_x86_en-US.msi"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Net\1 = "C:\\Users\\Admin\\Desktop\\"	msiexec.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Clients = 3a0000000000	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\PackageCode = "0C7F8E08B1B421D4A886CBB7E79DC45D"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\Language = "0"	msiexec.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	Extreme Injector v3.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1786400979-876203093-3022739302-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	Extreme Injector v3.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\12DCA8A64F060554D8D6BD3BFF8A7C4C\ShortcutsFeature = "MainProgram"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\Version = "135004162"	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\SourceList\PackageName = "jjsploit_8.12.2_x64_en-US.msi"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\AdvertiseFlags = "388"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\12DCA8A64F060554D8D6BD3BFF8A7C4C\AuthorizedLUAApp = "0"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\SourceList\Net	msiexec.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\ABFAE769E971FEA49A6578C9886CDCF6\SourceList\Net\1 = "C:\\Users\\Admin\\Desktop\\"	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\Assignment = "1"	msiexec.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\F49FC0AAD49A93B448B5480EAB5E6ECD\SourceList	msiexec.exe

NTFS ADS 7 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Extreme Injector v3.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Autoclicker_2.0.0_x86_en-US.msi:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Lagswitch_2.0.1_x86_en-US.msi:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\BootstrapperNew.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\jjsploit_8.12.2_x64_en-US.msi:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Shutdown_Timer.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Nopde Engine 6.4.rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
4600	mspaint.exe
4600	mspaint.exe
3280	msiexec.exe
3280	msiexec.exe
3280	msiexec.exe
3280	msiexec.exe
3280	msiexec.exe
3280	msiexec.exe
3208	powershell.exe
3208	powershell.exe
4728	powershell.exe
4728	powershell.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe
5212	Solara.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3248	msedgewebview2.exe
4628	msedgewebview2.exe
1828	msedgewebview2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeDebugPrivilege	3676	firefox.exe
Token: SeRestorePrivilege	4500	7zG.exe
Token: 35	4500	7zG.exe
Token: SeSecurityPrivilege	4500	7zG.exe
Token: SeSecurityPrivilege	4500	7zG.exe
Token: SeDebugPrivilege	3076	Extreme Injector v3.exe
Token: 33	3076	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	3076	Extreme Injector v3.exe
Token: SeShutdownPrivilege	2096	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2096	msiexec.exe
Token: SeSecurityPrivilege	3280	msiexec.exe
Token: SeCreateTokenPrivilege	2096	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2096	msiexec.exe
Token: SeLockMemoryPrivilege	2096	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2096	msiexec.exe
Token: SeMachineAccountPrivilege	2096	msiexec.exe
Token: SeTcbPrivilege	2096	msiexec.exe
Token: SeSecurityPrivilege	2096	msiexec.exe
Token: SeTakeOwnershipPrivilege	2096	msiexec.exe
Token: SeLoadDriverPrivilege	2096	msiexec.exe
Token: SeSystemProfilePrivilege	2096	msiexec.exe
Token: SeSystemtimePrivilege	2096	msiexec.exe
Token: SeProfSingleProcessPrivilege	2096	msiexec.exe
Token: SeIncBasePriorityPrivilege	2096	msiexec.exe
Token: SeCreatePagefilePrivilege	2096	msiexec.exe
Token: SeCreatePermanentPrivilege	2096	msiexec.exe
Token: SeBackupPrivilege	2096	msiexec.exe
Token: SeRestorePrivilege	2096	msiexec.exe
Token: SeShutdownPrivilege	2096	msiexec.exe
Token: SeDebugPrivilege	2096	msiexec.exe
Token: SeAuditPrivilege	2096	msiexec.exe
Token: SeSystemEnvironmentPrivilege	2096	msiexec.exe
Token: SeChangeNotifyPrivilege	2096	msiexec.exe
Token: SeRemoteShutdownPrivilege	2096	msiexec.exe
Token: SeUndockPrivilege	2096	msiexec.exe
Token: SeSyncAgentPrivilege	2096	msiexec.exe
Token: SeEnableDelegationPrivilege	2096	msiexec.exe
Token: SeManageVolumePrivilege	2096	msiexec.exe
Token: SeImpersonatePrivilege	2096	msiexec.exe
Token: SeCreateGlobalPrivilege	2096	msiexec.exe
Token: SeDebugPrivilege	3076	Extreme Injector v3.exe
Token: 33	3076	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	3076	Extreme Injector v3.exe
Token: 33	3076	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	3076	Extreme Injector v3.exe
Token: 33	3076	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	3076	Extreme Injector v3.exe
Token: 33	3076	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	3076	Extreme Injector v3.exe
Token: 33	3076	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	3076	Extreme Injector v3.exe
Token: 33	3076	Extreme Injector v3.exe
Token: SeIncBasePriorityPrivilege	3076	Extreme Injector v3.exe
Token: SeCreateTokenPrivilege	2096	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2096	msiexec.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
4500	7zG.exe
2096	msiexec.exe
2096	msiexec.exe
1652	msiexec.exe
1652	msiexec.exe
2672	jjsploit.exe
4196	msiexec.exe
4196	msiexec.exe
2680	Autoclicker.exe
2680	Autoclicker.exe
2672	jjsploit.exe
4952	Shutdown_Timer.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe

Suspicious use of SetWindowsHookEx 30 IoCs

pid	Process
4600	mspaint.exe
4600	mspaint.exe
4600	mspaint.exe
4600	mspaint.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3676	firefox.exe
3076	Extreme Injector v3.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 4960 wrote to memory of 3676	4960	firefox.exe	86
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 1828	3676	firefox.exe	87
PID 3676 wrote to memory of 4312	3676	firefox.exe	88
PID 3676 wrote to memory of 4312	3676	firefox.exe	88
PID 3676 wrote to memory of 4312	3676	firefox.exe	88
PID 3676 wrote to memory of 4312	3676	firefox.exe	88
PID 3676 wrote to memory of 4312	3676	firefox.exe	88
PID 3676 wrote to memory of 4312	3676	firefox.exe	88
PID 3676 wrote to memory of 4312	3676	firefox.exe	88
PID 3676 wrote to memory of 4312	3676	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

cURL User-Agent 8 IoCs

Uses User-Agent string associated with cURL utility.

description	flow	ioc
HTTP User-Agent header	639	curl/8.9.1-DEV
HTTP User-Agent header	641	curl/8.9.1-DEV
HTTP User-Agent header	642	curl/8.9.1-DEV
HTTP User-Agent header	646	curl/8.9.1-DEV
HTTP User-Agent header	647	curl/8.9.1-DEV
HTTP User-Agent header	630	curl/8.9.1-DEV
HTTP User-Agent header	633	curl/8.9.1-DEV
HTTP User-Agent header	637	curl/8.9.1-DEV

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Local\Temp\qr-code.png"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4960
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 27373 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e6124bf-9369-4292-8886-e0a8cd65cce6} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" gpu
    3⤵
    PID:1828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2360 -prefsLen 27251 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9ba6f1b-53fd-4120-bc41-671ebef1c333} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" socket
    3⤵
    - Checks processor information in registry
    PID:4312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 2692 -prefMapHandle 3024 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e29269d-c416-40f9-9915-139ecfb880db} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:2024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4152 -childID 2 -isForBrowser -prefsHandle 4136 -prefMapHandle 4132 -prefsLen 32625 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6379080f-f6cb-41ee-ae41-6f7ffaacd74c} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5020 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3956 -prefMapHandle 4880 -prefsLen 32480 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcce8fab-ec32-4ece-b49e-693ffe699902} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" utility
    3⤵
    - Checks processor information in registry
    PID:3604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5048 -childID 3 -isForBrowser -prefsHandle 4836 -prefMapHandle 5008 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f62160-3237-49e0-ada3-5bd1e90338a7} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:4048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 4 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde51448-728e-4a17-a1ac-07c94256443d} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:4124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5404 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8038602b-7401-462b-8e1b-7d914fe1ca3f} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 6 -isForBrowser -prefsHandle 5936 -prefMapHandle 5932 -prefsLen 27257 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de21ee66-fcd8-4dd6-832d-0439ae22e0e8} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:3360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6056 -childID 7 -isForBrowser -prefsHandle 5944 -prefMapHandle 3656 -prefsLen 28044 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6488a07-be3f-407f-8eb2-26bcbcac8b00} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:3956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -childID 8 -isForBrowser -prefsHandle 6408 -prefMapHandle 448 -prefsLen 28338 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56f06adf-a2eb-4dd6-a3d9-31a7d55a86b2} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6472 -childID 9 -isForBrowser -prefsHandle 6208 -prefMapHandle 6256 -prefsLen 28338 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d2f6f22-2ae9-48bd-943a-d76ae17f46bb} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 10 -isForBrowser -prefsHandle 5568 -prefMapHandle 5564 -prefsLen 28338 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1bb64732-3aba-419b-b2c6-282e8fdd2c25} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6996 -childID 11 -isForBrowser -prefsHandle 7012 -prefMapHandle 7008 -prefsLen 28338 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0858d4f2-8845-4c5e-99fd-950bf2920e30} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:2784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5516 -parentBuildID 20240401114208 -prefsHandle 7320 -prefMapHandle 7276 -prefsLen 34375 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd7c560-8c41-4aa5-8ae1-136780a4ad5b} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" rdd
    3⤵
    PID:404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7444 -childID 12 -isForBrowser -prefsHandle 7432 -prefMapHandle 7292 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {728fc5b1-796b-43f0-9e74-d460c816c3f3} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:2472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7332 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 7652 -prefMapHandle 7644 -prefsLen 34375 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23283d80-6d5a-47f1-ac7d-51d86a42700d} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" utility
    3⤵
    - Checks processor information in registry
    PID:700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6960 -childID 13 -isForBrowser -prefsHandle 5384 -prefMapHandle 3776 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bb96345-1607-48f8-804b-22fb1b4a7de0} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:3736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 14 -isForBrowser -prefsHandle 5284 -prefMapHandle 7272 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f43b56f7-069b-476e-b3c2-56668152e016} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:3028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6316 -childID 15 -isForBrowser -prefsHandle 7232 -prefMapHandle 7040 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99aa50ca-06f5-4b92-8a1a-f6e9339e8694} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:4696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6652 -childID 16 -isForBrowser -prefsHandle 6516 -prefMapHandle 6524 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9f4a2a9-4de5-4273-a9ad-013fc8f30faa} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:1260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 17 -isForBrowser -prefsHandle 6084 -prefMapHandle 5936 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41e8f979-0245-41c6-b42d-4f98ecaf0817} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:1840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7948 -childID 18 -isForBrowser -prefsHandle 5264 -prefMapHandle 4896 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {940b670c-1473-47f7-b32e-b98fce84cf30} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7088 -childID 19 -isForBrowser -prefsHandle 7868 -prefMapHandle 6532 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35ba72e0-77bb-47c6-8f42-1755162396bb} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:4844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6572 -childID 20 -isForBrowser -prefsHandle 7652 -prefMapHandle 5252 -prefsLen 28392 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce8ecc73-4209-4bcd-bd42-2fbeb80a3bb9} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6256 -childID 21 -isForBrowser -prefsHandle 7600 -prefMapHandle 4956 -prefsLen 28432 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {411a6ad0-5765-404a-88a1-ff71c8bb18a6} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:1248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5276 -childID 22 -isForBrowser -prefsHandle 5536 -prefMapHandle 5332 -prefsLen 28432 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6214536b-161b-421d-b2c1-9a5e8df68405} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6400 -childID 23 -isForBrowser -prefsHandle 5376 -prefMapHandle 7816 -prefsLen 28432 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {369346b3-f2ae-4514-a306-a7e8b03b24f8} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7792 -childID 24 -isForBrowser -prefsHandle 7876 -prefMapHandle 4860 -prefsLen 28432 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b5b1210-f4b5-41a6-a8e4-42a8aaee7d01} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5248 -childID 25 -isForBrowser -prefsHandle 5556 -prefMapHandle 6960 -prefsLen 28432 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a47e66e5-f2e1-4bb4-9ca0-9dc05938c2ff} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:2520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6516 -childID 26 -isForBrowser -prefsHandle 5236 -prefMapHandle 5220 -prefsLen 28488 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23489f99-27b6-4f66-9c43-cb916b2d4d05} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1256 -childID 27 -isForBrowser -prefsHandle 4592 -prefMapHandle 7912 -prefsLen 28488 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2480750e-029b-4108-befa-1b7f67c074f1} 3676 "\\.\pipe\gecko-crash-server-pipe.3676" tab
    3⤵
    PID:852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5100

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap123:94:7zEvent16459
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4500

C:\Users\Admin\Desktop\Extreme Injector v3.exe
"C:\Users\Admin\Desktop\Extreme Injector v3.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3076

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\Lagswitch_2.0.1_x86_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2096

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3280
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 67D55F9C94D9D4C3EA7567D21D7CAF10 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2068
- - C:\Program Files (x86)\Lagswitch\Lagswitch.exe
    "C:\Program Files (x86)\Lagswitch\Lagswitch.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3784
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:1080
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 24A1616D2D8792D241ADE63796FE2394 C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:320
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 881AC8A674CEBD8F0DD409C8112F8D3C C
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3584
- - C:\Program Files (x86)\Autoclicker\Autoclicker.exe
    "C:\Program Files (x86)\Autoclicker\Autoclicker.exe"
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    PID:2680
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Autoclicker.exe --webview-exe-version=2.0.0 --user-data-dir="C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2680.1460.8532958612505119851
      4⤵
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4628
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x188,0x18c,0x190,0x164,0x198,0x7ffe77a2b078,0x7ffe77a2b084,0x7ffe77a2b090
        5⤵
        
        PID:4428
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView" --webview-exe-name=Autoclicker.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1848,i,1609701080579057687,12002984212064904533,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1844 /prefetch:2
        5⤵
        
        PID:844
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView" --webview-exe-name=Autoclicker.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1828,i,1609701080579057687,12002984212064904533,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:3
        5⤵
        
        PID:820
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView" --webview-exe-name=Autoclicker.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2384,i,1609701080579057687,12002984212064904533,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2396 /prefetch:8
        5⤵
        
        PID:2116
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView" --webview-exe-name=Autoclicker.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3400,i,1609701080579057687,12002984212064904533,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:1
        5⤵
        
        PID:4680
    - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView" --webview-exe-name=Autoclicker.exe --webview-exe-version=2.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=4184,i,1609701080579057687,12002984212064904533,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:8
        5⤵
        
        PID:5380

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
PID:1512

C:\Users\Admin\Desktop\Shutdown_Timer.exe
"C:\Users\Admin\Desktop\Shutdown_Timer.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:4952

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\jjsploit_8.12.2_x64_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:1652
- C:\Program Files\jjsploit\jjsploit.exe
  "C:\Program Files\jjsploit\jjsploit.exe"
  2⤵
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of FindShellTrayWindow
  PID:2672
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --lang=en-US --mojo-named-platform-channel-pipe=2672.1972.4285350945192032765
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3248
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x184,0x188,0x18c,0x160,0x194,0x7ffe77a2b078,0x7ffe77a2b084,0x7ffe77a2b090
      4⤵
      PID:5008
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1744,i,11361963229181276047,5745013933593410245,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1740 /prefetch:2
      4⤵
      PID:2176
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=1856,i,11361963229181276047,5745013933593410245,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2040 /prefetch:3
      4⤵
      PID:1224
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --always-read-main-dll --field-trial-handle=2120,i,11361963229181276047,5745013933593410245,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2376 /prefetch:8
      4⤵
      PID:4068
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView" --webview-exe-name=jjsploit.exe --webview-exe-version=8.12.2 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --autoplay-policy=no-user-gesture-required --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3412,i,11361963229181276047,5745013933593410245,262144 --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3440 /prefetch:1
      4⤵
      PID:1648

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\Autoclicker_2.0.0_x86_en-US.msi"
1⤵
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:4196

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x340 0x4b4
1⤵
PID:5488

C:\Users\Admin\Desktop\BootstrapperNew.exe
"C:\Users\Admin\Desktop\BootstrapperNew.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5956
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -Command "Get-MpPreference | Select-Object -ExpandProperty ExclusionPath"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell" -Command "Add-MpPreference -ExclusionPath 'C:\ProgramData\Solara'"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\ProgramData\Solara\Solara.exe
  "C:\ProgramData\Solara\Solara.exe" --bootstrapperPath "C:\Users\Admin\Desktop" --bootstrapperExe "C:\Users\Admin\Desktop\BootstrapperNew.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  PID:5212
- - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
    "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=1 --mojo-named-platform-channel-pipe=5212.676.11903479994728472476
    3⤵
    - Drops file in Windows directory
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:1828
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=132.0.6834.160 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=132.0.2957.140 --initial-client-data=0x1a8,0x1ac,0x1b0,0x184,0x10c,0x7ffe77a2b078,0x7ffe77a2b084,0x7ffe77a2b090
      4⤵
      PID:5996
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=gpu-process --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1860,i,1035200291697123046,5244955132612621346,262144 --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:2
      4⤵
      PID:3056
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=1916,i,1035200291697123046,5244955132612621346,262144 --variations-seed-version --mojo-platform-channel-handle=2132 /prefetch:3
      4⤵
      PID:4620
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --always-read-main-dll --field-trial-handle=2400,i,1035200291697123046,5244955132612621346,262144 --variations-seed-version --mojo-platform-channel-handle=2416 /prefetch:8
      4⤵
      PID:1004
  - - C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe
      "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\msedgewebview2.exe" --type=renderer --string-annotations --noerrdialogs --user-data-dir="C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView" --webview-exe-name=Solara.exe --webview-exe-version=3.0.0.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=1 --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --always-read-main-dll --field-trial-handle=3560,i,1035200291697123046,5244955132612621346,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:1
      4⤵
      PID:5428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5d1522.rbs

Filesize
10KB

MD5
a77db90f6e0cc458d5aae193d380948f

SHA1
2c2f9d5d6dcd4b6c94cdbfc28d8ff073b797b213

SHA256
06d07e3df417b69fe469dda422ee830315a4fdec0254c90d3fb252b274386cee

SHA512
eec15af5406712111f200f7a3735383fc855610064fdf53105ea7e3259ff378e7869b9e2e59f0a1268968fd142a7e468e254eef0383e1c7a3f28f9c0fd47e6ef

Download Submit
C:\Config.Msi\e5d1525.rbs

Filesize
21KB

MD5
d7f6637c47ca550023346811381e93ca

SHA1
9c054b4ee6558a1f53f53dcfc9c4989dc464a8f1

SHA256
6690d76450a3235694757e14d60e4d0a82ab4f33c36f1a6768756b7a9256154e

SHA512
a3d2dd910917040b0d1d4d6a699c24d77a5c9c429958ec8c5a9bd1fec181edb2bcc33e4127fef11a97e52c7694ce5d577a1eda07306704007485441099b44191

Download Submit
C:\Config.Msi\e5d1528.rbs

Filesize
10KB

MD5
47025d4f46d5f00b32c9362ef45e8d1d

SHA1
1da9f8dcd1e454549dd4b1b172f2c26cb40bec3a

SHA256
f78ecd6b02543d650824431c117c7c02acb60bded8df2990bff974775605c609

SHA512
c14bab85ad85819758194a3c686db8da36bb9840690c380eb5699391fb31afafbe432c77c7ebfd08fe2abb71d4de3245ace917e7ca18c5b08a99e53d218ab434

Download Submit
C:\Program Files (x86)\Autoclicker\Autoclicker.exe

Filesize
7.4MB

MD5
322c55fa9c047e94d7af4ef278b51c83

SHA1
099cfed8a3b1be09188d1e1b8fa5f9402f44cd7f

SHA256
34ca722a2de227a2f5b93f719927150b1cbc8e10cfc905dae752591c425cbdf1

SHA512
3ff60d262f3a9aa91876449615117fdcf69e6b9b8bc56642de3f5b20bd8b57817071fee9a99657ef551ee00074411c74d3da047d3a8a8baa6c049da98353b1b4

Download Submit
C:\Program Files (x86)\Autoclicker\resources\db.json

Filesize
106B

MD5
deef4170609ed9d916c542b85781b4c4

SHA1
e162938edf932be1b953415a764b28fb8bc2676a

SHA256
5a0fb5f4e5dcf5def4e6fea7205f1dddbe9b6b2417f51f931f4faffc05599df1

SHA512
130e78b1fff070d1c5d9682c9e36a99dd030d9ec61dd9d370aa1885f77251f4514d65e018868bee8e0eea1e8cb6caa5f0ff34c2db77545514dea9705eeb283ef

Download Submit
C:\Program Files (x86)\Lagswitch\Lag Switch.dll

Filesize
50KB

MD5
4c319134daeda52f618efd6fe1df79eb

SHA1
0b4fae134ef997df06866943321c42ddba7efc03

SHA256
4bb9af17d08ddacd58d95d2f5e72bf00fd3c2576cb17df3340f9e25971f64a18

SHA512
9bbc87a59ab2d399c97a8d427449d5d99923c5811597c10c24024278569caf2ab7e3e9ef8e3997b502756139b5769b7026b6cd3f3a77fb2818fb075076952167

Download Submit
C:\Program Files (x86)\Lagswitch\Lagswitch.exe

Filesize
7.3MB

MD5
bfa849cbce84eb01a5b684cf7d5f0fb6

SHA1
e70f52c6b3287e5cd417e0b9fa0ff76c52f2bfa3

SHA256
a82a51d5a8f56aa88dfbf92d5a1098465a0116908dabbd29728b3cb28980f5e1

SHA512
f90656972c8a53edebcc78e423a2a53c4a8e44ced06c76bd3196208f780a4b982a975021eab322beeef61356cf51503c8f322463b98b60a76c15581f5fff6ed4

Download Submit
C:\Program Files (x86)\Lagswitch\WinDivert.dll

Filesize
42KB

MD5
387b5f1334fe717221295b18203cd70c

SHA1
0d0683bb05a94bfa0eaf98bc7e6f8d7b4f98502c

SHA256
a321649090c21aaa7529ce5d019d242b1d5f2a2aff04bc3224db409641604a83

SHA512
8e5bacf9450b34af08dda9be3795c164f9f126280de22fd86333e054ebc98c0cdb1e3f2b41a28078ef724e8829ac47179f141c6a7d02f2ec3aecd1a6c9100c2c

Download Submit
C:\Program Files\jjsploit\jjsploit.exe

Filesize
17.1MB

MD5
b393f1b89a320d6a0b42190c6dcb6860

SHA1
209e800233976ec908a87db948b5aa175d99b1e8

SHA256
ca45895af0e91692514e6f4b8b494e68392821fa18503526243091d7d49e3064

SHA512
21be0b7a232e7182455206b13beada6e9614335a0b3ada9875a68620efc14f43723778910dfb6070a47ee8f177d02add1d5a2e60d616fec914a88b9ecb01f0eb

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autoclicker\Autoclicker.lnk

Filesize
2KB

MD5
9361e9a68ab27b077ef97abba59ebf1e

SHA1
93901091ee82fa6e7b578bf09cb134735e65f947

SHA256
8e25cacfde68d76cfe8535db08fa20002b7d6e045b6b5335ae42f29f4ecec4fa

SHA512
4f7d84f31fe3d9e1773bdae81c44049196a44721760bc2701a15549babb386a06937dcaf4f1a86a7deefdc65ff4508dd37a0a6ecf586b02486867c92c2c28dbf

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autoclicker\Autoclicker.lnk~RFe5dc0c2.TMP

Filesize
1KB

MD5
acd33c16b92256f089b1ecb89bb48639

SHA1
fd30e4c3e2cf24343c54f4783eaef7ab724da628

SHA256
0e778ae25bc4fecc8da742fd270328b44a0bb4bb42857ca0eb441566dca93378

SHA512
48b804e9d88f2562ce504e9372364c4722204bd5eafd2015fa878fbc024fe1f3ce0c0ba9a67d139780ce2f9e0f38cd1756a2d309da1acf22e1b4830d467b366f

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\Lagswitch.lnk

Filesize
2KB

MD5
39135615902af02aa802b1ebdfe68c6c

SHA1
6d1298e06c2ceaa202ce8040a708522cf4bfd161

SHA256
7d78b95cc6af6fbb509537fdab792a802d0ebeb23c209dac50adb6dad406436f

SHA512
202711ce8262fa4e525e23bf0e12ef070658f2fe14d705403b8e69ed9346d808ce9a0b7ad28b50ed3365008cc3755c1e5b22cb2679eee7daec7139e53a099621

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lagswitch\Lagswitch.lnk~RFe5d1b6a.TMP

Filesize
1KB

MD5
691af5058ff22e1b841a4054be30fb1f

SHA1
0df45a74b3a583f81d930ffb26760c4f337c1910

SHA256
8714fed080a23c71fe3b1f47e89f7f1fd79c71a5aeb2dea67b7b6e1a15a2e92b

SHA512
0ad44d21f66277fd64624c1979b38f1f9974852e5360e44412a7d8f15206b044318df83bbdc70ca641e27164a6d89209e28486860377c487e62d7b28cf5f51cd

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk

Filesize
1KB

MD5
42dbd26ca1ad8812709c6a77c56e15c2

SHA1
0ab6823c92364b35a46df63cc61b72c8469c6912

SHA256
50b7708c088e04f75e56767191428515693ab119205d16cb32232c8d74e26da0

SHA512
32e2cb09afad3483f3e4217c6d16e367cc2972f209176ddf64face7e397cdfe9846d7cc6c71ee1071bad8a1fc23c34ac2b8a6818d0a8a33313de26e032ff72ac

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jjsploit\jjsploit.lnk~RFe5d9cfe.TMP

Filesize
1KB

MD5
1113e3d4181e048aa8b197d96b8b3aa5

SHA1
d6611dee7bcd90280e36e7d963e1edbbd7104813

SHA256
64e2b1a246ac351503347f4beebc1370010315d1c00b58d94d408dcd7fa6294d

SHA512
629963d10dccf002cbfd3861150ae3c2539659cc3a8844c9ade3079fe0f26f64fcc256cf95ca78ec90dfab9151a001698223bc151e00fbeecc71cfc6f088d589

Download Submit
C:\ProgramData\Solara\Microsoft.Web.WebView2.Core.dll

Filesize
557KB

MD5
b037ca44fd19b8eedb6d5b9de3e48469

SHA1
1f328389c62cf673b3de97e1869c139d2543494e

SHA256
11e88b2ca921e5c88f64567f11bd83cbc396c10365d40972f3359fcc7965d197

SHA512
fa89ab3347fd57486cf3064ad164574f70e2c2b77c382785479bfd5ab50caa0881de3c2763a0932feac2faaf09479ef699a04ba202866dc7e92640246ba9598b

Download Submit
C:\ProgramData\Solara\Microsoft.Web.WebView2.Wpf.dll

Filesize
50KB

MD5
e107c88a6fc54cc3ceb4d85768374074

SHA1
a8d89ae75880f4fca7d7167fae23ac0d95e3d5f6

SHA256
8f821f0c818f8d817b82f76c25f90fde9fb73ff1ae99c3df3eaf2b955653c9c8

SHA512
b39e07b0c614a0fa88afb1f3b0d9bb9ba9c932e2b30899002008220ccf1acb0f018d5414aee64d92222c2c39f3ffe2c0ad2d9962d23aaa4bf5750c12c7f3e6fe

Download Submit
C:\ProgramData\Solara\Monaco\combined.html

Filesize
14KB

MD5
2a0506c7902018d7374b0ec4090c53c0

SHA1
26c6094af2043e1e8460023ac6b778ba84463f30

SHA256
cad1e2eef6e20e88699fac5ef31d495890df118e58c86fc442ea6337aac7a75a

SHA512
4a9856512e7866b8623565886e5f3aebf15c824cb127e24be9afa2a5501a83fa95d209875a8777566bcac9973b38881e18caf6ad160c8d01366a508cafc2164b

Download Submit
C:\ProgramData\Solara\Monaco\index.html

Filesize
14KB

MD5
610eb8cecd447fcf97c242720d32b6bd

SHA1
4b094388e0e5135e29c49ce42ff2aa099b7f2d43

SHA256
107d8d9d6c94d2a86ac5af4b4cec43d959c2e44d445017fea59e2e0a5efafdc7

SHA512
cf15f49ef3ae578a5f725e24bdde86c33bbc4fd30a6eb885729fd3d9b151a4b13822fa8c35d3e0345ec43d567a246111764812596fd0ecc36582b8ee2a76c331

Download Submit
C:\ProgramData\Solara\Newtonsoft.Json.dll

Filesize
695KB

MD5
195ffb7167db3219b217c4fd439eedd6

SHA1
1e76e6099570ede620b76ed47cf8d03a936d49f8

SHA256
e1e27af7b07eeedf5ce71a9255f0422816a6fc5849a483c6714e1b472044fa9d

SHA512
56eb7f070929b239642dab729537dde2c2287bdb852ad9e80b5358c74b14bc2b2dded910d0e3b6304ea27eb587e5f19db0a92e1cbae6a70fb20b4ef05057e4ac

Download Submit
C:\ProgramData\Solara\Solara.exe

Filesize
619KB

MD5
91f5d6abf1fc57cb3e6222f10c51bff1

SHA1
fd1183ba06cf793f12de674d8aa31bd8bfbe1172

SHA256
c48c486f8655d33b4b0d7fc169adf5cbc964c723161953ef5877e99e45833840

SHA512
4538dc6b1c0c21f09fcce5a496538c25cbbc88bd5bb484806fa9426753691df7d798882085be0bdf4ee542da793c04a0d45675265a6ced2f4ea61b691909597a

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
af34ce980ed4998cfb66cdfde0c718f5

SHA1
6a9634268163050538996334a61b0d4307373e9e

SHA256
06af8f95b799750fafbf0c1712abc4fec14714087c3e02358f38c6942bd78b07

SHA512
91305a0c46f064210df0ba5832f53e3552972823cd195c3304eed958b20128d2bb19487f7009b8d2c494aeb98c3fc8b295959aaf487dbba85362dd967d9a2bf2

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Extension Scripts\000003.log

Filesize
38B

MD5
51a2cbb807f5085530dec18e45cb8569

SHA1
7ad88cd3de5844c7fc269c4500228a630016ab5b

SHA256
1c43a1bda1e458863c46dfae7fb43bfb3e27802169f37320399b1dd799a819ac

SHA512
b643a8fa75eda90c89ab98f79d4d022bb81f1f62f50ed4e5440f487f22d1163671ec3ae73c4742c11830214173ff2935c785018318f4a4cad413ae4eeef985df

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\ExtensionActivityEdge

Filesize
32KB

MD5
045d83499804e4725dbb720cd0a98b63

SHA1
b0f459d9e7ee2b6925fc1a09ea1ca099d928288f

SHA256
aefb267ca50676ff14f1d504549d8a0a838339d3eae353c1366dd693a6d0ebc2

SHA512
2e147102da4144eac91f9010da93dfdb2e648b7481e7f48d99438c745adde13fbb9495493158bd85848a474459648ee03f270bae8ccde6cf60058c430da00a7b

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\4f8cae79-1e14-47aa-b903-c294031e838a.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Default\Network\Cookies

Filesize
20KB

MD5
a156bfab7f06800d5287d4616d6f8733

SHA1
8f365ec4db582dc519774dcbbfcc8001dd37b512

SHA256
e87b3d155c7582d4c1d889308b58f84e8fe90a1581014b21b785d6694bd156cc

SHA512
6c8eeab3ae6fb0d5be7758cca521665b216f31aed1aeeeaf121c99dc9f0192b385de0da36e94f90dd4a9bbbac6be2c5a55d2f284a24ccb7dec2c5302fb9b027c

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
1KB

MD5
3e47618e9e9d6320a55fa8e92fba041e

SHA1
312ab85813b276a2d35e3ba20d08ee8d222f29d4

SHA256
b6ea413f265f73c1d1f7e11bba4f182038c1beccd902783a0362fff612f6df6d

SHA512
1b3b2986f41ce4c357afc290116772d1103bb862fa5b2270510eaaf20f93034f4448c0d89b8217dd656bd1431b4bc938fb06cd6fed3cbd5f3d5ac0df63571dfa

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
2KB

MD5
7bf882301c75aecbaad97d8ed3ec75ee

SHA1
36ef9fd4589cd5d5b49a594ba0297210fc609852

SHA256
7f8e1e15e49ea96aba5efaff44bc45b17474fd0103358468f133674e335259ec

SHA512
791685bc0eb2117f4a4ac89041190cb9e8f300165d0de4108a2e7a53f7d09729d34ab117aee7d6764c0c4b21bb75ee7a22e89765e4ff881de6c39aad97a57422

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
16KB

MD5
58119357bf43f4282155a3a562601c9b

SHA1
b3c45c1438bb99e275f30e44804bbed3965b12f7

SHA256
3acd9b04936e299696bcfc4c7df3d686805bc869a9029f2593ea8ab092fb4034

SHA512
55c4ffb70c0865b3d314cb75b74077ad579d557d46f979120fbba52b79a50121dcf2b59f1b55f2722f210ac898fb020af8e98a8456a40908314cda85c1aa8de3

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State

Filesize
3KB

MD5
6c9e79f5d0795f4a2d5533dbd67a9788

SHA1
8dccea4c48214ce168768f2f19babbc064a64d31

SHA256
a098cdcc47933144a96b7a36ef6d3285c1ec814ea2b20a379b4bc7120a56f36f

SHA512
7fe6d992fcc140b0b757e78a633e55f271acfcb4b685e15df958b66bf7c145384aadf41d4eba3f16a76da6b206b5f0d9612ccc3692b5daa2887ed1ac7b3ae802

Download Submit
C:\ProgramData\Solara\Solara.exe.WebView2\EBWebView\Local State~RFe5f67db.TMP

Filesize
1KB

MD5
d92aef6989a7e397629ee5828405d2a5

SHA1
ccfd96c07ad72c04fc81d0aa5c430b294ac7260b

SHA256
f1ebaba3392f9095ca423038a066eff47e26c6c363dd1d3889e5c66283617bca

SHA512
149ea1c6a792e13dc76442c38766915696a3c0dadfec74e314251052308835291e2fe42f3814152c8ec4b2e637cc06065ee62a6cfb02a41ad80d7b83b23ad1fe

Download Submit
C:\ProgramData\Solara\SolaraV3.dll

Filesize
6.4MB

MD5
fd5fbbc0cb077f4e0cf0a95c4a4ae159

SHA1
e0a5dee5b66c63888dac139eb45def546db30f33

SHA256
4427f0651a65b4cb1499b9d150d47795547be6592f8fb5c0553e34be20d7113c

SHA512
72f2e6dcf20e5c96fad112ad6a6e3611b8a018e2bd7340fd78c74f6b67b1bd8e2cecfec4abcfbf0024d9c682f6d50c54c27ea18ac3c1836b46896f3f45f99570

Download Submit
C:\ProgramData\Solara\WebView2Loader.dll

Filesize
133KB

MD5
a0bd0d1a66e7c7f1d97aedecdafb933f

SHA1
dd109ac34beb8289030e4ec0a026297b793f64a3

SHA256
79d7e45f8631e8d2541d01bfb5a49a3a090be72b3d465389a2d684680fee2e36

SHA512
2a50ae5c7234a44b29f82ebc2e3cfed37bf69294eb00b2dc8905c61259975b2f3a059c67aeab862f002752454d195f7191d9b82b056f6ef22d6e1b0bb3673d50

Download Submit
C:\ProgramData\Solara\Wpf.Ui.dll

Filesize
5.2MB

MD5
aead90ab96e2853f59be27c4ec1e4853

SHA1
43cdedde26488d3209e17efff9a51e1f944eb35f

SHA256
46cfbe804b29c500ebc0b39372e64c4c8b4f7a8e9b220b5f26a9adf42fcb2aed

SHA512
f5044f2ee63906287460b9adabfcf3c93c60b51c86549e33474c4d7f81c4f86cd03cd611df94de31804c53006977874b8deb67c4bf9ea1c2b70c459b3a44b38d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
35f6f7dce4b40edb4d8fde2efb97f2d2

SHA1
8521f4604bce0443a7565a16231e0549eb6712e9

SHA256
8d4d0d42997af6194af00873aeef846818f8900c09650a77ff8436c3df454780

SHA512
bdd5bfdb51afd116eb397e3b1b963f9bbc393b2a27a0c1d421b4b9ad1f7fd95bfcff45f6965a698d6cc7cc236be63b8e4573c47810c80d92131adea94cf3c55a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ab66cb6ed547c4087a5867bd880d7ba5

SHA1
ed3d666280826cc181948152b4000f9629e2048d

SHA256
435597c4505d839d36bb2660353a847af4d3719757b4ed04b199f575b7ec000b

SHA512
6b6b2f8b431b8ef31aa38e0bd1f9f554e2f04397aa1fccf46ff5025fb4ed405bb607e5f6e85ead85729abb21b7d086fb4d701c211f2bfeee16158db333d821a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a798ead94eea4b7576a09a268320d6c1

SHA1
9d597424ade72b796b8cb0d2e5e89d8a771fa448

SHA256
1cd9b9080dcaa982c33ce367ac19ade150ddf1dac7cf2db7cb3a082cd901911b

SHA512
575ee7e7c64605d3d26eda2b552075dc5d566361a1f531f2a4b011dcacb31df605f14328b058c927cbfb3ae188c00ac9c742ee6b051a8f237fb7cf3449915ffc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
07192515c2537fa731161521d852688e

SHA1
af87ce76ef9f52c600e09cc5847b8d36d6c07c03

SHA256
35f69704c1f36e5b01cfebf422a2738db1e5d84151b8ead64aa8767d4691d9b4

SHA512
db1d2c4d1b7527b946ada7e44ca0d15ee0c03e4dca5ee91da33b4166aea407799e2c49c8374f14b808cb0b9476afb991a4a180abe5d7b882f9b1af67735f409d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
56eac39f5c9be6a3d01572a9772cdc9c

SHA1
d585c39edacbd55ad6286d50a0c944337604262d

SHA256
286892fb904f062ea4429d64856c3450aae3af673361ae04e4de8aa9a8cbf683

SHA512
a0c94434426cf37db6c72fd9b6a01ad812471a8377ad7248b697096c55ca01b0acd41853c0b4cd6ee2e6ae768db4947a0d60c548e1d6a73e563b314b49c35fea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\doomed\19688

Filesize
8KB

MD5
7350294cf6bb3425e218cb715173864c

SHA1
5f7329f511ec253d029517c044241ed5610807f8

SHA256
59eb9ee9932f020984aa113d7042a766b35217e28c9907ce37776735bedbe6de

SHA512
2cfe47848b9a5da7ad7bd117c794110c1b9a100f04901b831fd95f61151deb637bbda850e2113f48030a8f3d9c56b31e679e2a9c41a0973705bf4624916c31d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\doomed\22235

Filesize
8KB

MD5
a1a5ccecc91d21885f692e47c9972205

SHA1
ad6204f211c6da50d72b6d6c86e1bfc7a753600e

SHA256
6767b8cd9a62e6d72e77048d9d2fe5edf91c4d16da57365ee636212464959689

SHA512
78e2ad7fdc9b030280593c12f21714d366291cf838909e7c1001bee6df9cad111ca91028038faef612cc850ad5c1f03bf64cdf8bce939da28f6a3c917a60b9ea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\doomed\30425

Filesize
8KB

MD5
de7bff505a40641302a6da31fe4cd0e3

SHA1
f93352523f979411c7148cf3c6e92cb46163facf

SHA256
ccbcfa9f151312da1f20ad0b801fdbaae357576722961bc0b9db883969cfb2e2

SHA512
3d2f8dfecf563c36e4592f283d26771805285d204baa543f853e347ecc4c0c61310d4ea70f30eda3f6694f83185a08d5ac471a4307382a206f5dc7c6e0e0e9ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\doomed\32504

Filesize
13KB

MD5
9bafb63750d59c659eca0f5982aca6c3

SHA1
51b6e4c57e19b6dcc62146fe3651650e8ab8493c

SHA256
6cafd6ccfea7c2df231b5e3d6dbaeeffc2e1092ea9061afbbfbe152b8887e5ed

SHA512
b9673eb27ee34c9fdaa1fe29f4f7d9557933aa83d7ca816105441d880bb9c47ab69ca2af2ba1fbb8d0d8f923fb66fc82f0cf9a1b3232f7fb21c7a5105159f44d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\doomed\9193

Filesize
14KB

MD5
275bcbcda78b9c4bf92c46f8c0aeb284

SHA1
e0a073b380a99e7427155059e75fd06931a15f64

SHA256
cd66916e7f0abfa14d275699171f77fe5be47a9d62d66235a7a47021c611b6f0

SHA512
662f171ef3a1f7913e32c6a181e60717912e82d818b4095435ec40b5eb092d31becd2a5cac677878691702c1d6ffc4eb6415871ce1ec5bb6fa363bc0a0ceb589

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\03D7738553BBD9A4C8949C6403266D6D41795AF1

Filesize
12KB

MD5
87baf99785cba66be374969eefa9c083

SHA1
0f8d885f50ad427c8b2cdf21691fead5e84e92f1

SHA256
9f15f8f9d0c32b29327d8b02abd7124d9423d39b0a0121beb523bccd5ec8ce39

SHA512
c6f763ce4cb0ec2dfdaff4dc8823bba5cb19bb3e104be610e58ee04d1ecfb6b7f0f59d54a61e1afd2f1ed09ba204bd0cc13c96661ca42d5243c4de347bbf3bc3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\0A86069C2ECC6A3E4A0AE5B49ED4320FBB9DCA32

Filesize
17KB

MD5
276ce9fed35233355a30517119d46961

SHA1
e38d90ffccd35d2544eb0caea2b76abc3958c71c

SHA256
2b6498142079fc684ff8b902264aaf5482a3754490f79c3a83d13345f1b11830

SHA512
dd546b8e721d25f13917d2654eab81846bb62bafa190e3d4451b44046c4cc0b0d30efbadbde9b5b6e2744a14c7117a47ae042f783969195d47083fb799a7696e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\0E94FB5F0E68C01D534F187EDBC1C564019AB3B7

Filesize
13KB

MD5
16522ed9a9eb14c9487a55e0b92a7a41

SHA1
152244d985015dc7a5ff7696f9e696d38c44e864

SHA256
f2f76499b25934d178d7b0e030a13c46c9a7e9b10816cc6d46256b97b0469292

SHA512
694efabf76b3adcd50dd6050c7710e888abba8169bedec6633e4022217d6dd9c827ce276d7f2b4a5c318e2d81533f6879b200cb105238f9ae5c95909a0f33e42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\0EFC177B0916ADFC391F07AA07EA0B25735B3E97

Filesize
19KB

MD5
ba6d6c68a26c78243a0cc00192be695d

SHA1
ac675545d5734da33ebcfa0af5de6df406f2aef1

SHA256
c0f6327fe04b53ded3917ea1c8c3f542d7363ee2270d3f555c7f48f7982fd166

SHA512
f3770fe1805ff4402a04c3d0ac2b86c8bd858b397332841184e2ac88993d011a5e3879c8d675e7a45f0f0a48292442caaf8275287b31e58edebd498c18717520

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\13138D8D1E0FEBCC587EE62559D0D862A5DDFC8E

Filesize
2.2MB

MD5
a63431688dbac68638165e03f6fcf2a2

SHA1
f9feffe5eb2e05fc053a631c7f2730f39f2663ca

SHA256
39ff413f416412188b9e5d8feed4ce793758d1ead5efe6c2c3278ce18f78dcaf

SHA512
58bc9b8023edea0950adea39cdd5f206e5c0d6765280ce1269e905dc9a8b79beb5d2b456151b99d14de0c61ee33e874e3cf40ac7e9c17520b6ebbeda603dd162

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\1BDAB1282517CAB9FF24C34BE6C3D8E68F91C6EC

Filesize
36KB

MD5
9203c7a57f01d355416c720fc3c13180

SHA1
fc49d7700216f7acd2708dbfae5bea00e8cbf099

SHA256
177435f30c75ae3d4a33c1a3f77daf8c12c04007f65746d8b7792bc3f4ce22d2

SHA512
670cfd67ef4972fe7b18ca9a2e0c79f6feefb3fcc673c3664dec2cfb60163b4b509264ed2825ca3b77410ca3758532ab2cccabffc245d11af41ff44f8bea8264

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\292159F3D182FA4CA543F79D12120CFB4BD21538

Filesize
72KB

MD5
3010e250998e413cd747634fad4cb5bf

SHA1
f6134d6f0a034809bee5db10dc15a9badf47ed7c

SHA256
b261ff162f31b21f249076b05243fe3d1e084845430b06592a51b835fdbc9ed9

SHA512
1137017b4f1cc01cbb0cfe696daba9db77ddd0e40e2e915d05fab6d5bf689e0943930f225442c9a0d612ea053554ae1b4fce3442d5df9d44dd0e8b5100c1a18f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\2E90CD8D5FC927D02DCA3C09A0961B9ADFDE339F

Filesize
80KB

MD5
560a08871c392727df64e72dd1bb7e67

SHA1
5694506fb241299c4629c981b73d9303fa413db0

SHA256
e0377839f1fbdc4b809e5ec37754099ad1c51d026e9c3927c42118904ae1ed4a

SHA512
0f8a8978bd1fa6879724174bc836fb672cd6e1342683fc146d85e9ac7a08ccd31204d39eb67901ad66e6c5d521bca4ba13cd0c2b8b2209da919b42421963274c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\353F45FFADE4EF2A60AB1D6C92D953CCEB170FDF

Filesize
53KB

MD5
5e03fbd80081838056fff4ea6473d2a6

SHA1
3d750aaa18e87c04caf9cedf4b33de31534fa65d

SHA256
22d9553795b8fdf089a10c91bb577a40c42ebd3d60dff6de75f084fa822c8cfc

SHA512
e8663f80cb9f8a0496f9ebe62f6425bcc5ff429fd4c1432d56c73374a7bfc465e4c06045315b9ba778bcd71e4f73c289f076456d3ea0357335eaf37e10f9be2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\39CAAAEB9A8C297118349073A19D12FEF17D25CD

Filesize
23KB

MD5
9b955acc1135ca2281910542e28c2324

SHA1
262e575cb191dec269acbf03a6f6148190e385be

SHA256
bcb292d2b31a695f1344845719afb6601e8b01dc62f24d1013f826623b98eaf6

SHA512
a761da028b17bbf9d3c456536ca260c8d08c80a3af3f91bf63862765a87d6a39c3a78e06bf08afb95b7459bd46d1fcb42aa7992e4c48e7f8ee79c81bc60db86c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\3F464D04F4055E52DE37C98727960D2B43921D44

Filesize
150KB

MD5
f594bd0b5168795031d3c5af86483abd

SHA1
413fb3fcc3f5e4befbc422da91c483a454c3f8be

SHA256
07f3e0a65a195f8988a1a82dc0e8c5410eeed722dfb0ee61f534f3e399cc1cbb

SHA512
ebd30d9d39faa42dd7663604066a89853b03d78ea3824271659ad09d0a359817c26205d949c26ae020366779a76c461f85ac940d8bad6dcb949009ae1983ca90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\424C4623CEC18FCA971BA30429347CD4BF770BFB

Filesize
57KB

MD5
dc5ade1094cd2bb9b9ecf67d97be2d91

SHA1
949103c0f29f81efde4579ae584c6973d55f724a

SHA256
57dd1920a25ffa04da563cff147b944dc946f2bc58ba789af1b16a8989fb5c15

SHA512
4e931e08bc14e2c40d42e383dd86ed8100a44e2c63bed32ec866b2cc55fee1ed976acf15ee36df5d5c560dc592b591a3b3e01d98efb19380d02914263ffb8553

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\43534F1DE462540F20E0FAEDB9554B71D871B3C0

Filesize
37KB

MD5
89ed5e3b974ad97a69e1241411f293a8

SHA1
559c8302daac14638f761a5488531c91b00ca283

SHA256
3f350eb442af779ab52e3bf5493c3fc798747c105c5a0f97212ab33783d9e5af

SHA512
4cf2481c8828bd334f9f2f75dfe1c40c2037748ec47a7eb7caabcc09384b52180775f214e4a9ec8c9e27032709e5f473d8040c6fffb45821d74a27faa1ac5342

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\496EEE598C2B5502FE8E09572EB6B3420B8C6842

Filesize
13KB

MD5
fd69f05c0b66fc1a48a592cec956de22

SHA1
3ee74786ec0d57c3e2d8e4691086932d1d0801b8

SHA256
c2f9bc9dc6fbb6d550331f92d97a57db88d91083120bf324b56d2d465f1ed225

SHA512
da3f44a0bdcc002480c3686e5296df5ab5008d5c689e9cabe9c60a879ec77f63f74f3560b01b79b907daa1864b5b5602fff06d0aedfccd07de0126345143e7fb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\539C376D03D0CC7AF91712BE94AFE33C0FD1D545

Filesize
44KB

MD5
13c25e8d09beac7a3fe8fa9a123eeb71

SHA1
8c54fe71c98e818a75ae2ed4fad39127de65d6b2

SHA256
cb077f8df7b3ba8f3f771a359ce058c8d21c84b181a2f416081acd56e09709ab

SHA512
5330832ee8dbbfa9927434f6dad6193fe957cc3aaaa2e121110333d856747dc4990d37873b2ae0b40011bdc70d166231635e6d2fae5e39bfb357d2404b7db093

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\5404537CFCB3CC27D0365D877F122408207F74C4

Filesize
102KB

MD5
7013e77e4ccbe36bf1743d92e8bfa235

SHA1
d3c62533d56a9514fd6ab15c5cba9a0f27b70543

SHA256
b9b757aa943fcdccb5983d7ccd1450e74440a18a456e84db44ddb13dc6e8de0a

SHA512
8a695f788781fcde7f07e3d13570f52b64b7ab31b7137f496affc50c50a526c800b1da111b0fd845653e553f315ca72a53c58977f32e7b1aa8a4958283dd0d7e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\54E9C0E9AD4EA834F4ECB04CE1C00100E5D10DFA

Filesize
63KB

MD5
2026eca592529ff5930bc063acdd7bc3

SHA1
1fd0b74050239aade41fbb5a5a952e3f6a1c30df

SHA256
fad782ef506fc27e19d89142094e6baed5aa915452206642998367cefaeb9530

SHA512
dc4507df126a75e2e2f579a02758199bf236a137ae4459bcca88a0d446d09f19ac85398b8d7e60ea06f72f04bbae483cfbcc142af51a226eb445ec00e003c8b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\5B056C021389BCE10DB208C20C2011A347A4C0B4

Filesize
52KB

MD5
d8f076206169ff305afbd3fca4bac651

SHA1
0de5756b3cadf802086258c0f728aaae50c7bcbd

SHA256
33e9e0cdc76840b7808b0135c2af89e392790049c371ed76d8fbf4e30da3f398

SHA512
ce35f8e018a5f74756396d0fbaa4a92ef1664d96fa9aa3b9a070973c33cd85da9f17ef09d0028af5f4d3103abd9ad6164faa8d1915f2d8574157e7a992f81255

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
c16f0cc078c627d7b51718a59a3dd099

SHA1
6f64ac08f685dd93b928b7fa3644e6400c945615

SHA256
c0f46c5b92c5a43bb6b5bc340bb25e602667d0f97af921bbd05642471317e195

SHA512
5ea5f1617ebb75463691fad5cfe66cb9166fffeda0b027ea67fc605ee1221c5f446a8f6705f63cfc164c023abd755e52b625a0789f9ffebda073a8e0eabd6309

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\705FA9305153F8BEDE52C6ABFCBF4E56D1922831

Filesize
21KB

MD5
98857f6a3acd320e9c16e97ee97044af

SHA1
0e9f5cc1d537225874d02f7bdeaab0fd5a7c99a2

SHA256
6f420db1de2108ccced440d58a36e69256ce5ec638c2e289bdce7c7c3d71a917

SHA512
7101cdd02faf815b17285daa72846bc38c878ef1511d03172c7043d98b289c166a595e6fc591d345ee6017254cc0b6e85c579f242618661c7c9439a066f62db3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\70A9D2376CCEA017B99163EFD1EE15DC9D01D00A

Filesize
5.5MB

MD5
624240e3c5d7c7e9217078b72613bf58

SHA1
50773cc707eaa1e9bcea168dde77225d7962c2eb

SHA256
e2823d8515328f3d0a650ce9c160c9bca03f23cb5c04ac7fdc2012e754fa6ded

SHA512
38f204d2611d9c7c38caf56444631fdb925b309cd1f0334aadd0cfda066ccbed12d61a5a04f1a569403dcbdf5802195f104195949a27195742fedad4a47bfb1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\845E363403C83B30F3771FEDF891C3887CAAE4D7

Filesize
41KB

MD5
3feff2e870ebea09c29482b53dfbcd5c

SHA1
444f8c1a75d8887c9c973a95b27620d58857b478

SHA256
e76f209123438def4482e096d9793814daa8ad3de338fab4c4f09d38bfbf0c0a

SHA512
46dd0e1572ead93f2b69ee9097d4338838c61c49bb5561bd27f44825d283c3df9bcdf39ecd3d135bb182173d7a8b64bf3a99d122f86d288c53e480af48a8bb49

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\87D58907DBA66D9D78FFBFB07F8840465E6A7630

Filesize
35KB

MD5
8de4ec61d6908382fec40ab5740e71d4

SHA1
33abde0756e69ec0c9c375e44d982e3cda2393bf

SHA256
3487bca129224e6a9db8647e30cb8174062138a3e5ae92295a0eb08ecbf9f964

SHA512
947b21feb570c5739053b604cec43b944d284b1542063b9ba835df3e6ed2c84679807ab33ea94efa407f5ad3f7d4823e745e8982396cd1e8f5559ee72eeff2f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\92759AE439ACD1AAB4FBE68E9FAD996868D3F989

Filesize
1.0MB

MD5
03521e393c59c56276005698e11886aa

SHA1
acc8efefb1b6cc535106916ad06ef2e96e26e82c

SHA256
34ef484bede2d9b84cb958598b6b2a83aa64be3a7d9ecbdcebc87dd2f3480321

SHA512
f36c1c7252035b228cd48a50b580352f633399b5365d912fd8cb30522b6997b8d9675883c88335fc130b00d0c4fd4a89297d0f4016bfd427efd1f460864d4839

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\92F0E8C697D3BF89E6169CB8E8227DAC8597FA22

Filesize
30KB

MD5
43e971da1f25be9efca8150c2a5013d2

SHA1
fe8ed33b8c04fbb99fdd9833bb17e52e74a4050f

SHA256
a9b60196c2bc16833abd7919a434fbcf5b83886c3e232dd3a509db0f0470f117

SHA512
8308a4ed495e186e746c3e8cc21419acb5c49c47b22ce5caa6d0eeab91dee50cbc5cd6543e1d3c8997f0197228f83f1f43f43636fa1d0219660ec66f17623b1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\9726FC5282B1503AFA8063FEE2768245BDDAD6C8

Filesize
61KB

MD5
2c29ab95f70c00e4dab46cefbd2938eb

SHA1
b1562794820631bb2314885bcc4863cce47f7cb5

SHA256
2caa9c139de4ee293405398ac95b0553cd0ea29711bf3fdec079aee9ab4fe8ab

SHA512
6295b57b0706ccde4e7c72c254d193428540bda2bb60b71762085c0323b4d5435894fe71a19d57a1f8a826541ceab17d1669eee7e405eec664a0c5c5f316c3bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\9962DA5C8A6D815E66204455694C5EF973822FCB

Filesize
16KB

MD5
0214365a7f118158db421f401f9d5be2

SHA1
66959e73e59532c8245e1619dd081243c7473da6

SHA256
1d23cdec2ba0125bbb6a61e2ca743418471a92c9c4911e489f48a87bb0fa07b7

SHA512
b5dcdc0614db8330c77e0f65667cc0836a32c3976aef42b4e9d29ae85f667d992afc72342f45b76fae26a3412040a696621b50e79d003d924caea004abed78ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\9D72B84644CBCE26DB93D7D9E2058DF92320516E

Filesize
13KB

MD5
ed5cf75ebad07f948e8164c4b4ec4e83

SHA1
5ba2e5ecce3617e457fbfee77e734ae39898c325

SHA256
2bdef8bbabcdf48fefc9522c276b744570b522c1c22e2bcaf9d6d2c886a6271d

SHA512
7610dbce3dad26e7ac796196074ba1b55d5f9c00ae3641b3096d977daf9a9b0a0fee2f6bd16a11eb754af4e7eed4fe1bc4e43604c44d0494d911128c14d47287

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\A5D85E3B38E6CD095786C8D12C841F427A0B6F97

Filesize
115KB

MD5
fadb6d59ee140101d59c1466c447443f

SHA1
9e1d08397b36402d17d8cb213d460ef921a3846f

SHA256
9079dc209cb5a8dfb1fc36fdc97297b5511c8a90bf5e74aaf2e2f5551d438a70

SHA512
fe5974c9989a9bbe506eceaea810b2ba522e81d73abb9e2f990e8f8071f5a3c11f0ebb27e8ae49742084c0ba6c6df1b5538aff229327993eaee9407043f14a63

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\A881541FF0A3D67F7A45CB841F44BC52BC7709DF

Filesize
16KB

MD5
4b9c4815bcc65a6d63c1ed496a360f03

SHA1
f4061dae7ec577fa7879ab9e3711be9ea3bc6413

SHA256
d2a680f6ad6a6a8afef416382426709e786a66870c3ea86fdefb1af2cd4bfb77

SHA512
87e9ace944af919cbb420926cfa1b60b06e57873515f93a04e55d396cfd0c2f6757ff4bf6b8b261c77a2f34587f4dc0cd87cf0471c2c235024e32806e7793a19

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\ABC381FC9310F1FF96EFC91A3AA25FD1E4BEFFAB

Filesize
52KB

MD5
f2158bc17fca4b1a65f1f95b1ff57993

SHA1
a0b7e330b9b3f4ff20034319919b25a671ce8eed

SHA256
00cd893cfb85f4b893f2c92796183f246c9fb12478e1b395882d4c7723f61fd3

SHA512
e48fdbfdb60e32fdbd886838b93240806c2d5ae5ad7ba8be8ed983935abef44aac615a455d4d0819cf11252ab105d38dc1eb70dd80e14df6ea8403ebbe8ae8ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\B403CD48B9B4A9E6E9DE38291F2B8425CC3BBA9A

Filesize
75KB

MD5
758d45a86866fc5ae3cde40effae7a62

SHA1
42a5f188560d7f1a5df03c0532e47fe8fa07f893

SHA256
beccf9f65c1f0d2731123aad5929bcc021dedbe4f5c97f146cfd844aadb21884

SHA512
740812b263947624895af8e1276920e0bf4b347583010ea6300e6a3df88b0227df30f7925ceb1b5ca1cb1c98ebc65cad285033437521187096b014edea403e13

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\B535CA867384B6C7B5DF52E816F8022B2E2C8148

Filesize
52KB

MD5
bfd400a7337c0415aacfedef2499b1fb

SHA1
21056ab1135a202dab638e9b967c8a175b91815a

SHA256
92e983e9aa8f6dcb17e49d311545ffe7e7c96f9a08500db0b1173b02d284a689

SHA512
a291e507cadd58cf2039989355a59d4c45f7a55e712ba1297f53ee6716d53e09eee5ac37b35da14d3badf47191fc79b42ba85adf33cde75ccb85edce000a713c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\BB054B2AC99277174B03D968EDB33CC5A0FB23B7

Filesize
24KB

MD5
72c69e040acc6ce7398e7466a874c56e

SHA1
3a04caf7368798fef0b997d2bb9d08603238bb9f

SHA256
0d85f3d588a13c6ad8b55064e2b05b338d28effed65a50db652e9b8b6e7f690b

SHA512
1032eba4201d36494cc3ec7802c1664236cbfe8a0fa3fc3e872b6b778854c025123f8b1ebd3e385d5fa3c429f5cf90544c6b0b104601e74f76da9a45881edc2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\BCFDDBA5AA01DF73633CF51E43AA99039D3C023B

Filesize
1.5MB

MD5
f8780574693a099d5a9aa1369a6a4057

SHA1
6b027106f9f4d19268f49228bb84a413a9ce96e4

SHA256
67b9cec1e06674a52ed429329dfa38dad7ace3a11af14837fcba43a48c2cb20c

SHA512
ba3e245bdc718a3add870bab6c5c02072d5c0e8084cbea8dd8ed0655e161b7cb7b2afed3e15fd88c1726a9e68301ae166a8e8ac4d30a5d8f82b533d63ccd3fb2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\C34566DA709B225C0D1C2BED7929FF4686DCF7B6

Filesize
52KB

MD5
ddb6037efaa339ea412ba23d8321f365

SHA1
082f6b90548c05394f28c315c889f28b1939516e

SHA256
0ca031b6e0fb04742e063ac7670ddf16531bd18c2dcb45126bc06d1e20561c1e

SHA512
5bdfc2d9f02518c40e658c3dc2d6016212fba8fd3e19bf46a4ca101ac3092d4eda3d782d0bd1c719fa9d15daf6710f5b59ec9cb5301cf4117f4e79ab9f5aa8da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\D1DEAD939E880305FDCCD02D77B189F15E180B05

Filesize
1.8MB

MD5
a3e314557ba0d936a998310aaca54671

SHA1
d1e6609670b58dc573219013bd22a0b4d73c9435

SHA256
b21586676af92137192a8ff2b34935c41f3f62e618aeb9efd89ede81fc86b1a5

SHA512
d0ef2849d63a57dff0f60ace754efe165f8f57e0b0fd3db7d47af5a2b5ff06bff6487bcc127ef28f2057216eb19a5eec095d3bbbc16023b5084190ccfad9eae6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\D7F4C838F128C96EA138F5A40FA0C814AFD1F107

Filesize
47KB

MD5
25cba61af189b751855be86d22c23117

SHA1
592e68abc091ad0aa33ebaedfd69121442d11b86

SHA256
882e745cb5f3dcba6b68c0ade53c5bebe8bbe79d1899eb9a6deb43d3e603b3d5

SHA512
14b051d37fb60ec47b698bb8f85ea1ea1621e0c434182bd1fa84fb9828ab1b55e08f8f007c7941dca271e7ce848f857edec5c87a51b0e103c444e69453cbe1c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\DA806775C387EC68617B9AF905F8DDAE622CDE25

Filesize
99KB

MD5
f98fc9ea999fb269be90eac875598307

SHA1
c25e8aa3163ca6b1d146a15c7d83612aef279b04

SHA256
80ab71760fb59fc2052097f6845693e4b11ea264715dc9616eaa1ed8c7aa4703

SHA512
75219f804cfbe889003d265db2824fe19ef8650eaa7be21e9a21b3a6dbbaae65027d1a5350865bef6a2e93bd9305710228c514b8f9552239a37dc01917e6814b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\EA6D9BDE7E0D49FE4A6CD50D4500CE4E0B32B2D5

Filesize
789KB

MD5
1bfd93b69949fecc4a9d1fbf306a8f62

SHA1
c2f5bcd1c94ea75b518bd2e53ffd0c7a3920ace2

SHA256
1e3b135dcde32f6965f02260e273188148626ae30a172c28eabefa0b997a081f

SHA512
1dd8e9bb5020a395121f2e4f1d53570a9550be962c3e013ef80ca7209e33bab1f0e1f5197794aa9beb3717a1d3551d7b3e02dc664ebc69ba3a706533203cd22c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\F032D9908DE607FBD292A87E5D6715DDB9755218

Filesize
253KB

MD5
7b18abc3e3535881ca8ad921f1592f6d

SHA1
f216d7805bff44f0e05053980cca38b85b97ec14

SHA256
3f2667f5ada1ceb1c398b5460b6cad736448a84412e84de649d7ccea26745d2a

SHA512
fd9f057cde77d47214ea4a50b1ade45c601c50133027a37c021157893fc01e629879718bb47f316d600608becb74c9bd4f4314e5c839665109d90f88258e084d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\F12C0D0A5A1C13995DF9942483CEA0005B2D46B8

Filesize
22KB

MD5
feb447281a939a419381270ba903be08

SHA1
922cb117a6b6389117ceceb68d4d2cac7f3e2fba

SHA256
e000aff305cfdbd8a664a0a95c012c2eed45e54cfe6dc0b5397e7348d11a831d

SHA512
bdeaf6da9f05f3200594684906899fddebf6fbe72cc425aaec791781b5b706cf0d9229c6e14e73ef8321405d3897a511bb43d1af8a5bc07758bb4eb203f0123e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\F6F991D9A1C9B0BA7DE4EA530E337A8CFEB353B8

Filesize
141KB

MD5
d7205713b4fbde3b4f1c4a4abb120ff5

SHA1
a250b65eb02340e661ee878b2743e779805e6567

SHA256
979e3d6e1f9e942ded4a765ce0fe49fec356fa06051c1a862b838bf0ce832c18

SHA512
b79858eea82bc221de3de8b9835f61487a4e00a5055cfdd7faf8c0b49a5d59a90e313e10395aca6af82320dbd3243433940f154ea086244d74c21c22f4ef7d62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\F970AF1849D195B8B07D40E8A83C8733C69FEAE0

Filesize
16KB

MD5
4a6bd787a59742e4e742e94229746e78

SHA1
4385ae766f1c2e716dee7e37a91bbb2a1f83b957

SHA256
038f300ca3aaaacaf1909a0cbbf9a18d1e08c7f4cd6a6d30258d5c44233f38c0

SHA512
2d62194bb7ce5f8f7413eb26bfe976043868fa831f5e4e67338e779e9f76f863811095f16a2cc074eb22e85c858306048b465d2aefde310f81e9a29298a62f9d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\FA312D823509BEEBCD202094C0F0AF3232EECAE7

Filesize
126KB

MD5
6b49e08873bd4166e2a43b3bbb4284e1

SHA1
752897869b10fa2998f350e36f659ced4803cfca

SHA256
f13c5cf72a170b03d6f8e609fbbb68e08d6511acfb166b7e3eac7e3f0904f4a2

SHA512
40517c4fabff61a62fad676b863b1557b71478e97b7f02fb98b8f814bf3731debc7eba74fa042f49994bc76ea600930470683471344f2df17e79f3bfaa5246dd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\cache2\entries\FB9FF5AE8269E00CFEA0C08DBDB749CFEE4DA16D

Filesize
17KB

MD5
477d787ddcb6ab1c1edb483b52ea871e

SHA1
a0fd02f3f9ba51f01fb420daa2f8abd9fb5b6801

SHA256
af49fe436196c8dd1e2b25f83989b4fa01ee095e46a7ca93f95a05cec5231d9a

SHA512
70b14a5a69130781a388e1dc4670bf467aa9d3b52afbff2f706334898f9967b54ed71f71d3f80b3d9e0aaaace2f8e0b945f3da5a3a68de15f45a6d39acbfcf0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\jumpListCache\wPI3IamAJv4D+KMQ3J1Sgi3R1FQ45yqNFvy6A38qNms=.ico

Filesize
692B

MD5
96294a79d912a17957f30ed59f8ac17b

SHA1
4c17f2079d301c0538001275107a49a8dde56227

SHA256
79d505b4d9550f59def4fc1cbb22ae81e88e550399fe37ba332bb6938d7f7aa7

SHA512
d6143336278a4d7472ea091acf2243bdcaf13f992fd2207b27360c07eb0620d345af60686212569594112ab822a4ce6e415b3a63190309679baa2a5bf4ed822b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\8siiqtmz.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSI2426.tmp

Filesize
234KB

MD5
8edc1557e9fc7f25f89ad384d01bcec4

SHA1
98e64d7f92b8254fe3f258e3238b9e0f033b5a9c

SHA256
78860e15e474cc2af7ad6e499a8971b6b8197afb8e49a1b9eaaa392e4378f3a5

SHA512
d26c9dce3c3d17583ffb5dbcd3989f93b096a7f64a37a2701a474c1bf4b8c8b1e922c352d33f24e411f1c793e1b4af11a3aec1de489087d481b1b636df2050cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSIBB58.tmp

Filesize
132KB

MD5
cfbb8568bd3711a97e6124c56fcfa8d9

SHA1
d7a098ae58bdd5e93a3c1b04b3d69a14234d5e57

SHA256
7f47d98ab25cfea9b3a2e898c3376cc9ba1cd893b4948b0c27caa530fd0e34cc

SHA512
860cbf3286ac4915580cefaf56a9c3d48938eb08e3f31b7f024c4339c037d7c8bdf16e766d08106505ba535be4922a87dc46bd029aae99a64ea2fc02cf3aec04

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_tr5p5sjh.wqp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
4e8ee45591548206b8c48d93364bbca2

SHA1
3ebec0ba5201f6837926e54bf627b42517e69c74

SHA256
e677d96e328443a4060fec9256821a8973671c4792a724766e1a16765a3ebc69

SHA512
7ec147a27839f4bb4a03be4e467297bf8bc31e7b64749ba48cea429ffc0e4403b608ceb0dc393a4784b4a1d65360fb71057e96c8b685dcd702bae130ff3774ff

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
93d8186a6ad99ede8af5c315bd8dcb00

SHA1
db351ba6c741651526598149ca384342cbee749c

SHA256
1a43d1084735766b5efb9f01835add086923c6cceda631fe7be062225bd73428

SHA512
c33d789923fc18e50a3966310b88a256f588beccb442d8c87aff308255c841c3ca79cd8da8404afe7c2f4af768feef2f043fad915918c6e0f3728d3a0ef8cf44

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
49925d0b6f39b0060d462d8a5d674aad

SHA1
a2f50d0c8080c628d60ef4982d6801d08111fe27

SHA256
43690d29748cce94ba269c616338a5bf6f5f341a4c0933a456d70d74cd533ab8

SHA512
5ae88cda0a2c0a04e2b51d890d2183f240e999b32289899c248295d6f01d294b7a825e2c06c9fb695fb0ae1086693c282a50a2aad5cfa6a0f845e8330b796295

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe5e22a9.TMP

Filesize
48B

MD5
398c81aebfcb6ab980ad5507175d0548

SHA1
2a91a0ada712f8167665c57a40ac3713b9516e14

SHA256
12bb12df4a328332943b906eba76bf0727ca59480f2d63ecee76272815dee45e

SHA512
3b58d81ab4a99013d3f335b7166e113e05f2f512b547a4f59baee4df7b470caac215223140e533fea8374d1f1e72acf01905d77780bfa4da18f7376234dddcbe

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Default\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Default\ExtensionActivityComp

Filesize
4KB

MD5
d25d5e1dc1d93430e64ee17e48ce442e

SHA1
d5c7ca9a57e6cc68927a249fe8e601d52680ac7a

SHA256
8c471cab38a1696289186d01b06ff6af2a888852dc18d6fb8d2a0e54898104ed

SHA512
f4cff7510b4ad81090e0b1842652f8eb7995f7aefd0ce651151bc24ca3a4305d34ecae41cf193d9b846e8f6359ccf545e5d05e63e6e766fa9761ccebce620f6c

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Default\Network\Network Persistent State

Filesize
563B

MD5
d130c01b36c1e9abb177eeefd61fb02d

SHA1
4885c55e5d78ee0de1128aef374f3f970ec860b3

SHA256
d4007d0f747ea78bfa9d8779937f6ec8e8320dd1201a5a84af30162bee966800

SHA512
06a43b099db4649b899eabc24b422dd3b974678e740e4d607921ee2c21bb9eaf3e964b984b21a26cff5f61ca46f51826fef0b814c3b411726517be347c6f982b

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Default\Preferences

Filesize
6KB

MD5
7862482dd3bfce735cce8ad18490f335

SHA1
a6359ce1c6d8b13158e1add6b3baa5fa87b2c2e7

SHA256
3de680ab705248a1a4e80d2821aeb21a79fcbdc3ceb76af9d65c373dfd1ac9ce

SHA512
e79b708f1f420e86e36f35a41719bcfc29007b8de0f746b3823b453a653b3852645c8595c42111452346e608f92a26a8be4e3cb4cf72220453011400497fe94e

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Default\Preferences~RFe5e5f35.TMP

Filesize
6KB

MD5
774aaa4b6d2cc0ae2e221ea5bc675155

SHA1
71b2d9c2ddedb5b07c3fb1cfef518ad844809db1

SHA256
68a2b2acaaead446df0b074718017f951a8d1bb148b6c041a0f8dbbca050f405

SHA512
190259724ba13faf176a539f6060e3f36a2965a209b96be4aa240bad1308f9c39cd62f88d62dc56b0b093f5c7953def4230e75a60a7759bdc9a278b9ae2db99c

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Local State

Filesize
1KB

MD5
75725fb0456e27f264422cab663c2b39

SHA1
63c1c46ea1f5e476066af0469404bd6f1ecc7f18

SHA256
4a83fc8ad6d061bc8f6deb17e7c9a787a19d25a08d5bdf4ab549d4122cd7ea50

SHA512
9177cf837756c2418c76447ad013416088fc22c2b9bcd2e1e327681b5b52e34a2bf1746362f91be0ad07d0702508369d83169c84148fe4d61c1b64f736b5a861

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Local State

Filesize
2KB

MD5
886cd157b80da5c99d24962f166fc882

SHA1
de94037334d3e37ec35b1a1236f803535989d52f

SHA256
e00d778f0799ee8ba8e1263fa7a2f7c63a4171bb0fa9925463fbebd10911dfa6

SHA512
5439df3a4a0937ae27804784035393f246ef6e8ff748050693f4b6c57dc9ee96cfff22a3024ca4408711900849b55c38a7883b23c4050ada94ab8f101fa1976c

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Local State

Filesize
3KB

MD5
361b7ed8ce7d062f31f34b1f38361da0

SHA1
402b19cd1eaa3e05f45c85d69f1d8e3fd03ab47b

SHA256
a0a2e695cfd8aada5f2ca8eb7512014a696d4bd9e4b02026fd37ecc6a01bfb2f

SHA512
bcd185b9c21f828b521b3f0417abb9a01095bfd7e4d2da6550464325f3c16dac6dc89ac51556bc1abff019abe612057e9885f450058834d1756581579ed37ee2

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Local State

Filesize
16KB

MD5
49c3eee9e7cf2114b731052427bf5d19

SHA1
8b671286d16b3506a36e602f83acca863a016dc0

SHA256
8677a122c0d057fa8641f4601703ba46f504de538738e182b8ef214960cf69d3

SHA512
1ad94f14cddeb6f02608442ad391946f87a4c4d90037668c37e4564085a5d3194b48dcf4b18340ce00333bfdbac09f9ee49879160b7a56609106e3749a204a94

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Local State

Filesize
16KB

MD5
afc28b9a70ba574bb7c99ae920bf5e13

SHA1
643b09d86d137d46429531953a390e5affb20f01

SHA256
690ffd59d8b340ff21b8f9a90ae1373d7f16bd7ae5d895316f6ab9effdff30ae

SHA512
f9b43a797c2ae8254fb68b5e05a541700c5d1e303054dc7676cb322cb8b38db1868868e2811f378104090971d5daf63d47470de452b134b22d67ef7c2d34e11d

Download Submit
C:\Users\Admin\AppData\Local\autoclicker.wearedevs.net\EBWebView\Local State~RFe5dd062.TMP

Filesize
1KB

MD5
cbdb7dcf55ddf329b5f743ae37d37928

SHA1
276eff3994d44a271dcc99fa2eed9b738b074e7b

SHA256
bb8c7f4db04a88a11e3d76a37504253eb8dcb4f060611cd28d30975fa364ce98

SHA512
847820b01a623c719f4cd85236d4fef5b6bad87bc4ba7d4766c71b182b0dd3c20c1a86d80f0355a240b87acb401b9993809899919689ca0178c2f6df4e868038

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
6d49c1132ded9060ae14257a92239885

SHA1
3e9ff381b47fe45419c51a65b16e4ac8e31b69e6

SHA256
2f7667180519da093fa4ad03969b45c764635f994782cca7173ec6e38046b3c2

SHA512
0eb50def24f08aca7eb98a753b74eb2159c0e84a9d5976a066012986752c25cf39635f671547ab169bffe64bf46adac972ead0973108d6364dfd8425ad6b2565

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\settings.dat

Filesize
280B

MD5
2065914d0a00a72cba98d4bf7f9f6c54

SHA1
a93457de178e62ed07657042e182fed45c5d72ab

SHA256
4aa5ad646ae92ce58fe6077e7630f95c9d8c8badd543be775a603af7e5dac9e2

SHA512
9a87b1532dad59b8b161dc525e42bbaa67d6f8b3ad4085d5e4d2c8d972e5ff446d381a1ff0e1ae1bb5b4c196b1f5aa2c6bdb3da625f043d90a9bfb19f1bf8a31

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
28df4b97e4380ad6de9dc11aa33dfded

SHA1
dc6f1b04a085ea43e4dfb9ef7e17602bff26ecc2

SHA256
e9307156362280b04262227b0e93c2c7b5411290a3ad9f1c7861b75d5e7f0d0f

SHA512
9e540ca4798d8d62030c87db45819a1a8af687201bdfab05cd9673752ff7d69ab79ef5c89d85f748d79aa0782599784eaafe5fda3e0d30204750646bf5bf70ed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f2902ba65f535590e6156e6daaab8ee2

SHA1
b1f759e8dec8ef55320b4af832edf4c4d9928132

SHA256
e1883312811ab14e07d67441582da3729ba954988ada235e58c26f8124ef5057

SHA512
ddfe3122e83159cd587349fd32324b2e0c840f21bdb6a4beeaa81d116588de04355261cdc43a524254cd54fcc12a7926c323098938b343b4ad5b3affda79c15d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\Network Persistent State

Filesize
2KB

MD5
afbae31cd1639f3dd1fe62103918cd0f

SHA1
dfcabe9610a380e2b56f32692c522ec489f65c8f

SHA256
b5772e98c354cff9fa66304e15d23875c163a1030480b5de5941883bd7da81ce

SHA512
d74e0c562f22d59110ce9c28a916485694ae81ce88e19eb6ec0433ffb0fab33a6a7adb0a6e13cfae4f24082e57a98edb6da5c3400991249ac94bde80fcd65b27

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
11cdd97f30518b29f400b83e9306f2cb

SHA1
91f3c1d5b0e19dbee2034f0646b689c9e0383f84

SHA256
0c4d7d81f451e26ed0138d977ab0dbb9b77b73f692dfdcf4af0b1b935b2659b3

SHA512
e9a3f07f4e8c57a400f2ebbae5478a10b74589993a4b0f32dce755acd73f48a62fc2f55c59101f2b477544c4d3f07abe4445ffcb06098d94e36bdf295b7391bd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
4d716ad160c98e5a5912b83e5b53a32a

SHA1
7cc35aa0587391260f5d814831e09b134686f3a4

SHA256
138d75db410fa3c8bafe68c83431b806cf2761101b6a796a627dbc6737c44145

SHA512
9650111463deff564f5fcf4fbca9a6de17a819e8d008cc12b622bf6c33d89347724f1cfc4845dd74643c5aa630201506183bd81bad92e97ddc5920915a65312c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity

Filesize
1024B

MD5
78b182e01cd359cd8e5788ea7a53ab07

SHA1
b3df33dfe0d905ed4e383320309931e40de2b53c

SHA256
4a1731edd110ff6da839fcbec0f5413062c91c7454fa7c5d91a1b0645bff294f

SHA512
b9a2f06b2bac83e0856bff6f766b16c2608b6700c7a7e0c3c6532430ba92558bb60e6c66bdf0a59a6616d30dd51f9c9e572efbb27d5bcd6ca688a2dc9cf0dbed

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Network\TransportSecurity~RFe5e06a5.TMP

Filesize
1024B

MD5
9bf0ef26e349a0010f19f3f92af6861c

SHA1
75be25a52fb4f7087088152421480446347b5bab

SHA256
ff46f5602f868725d84771487026a1ef8962dc79ba7457511f4d40abec21c91d

SHA512
1af08d8fc2300202339fbffc323b11144242ba22a522c2fd3d239c19230f4eb589f78695560ab0205f47658c8a8dee344cfd43b4233c3ac5ebde7a0b27c2973c

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
5c5217cf8925a965a0ccb495007eae20

SHA1
9798a1955cf7153739108392f0e61a2140bf10e7

SHA256
4734d0bef2c48f774833c1e3f16c1bb3da66bef5c84ca9675de47e93cc878d28

SHA512
431acd15c4c2c956ac88142f988f81c6d947ae19dd161a678fae4ab165c658d3ce6c3b3abce2d34763c1b50e59d020ccf04b054f13f64fdd970cb127fe19583f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Preferences

Filesize
7KB

MD5
f71a33d8e9f268d28e512c26cd437539

SHA1
f0841f841f6440834db2c016e830c939de093a09

SHA256
a7439a881d56dfec23e5dd8a5a1a27ea517a51730cd13d1b9621592e2a2d70cd

SHA512
348c4515737725954509aa47000f347a606bf9d0a152db08d8e1d3f6efbcf080e702b197a8f1a04a8cd1b38b1580a553085c76c942bf79497ad5ed62b1405483

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Default\b712645a-7f49-4dcc-8c83-a13f0c6853e3.tmp

Filesize
6KB

MD5
d7636b6af49bbdccc7477764c16226d7

SHA1
cb01bb7af41961b2128c89049e7fcf865166319b

SHA256
ffeae40aee02c4f33f9e2168a2a780fef09bce6769a193df0a950a82b50ddd0e

SHA512
8d76a46d7c5b772abb961f7ff9ac5accbabf053aeeb911a4f4b4ee570b333ae056ea77633fb59556e34c63e3e5f77f0430e96f69332b847553687efd08a3d04a

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
1KB

MD5
4ceb9339c8e1409cfce3ea7d65fc93ee

SHA1
3d19bec500ba891d6bd6ef1fe91d9e52e6de38ce

SHA256
cf1f32991b19e3b67dc5fe11e44f0ed56514fc8638b683c75d04e86926877a78

SHA512
e0351e6ed18b57da4f0244ab8a914128f90ff5cdb2d03af5cf68ef968fbb1d691acf3a74dca820fcb7337b4ef1c9c7de02ec2006f1693ea9127c49d200e4b95f

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
2KB

MD5
a8eb423575a9b457f80cf4e076d2bf1b

SHA1
1dddf6b5ee3a47a8041f17748a367379a5c5a434

SHA256
d5b604294c566f697370a4e43320c456598a36cb0606c39d7d39d201de21a6ad

SHA512
ef82ce04acf90e21774ccfe208fb58fd44f40d9421092186816b2ed75e726b878094815b11c05b0a1e9a89c464b542250756873a42d46d794e6cbcbe7f9aa634

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
23edfea8ae91b686c79b3d40f8a2bda8

SHA1
cf50332a06e7d12f0b8f559ddc2275e1cbee7c57

SHA256
c9ea5fdde6f13638bd6d095da90e333c0de2399eaf13f74dae0f8e0aa6007c7b

SHA512
760dd3c3acbc015616429f7b761c0f37a2974e395405dcca5293a0c42b2eca0ba4bdd6e5e0c35f2f80c57b068d3d98a37233ba0064179836ad8ffe52cad1e4ef

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
b064a86f23f1c4274fdd2b9457bc6d78

SHA1
77c2cda1eb99b8b615cca1aefd43b257760b6089

SHA256
56d2f15816e4065e081932c5695caa55b3457dd5eea56d0698b9363b2cb071ff

SHA512
929e3b0fcdf5cb8418c035e37d6bc313716b4a2f10a615f61ad3ed9b4276c375eed8004893cee1ac62c4ab3b62e6194989cc9016785edb0f5f2d189834f58e56

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
3KB

MD5
1631e561c96ead64313c9f6b06ce1070

SHA1
4199df4efde59994c8fac416ddc521a7650cd8ff

SHA256
519e657fee5bea03828a50d3b1e1ad4ec2eacb8488a586e7aff46bfd9cf49da5

SHA512
b4d882a0aa6be631177d697fb6afc498a886fdb8b4d15e5f8f36b01ee1d578cb55a6022512195d74aceaca2878330fe74cc133f456bc1fe29b4c9c7210d20ecd

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
ae52a134cb7c09f77216e9a9e4be2ac1

SHA1
ea3ccdb946ecfaeffe6535fe6a5aadce50f00c9c

SHA256
674472fa20d6e95a260d5354dcd7cf20a4eaadb5656a3c51ebda99818f219b38

SHA512
fbe142e69cb9441cea5db999eca9cde876c070f48380ae9fbacead75985cb5550ea97ee214ec6d546659a3e788942f2ba79288be7f91c957c05e7a821f9fa50d

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State

Filesize
16KB

MD5
c2149fa3a103471949c2b1ce4dfcc8e2

SHA1
bae415c41cec68eb4c86e9298833f67f5eb6a18e

SHA256
35ae6df98021cf22c6c29f460f444a1d5406965ea667e4b8b5785d363c3561fb

SHA512
c82414ebd4dabd2529c918e62812b87d811201437506b25796196a3919ee26b3e57cea1a12500ce2a9f5db9604793fdd6c3caacbde2f2b0ba5c6e4f3deef4476

Download Submit
C:\Users\Admin\AppData\Local\net.wearedevs\EBWebView\Local State~RFe5dad5a.TMP

Filesize
1KB

MD5
b2448d34377d597df416dd49081464d0

SHA1
701c825fc59cfbb1fa75552faa6a8a5223b43399

SHA256
8e603f0444a5a3cb741f8a9856f2ef7c32172baa13d582ee93d301c6533c31b5

SHA512
0349ae9cb5342a72ee38e71dcdb2e4b5062a4335813e07b74f0f78f55eb542be904f08a4d9a6a94a218bbacea332e8332eaa1388f91319274f787bbeab9a8f78

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
49dd9a7699e78dec626033114e4b5501

SHA1
40ab8378c66eb4922b6df36b12b587e8eb955e00

SHA256
8f5ffe44d678b6bd8c561d4279aa1db9e8787c526dda5e2d3ea779c7c0ed4995

SHA512
b650bd0bb5d0d43aeb6c88bfda2067231d82914dc2112d50bd46a244a443819c2a5670feb39326a9ae11dff8a8b7bfd2b440a305115d99104c3098bff565391e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
27a4cea6381d3c6fb4ac75091a75339a

SHA1
36858e48708977414cae144a27a29fb3fb3d0674

SHA256
a73108dcc4eca13f5bcab6d1824ec1d8d0183425a2cdd970a596468e61a384a6

SHA512
9977e6f15ae48429b864ba478f07e39528346d550d12717ff044b3eaeb6ed7ac3e5f3f018d02f14ff16d630cb10799803cbb9eb2973e2216983fee4d1af4cb64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\AlternateServices.bin

Filesize
7KB

MD5
16d8203d5d79fecb73d1b49a9ea03ec7

SHA1
179b22ba2ea6fab813f4296dc56580a6703ee16c

SHA256
0ca11afe701ae1e032586c108a5cf8241f1f17224f7817ca2a1cb9049fb2053a

SHA512
3830c6c0afaa95921c0da2072293e26155f692300855a2abd1886d6d6164a0be5ceaa1eae8e5d2f9cc1e303f7f48f94426f9e4381a4b1f5d16de222d49d07f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\AlternateServices.bin

Filesize
12KB

MD5
2c97e538e364c9c19c06e23930e6284e

SHA1
8a1b94ad3a2e6d8f2c80386189056ac1c0204d1e

SHA256
df44d64174a8a57457f0e4a6726f5b80aaf601fe59efe816ff4258fe35982fc0

SHA512
b816b99ba945d98400cb146f7b5cca30bda2ef32acc406c4a43cb9263f7be26127f58b6bf7ab1535fd5f212d70a561e9457ae3197d41aada85e8c5a24cb4b90c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
a3cfa5b760308984f779894bb8b921bf

SHA1
34b02279de27397fa10c371b0620e91d8a4b0cea

SHA256
7899b626241569dfb4858f48c08339eeb09f236d09c15968343f4f4954d0227c

SHA512
d690378b9ea6f51a5d44916503258dbbe0f0d23cbb4fc248e1d01604afc5b93d4555685dd7470f128610fea618e1228c17dd38027cede395d173d60d1e6cdd14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
47KB

MD5
d19ca8e08d6c28f70ec5984e644f3162

SHA1
1989b41d2f86ac3d32e1c33a990a029213fe6250

SHA256
f5ac761a6bd9c1cea1eebf2376bbd1cf3c59ec892f2adb173468fe3d9f707487

SHA512
78c6c936a0dc25a95f666aba0323569448e66ce9427559f02711dbaa307971be641f29f381c8a0c3f92c13b5bd38bb590d126019f04c0f6a67047d032f0c7e34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f599dcd342af6c76599a5cbe50e0b2f9

SHA1
c19c50d1431e4e03e62142f3b360254c47b974c4

SHA256
2ae3a02475c3090c15f0df82b65a8d7be8fb2caa048dade0781e1c108659de2f

SHA512
6dd81ef26af050f5784f23501630a452c272116d64aec11574584bdbf8dcb728e42db959a8330b2e83a22fc4a2dee8b9daf25b91798099ee3acc4739a7be504d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
2fae215ccb85046f69dc721fe31db04e

SHA1
591a280f736d04815ac7a55216700dfb666eede6

SHA256
d5c5a18d70ecb41a7e97bc26f61e90f88e1721cf67a0d09696f807ecee57bdf4

SHA512
5606b206e1e6fceed460211325e30b999ad5a5e004e3a55fd4bf0e5f8fce01d50b371bedf3f59ce93ec83af8c8c9ad3624bd684c6dc22e19f33e89b0f83a8f23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\pending_pings\1304600f-0acb-452e-a67f-7fe739cf6fa0

Filesize
34KB

MD5
fd29050b410f2cf8d817195e1afe1f6d

SHA1
fcfa52820396c3ca9fcc2d6755239c7da6afac91

SHA256
fcaf32f4e45ffafb3287563def86599db8b36fa71ecb78844d9921c412e093cd

SHA512
8ffa8d6dcdc79616f46c3ad6634d8fe31947055830ac9ad8ee94a0ff6443c92f7df178dd63f7b893206566c5b59c4bedf4aef76155250ed23027421867fded6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\pending_pings\1f3a3688-5431-4f7c-8bfd-f9c911fc5dce

Filesize
671B

MD5
c5c46a97c70ea522db53ba2322f30ce6

SHA1
161bdc46632f44d4827396d28e445ade204e1c4d

SHA256
936f5482d21bca9f261061dbbfde4992be00cfb4e2a7e73602cb88c0e91c4f45

SHA512
4736261be293599b0adb95125901788780682ea8acdd23c7bc0751697b61f0c736e84c90b25e98b532a905fe12f7d3268b098a67ecf36808d5e178fd4fb4f93c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\pending_pings\3c769837-4a3b-490d-bf5e-13ab99f94222

Filesize
26KB

MD5
b90df7169448812ce075cbcf49fb121e

SHA1
53290b4a072118be5f3f0e802b851025bc4aa4e9

SHA256
1563683a0b7e06d5ea33d73dabe3339dd3efd4c317912caa00467ad59dc4d2d3

SHA512
cfa7f5eaaa3bf1f4aaa69be4f615ad064ce8021f22cd6afa3aeab6e913139488186136d69f19a54ebdf2d633dd478545056d9749fde3c823fd653b85402623f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\datareporting\glean\pending_pings\4b6af291-52a4-4877-ac30-d5935bd378f6

Filesize
982B

MD5
c196d09f25ede68b5bc1c32ee9655863

SHA1
ad2df2b332dd95468a3bb5123d42ada5dee2fe1f

SHA256
c1458deb9c8de1eb78e97222bcc9f5aa5aa41d4753a53261a55359948d2c11a3

SHA512
f7bcfe390f12d36ffd3edb2ebaa9334cba6231460ee24b88f55686da89b0af8cda1b514dec3d23585593df076e80ae0bf0cb98961840c247ce49fab2b5cef376

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\downloads.json

Filesize
806B

MD5
b74a2759b0a4b9c407e22eeab997a6db

SHA1
ad2212f55dc6fbafe24f86fe956f89542743db9a

SHA256
e9c63c5c8078ed66b4480a3378f35c372609fc1676a8c3a6b492660fd8061978

SHA512
e08b72f4bb5a48342e65ec8f020a01ca49050ecf1238e1cc149969d04cb38d6905fccd86de83850a4dd8e7b8a26701f1330181d73bcff6c3589a92d64136293f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\prefs-1.js

Filesize
9KB

MD5
008b1c6e152c7ebf0811247b716c0ea6

SHA1
a4775b82ae48245ff7fc7470a3c56725fe7a369c

SHA256
d21b94993a66974aa28db8dc47b2caaf8b35968686e1603c65ce2942ec14d942

SHA512
683924a2efc9b2add00440ea6d78ac52d1864022469d8a6d937cd2387f9889ea9cfe5e13d4b6fbdd416400dfef24670813f6a4903e877cb10ad81fe43e176bae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\prefs-1.js

Filesize
9KB

MD5
0cad23f188d6dbacef4f35b795b0d801

SHA1
77605f4b2bc6402736ef18854d2bac0fc982648a

SHA256
ff74fb1f8e13a5b69028c8a19c95e02d1170f96075d180e2aca53e5dadee6e21

SHA512
a08846c7b36d8b1f13a18df7e92d0edfb23b9a42937a21df1471cf815e31bc08cd4bab29df6ea9a00b579c12276f6a25367a68d5a82083254bf15d0593d6c3bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\prefs-1.js

Filesize
10KB

MD5
dad591342a5d8875416df10c8e90c522

SHA1
c91fb67b527fbb103f725d5c6340db2864d02450

SHA256
0d5aed353471213bb161ac8bcf669ec30ddb0daab95b319adc457740e124db7c

SHA512
e0f11c478cbb13fa083704169194bd8ecab2782d22db02714f59cf9c3fcf4da42c0f983afe129208c024708fe024a78241abc334c42e6f2a0152be6dfe509274

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\prefs-1.js

Filesize
11KB

MD5
fe0779d33259662ba2aa3b73bef998e9

SHA1
44f6f27964cb0a09629fc4b044e3a7b5deb50369

SHA256
24a84ffeb3b9cd1428efc85d519cf74df84c4dcaeb322bcfbb50dc76bc61eb68

SHA512
5034bc88b960bf7908a6d733c4bb1c11d41593e4871138f3951f08e359646e96ca0a3a32bcf3160eca067fe9179665b423372341fb7137a314b287b59b852320

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\prefs-1.js

Filesize
11KB

MD5
6ece07e1d26e4730381b883d3e7e59b1

SHA1
c697198183c11b7ec3266b56c1bb076140316257

SHA256
28d8956782c6ed7d29ee76a8068b7d5669dc24fea8fcf3650529053a94f27752

SHA512
38a801007ac30d076e39ba9501af0b9cd840875a8aa1c26ed76381afec965a8c6a11b23373c472d4d9fa9af01395f039d4036632d48706c92f12dc8eb6d1ce16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\prefs.js

Filesize
9KB

MD5
f98cebbe83b030a0eb722e3c5e07fcc4

SHA1
c3aeecd5db56fa507f68270b37d730a5fa4223d4

SHA256
f8b82274d3d46809791d318727e63ca28f5714dec81a28efdbe6d7f32b725743

SHA512
21433bdade50ca8f6460a219185e586e149e788e415494b0add267984c146761b48b2fb9bb5c3f09cbefbbc89d6e7bbc18ff68fb8aa142337c69eebe886da1d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
c7d9f8b4bd391083a410d67086706a3a

SHA1
38b3cfaa2c433ac49825ae345c6f4d8626b069bc

SHA256
9757307a06ada58bf670c8c57ce89baff66ef5a1b788dd89f15b8100e7d4c435

SHA512
411ad7d96301ff4e8d3165a04090b6a8890a33185852e5e7d4d9f316428a33572423b267cba7804b3e72ea4619397385ad3089fcb05c8b4f8edbf9621cd9c91d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
82c1bf071a2d2a20514b4cc8de9aa717

SHA1
a441a14be0cd016806a503b2fc3bc1b58220c811

SHA256
e63a36a8518257b33cd1c171b3833720199a51e0f7e33d621dfb2c2f6385d662

SHA512
a7020ac2173c39f9103297a2d1ca118add0c25b18c0da4f29f1e1a6e567df2b6f806786e92e5062197d05ffef5d413f1ffd34c698315fdc8f313518306014ca1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
18a824d78c85eec0285d1f0169c63cb9

SHA1
1f0ceff49aa3037b782f873b9d148d06219fe326

SHA256
4b8876d7bbd5c8199e7516124bd34541ef412b676509973d6514792a5d544310

SHA512
68f48c12337bf5f00d8176cb748d1f2811053eb03e041b68c3962ef2fb9257e391884c7b8a60e33f2722988a3fc21c1e92ae5d348296caedb398021ed1bd27cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
ecac8ee352882715ccfe93f18bd5f0bb

SHA1
372417a2f1261fdc90a2685ac1ac749478a368e7

SHA256
fbbef36a9a69e20cbb7924fbc8bfdab80701b414a5708abdc5fa345acfe73aa4

SHA512
0d989d466f689533ab544ff4bc20c0b6635a1bacda47c34555a26e7b78c914141c2923ccc804f56532327838c9d39781e79919dd3668df1b03719fec04d5fa75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
20KB

MD5
c6684ff83d12de00c46c44f21f17232d

SHA1
71821796700056a2e2b21e2a123d1d05de67bb8a

SHA256
d98dbc7ffe7ed5d6fefdfaf9463e4f6a9742f7325630c6e2b0c2fcc72dcff9c6

SHA512
bfea8fb548c171150e647a641889452495c783b237dcf1634db57976c375c27daf2ed2368ffdde699c36e427737de18b7662d5bcb9a0a0b4d322b9c8cb485890

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
4c9d0b7116431f6f62e376fece0ed116

SHA1
894bedf959afd9c55f33c9064e48af69f3b237f1

SHA256
90bcd5816ccdff7e1a8b69577fa5eb5aae4c4651c61e0b3b887d54f61a3bfae8

SHA512
d0922e79b6da2266c1db6ca993303382115d50ff556b2eedcba701c954900322d9effde6479dc4310027f6eb5b681f0cf9cd170971ea256987d56c46756395e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
4c8221b3cb6cfa5c1499bba526beaeff

SHA1
862fb535faad359770d49039f49e6368ca771609

SHA256
92ca573c0f46689a523d8895dbafd2858d038b84b7c8d1a38c3db86c551064a3

SHA512
7a39de69c8fc78269e1cac1e4ae2594eecbf30b4da5f07110bfa40dc830d2826e8d96fefb7541c5d6fccb6bc5f2d24651c1444e9fe2c10177d9365271448fafa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
23KB

MD5
760aee875bff60cf71d8022f99cda72d

SHA1
4b3c913ffc7ce234c4ae7d574aa3c0367dcacbe0

SHA256
1e498a8760409e9633637e67985e593f8a0eb9f0bb268f26cbcf04657d8d50be

SHA512
973183a11f101e5f2863e6a6886dc19087e3cdd1b0b42d53e4a7c70fa185d89706aafdcdf2b77d81a73d44cd991951b83796e8ef358229dd59c57ccab7f23897

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
25KB

MD5
615b0694773aa4a7935019e63259e809

SHA1
58b15edf7e9d8e2cd61179fff53929d1b4144763

SHA256
e4c503ca1ab16685cd4f031775d85d1ffc458fdf17d256e11c09b073c7938804

SHA512
8d8eb4d640a4ce37f4e3b0274af978cecf864d5da571b8129c57751f2886649f2bcbcadf77c13410e63e9ca11d34cd0a78e3c87f9e0fd7f004c7896a46450fd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
25KB

MD5
f59df4ac200eb5f2394da0dcf1848865

SHA1
77d39fb764bc1e9ee1dcf49d7c686cadfc385b28

SHA256
9e101fc689bcf28bc62481bd342a7efaabe2cdabdce2d77025fb38860fcfc86f

SHA512
26eca6a7026893de9fbc50f2fb530a831d61f44feaedd90dc0ad9f93476bf4bcd52f120a16d9732ff12cd32be17bfbc0b6760828641763c6c1e40410e66b37b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
17KB

MD5
774bf88248d15946a4abffc4bce1993d

SHA1
503dec404c88154c212f661d08b6c6839d25af1e

SHA256
66825069ce512999c0dae1bee4915db82e02811441d77b98419b6bf34117c09e

SHA512
03779848c61970702a86f358f2fbdc7798d62563ba917473117625b4ab793bfe470a6a164082a026775381e5ce1636d3b103cde92c35547da7d448546f4e6148

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
78c081f0d832fa49271249bbad23dbba

SHA1
6ec4bc97b07656457d0ccefe17c5a2547c1092cf

SHA256
fc1aec400e975370520c9f2c0fbfc1abc8708e8e4e806dd95f489ce4f788514f

SHA512
d6386347cfc4b7360685c1acf23fc507987027c02af9038c0a18f9db6757ee83e75eac29c00325725c1c486f5f76cc9cae25bb3dbd6fd922ec194a8914dd86c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
9913cc1ab0c7b09b1c5eea7708839694

SHA1
c9da468049a9d48408da784eee956f9f0beaa851

SHA256
f855c9cee9aa25db5e1a9558067b075db8b937f48a18e778cdda48ddb199c313

SHA512
abd7ab22f1a21ccd4238ab8fb0a07d962beb7c302bac04aae6ea2957710e5a8b4c163a0ee8ab11110a9c642b11e44a0e6da985de496ed47658cf3e6a1377c5f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
1e138e0f39f6047c9a02ddd1e97f97d5

SHA1
d6da25aae5ece88c0e65f4a87735ce7299b58b59

SHA256
ff9dd8f83a8259a307c92b927d130ed3d33fdb28697cdb387d6761a9cc37f77e

SHA512
7bada71d2efc0ac9a19aa8c90838253647db1c6ba144b4c53d5dd5cd406494f4f79b90276add03997cc48e7b5d7e640f4a8eed5f386f9cdf25839e5f2078293d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
58c681360c6f4e905d01facec97d3ccd

SHA1
0a9756c0784db456988e55cd2577ef0c4387ea35

SHA256
fc5144b6b9beb0bce1fdb0dd0324d8a349d2cf41a5881157e7122e4a4d8d8f13

SHA512
2a08ccdae4c1a90b80280c8879a024f3e1f1ebd7650fc2ecae142e23ee2819c76c2f6c32babfbf49b2fe4f1de6143efa84de4a71e5ec3000d43b6ecdade00021

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\sessionstore-backups\recovery.baklz4

Filesize
41KB

MD5
c267dd000336a6dc66c200214d12f02d

SHA1
d1873e59806defafb1afa00f9314ae54ecfffb13

SHA256
5c16a73dca04275dc84ed86fc4bb21deba0926f71789d175824c0fb1a41bd4e7

SHA512
8f20d428ebb376a37f536203d3479cec0634611123f4e85f14091184ca9170245bd2261b5e2afae0e60fd76c6bf45e1855cde6ad0e2e83fd6e9a8ef8d4214c96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\storage\default\https+++wearedevs.net\cache\morgue\78\{b12c607e-c7bf-46c9-bfa1-4aae4738f94e}.final

Filesize
968B

MD5
d4eaa2ca1163d919a635c18684df676d

SHA1
80d805c1724eae282d9fa5131d752b939b495c69

SHA256
b41fa304a88900715374d97bec6cbc31c0f1f3b6d225b930edc639db324edc45

SHA512
a62da191b9565387c125a0ec22c5b8555658081dbc9ca56f2d05c2e5772ad2a24d187cd8dd0209aebb8aacabf28634413b97f32f802a33728b979701e14f8f7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\storage\default\https+++wearedevs.net\ls\usage

Filesize
12B

MD5
df1126e00e584041304797ae15f1087b

SHA1
4de230f770a7ee8cb1184d02f1a673c05e010465

SHA256
4815c52f99a17aa8405af24e295d93c1e27fcbf440d8fe19f6c2a15c90454234

SHA512
1288c7931309a354581e6a0355221352eeb762851944ab1b63426c6ce000580556f642666f98425bdb278256b3ce21cff874a0053a6356b89d21aca9401fb174

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\8siiqtmz.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cxenoexecutor.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
8f068b6563e31771dba20d278ee5bfeb

SHA1
890c8b436fe4566f0365579701b80a91c5fce052

SHA256
ad58818f289574d7291a742776073fafa2e980ad9b7428da619d8e8d0ef67eb2

SHA512
acd2ffb0fe72939d0789541d8b0dbde30157dbb249ba5579adce35609062effb0a5faa8bbaa4c735609f767978ad888ac64036ce6987a184d0a7d7e551ff1c74

Download Submit
C:\Users\Admin\Desktop\Lagswitch_2.0.1_x86_en-US.msi

Filesize
3.6MB

MD5
88f53f1eef043e3f7b931e0461b52287

SHA1
fbebe0190b08236d2acea5a5b41058f0e301aa03

SHA256
d16a0ff410861d71b3be9b7f84200782f36ee7123c69294395f7d362fd1ae767

SHA512
299170a983d1025d7373dabeb6c2dc498a5db94543e5f38c04bb70cd67cc77bace5a84a7e0d7c5e886fe4b412cbe7000d2a1f287d071b935fa30ef4e40f34ccb

Download Submit
C:\Users\Admin\Documents\jjsploit\db.json

Filesize
34B

MD5
9580e5f47d1e820593c375f89897c8a0

SHA1
7968d5aad442b5265ee1e8d8d9a989016fde4be8

SHA256
ea3a786c656cde0537e41863ad2ec0e1e4b563082b3f75a512f332672d44d2b0

SHA512
c62c7509469f86eaf4a401738f0cbae17f3d01cb67d44ffe992d83ef9ba5377fbdfe351d90cfc279526b283e31538d622ae0d6d77f6b20f1f7a7c0d57d407cf0

Download Submit
C:\Users\Admin\Downloads\Autoclicker_2.a5rYG2hG.0.0_x86_en-US.msi.part

Filesize
3.7MB

MD5
3231ca7759e7949c7f028b35e1c5b804

SHA1
77039469545996f7c766489fb3757ced80aec102

SHA256
a11a6e5a4339a120f1c9e6b5c9c7c702da254139dcb5e856809b7959086f011e

SHA512
fdd0ecfde68a83dc5296180935d35d649662d736d8b8c48352901d06ac80cab2e0d08dd62db95526ac3f72fc83188b3231e8a7a289c6e9e9f7a03ae954b4dd5a

Download Submit
C:\Users\Admin\Downloads\BootstrapperNew.exe

Filesize
2.9MB

MD5
f227cdfd423b3cc03bb69c49babf4da3

SHA1
3db5a97d9b0f2545e7ba97026af6c28512200441

SHA256
cb5d6c1ca0aa6232a2d55e14b20ac4a9945a0bd063c57d60a5ed3ae94160e3e8

SHA512
b10afd03b02a928545c16fad39a6ae46b68b1e1a2477a6990803ce80008e7161fb2ebc9380ba15a1b074bb436aa34bcd6c94a922933d438b1c22489717e1e10e

Download Submit
C:\Users\Admin\Downloads\Extreme Injector v3.exe

Filesize
1.9MB

MD5
ec801a7d4b72a288ec6c207bb9ff0131

SHA1
32eec2ae1f9e201516fa7fcdc16c4928f7997561

SHA256
b65f40618f584303ca0bcf9b5f88c233cc4237699c0c4bf40ba8facbe8195a46

SHA512
a07dd5e8241de73ce65ff8d74acef4942b85fc45cf6a7baafd3c0f9d330b08e7412f2023ba667e99b40e732a65e8fb4389f7fe73c7b6256ca71e63afe46cdcac

Download Submit
C:\Users\Admin\Downloads\Nopde Engine 6.qjLyAKeA.4.rar.part

Filesize
8.9MB

MD5
3b695e5c959b8f9fb1ca13e50aaa6418

SHA1
3cb4c82b73d442b883279261a4eceed965a5195d

SHA256
158e2f077526dd31dc21f9e9c0fdd506e964d56cc6d90df79d25f44ab0c0e31a

SHA512
cb95991ae637567779ea5aafa9b8c60497898f3d25c9916587a4ae4ba40bd2509805e7dcf2057400a91812180dc0baeb020a0b64e3354c83d330959cd6e6df74

Download Submit
C:\Users\Admin\Downloads\Shutdown_Timer.-mjd3krK.exe.part

Filesize
734KB

MD5
c8f95e99df393219590be276b81792b3

SHA1
30a23b0c3d781726a285c4bf11a9cb91daf27ab7

SHA256
834c9cc0d43f01537b2422ba3ed6c613bbf39634ac2420fdbdb24be2ffacd02b

SHA512
870f34a3737ced275c339fd6c808857d8d94193be93450c0bda95ebe0a576d271d14256d054f78af74638db59f544c6ad25c7790b1750ccbc347a8fe4395860e

Download Submit
C:\Users\Admin\Downloads\jjsploit_8.nyAfSZ0v.12.2_x64_en-US.msi.part

Filesize
6.3MB

MD5
d8be6f14b4dd7a85a5b5479e88b940da

SHA1
4c1ed04a00fb4fc31cc4c10172d0e6f310faacef

SHA256
c3daa5b6503c601bf868de990dc5fe055c266a7cba6e269115290c37fb8a4d05

SHA512
77964855eddaf57ebf7810185eacf2bd40bfdd883473ac063223ea496744d81db678c171707d44cfe19077df1fcfb8888a54021fc6af7cb4547dcc464ce717ea

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.0MB

MD5
0e05c2f6093c413701dff15495a8a14b

SHA1
3200b6636a07b3ad8e8e808a5cf1ea89bd5a95f0

SHA256
e54851db12d2ed35722d428ffadd6c13b7dd0b4249ad73e21524773f8490efd4

SHA512
753606c889239edf8f901860bbfb5e4c8e0a6a60311f702028ddf419cb2c1c255cad80d667def1ff9ac7de55d2afb272e1473c8223d929caadf932f0d422029f

Download Submit
\??\Volume{b9afd8f3-0000-0000-0000-d08302000000}\System Volume Information\SPP\OnlineMetadataCache\{4c9aeedb-246b-42f5-bd8c-9068fc707294}_OnDiskSnapshotProp

Filesize
6KB

MD5
aeea29460b2ec2ae960684c2db820903

SHA1
507533f44ce03464b06e4bc84be28cf80f74e837

SHA256
282da423a7229e7e8388b73b29bfe31c61950c0642a0ed5e504692f6e9e4a047

SHA512
a28e36f1d74e51b2461f8f78a8c13e2591a285db9600f52f2e0a83431b3fea209e9717cbbe1f50674238ec0910c09381cd0b3cf182f96d265f9f6b67cd6174fe

Download Submit
memory/1648-4018-0x00007FFE95C00000-0x00007FFE95C01000-memory.dmp

Filesize
4KB

Download
memory/2176-4007-0x00007FFE95C00000-0x00007FFE95C01000-memory.dmp

Filesize
4KB

Download
memory/3076-3837-0x000000001C710000-0x000000001C722000-memory.dmp

Filesize
72KB

Download
memory/3076-3835-0x00000000000E0000-0x00000000002C6000-memory.dmp

Filesize
1.9MB

Download
memory/3076-3838-0x000000001C770000-0x000000001C7AC000-memory.dmp

Filesize
240KB

Download
memory/3208-4966-0x000001A1F59F0000-0x000001A1F5A12000-memory.dmp

Filesize
136KB

Download
memory/3784-3901-0x0000000063D40000-0x0000000063D50000-memory.dmp

Filesize
64KB

Download
memory/3784-3900-0x0000000074C90000-0x0000000074CB3000-memory.dmp

Filesize
140KB

Download
memory/4068-4028-0x00007FFE97830000-0x00007FFE97831000-memory.dmp

Filesize
4KB

Download
memory/4068-4027-0x00007FFE97090000-0x00007FFE97091000-memory.dmp

Filesize
4KB

Download
memory/4952-3906-0x0000000000390000-0x000000000044E000-memory.dmp

Filesize
760KB

Download
memory/4952-3907-0x0000000005370000-0x0000000005916000-memory.dmp

Filesize
5.6MB

Download
memory/4952-3908-0x0000000004E60000-0x0000000004EF2000-memory.dmp

Filesize
584KB

Download
memory/4952-3909-0x0000000004E40000-0x0000000004E4A000-memory.dmp

Filesize
40KB

Download
memory/5212-5071-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5212-5073-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5212-5056-0x0000028C72790000-0x0000028C7284A000-memory.dmp

Filesize
744KB

Download
memory/5212-5053-0x0000028C70020000-0x0000028C700C0000-memory.dmp

Filesize
640KB

Download
memory/5212-5058-0x0000028C72850000-0x0000028C72902000-memory.dmp

Filesize
712KB

Download
memory/5212-5060-0x0000028C70530000-0x0000028C70540000-memory.dmp

Filesize
64KB

Download
memory/5212-5289-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5212-5232-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5212-5055-0x0000028C72CD0000-0x0000028C7320C000-memory.dmp

Filesize
5.2MB

Download
memory/5212-5075-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5212-5065-0x0000028C72A10000-0x0000028C72AA0000-memory.dmp

Filesize
576KB

Download
memory/5212-5074-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5212-5072-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5212-5070-0x0000000180000000-0x000000018109B000-memory.dmp

Filesize
16.6MB

Download
memory/5956-4992-0x0000017A6F8B0000-0x0000017A6F8CE000-memory.dmp

Filesize
120KB

Download
memory/5956-4955-0x0000017A31780000-0x0000017A31880000-memory.dmp

Filesize
1024KB

Download
memory/5956-4961-0x0000017A308E0000-0x0000017A308EA000-memory.dmp

Filesize
40KB

Download
memory/5956-4962-0x0000017A318B0000-0x0000017A318B8000-memory.dmp

Filesize
32KB

Download
memory/5956-4990-0x0000017A6F800000-0x0000017A6F8B2000-memory.dmp

Filesize
712KB

Download
memory/5956-4959-0x0000017A31880000-0x0000017A31896000-memory.dmp

Filesize
88KB

Download
memory/5956-4958-0x0000017A30970000-0x0000017A30978000-memory.dmp

Filesize
32KB

Download
memory/5956-4957-0x0000017A30930000-0x0000017A30956000-memory.dmp

Filesize
152KB

Download
memory/5956-4956-0x0000017A308D0000-0x0000017A308DA000-memory.dmp

Filesize
40KB

Download
memory/5956-4960-0x0000017A30960000-0x0000017A3096A000-memory.dmp

Filesize
40KB

Download
memory/5956-4993-0x0000017A6F8E0000-0x0000017A6F8EA000-memory.dmp

Filesize
40KB

Download
memory/5956-4954-0x0000017A308C0000-0x0000017A308CE000-memory.dmp

Filesize
56KB

Download
memory/5956-4953-0x0000017A308F0000-0x0000017A30928000-memory.dmp

Filesize
224KB

Download
memory/5956-4952-0x0000017A2BF20000-0x0000017A2BF28000-memory.dmp

Filesize
32KB

Download
memory/5956-4951-0x0000017A11C70000-0x0000017A11C80000-memory.dmp

Filesize
64KB

Download
memory/5956-4995-0x0000017A7DC70000-0x0000017A7DC82000-memory.dmp

Filesize
72KB

Download
memory/5956-4950-0x0000017A115C0000-0x0000017A118A2000-memory.dmp

Filesize
2.9MB

Download