275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f

max time kernel
1199s
max time network
1200s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-de
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-delocale:de-deos:windows10-ltsc_2021-x64systemwindows
submitted
23/03/2025, 18:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EICAR.txt
Size

68B
MD5

44d88612fea8a8f36de82e1278abb02f
SHA1

3395856ce81f2b7382dee72602f798b642f14140
SHA256

275a021bbfb6489e54d471899f7db9d1663fc695ec2fe2a2c4538aabf651fd0f
SHA512

cc805d5fab1fd71a4ab352a9c533e65fb2d5b885518f4e565e68847223b8e6b85cb48f3afad842726d99239c9e36505c64b0dc9a061d9e507d833277ada336ab

Score

8^/10

aspackv2 defense_evasion discovery motw phishing

Malware Config

Signatures

Downloads MZ/PE file 6 IoCs

flow	pid	Process
204	1436	firefox.exe
204	1436	firefox.exe
204	1436	firefox.exe
204	1436	firefox.exe
204	1436	firefox.exe
334	1436	firefox.exe

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x00080000000282a0-1034.dat	aspack_v212_v242

Executes dropped EXE 13 IoCs

pid	Process
5848	ScreenScrew.exe
824	ScreenScrew.exe
3360	ScreenScrew.exe
5492	ScreenScrew.exe
5488	YouAreAnIdiot.exe
6004	YouAreAnIdiot.exe
4600	YouAreAnIdiot.exe
3752	reshacker_setup.exe
1700	reshacker_setup.tmp
1748	ResourceHacker.exe
3712	ResourceHacker.exe
7928	ResourceHacker.exe
416	Newsletter.docx.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops desktop.ini file(s) 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	firefox.exe
File opened for modification	C:\Users\Public\desktop.ini	firefox.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
203	raw.githubusercontent.com
204	raw.githubusercontent.com
205	raw.githubusercontent.com
206	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs

phishing motw

flow	ioc	pid	Process
881	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html	1436	firefox.exe

Drops file in Program Files directory 27 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Resource Hacker\is-RFSFI.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-H08I7.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-3ATJK.tmp	reshacker_setup.tmp
File opened for modification	C:\Program Files (x86)\Resource Hacker\ResourceHacker.ini	ResourceHacker.exe
File opened for modification	C:\Program Files (x86)\Resource Hacker\sample2.dll	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\unins000.dat	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-01GCU.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-EA814.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-71NFL.tmp	reshacker_setup.tmp
File opened for modification	C:\Program Files (x86)\Resource Hacker\unins000.dat	reshacker_setup.tmp
File opened for modification	C:\Program Files (x86)\Resource Hacker\ResourceHacker.ini	ResourceHacker.exe
File created	C:\Program Files (x86)\Resource Hacker\is-7BQC1.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-9FBRJ.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-38DN3.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-40283.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-P2LS6.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\ResourceHacker.ini	ResourceHacker.exe
File opened for modification	C:\Program Files (x86)\Resource Hacker\ResourceHacker.ini	ResourceHacker.exe
File created	C:\Program Files (x86)\Resource Hacker\is-OEUJ5.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-3FB10.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-7CTJG.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-N9N7K.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-ANNDR.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-SIGVL.tmp	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-BMTQM.tmp	reshacker_setup.tmp
File opened for modification	C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe	reshacker_setup.tmp
File created	C:\Program Files (x86)\Resource Hacker\is-DHAGA.tmp	reshacker_setup.tmp

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 6 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\Fagot.a.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\reshacker_setup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\YouAreAnIdiot.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\IconDance.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1448	5488	WerFault.exe	114
1528	6004	WerFault.exe	119
5904	4600	WerFault.exe	122

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reshacker_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reshacker_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ScreenScrew.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	YouAreAnIdiot.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ResourceHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ResourceHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ResourceHacker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Newsletter.docx.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 64 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	ResourceHacker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 0000000001000000ffffffff	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	ResourceHacker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = 0100000000000000ffffffff	ResourceHacker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0\NodeSlot = "11"	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	ResourceHacker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = 020000000100000000000000ffffffff	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	ResourceHacker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	ResourceHacker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	ResourceHacker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	ResourceHacker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\0 = 5c00310000000000775a649710004155464741427e310000440009000400efbe775af896775a64972e000000a082020000000900000000000000000000000000000002029700410075006600670061006200650020003100000018000000	ResourceHacker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\SniffedFolderType = "Generic"	ResourceHacker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Downloads"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	ResourceHacker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	ResourceHacker.exe
Key created	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	ResourceHacker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2123103809-19148277-2527443841-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\1\0\MRUListEx = ffffffff	ResourceHacker.exe

NTFS ADS 8 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\reshacker_setup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Carlosjj-Microsoft-Office-2013-Word.ico:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\pdf_filetype_icon_177525.ico:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\ScreenScrew.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\YouAreAnIdiot.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\IconDance.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Fagot.a.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\WannaCry.exe:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1516	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 3 IoCs

pid	Process
1748	ResourceHacker.exe
3712	ResourceHacker.exe
7928	ResourceHacker.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
3396	taskmgr.exe
1748	ResourceHacker.exe
3712	ResourceHacker.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	5792	taskmgr.exe
Token: SeSystemProfilePrivilege	5792	taskmgr.exe
Token: SeCreateGlobalPrivilege	5792	taskmgr.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: 33	5792	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5792	taskmgr.exe
Token: SeDebugPrivilege	3396	taskmgr.exe
Token: SeSystemProfilePrivilege	3396	taskmgr.exe
Token: SeCreateGlobalPrivilege	3396	taskmgr.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeBackupPrivilege	5732	svchost.exe
Token: SeRestorePrivilege	5732	svchost.exe
Token: SeSecurityPrivilege	5732	svchost.exe
Token: SeTakeOwnershipPrivilege	5732	svchost.exe
Token: 35	5732	svchost.exe
Token: SeBackupPrivilege	5732	svchost.exe
Token: SeRestorePrivilege	5732	svchost.exe
Token: SeSecurityPrivilege	5732	svchost.exe
Token: SeTakeOwnershipPrivilege	5732	svchost.exe
Token: 35	5732	svchost.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeBackupPrivilege	5732	svchost.exe
Token: SeRestorePrivilege	5732	svchost.exe
Token: SeSecurityPrivilege	5732	svchost.exe
Token: SeTakeOwnershipPrivilege	5732	svchost.exe
Token: 35	5732	svchost.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	5096	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	3052	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1436	firefox.exe
Token: SeDebugPrivilege	1624	firefox.exe
Token: SeDebugPrivilege	1624	firefox.exe
Token: SeDebugPrivilege	1624	firefox.exe
Token: SeDebugPrivilege	1624	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe
5792	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1748	ResourceHacker.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
5096	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
3052	firefox.exe
3052	firefox.exe
3052	firefox.exe
1748	ResourceHacker.exe
1748	ResourceHacker.exe
1748	ResourceHacker.exe
3712	ResourceHacker.exe
3712	ResourceHacker.exe
3712	ResourceHacker.exe
3712	ResourceHacker.exe
3712	ResourceHacker.exe
3712	ResourceHacker.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
1624	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
5408	firefox.exe
1436	firefox.exe
1436	firefox.exe
1436	firefox.exe
2960	firefox.exe
1436	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 3872 wrote to memory of 1436	3872	firefox.exe	89
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4988	1436	firefox.exe	90
PID 1436 wrote to memory of 4256	1436	firefox.exe	93
PID 1436 wrote to memory of 4256	1436	firefox.exe	93
PID 1436 wrote to memory of 4256	1436	firefox.exe	93
PID 1436 wrote to memory of 4256	1436	firefox.exe	93
PID 1436 wrote to memory of 4256	1436	firefox.exe	93
PID 1436 wrote to memory of 4256	1436	firefox.exe	93
PID 1436 wrote to memory of 4256	1436	firefox.exe	93
PID 1436 wrote to memory of 4256	1436	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\EICAR.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1516

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Downloads MZ/PE file
  - Drops desktop.ini file(s)
  - Mark of the Web detected: This indicates that the page was originally saved or cloned.
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2008 -prefsLen 27100 -prefMapHandle 2012 -prefMapSize 270279 -ipcHandle 2088 -initialChannelId {d309de3f-bf22-49c9-8c3a-8c40ff182bc8} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:4988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2448 -prefsLen 27136 -prefMapHandle 2452 -prefMapSize 270279 -ipcHandle 2460 -initialChannelId {cfd56373-7703-4988-a4ae-5e8b5b4c890c} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    PID:4256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3816 -prefsLen 27277 -prefMapHandle 3820 -prefMapSize 270279 -jsInitHandle 3824 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3832 -initialChannelId {f080b23d-3bd4-4d96-b421-53fc0e9d511f} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3984 -prefsLen 27277 -prefMapHandle 3988 -prefMapSize 270279 -ipcHandle 4088 -initialChannelId {01757ebb-dc64-49bb-9773-5363150939d4} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 2840 -prefsLen 34776 -prefMapHandle 3080 -prefMapSize 270279 -jsInitHandle 3128 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3280 -initialChannelId {7689a6aa-a643-4c34-adc0-114ff7589116} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    PID:2720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 5156 -prefsLen 35013 -prefMapHandle 5148 -prefMapSize 270279 -ipcHandle 5144 -initialChannelId {c20fc036-1d98-48a3-92ce-d218be23c2b7} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:5188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5344 -prefsLen 32900 -prefMapHandle 5348 -prefMapSize 270279 -jsInitHandle 5352 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5360 -initialChannelId {8787e4de-5922-46f9-8c4d-8e041d18baa9} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:1092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5388 -prefsLen 32952 -prefMapHandle 5376 -prefMapSize 270279 -jsInitHandle 5476 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5552 -initialChannelId {cf9d48f6-9eac-4477-8e37-5f0655dcf820} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    PID:5176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5720 -prefsLen 32952 -prefMapHandle 5724 -prefMapSize 270279 -jsInitHandle 5728 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5736 -initialChannelId {23e28139-b280-45d3-b461-66e38b09f338} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6304 -prefsLen 33071 -prefMapHandle 6312 -prefMapSize 270279 -jsInitHandle 6328 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 6336 -initialChannelId {652a0c5a-36e5-4ced-a4a0-13d9701d0451} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 10 tab
    3⤵
    PID:2692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5064 -prefsLen 33071 -prefMapHandle 6204 -prefMapSize 270279 -jsInitHandle 6788 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5464 -initialChannelId {766c185a-15e9-48ba-a16b-d2511d190be6} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 11 tab
    3⤵
    - Checks processor information in registry
    PID:4796
- - C:\Users\Admin\Downloads\ScreenScrew.exe
    "C:\Users\Admin\Downloads\ScreenScrew.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5848
- - C:\Users\Admin\Downloads\YouAreAnIdiot.exe
    "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 1256
      4⤵
      Program crash
      PID:1448
- - C:\Users\Admin\Downloads\YouAreAnIdiot.exe
    "C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6004
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 1232
      4⤵
      Program crash
      PID:1528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4576 -prefsLen 36758 -prefMapHandle 7216 -prefMapSize 270279 -jsInitHandle 7220 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7020 -initialChannelId {d98baee8-4b2a-4be4-860d-6ff624420edf} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 12 tab
    3⤵
    - Checks processor information in registry
    PID:4500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7020 -prefsLen 36758 -prefMapHandle 7212 -prefMapSize 270279 -jsInitHandle 4392 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 2620 -initialChannelId {8368a55b-ce80-4ec5-8938-476cc7f9f961} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 13 tab
    3⤵
    - Checks processor information in registry
    PID:1544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7044 -prefsLen 36758 -prefMapHandle 4876 -prefMapSize 270279 -jsInitHandle 6244 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7612 -initialChannelId {2d93670a-a8c3-45fc-91f3-986c928ce6c2} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 14 tab
    3⤵
    - Checks processor information in registry
    PID:720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 6920 -prefsLen 39692 -prefMapHandle 7204 -prefMapSize 270279 -ipcHandle 3684 -initialChannelId {137729b9-5a14-4224-996b-a6d83dc96bc4} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 15 utility
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5096
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 7852 -prefsLen 39692 -prefMapHandle 7860 -prefMapSize 270279 -ipcHandle 7828 -initialChannelId {4f51d11c-d63d-44e2-8505-25b7525aa345} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 16 utility
    3⤵
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 5412 -prefsLen 39753 -prefMapHandle 1640 -prefMapSize 270279 -ipcHandle 7912 -initialChannelId {02df713d-1ad3-4a60-8cf1-c131648610c2} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 17 utility
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 8004 -prefsLen 39753 -prefMapHandle 7900 -prefMapSize 270279 -ipcHandle 7908 -initialChannelId {a96b8b78-6879-40f8-ac98-c5c01ecd5507} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 18 utility
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:5408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 7900 -prefsLen 39753 -prefMapHandle 8036 -prefMapSize 270279 -ipcHandle 7920 -initialChannelId {d195edcf-c858-45a0-9326-07417ac8fcb9} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 19 utility
    3⤵
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 7892 -prefsLen 39753 -prefMapHandle 7924 -prefMapSize 270279 -ipcHandle 7004 -initialChannelId {c84e8d58-1433-411a-a1e3-79174df2f05c} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 20 utility
    3⤵
    - Modifies registry class
    PID:3836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 4 -prefsHandle 7936 -prefsLen 39753 -prefMapHandle 7980 -prefMapSize 270279 -ipcHandle 4588 -initialChannelId {e8e99f3d-0380-4e75-a402-52d06e705ecc} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -appDir "C:\Program Files\Mozilla Firefox\browser" - 21 utility
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    PID:5572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8028 -prefsLen 36792 -prefMapHandle 2716 -prefMapSize 270279 -jsInitHandle 7100 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7964 -initialChannelId {668b263d-ab17-4bc5-9855-c6deb0b22d99} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 22 tab
    3⤵
    PID:464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8928 -prefsLen 36792 -prefMapHandle 8932 -prefMapSize 270279 -jsInitHandle 8936 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8488 -initialChannelId {efb8d544-d49d-44d8-a877-327949f82469} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 23 tab
    3⤵
    - Checks processor information in registry
    PID:2840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8764 -prefsLen 36792 -prefMapHandle 8632 -prefMapSize 270279 -jsInitHandle 8760 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7664 -initialChannelId {2e402b23-c747-4a85-b917-f78301d16fdf} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 24 tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9256 -prefsLen 36792 -prefMapHandle 9260 -prefMapSize 270279 -jsInitHandle 9264 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9272 -initialChannelId {d376a4e1-e42c-4524-81e2-e20db60b3fc6} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 25 tab
    3⤵
    - Checks processor information in registry
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9636 -prefsLen 36792 -prefMapHandle 9640 -prefMapSize 270279 -jsInitHandle 9644 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9648 -initialChannelId {419c0610-9b61-4247-a191-7dce5c8a7c25} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 26 tab
    3⤵
    - Checks processor information in registry
    PID:5672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9816 -prefsLen 36792 -prefMapHandle 9812 -prefMapSize 270279 -jsInitHandle 9856 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9868 -initialChannelId {5c69f729-1f4c-4a88-a291-062a4ab4ea9f} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 27 tab
    3⤵
    PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10172 -prefsLen 36792 -prefMapHandle 10176 -prefMapSize 270279 -jsInitHandle 10180 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10188 -initialChannelId {d37a8de0-97c2-4b74-9d56-7a3d6ce1a410} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 28 tab
    3⤵
    PID:32
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10208 -prefsLen 36792 -prefMapHandle 10212 -prefMapSize 270279 -jsInitHandle 10216 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10224 -initialChannelId {465fdc83-64ba-4adf-9b3d-807e3f3b0915} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 29 tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10916 -prefsLen 36792 -prefMapHandle 10636 -prefMapSize 270279 -jsInitHandle 10632 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10624 -initialChannelId {0ddfc7d4-54ee-42d3-8acf-829ffbc88b6e} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 30 tab
    3⤵
    PID:5684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10968 -prefsLen 36792 -prefMapHandle 10964 -prefMapSize 270279 -jsInitHandle 11008 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9800 -initialChannelId {d67649dc-3402-464c-b76e-cd42f195a017} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 31 tab
    3⤵
    - Checks processor information in registry
    PID:1420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11176 -prefsLen 36792 -prefMapHandle 11180 -prefMapSize 270279 -jsInitHandle 11184 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11192 -initialChannelId {39fdc56d-0786-4029-b94a-5de20c1c2c1a} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 32 tab
    3⤵
    - Checks processor information in registry
    PID:2264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11400 -prefsLen 36792 -prefMapHandle 11360 -prefMapSize 270279 -jsInitHandle 11288 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11412 -initialChannelId {a1c06934-b090-4468-84b1-05bac052c76d} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 33 tab
    3⤵
    - Checks processor information in registry
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11620 -prefsLen 36792 -prefMapHandle 11628 -prefMapSize 270279 -jsInitHandle 11632 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10852 -initialChannelId {960591e0-d3a9-4865-a1b7-c1886484e5d7} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 34 tab
    3⤵
    - Checks processor information in registry
    PID:1748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11800 -prefsLen 36792 -prefMapHandle 11796 -prefMapSize 270279 -jsInitHandle 11840 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11852 -initialChannelId {d7b32a62-a459-4b91-805b-0915ab9b93cf} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 35 tab
    3⤵
    - Checks processor information in registry
    PID:4484
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11868 -prefsLen 36792 -prefMapHandle 11872 -prefMapSize 270279 -jsInitHandle 11876 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11884 -initialChannelId {ead9ba96-5087-4c0a-86f0-308d0f394e77} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 36 tab
    3⤵
    - Checks processor information in registry
    PID:3984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8908 -prefsLen 36792 -prefMapHandle 8904 -prefMapSize 270279 -jsInitHandle 7928 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8900 -initialChannelId {634c753a-2bd4-42d7-a496-d470c4db0913} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 37 tab
    3⤵
    - Checks processor information in registry
    PID:1816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9028 -prefsLen 36792 -prefMapHandle 9032 -prefMapSize 270279 -jsInitHandle 9016 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12200 -initialChannelId {8f7a7b90-1c88-4bf0-a217-65a2e76ba01e} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 38 tab
    3⤵
    PID:6936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8996 -prefsLen 36792 -prefMapHandle 8980 -prefMapSize 270279 -jsInitHandle 8984 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8972 -initialChannelId {c3ed40e7-81a8-4844-9de5-977bdd4a82dc} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 39 tab
    3⤵
    - Checks processor information in registry
    PID:6952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12696 -prefsLen 36792 -prefMapHandle 12700 -prefMapSize 270279 -jsInitHandle 12684 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8940 -initialChannelId {8013d324-049b-4252-8cd0-f1479380fe5d} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 40 tab
    3⤵
    - Checks processor information in registry
    PID:6176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7412 -prefsLen 36792 -prefMapHandle 7584 -prefMapSize 270279 -jsInitHandle 12128 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12776 -initialChannelId {96db39ff-ff3e-4e20-9e83-354c3df6455c} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 41 tab
    3⤵
    - Checks processor information in registry
    PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9880 -prefsLen 36792 -prefMapHandle 9892 -prefMapSize 270279 -jsInitHandle 9980 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9020 -initialChannelId {dd17ef8a-410c-4d6f-a291-4d1b99d20abf} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 42 tab
    3⤵
    - Checks processor information in registry
    PID:6692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9644 -prefsLen 36792 -prefMapHandle 9640 -prefMapSize 270279 -jsInitHandle 9664 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9704 -initialChannelId {f8761d53-9b8a-4d3b-acac-f48ba7e4bd84} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 43 tab
    3⤵
    - Checks processor information in registry
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9740 -prefsLen 36792 -prefMapHandle 9756 -prefMapSize 270279 -jsInitHandle 9752 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11124 -initialChannelId {126b82ac-90c6-451f-9865-befcd7778e4d} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 44 tab
    3⤵
    PID:4380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9660 -prefsLen 36792 -prefMapHandle 9672 -prefMapSize 270279 -jsInitHandle 12660 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11896 -initialChannelId {7aa46b15-d3f8-490d-9374-78a11c4ec76b} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 45 tab
    3⤵
    PID:2252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8488 -prefsLen 36792 -prefMapHandle 11852 -prefMapSize 270279 -jsInitHandle 11904 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10008 -initialChannelId {2a9c7bcf-1e52-452a-b781-4a1dc936dc56} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 46 tab
    3⤵
    - Checks processor information in registry
    PID:4884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10628 -prefsLen 36792 -prefMapHandle 9824 -prefMapSize 270279 -jsInitHandle 9820 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10620 -initialChannelId {19543bab-2bbf-4043-934d-dd6525022b49} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 47 tab
    3⤵
    - Checks processor information in registry
    PID:2656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9288 -prefsLen 36792 -prefMapHandle 12472 -prefMapSize 270279 -jsInitHandle 12404 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10472 -initialChannelId {3ac164f1-4fbe-4bba-9a11-d97868ed8c01} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 48 tab
    3⤵
    - Checks processor information in registry
    PID:6924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10260 -prefsLen 36792 -prefMapHandle 10404 -prefMapSize 270279 -jsInitHandle 10504 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11420 -initialChannelId {428bdd96-fdf8-4b7f-ae16-7c9b5f23ce34} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 49 tab
    3⤵
    - Checks processor information in registry
    PID:6960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10012 -prefsLen 36792 -prefMapHandle 10976 -prefMapSize 270279 -jsInitHandle 10220 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9152 -initialChannelId {4cde95c0-65a9-4083-bfcc-04602cc837e4} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 50 tab
    3⤵
    PID:7092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12820 -prefsLen 36792 -prefMapHandle 10012 -prefMapSize 270279 -jsInitHandle 12080 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12792 -initialChannelId {42640819-66c1-4c2f-837e-56be34b74c1f} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 51 tab
    3⤵
    - Checks processor information in registry
    PID:6840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10600 -prefsLen 36792 -prefMapHandle 11012 -prefMapSize 270279 -jsInitHandle 12360 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10224 -initialChannelId {04a29d35-3e25-4451-ba01-d312df6e2d67} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 52 tab
    3⤵
    - Checks processor information in registry
    PID:392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 10268 -prefsLen 36792 -prefMapHandle 11892 -prefMapSize 270279 -jsInitHandle 11936 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7432 -initialChannelId {65a57606-bf62-4474-80f2-4f1bc455161b} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 53 tab
    3⤵
    - Checks processor information in registry
    PID:5192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12296 -prefsLen 36792 -prefMapHandle 12300 -prefMapSize 270279 -jsInitHandle 12304 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8972 -initialChannelId {ff16b94d-ab49-4fe9-9d7f-9b766729a29d} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 54 tab
    3⤵
    - Checks processor information in registry
    PID:3236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13016 -prefsLen 36792 -prefMapHandle 13020 -prefMapSize 270279 -jsInitHandle 13024 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13032 -initialChannelId {4c1ce9e4-33d8-4415-8ff2-a14bd6a17e5e} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 55 tab
    3⤵
    - Checks processor information in registry
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8988 -prefsLen 36792 -prefMapHandle 12200 -prefMapSize 270279 -jsInitHandle 8776 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8520 -initialChannelId {bb64ccef-2170-45d3-8676-e1cda5cea3d6} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 56 tab
    3⤵
    - Checks processor information in registry
    PID:6932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11820 -prefsLen 36792 -prefMapHandle 10668 -prefMapSize 270279 -jsInitHandle 10984 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 7592 -initialChannelId {228d93fa-1b8e-4d5e-8b41-20a5edd37ad9} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 57 tab
    3⤵
    - Checks processor information in registry
    PID:3960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 12236 -prefsLen 36792 -prefMapHandle 12240 -prefMapSize 270279 -jsInitHandle 12228 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9328 -initialChannelId {4a28e04c-485e-4c08-ac7d-a757fa482d07} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 58 tab
    3⤵
    - Checks processor information in registry
    PID:6168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 11776 -prefsLen 36792 -prefMapHandle 11772 -prefMapSize 270279 -jsInitHandle 11768 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12148 -initialChannelId {de27738d-f8da-4c53-9374-88f9d5f30fd7} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 59 tab
    3⤵
    - Checks processor information in registry
    PID:5384
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13172 -prefsLen 36792 -prefMapHandle 12300 -prefMapSize 270279 -jsInitHandle 2900 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 11768 -initialChannelId {47da20d6-d928-4ae5-9c54-746dbb87a580} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 60 tab
    3⤵
    - Checks processor information in registry
    PID:1940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 9452 -prefsLen 36792 -prefMapHandle 9472 -prefMapSize 270279 -jsInitHandle 13024 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9448 -initialChannelId {556cb9e8-56eb-4f67-9a34-e0ae799df9fc} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 61 tab
    3⤵
    PID:6764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13548 -prefsLen 36792 -prefMapHandle 13552 -prefMapSize 270279 -jsInitHandle 13556 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13024 -initialChannelId {4f1af55a-39c4-4f79-8755-a62568f81819} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 62 tab
    3⤵
    PID:6608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13572 -prefsLen 36792 -prefMapHandle 13576 -prefMapSize 270279 -jsInitHandle 13580 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13584 -initialChannelId {420b5423-35a6-42d0-8c8e-349aa0c315dc} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 63 tab
    3⤵
    - Checks processor information in registry
    PID:6904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13556 -prefsLen 36792 -prefMapHandle 13552 -prefMapSize 270279 -jsInitHandle 13548 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13944 -initialChannelId {0dbd803a-c1f2-4a30-a717-d162aebd6e3f} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 64 tab
    3⤵
    PID:7632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 14172 -prefsLen 36792 -prefMapHandle 14176 -prefMapSize 270279 -jsInitHandle 14180 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 13472 -initialChannelId {89d0acd7-53db-42fc-a056-e084b4735b92} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 65 tab
    3⤵
    - Checks processor information in registry
    PID:7644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 14320 -prefsLen 36792 -prefMapHandle 14324 -prefMapSize 270279 -jsInitHandle 14328 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14044 -initialChannelId {392627e9-0564-4e5b-9338-d8950cfc45cd} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 66 tab
    3⤵
    - Checks processor information in registry
    PID:7656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 4340 -prefsLen 36792 -prefMapHandle 4328 -prefMapSize 270279 -jsInitHandle 4332 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5416 -initialChannelId {35a9b66c-2dc6-401c-9e81-b7904fe55fa3} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 67 tab
    3⤵
    - Checks processor information in registry
    PID:1504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 14328 -prefsLen 36792 -prefMapHandle 8224 -prefMapSize 270279 -jsInitHandle 14144 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14184 -initialChannelId {646c0477-a603-457b-80d1-5b6d0325afaf} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 68 tab
    3⤵
    - Checks processor information in registry
    PID:8028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 7216 -prefsLen 36792 -prefMapHandle 10812 -prefMapSize 270279 -jsInitHandle 10748 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 12948 -initialChannelId {0a8189cd-80e9-4586-b586-9342252b5831} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 69 tab
    3⤵
    - Checks processor information in registry
    PID:2068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 13356 -prefsLen 36792 -prefMapHandle 10748 -prefMapSize 270279 -jsInitHandle 13960 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 14584 -initialChannelId {b93a89b3-e619-4b18-8078-77ab9d28909a} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 70 tab
    3⤵
    PID:8632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 6252 -prefsLen 36792 -prefMapHandle 9064 -prefMapSize 270279 -jsInitHandle 8340 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 10816 -initialChannelId {37ab04bb-27f1-4cad-a106-d9cde533846c} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 71 tab
    3⤵
    - Checks processor information in registry
    PID:9048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 1 -prefsHandle 13492 -prefsLen 39753 -prefMapHandle 7544 -prefMapSize 270279 -ipcHandle 14136 -initialChannelId {00532337-0631-4e5d-8e86-2421eceaef1d} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 72 utility
    3⤵
    - Checks processor information in registry
    PID:8252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 876 -prefsLen 36792 -prefMapHandle 14424 -prefMapSize 270279 -jsInitHandle 14428 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 8392 -initialChannelId {bf0734c8-420a-4446-b60a-c865e3d14bc1} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 73 tab
    3⤵
    PID:8964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 8144 -prefsLen 36842 -prefMapHandle 7868 -prefMapSize 270279 -jsInitHandle 10732 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 9856 -initialChannelId {4af83236-ed32-4fc6-b4dd-c6e88d3318b3} -parentPid 1436 -crashReporter "\\.\pipe\gecko-crash-server-pipe.1436" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 74 tab
    3⤵
    - Checks processor information in registry
    PID:7792

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2988

C:\Users\Admin\Downloads\ScreenScrew.exe
"C:\Users\Admin\Downloads\ScreenScrew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:824

C:\Users\Admin\Downloads\ScreenScrew.exe
"C:\Users\Admin\Downloads\ScreenScrew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3360

C:\Users\Admin\Downloads\ScreenScrew.exe
"C:\Users\Admin\Downloads\ScreenScrew.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 5488 -ip 5488
1⤵
PID:472

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 6004 -ip 6004
1⤵
PID:4788

C:\Users\Admin\Downloads\YouAreAnIdiot.exe
"C:\Users\Admin\Downloads\YouAreAnIdiot.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4600
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 1236
  2⤵
  - Program crash
  PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 4600 -ip 4600
1⤵
PID:1972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5732

C:\Users\Admin\Downloads\reshacker_setup.exe
"C:\Users\Admin\Downloads\reshacker_setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3752
- C:\Users\Admin\AppData\Local\Temp\is-TV5OA.tmp\reshacker_setup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-TV5OA.tmp\reshacker_setup.tmp" /SL5="$504EA,3527991,870400,C:\Users\Admin\Downloads\reshacker_setup.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  PID:1700
- - C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe
    "C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:1748

C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe
"C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3712

C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe
"C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:7928

C:\Users\Admin\Downloads\Aufgaben\Aufgabe 1\Newsletter.docx.exe
"C:\Users\Admin\Downloads\Aufgaben\Aufgabe 1\Newsletter.docx.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:416

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x2b4
1⤵
PID:8280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Resource Hacker\ResourceHacker.exe

Filesize
5.9MB

MD5
4906152af5478455c500941ae234391b

SHA1
d03cc533e283468679406f88fedee17b8fe44903

SHA256
14a44fe31b04fbcc65e94e80016138a2e9fc9bb6dfcea09b98de57f8a22a1240

SHA512
db45680f7b100ece21f547b75e48a5c9527490a8ed7f40101720573f99be968c8dfc9e82c55052a0d804e7b9c01f7399e56752cb5ea9c538effc328867920250

Download Submit
C:\Program Files (x86)\Resource Hacker\ResourceHacker.ini

Filesize
503B

MD5
10e619f267044cf31c61a8f8dd6b5343

SHA1
993bfe383dce68d09e12414bba987d182cdc9963

SHA256
6d98891d428cd0e5bada3b3fce6b1442f9f0f45b536c9db2e18f07eff8ae8650

SHA512
23b54a5c6614fdb3ad59a989936eab3a04b8dc9172682664a652a9b9e70906f85bba9f42af217feadd9eb9fedea3c478e649442345512a17a41b89e092e25097

Download Submit
C:\Program Files (x86)\Resource Hacker\ResourceHacker.ini

Filesize
505B

MD5
765c0d6a2240bb37c9279bc23abfe339

SHA1
91da4c2e8d4c9804ee5886feefc01c68f06281ed

SHA256
0c91d0df342451211fff9f661870b58738bcfe16aab5a9555e0c14d962d3b9e8

SHA512
0093d0d2bc5833e5317fd94ef55d502363d42aa9f26c6508e8a2b511af5d627175f8d61dad56829bcd990fabfff9d5f5853c7604d3b7a6aa240b9827c6223585

Download Submit
C:\Program Files (x86)\Resource Hacker\ResourceHacker.ini

Filesize
566B

MD5
31367d8ca9489a84bbee565c7a620fb3

SHA1
6ede5cd546d5f7e586692c6f25821d6989ce0a29

SHA256
036893fc91da1888d21b28dc7b4fae166900bc79f2761fd519c1b9a4ff4925de

SHA512
3f6b9590c4fda9b5b9f42a0f5eaf807d9c935afdcde64cabc3ec735a861d6ee8e52f4e426a07a102489bad0100ab015c31145c7e6663db4262e023139c4bacd0

Download Submit
C:\Program Files (x86)\Resource Hacker\unins000.exe

Filesize
2.6MB

MD5
a0555af22c2d5e5570406090fe3ccb83

SHA1
a739c3351d26d2020d5e3ec77516a889499fff4a

SHA256
fe76ae99513b04d0e361ead01558f611e1f37882bd9901f60252c0da32f2cda4

SHA512
95e2dc0a7a98cddf67aaad7d8340d6527e0f62b1b727bb71643a6881d62ccec80b90ad452adc1b782b8e1cda179f5c0085f4f79b45b76040e3d770b2d601f5f6

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
d2fb266b97caff2086bf0fa74eddb6b2

SHA1
2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

SHA256
b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

SHA512
c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
944B

MD5
6bd369f7c74a28194c991ed1404da30f

SHA1
0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

SHA256
878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

SHA512
8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\activity-stream.contile.json

Filesize
4KB

MD5
8d9484944a9babb3fa1b46800207cf21

SHA1
b4384dc89c4b2af83871a2e97132e72f0044be60

SHA256
d19819645e66825a576ee5b5c218cbd757c8bc61ed4c9f7d1042098588c3ed78

SHA512
4ce89214047292651ec045933d80360fcc370748e60d7036d50a6c4511bf96c921d92bfa03989bdf2b329acf300fbd3e302a600f6bbb116a7372405011a125c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
4321b57eddf618f57d1c9676512655f6

SHA1
7d93937506388eafc4a7d2e34dcffffc3c5bba89

SHA256
ecfd5911fc20c688418bcaa20e9d8c3ad6a6e0c8bdc38674d076389d13e57240

SHA512
2aa3c34a1d894c8ef5d99f3c25deda40ebb736880b3d742a354910f00d0d8e28e03128741d324cde0bc2a520554ea9643089a2c6551ff3bb5a3559f8da6a3e20

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\doomed\13291

Filesize
34KB

MD5
9772585fb168c0a90a12a3264a78b4b7

SHA1
aba1aee98707dcbd72ce53c4f5f5b67bc0e862bc

SHA256
4c370e9e221d41afd000cc8fcbdd000eac82893df9a915fa2c276a1f1cdab6e0

SHA512
ca74ba0670265773a673fb9b95f987ad0fea2e6e7f80376f237528d7e61038676d90654df49bfe8dfc85e5c3c2f670efa92d5f0d615c2b9f2b33d49c3e55e3c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\doomed\23087

Filesize
57KB

MD5
9cd42504b0a807393b98615c7a487ff4

SHA1
e569f26751d59cba46661a668656c4f264ea795e

SHA256
a2c6d17246390e33a274e427ee63705e074043464a0b232a07beb276b1e5e1a2

SHA512
b3465fda75dcb4e96b0bd049c4355d25a08a8add21715946bc48bddb344f8e72f744ea5386152aacd3a26220d18dba358508a46f831cab8234f145bb9df070af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\doomed\32623

Filesize
6KB

MD5
c72b745d8d6a8c7c6623ca46ee3b4a57

SHA1
92a91ca6cced9a8c3665dbad29d95aac86d4c181

SHA256
ebec2926afd11fed273118a8bbf16b860ff3de7d3f6509770db5bec3b034e3fe

SHA512
b3ef0bde4e319b996776cf7028136e4ea8e986bca6c12ccde6c8e1823fd7f7e8585358ee8ebde9faf1c21700ef8f06ad4e77f647cc7255b0fabbca4fedaefb61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\12DCB8307D1DE7911CF41FD251E4A8C48B141A55

Filesize
152KB

MD5
d08e210a3657cae369fa97e15356aeb0

SHA1
5348514c05ddaf522a5e35291959a26c339cdbac

SHA256
3bd764e9bb78999ded50137dc653e7ad6d9941c20ec296843f1bf2c581024d10

SHA512
f30389e926299fc082cf445684e16b85fa4552d433f23fc9c68a50ad2638d993c97f87252e5bd3c3ec80e46022f1e1311ffb97b536a311d0931cb92cb06aebbe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\1A5996C16946393FC0B184220943714409DE2FE0

Filesize
43KB

MD5
1c89fd4e914afb04dd202c42c83cb666

SHA1
7c77271f93005984cd45be07890bb60e0ffe17e4

SHA256
40e886ad408429ac2a4bde2e4937b9e3c4ddc45aa1e0fceb426cfa072cdcc544

SHA512
37ddd49db46b7a3b4f4ab4e8089fabe0fbf4dcdebf70e3f6a365c9c83b3a06779f4f590ca7e7189a0338a2c82341843d525f489602bf4492c96cba9b416dfeb6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\20F2DA9150D5F6A1A8040D77B646B25C72270E6B

Filesize
95KB

MD5
3fd620fb78a2fea2b2dcc38d39f18afa

SHA1
508d410352a5e8f14147ff38420deba159e0e17c

SHA256
d1a876250dc186a2a671ccd6e7e636da64d329d074c78430d2eae58ac1c3cec7

SHA512
22794c93798ab69364745ced8842f39f029cc66be3c15da476320e72a90b7c7fdaceee937225285ac5e2fd68c63aff85762abd9b4fbeb877fceb3cae40240614

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\21FAD4F16BD8060680FFFC86127C47E9C7D99887

Filesize
240KB

MD5
4a097375c7977756c4b3547e524ecc34

SHA1
b088d952bd5fafd5819a250b92b602b5ba4eaa8e

SHA256
a64c8d404d1f825a8366dd8fc63fbf4b5ca7f83899bae2ca77b7dd7ffc858e26

SHA512
702dff045ca421f313c16ccdf389a352b82a277e33e763452a42c1e5539cd6e296dbc27c4b8a2034b2e661a6566431aa9e37070d186ec006f720d3f649ee448b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\2F879E430745EC79E1888DA9C3EA593AA94D739F

Filesize
96KB

MD5
508328da3ed7695a620f32146e3ae320

SHA1
3381c9a758ae3346b3f5f5a482ff5d006ba74c51

SHA256
61e757ec092d5a7b013518bb09517bde9ce893a7b17a17c78e9974770857453a

SHA512
fd4d0f5a05ee61af0e9a69d214b6e4d8358a167ca545c93bed2499580fdcfa9f4c858aa2b040ff1132089855343cc121e06191a9e1d01d2acc0e78cf6e6e1959

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\311589B5F7E27FD8DAEE1AEB3F2A1C1A3FFED5A9

Filesize
43KB

MD5
ffbaf8a4092989f5073b2c1482b39546

SHA1
28e91d3f1ef855b7e70a80b0c89652053433de6b

SHA256
facf623ea35582cf2c2e0089440a22ee8e72561dc78dc1940f24fb6e04bccd72

SHA512
216d5976997579172d8a2be6705367cc20f3e7be82064df0b00c69a8e93c2a744dededffc71e7131a1979da3cf71e055daec346e25c5e62ac162737cb877790e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\33809CDBDD69269236BB05F66DFF2693F384205C

Filesize
60KB

MD5
4227c80527e191f9060c9446268c8bd0

SHA1
9f8df625a87980be1ccaa6dc30ebd3239b8670c4

SHA256
d15650710e8d3d9c2f01fd72b9894d381cad449ced5f69089d9c997d2713177a

SHA512
c9b087d64084b00819df1dd0278026962b285343378daa490465417346d9da9fd862dde776653152b29dabe4dca879956d509c50c54e8c8a8f1cab1e2612b960

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\35547F305B43F28C7F3664D49C1AD32A7112A1A4

Filesize
141KB

MD5
7479cfd4bd69fd7a38c59fa6a586befb

SHA1
b9b041648b3c74bcf0b095ce95f0cf8c85d47d17

SHA256
ef0766588fa4f8aaafddf01bf9df0e69ca927583f1eb36f342d8f4235eaac987

SHA512
93dc0b2cc66adeb2dcdd64ccb88628ea589d48b76e1ae1493fd1032063f276090ab84f8cb1aa27f93f029746036462a912026d09f343d76dd2614e5bb3d815b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\3A1FDC6B34A57BABDC117F984BC456C512AF3C8A

Filesize
95KB

MD5
5223e74958c34dda75dae523fcdcc1eb

SHA1
e24960c73e1d9737cb731b0da5e76676e3403d0b

SHA256
16bf153e4bceed7e1f10c6d6b23192110140715e33d5c235b634d265370483ec

SHA512
0b00f3172d9d1b693c4b9e75a54a10984fa7d20482d7da189c76c5f85857ddf9ee17e093b07f5700845133d715ded5657c53c38aef0beae229cc8717e495b11e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\45D84B5C1DB9A2D9CBCB4232BFA3BEF04A9A38E0

Filesize
344KB

MD5
e66b5c2b22cfca9c77cb59ca7771d6da

SHA1
f56efe73d6f9d8369ebad0674fbb38fdba23fb96

SHA256
335482ca8b776f5082f25b7849ac45a437972b1535154028f373e6987359b239

SHA512
39fde80fb0b8889ef316f4f68ac215dc37af82f140c29cc573d1b933b6d119ef09a2b27649d9b300565d11f2b08118abf9f441c6b4b9cdcbace9099fc4161f0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\46CEB8F69B3B2685E5F959BC689A55CC2EC5345A

Filesize
15KB

MD5
b65115439fe13e5a06d5d019637cabf5

SHA1
8488d433b5b038d03dd081cf8297e0683a729d87

SHA256
ba676cb8d4951b0e9638c4d0c9f4da7800036d0ed97a926b9d4f06f3d4bf5116

SHA512
ba59e2085f6c6b09935f516c615b00f350770a26be0a1f7f7c77f4d1215b7733ead89dc6d19dd387c949e647175caaad296856c80003d1a920c93d4a77075ba6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\4BF67730CB4149B303DB5CF9EFF0C4A2517654D9

Filesize
84KB

MD5
19031f58c4f0e1912d13fcd610f3b5ca

SHA1
740677b38ddbd98fb3796260d8744481cb306a77

SHA256
3c864d32d2afa7144f87017e763f088cc68bd171853a4a86019e8069cb60b8a7

SHA512
dfb27c38e2dc1bf009235cb04ff14d2f34173bbc7dcc1f21bf34aec6ac5b17bb861e9846921cf6393e0d239eb9505807e301d8550a94f174b470e6ff6ba1c334

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\4C3BAACB5222888D0F9C6C99BCB711EEE930961C

Filesize
63KB

MD5
25a2528ab89f4a92cdc36f51df6073d4

SHA1
3c3ef735f508e6bdfcbd8dbc1d554f5582875df0

SHA256
0b44b472f94b90eac19f200fff12580b491592496f592699efdd3155777efd88

SHA512
e0962584711ab5354ce3f6a65294d879ead9630e8f3751dbb078c6ef43fa663d372a49482b182ecc8ce0727020d175b1f60c3b325edddc68751973b75dfebae2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\5ACB46A5A72DCA2C675A19F9DCC5C68E4EEE16B7

Filesize
34KB

MD5
6b8e72c0244fa431b5182a23493293a3

SHA1
ec9b366e52712f81e151c629ede39c5c474b5afc

SHA256
12813e1272fff626f08a2425dabbf291ba78045145f44bb78ebf53bb0d47a1ab

SHA512
bbf5a1eb283c154ec5aca64ead9bdfe11f61044e78a2cab5160ad0e9b525b25d0b4333fbb696a1fb808e0142af11675e6b2df5abc03e699b5b8a34ea5d25d18d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD

Filesize
32KB

MD5
4180f1179c522ca715008611e49dac13

SHA1
8c02fa64ea52efbae9865b139f4a9db68221af17

SHA256
1568eee7812c62388001add16df6c826bb5fd67076cd5a5b665833cf241317bf

SHA512
d03776d18c2c3de8912f57bdd35db946ea58d38ae932e1da1a9ea9e3af710565ac964874a388c83e8aa16110db7e536f4f3e7e87fc9a898f5d014329ddb42d79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\5CC29BEB424B0575A683412BBE778EBAAAE86AFB

Filesize
56KB

MD5
724ac5171089960d4e902a176ea3f4d6

SHA1
f4d62b52b9948d4b23747fa5a8f4d13152be8e98

SHA256
fc8a55f837971309667e42e927cc24de92486e9c9a9087cac8d33543037579b2

SHA512
52fd84a6b4a3bf8b224deef49b460edabc14e9d4518104d842e3ca1376dd090ce91ac062aba82cf47cfc9660ededd0f6b0ba1196e15368f2ea69b54868493b08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\72970189F58FF76D721616C4421CB84CE6980F29

Filesize
430KB

MD5
39f0e7123b52957d02780e594a547d24

SHA1
de742b2676aef3762004926064e76ff5b6034b5c

SHA256
53e2c115fbf170682bb5c0833f4eb22ddf84d91a7871113a41fcd40a73ab4c11

SHA512
cf43e6970e96235e617350956c91f2909a668b8dea12f42e25d4b1f4fcb0591b5eea5f4d6e041051524628d9bbd29ce1b033454959f29c9af02b4bb154a4bc5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\75387EE96353611391DFD83EDD6D18E5DC6EBD9D

Filesize
209KB

MD5
3e180cc6a7cd389c925978bc4b8dc01d

SHA1
0e66cef7e8460885b7fa5914d6c3b400116aed6b

SHA256
cfde652aa55240087bc56a206e75571e08112d5136a3bde215d0d84ff2ce8fa0

SHA512
a1ac8dcfaea093fc0eb334ddd3b8dbbb32ed127c0b8c341f3555066e723d778f883f295a9e2febfa3fd8757527980453d5a945f6cf8f9527dabcccfc1c936042

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\7573DFBEE2299D9CCD40D31EEA4034CD3CACD51C

Filesize
255KB

MD5
6cd26673c240c82e69d9ba493d439ad7

SHA1
80a4a2c5f941eefa5e0868ea9078066c6d7d9ab7

SHA256
c26fabbaa7a9756270db4b46d639a911f6a793d08fc0f82434762e4021286181

SHA512
b22e922820107e99c6943950d63ce03eac529d3ac6d1f8ada4588400e812d5b6e35f890d9b2863cc6588ec194213bd5494de833d73eadf085dab9d25de2de2db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\76FD3AD3416B5CDCE9D51818E1FF7D3DF4B5F3E7

Filesize
119KB

MD5
9f1e7e263b30315b672c118e7dfe7b00

SHA1
dc3df083586de5a290ccdf684901c8784b02f0e1

SHA256
dc820e6c943590c7218ecea4620b0d156ef3b9b33ff83e033a6e0ff5f6c17715

SHA512
7dbcbdb43bb8b15a5d96c50843e9bec0b47f6c557530ce4f0faaafc578b0d8b72fdb434a28f5c795d88f8c233fcbe165876c88cc27f9d071ae09a9f1de1aff78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\81D0C16306F255CD5537D4B0067DEE404873DB23

Filesize
21KB

MD5
9f5e094ecf53c600cac2f347a1cb2399

SHA1
01d45911deda01568d5b0c19183b8658104f9d43

SHA256
07c0b76ff9c00a88f08f3eb1578f3d34ca6d41c86cc619b7d32b9fd6bfa11c85

SHA512
4cc37690a7e248bf5e06c1d2cf673f9aafac1f7d541bda92768b110827a6a80ee3d6ac51db08fb7550f74bd620e752d2d653a6cd20ec685fe09f2a024700d620

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\8D11864F69B6D9276086D87F1C72386DC26A1DF7

Filesize
47KB

MD5
9d9ef1f758846be0f683f83fe238d9f3

SHA1
72c4ebca32404ba7a5df51ccbc53cb6498bfb870

SHA256
4d046b9038943f2150903f2530c29d496eb39d6baf96312ba5c0c300db20511d

SHA512
b65e59d8add1d79d76eae35598a788f29140df6b3a4de56d682d8989f897de480de7317a31bc96f47b3f33ac00f2b1bb7432ac3f8191deb41fbd04577eb02f35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\956C138E7E189A8F1B675B499ED2D87604EE6E73

Filesize
47KB

MD5
cc89538a24101cb0ff671339cc17c10d

SHA1
67e166c3f1f6c285988e05624a9c33f520be6293

SHA256
eb1633324f4bff32c107ac4ce57abf5577ddce87e36535db8444d7ca28fd69e3

SHA512
8e4baf4bfcee79f1dd6bed7fbfde36ab5ae1110a586ad48d2a0ba7dcf7b1c8bb27d1f004bb06574cca781925cf37026eb6df841b0cdff8d28ff40abea39fe1be

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\97AFFA25C9ED84269BA5F8059413E057B9831B3A

Filesize
41KB

MD5
d76b258e2ee8d4b327d6a282f6b96681

SHA1
e83882482d27cd82dc62a0a50fea45809b012966

SHA256
aa5604ad693d1910de4341f0fca54b3730e7b55247763c38b77d9eaa89db7f2d

SHA512
e69579a9ea2a22708239fb5abad3ce771966c3f78533ff31141b00252f2991e0c2cfe74e4d6445b44e7d8a2558ccb9014fa2236a70f8e2127c047432712e2909

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\9E50F54B688D4E246928D86C05D8A3A55C3B4F88

Filesize
12KB

MD5
309a63eed550cfe80fcdb55ae46236a7

SHA1
3cf3b613b42abf1b289c24eb005f16cbd718c049

SHA256
df5ae6eead07a8f8cb7d012a754c08d7e231987ba7606adbb2715142ee0c503a

SHA512
36178c82642bba2d71e8d70edf0a9fc9bd60ec1e69cf27f0b6bc990c678afa5d126a2a65bc2eaacf1c01bdf1455fe1ffa9a241f63461bf30778258bd14d03b55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\9F5993AA9A2DC154EF43311E568E9D6BB61AC160

Filesize
144KB

MD5
4aacc581c507ceb1900b4aea565cd531

SHA1
d962960524e8b8ee3463adc53ad99825f261ad5e

SHA256
8940c21795ecc16b1753bf42e662c0a109e3e4f43bc1bdd62d69f7306a1bb33d

SHA512
1c232c0a262c54ff8f5893affa99ecf805ec27431d92760326dbc74e22ffaec2b3e7e48f7263127a9c09ed056feb8aa28999bba1abb70a3a6091e491b9999186

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\A175F5A17FB1329B98C65A5564AD92A1E96C826A

Filesize
1015KB

MD5
80ff7cd79419e3aa187935f031ba0348

SHA1
6ed8f9ba38af0fb71730d6fc27dfb57e91d2cb34

SHA256
f536d26bad1110581f56d3a6da34c0303da487057be9ad283d0b792f14efbcdc

SHA512
aaba26321e0a20c4e3a7e535468ddaadc6479691a21eefba55dd43e647c959c3da5943051234bda42cab2d99f45f4eb0c1712cc5cee6ea25798391e7a456c6b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\A6C74BC2260EAFF823C7AED38BBA607C962CCB55

Filesize
39KB

MD5
bb835ae869fee189e9e0c34ec3819eca

SHA1
2676d921aa96dbb68e698e943900950baadbfde5

SHA256
a05e06abf72e6c1e0db8c566ff91c9ef39bf5601aad0ca747f6d57fecd49c40c

SHA512
f6a7f698da11461a2b87865037c4b14a3c03146823b295d52b0dbf19aca384b487b73c5d20c6d61248122b72f5049339c5a1b4a8774979bea1adc4bfe3b7f7cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\BC02779E4549B742F87E407101403B7CA65078CE

Filesize
45KB

MD5
02013922cd465f930a6c918886802b03

SHA1
cf062778546e85ae4beba9ca1cd5a9a9d18bf727

SHA256
a5cbe7c06e86e7862f2086a9ef06e7f0df772c316d6258d80b489370a1e99e43

SHA512
2505cb3e20c4cf8c478a129bed21f2ba023f0373612c0fdc136e8544d00bf4be5e3db8b682f66b075aee88740749f7ae39fa49ea2feef4b29c84c58a895daba3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\C7A8A0AB135FA7A3AB46295A6248C34731E53DD1

Filesize
39KB

MD5
795a70925695b1a8a422e024e9cbcfb2

SHA1
1322e667bc4c5c51e3677634b651ecb762878da1

SHA256
75d14ecaf2ef779be17f96e2e989de049c8c64a424617630444ed93294f58e09

SHA512
1e56c338082cfdb2c26fd4626c1a8604a6a58f9fa285127afe30c0b3217c447e9d8790ba1a4f3c98da718d2c83f9520b68acefb3c790daa34c376b422ea2d9db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\DB59E8D3E57FF91382E08E6EFFCE89535D43C898

Filesize
246KB

MD5
150e956648bbd64e4055de3b0d25aec9

SHA1
44db74d8c100c53c1200835441af891fc554169d

SHA256
2d118168c97fd72934a1607eabb5039fed08697283117642de5fb3d3857166ad

SHA512
6959e094ced7ab9c7bc2f51fcf69040fa574c9ff41df298387c73e22c29352dadca404eb3c5c78bb4570d36295dd6bacca87e15cf289bc6c585bcf6e7ebc33d3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\DDEB409B9EA3C2E0A1C77C8738927DB0DF6FE753

Filesize
245KB

MD5
145edfc88af46f0a431d4a7610316d40

SHA1
b61ddc67f226ac71eab715ed6647cbf88b73c342

SHA256
23028029c61951ed6dbd129bce2e086e21cd639d9a204e513087fa87e92e48f8

SHA512
96494c9095eb4d72500b091f2852934354f8864e39f965f1fcc9dd20e17bf557a048f8c3f675c0fc3057a13d2f8bfa5d77fe5cc21006542a2b5d8cae419bd9b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\E19316B1CDA62317F9DA2551F9B56E711FCC77AD

Filesize
13KB

MD5
a4d58f000327342e859573f189b72af5

SHA1
8724aa2df104dd9e52fe9607480f0f8fc148a1fc

SHA256
ae6b3153302b40b75bdc29423a487edde59c4941469ecdf077ae50500e76ff87

SHA512
f06705360d23ace20a374780cb4afda29eaa6f6f21b9ccfdbb620e6570042378fdcdd8b99a6f06ad029ed57211a8a76b059af65349f770a5032986cf9d95bac1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708

Filesize
20KB

MD5
4ee62559ac3ce7a44e62dc7bc1e2e8c0

SHA1
816686332644b1273602501d6d84b2f8ffda5da5

SHA256
913a6998ec3c54ea87453e601775b62dbb44c7a8f3b430cfc66f22eb9e59b440

SHA512
1128b31dcbb536764442402d274c54d80b37224afe203d99b088022d5113f46783558523f379e3ad18abd59a4ddcc0e71e98d7388a1167a0c0b11f705025cdf6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ptqf56iz.default-release\jumpListCache\n9CxoyTjXCiHHlNYUNOJQqJOKOsrdlrU7JKKp+RLyh0=.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-TV5OA.tmp\reshacker_setup.tmp

Filesize
2.5MB

MD5
9cba6e724eeebd4808d3e4ec4cdaa699

SHA1
17375ff2bd05233a3c88409458f35f5acd0658fd

SHA256
4944b5e15d6761fe85acf8fbf014d0b9d35f1f0a66ca26c1fdc108a2ad65cd01

SHA512
68da7a43fb2786da1559922a3f6cd2d1b32bf046d6e25112a989f6f3b42c27ed6a712e195c2a6fadba8fd0dae84af27e805736d34140658c33e9345ed24a3e53

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
502KB

MD5
e690f995973164fe425f76589b1be2d9

SHA1
e947c4dad203aab37a003194dddc7980c74fa712

SHA256
87862f4bc8559fbe578389a9501dc01c4c585edb4bb03b238493327296d60171

SHA512
77991110c1d195616e936d27151d02e4d957be6c20a4f3b3511567868b5ddffc6abbfdc668d17672f5d681f12b20237c7905f9b0daaa6d71dcdac4b38f2448b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
14.0MB

MD5
bcceccab13375513a6e8ab48e7b63496

SHA1
63d8a68cf562424d3fc3be1297d83f8247e24142

SHA256
a6af95a209b2e652ed6766804b9b8ad6b6a68f2c610b8f14713cd40df0d62bf9

SHA512
d94483deaae98bf9212699f1ab0bd913f6151a63e65ebc1ea644ab98d5e3ebd74ecaa08f70aca31e11a5d2c64d1504b723817af35bbe9d7b05c758dd6945d484

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
987df77e27a86e8fd061b51080833813

SHA1
af88aac0716bf7106e3fccc8fbac7ef5259b0a35

SHA256
9a647f45256e92fc984eff9cbb18d84f95218b11150d8da76a29bdf7a8391259

SHA512
39a89fc4446def1bdd37e19f4f2871fbb853a13d477709cc3fb7c1d5cbf532b5c80cce5fc1284035997f9dc15c31b94fc11894ca32427e19bfefd6f0973bf79d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
eff1cb3d0a9d86e40c23a31b8deab61c

SHA1
f3f79b8907d5f50a30e26fcb18fd21f60b5ce234

SHA256
fc6cfe354dc1a6291d86940b76f226d68f23ff137a12153c8e5de986dd7ae83f

SHA512
9ebf832cd984c9a80a778a56c828c86d45c6b0773b4b4b3003c14539c130860567e0d42a531384120dafe3aa2e7c9a88cadb06420373e16a92648c1bd1bd0b62

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
a46e3e81caa9a5bea6fed3df889a2f4d

SHA1
0d32d75487299e1045873b08f438776dde27c8d8

SHA256
8e912352c8bebcbb6b85e450a83698933f830c7b09d25c4d3f3280eeaa346f2d

SHA512
418bba62f243b9139dbd365045a56c2ee7bf2c369cc59feafc5122e1812285a4270ea3a8b324e3e231b28f85449464eb782addc758c1f8d38a12f7cc86b66add

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
0bf0a939aa129a99a78b8009feabcdaf

SHA1
82964438fdc9d4da9e87b38b915bd02c4469182f

SHA256
ea3a1b87956f82f994355d514ae373e171f55b4044777ca2df32aa2b672101b7

SHA512
c8b710385c3059cf2ec054e20638c5a0f93e0a8f5cd6a83c7e8760d7e50ee2132bacda7ce36b1a53ec484cef949f50ab7e73e26966b1c365cf76bf90ee101b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
ace32aa3cbc5ecb9c8f6b75d33c86dc8

SHA1
5eda15304245e09da4df6b07eb0d056dfbd7244f

SHA256
74cc64ddaa33c70e3d70a6d74b647f83fd0f17572e411aca039b54331f0bb68d

SHA512
1dc935157d93aa263517f3456b32358fb3581848f188d0e9d8c59b45a7fdaa74fbc739197a03a62a09c22b539c227828ad6f4d1f2999e2196103183e59383347

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
a94afa0f4651e8b5226f21e1238af7d5

SHA1
521c27e3c73238eef9aa5ada0d78f4ace0f93d2b

SHA256
bed670950184f072ac245279c579668b693d4971f07b05d30ccd68af7b404e95

SHA512
754a63f94d96f32466abc492b333ec892d73b3380509ec043c94c114734af10e0bd0f04b154d275748f7791047bb6dfe7286dfea9f17f860e0c228a1fc568956

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\AlternateServices.bin

Filesize
17KB

MD5
4446ec844bb0e5913a411746b348bcda

SHA1
e8512d536d02856cd291862ce4a869ebd9ecc30d

SHA256
8569466b0fd80077504309676a3fdc093166dc9323098efff9e506b9b7ed3f4d

SHA512
cf8bfb44c2773515edc7e41ae199eb458f38b7f2c32a2c0005ec438a753e471a0cf6b077910f8916d2b7c6b835414d5401bb127bd3e417ee439a9b068cf76ddf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\AlternateServices.bin

Filesize
7KB

MD5
469456b9d100feca4a98b155db5ed9cd

SHA1
bab477fb00a6976c592038fabbd614a6f8eb4071

SHA256
9d108916b16227bd634d7d956bbc372d720bb025e3f96026c9f01437db8de45d

SHA512
541559c003d19c0112dabd1b94021cc5600b374e0972e91d4e633d0e6c935c25865b701ea0961cba8909b7ae7429b969dd788d24cc15e297792db12795a40a40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
107KB

MD5
49b35809e3d223aba0e65ba0fedc673e

SHA1
396837dcf1a3701e1cc3a2ddc02d5a300bdb4960

SHA256
85ea396717cb2d1d5e238838bf775394c5cd2c1b43d91e7827f41f7628b1af8e

SHA512
5d6155e10cfb0ee9d984b71ce620af785604143e61718f62bb4f017f8a8f0004d21755d8938363c62f44306fb2ea2bb6e4b812b5fdd7f80c1749edc04b41a2e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
101KB

MD5
2e9450d167bed3ab307fd02789509aec

SHA1
aee8c0a3053c9e2722855a480b158291add6a798

SHA256
2921879b5d45a855bf6129d60b4c3439604e974084d5b940bdc8260ce110c266

SHA512
fc6d2d23a2b4492088a7d6cd26490e61f2f00b25518f8accaca840e96cfe134ebfdf05f890e0a90b5de23b3c866c9839268ab6531774a6b0e114d1fe77a8adb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d332b9a2b25705e344061c6201d86ef8

SHA1
e3ff18fe9382f868fad116f15da09216f48a7bc3

SHA256
a14ea70a5dd15d0707781ff8676e7ce4ce7f4779acb21e6e90cdbc36685b4e82

SHA512
2f090b898754dce9b787b54f17f54c26fea92ab5e67092c184a5ff094642131c9c9701aef3ad26ff0aa30aac61314c7d356136dfbbdee939f737f3e81495c4eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
d1214aee212476e402da0353d0a36bdb

SHA1
e06ca4a3cbd3609164f73c706dd34548ad8fa0b5

SHA256
f2cb3c94d1b14563db135f095daf0863176692cfb426bf8526efd2f87c7a754a

SHA512
0f55ea320ff2a629d85c41cb116152d0c6bc574ed180db1fefa1e46008f9706278335b1986bbc8fc6affd4d23718ac766b766679bbd74ca29da01c4b3da5446c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
642d39260631edbdbfd41ab781b4ecfa

SHA1
6ca9b95f48fb1c213fbb67b760b2b784cf37faeb

SHA256
774d4bd8d744f95fda5029ce7e9db0ccab3b9a3079fd489409ce980bad4c18b3

SHA512
ba5c14595dda76cda3031ced6e66677bcb06cfbf46f9b9baa5d4e262b91bdc0d550125d62b3c8767fffd76c3d95b98011a54dcf882d3a392c5076b64cd6fb0b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\events\events

Filesize
4KB

MD5
5236d3ca012e95dd49e4048b4ff5a5c3

SHA1
c17cdf0c9f70aa60450d6de8446c27a5356a7b2c

SHA256
1c62cc13158324e1544c3ba178ecc0263508de4e63adb1fad3456c20deb9a4ce

SHA512
994acc0c8590a05e54400886e8dea396f5d2bce558b22759d66a09128a6b7d24d423985630659d68ad13ae50fc29e53531e2f741b95935a8266f1dd57062222c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\events\pageload

Filesize
5KB

MD5
3a406d8dbece5979db70de4910165239

SHA1
7d863b4c8fcdf9325beb39c28773ec32d982adaa

SHA256
0564dedf19be7c1ccf86b687323f64f39a7f185c815b220aa141a1204bbb9f75

SHA512
fc9404b694b151cd51020090172e3d1a772536b674f1f698413fbd521faef93500b63af71ac6670d9c286f983a85b74346ce902e700c20d967dfbece6e99436a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\1f70fd65-01b6-44a4-81a1-aa7dfbd8f0e6

Filesize
886B

MD5
6e083b6928074fe9d25b99e753844b42

SHA1
c31675d6fa7233b0540788889dce6f918f2c5405

SHA256
0e9a80d75aca75b400df31ef75c2d45e426b18e3f0240c96438bb81d01edf6d9

SHA512
cb84a12c6bc023187f28614c64dec5cba4b7088234e59a8d52410dc7801623e424361bc4a96fa1d1ff69fa07a632b211cb3affc778ea958e35c2684a804b3d9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\20a5b48d-cd79-4888-a866-4c29d0e474d3

Filesize
235B

MD5
431cc21b996f8b227d3a760b32cc4da8

SHA1
31736de7bc8e9f04e2a1e9ae2ce8f563c38e939a

SHA256
bde30813258a1de311fb60905e3e38ede61814dc92055fb6c48e4c5bbf1c744f

SHA512
cfdbccb358e5ee2ecb82476e7aa0b615c63e17e326b9e3646237256aa9a8ca44f8625f5258650bb22ec693726ac2141062461d147e2c153849330e2e19dfcbd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\4a6ce34b-c7af-4764-b670-d5725e9df68d

Filesize
883B

MD5
1fb36f0e0672f795dbc8a8461f357361

SHA1
05f43e754068d86367c14a7fe0e3a2680eaa1190

SHA256
b6698419a0a1d6939c0856fff7fee66d106be81576f113c4092adebdccdd37ca

SHA512
e5843e9e6e04ba58a6e17ff76ca20d10b8ea13731c5f8e69bfa420b397cff1fbb1ae3191d56d35600b39fef5d57de69dd1bc2bab59acdd61b320487dc7570522

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\62f233c4-83fe-456c-b0fc-91e61dd413b7

Filesize
2KB

MD5
4603474263d981774c1beea3af5f7d22

SHA1
37b5787167380df955db6f5bd63bff5280ba2e25

SHA256
d0a3f1d7c218f13b700492c4c18e1ee8bba38404fc6de7d03e4dd97b0b31e42d

SHA512
5351f2a5e97a73df35a3a1d855c50487c9b1881b5cd9987ee3fd387b114baf987d67b46bc5891c86f7596ae5dc56aa8f4d56db767f29a58e75256f5c226a4b0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\75be0dd7-72ae-47b7-aabf-c21ec1fa3c67

Filesize
17KB

MD5
f4eef2a673507417a79269ef1d487ba4

SHA1
a4bcadfb1e49de69a43b29ccc6c3fa083db7ce40

SHA256
6bc3ff2a12392260849f6c8ac7a8ba391c54409837023c59a54057839c0986e7

SHA512
cd2f996832339364c488f62dc9261db16ca6c8402780e92811fb3648f39576a983a51fa6d8440bebc4ad7461cac67c8f49f9194b81cd8f491bf192e4c832c3da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\datareporting\glean\pending_pings\9cdb434e-52d4-4c14-bf20-cf7e13524263

Filesize
235B

MD5
25a4953f7819e8decdad3cebf5e36013

SHA1
2fbe1ca06980e43a0286cd0b79d1fefb834ed21f

SHA256
7f5386f52f828aacf94f2b9b42cb3b64da1d856152c3225eb9053d7db29abc6c

SHA512
9cadeb53e42e509b3b0b8dd1a4bff59dec215d257819930966a6f2758880367e8eadd254670a1237a82db4f0fcbab35dc4b37711a5c40d3a50a3c3c6aa1649d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.dll

Filesize
1.1MB

MD5
626073e8dcf656ac4130e3283c51cbba

SHA1
7e3197e5792e34a67bfef9727ce1dd7dc151284c

SHA256
37c005a7789747b412d6c0a6a4c30d15732da3d857b4f94b744be1a67231b651

SHA512
eebdeef5e47aeadfeebdbab8625f4ec91e15c4c4e4db4be91ea41be4a3da1e1afeed305f6470e5d6b2a31c41cbfb5548b35a15fccd7896d3fde7cdf402d7a339

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-gmpopenh264\2.6.0\gmpopenh264.info

Filesize
116B

MD5
ae29912407dfadf0d683982d4fb57293

SHA1
0542053f5a6ce07dc206f69230109be4a5e25775

SHA256
fe7686a6281f0ab519c32c788ce0da0d01640425018dcffcfcb81105757f6fe6

SHA512
6f9083152c02f93a900cb69b1ce879e0c0d69453f1046280ca549a0301ae7925facdda6329f7ccb61726addee78ba2fffc5ba3491a185f139f3155716caf0a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-widevinecdm\4.10.2891.0\manifest.json

Filesize
1001B

MD5
32aeacedce82bafbcba8d1ade9e88d5a

SHA1
a9b4858d2ae0b6595705634fd024f7e076426a24

SHA256
4ed3c6389f6f7cd94db5cd0f870c34a296fc0de3b1e707fccf01645b455790ce

SHA512
67dfe5632188714ec87f3c79dbe217a0ae4dfb784f3fac63affd20fef8b8ef1978c28b3bf7955f3daaf3004ac5316b1ffa964683b0676841bab4274c325c6e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\gmp-widevinecdm\4.10.2891.0\widevinecdm.dll

Filesize
18.5MB

MD5
1b32d1ec35a7ead1671efc0782b7edf0

SHA1
8e3274b9f2938ff2252ed74779dd6322c601a0c8

SHA256
3ed0dec36754402707c2ae4fbfa887fe3089945f6f7c1a8a3e6c1e64ad1c2648

SHA512
ab452caa2a529b5bf3874c291f1ffb2a30d9ea43dae5df6a6995dde4bc3506648c749317f0d8e94c31214e62f18f855d933b6d0b6b44634b01e058d3c5fcb499

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs-1.js

Filesize
8KB

MD5
2a3af6c476bc4bf1749854a5e05459e2

SHA1
13aa03010b7a6264177c84b1beeaf4acafee5ea0

SHA256
a3c1e063e5c47d391460de448e9837d264f4ff4aea463543eb0a720234d12c2c

SHA512
9ebd5dd05c48c2f0731ab8287f48b6dbafd122e1db8588941bdd4ab4d3d6f59d2c22e62d742ce434cc4dfab49744ae569345765eecc0dbf23ebd96f867b25e99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs-1.js

Filesize
11KB

MD5
2bccd9baa0f154fff6bed0e0f78fa6a4

SHA1
0636953c04bfcc05b6629676828d4526eda9f2c5

SHA256
8266f44dba8080fe8d073a52a80b987a50e828b4f98b16c7bf9209a46e688b38

SHA512
8e0ed98ec1a06240da357d1e07a911c5129394516a9c04d57824e4a873ec851a6febcf0411189d3020240318fe0197988bd070454b3fb3baa9473295bd5c0880

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs-1.js

Filesize
11KB

MD5
c83e696e398289b8d886ac81485f89ad

SHA1
f7d3523ffca352411f6311465b426d77ac7089ff

SHA256
1d588ed087d33e3c3ab15d8a28413f36befdea170952c747b3dd93e3ac0da42d

SHA512
8eab8d67c97d99dcef89a0702518297984c38d142ddbdc6fecb1bd1c899ecaaf30c436c67e07439464e5f6ec93561151b1a8d9ac5b8061f1ea65367365eb73b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
6KB

MD5
4c830353d8a412e324a09eafe7898020

SHA1
ff07000cee5fc860d49a29a43089877c78403f85

SHA256
e22201b3aefcbd52e676bc8ffcb5562c58c2662c3fa15c47c6d052b5c7ddfa79

SHA512
85024a9e6ffc9d8acbb8fa4cbec549d94c841fabc9868da8a32f5d0b09d6cd774077ec7427a824d8ba5e411a1b0cff28506c51b40afdd1b367802d99343a6488

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
7KB

MD5
f8ebe4eb2cce96126cc092f952d56571

SHA1
84699d39e889737f8b7297d969a1cc0af911f7a6

SHA256
72df3855bc604c20fb677fcf9f6aa80e6449212b2e0a0570fc03b83ba16ab8da

SHA512
be0a2c71ae91bd6e0ba212446ff70ba382a696023667ba0d530d81aa850e39cdb254530d72b94453ef08abadd07ceb1d8b5e045e3e25cf744fddd428aa6b465d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
11KB

MD5
7ce569c608bfc962d19c7d98e5c98aa1

SHA1
2a135a86618c2cc75a267c2ac733858024b6203b

SHA256
9c45a305dc6772e5f97c1f68ebcb5cc3d2c35ed1cd27b2e1bb63e6c1d2099e93

SHA512
f1558e939b4cbc30fc028f77f9947ad1e74e6ece8acc44907153d0a1a59ea8ed18950ceaf585575154498f657ee94a0344ba6ab036a45601dc9a045b60fc553d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
11KB

MD5
9e757ff1275aa46dba03b62b7f9eda19

SHA1
0cc838c97d695866a30c5643598644de3f75f9e0

SHA256
361ddc5d19b17fcfa262e77668d93d3dc11a9c94a057a8d397bc114e9b5ec546

SHA512
204555500e206cfb9a164eb4ba7c089ea1b657de685d8ac5138e8f6eecc0dcf781371ccac6dd7ba4374ae59edbb2e8933f82c52642434bd2e5a530351df234ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
11KB

MD5
5fc8981ac1067cdce83645daa5db528b

SHA1
73bf41a3012b7d04e3ae79a5ac8b4c0bd6f434cd

SHA256
bec64de4b8e51ed0f03e8d8d8329e554c1f6ec64b34c9ce045617c4983643244

SHA512
c3f429affc85d6859fe63b37efe338b6fd0439502b179416a5f326685fa626a155777df4ebd45b390a1a321edffcfb573a87097fd89bc9561d4f017054a91124

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\prefs.js

Filesize
6KB

MD5
5ba8fe8cced16b85ed3d76357d5de951

SHA1
93639eda69112533c0d4e4c667d407600bab87b9

SHA256
4f54e0d9dfbb1cad7709c845f7a6da7fed97e0a217832726044cc50d21d05be5

SHA512
c932e77b9e036b403a1d29c8147cdb70cd8d1c622b343ebab4380684da81df60abc0754d465431e621b17e28d2a515b083be6584b2c177a08769e94910826a64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\serviceworker-1.txt

Filesize
413B

MD5
2efb4a34ff51d7f172c11e9f989f294e

SHA1
676b4b9cfec9e9945dceccfd984ae36671e626eb

SHA256
acf3cdf7b81ba9efef0ea322e69ec0761af6e6b8d6bd2cd6a772592594e99847

SHA512
9acefee9887b0aea0af2f1e2314b45615ef87f8fb245dbd5ec6e1b4a09333c02c59e6a8aae3ec7b082198345f2f94aea8dd4dece8cd5fe21d3e4b3f221193750

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\serviceworker.txt

Filesize
162B

MD5
fc54b41ed9dbcb8eee3c01b46d574da6

SHA1
ca96f8118913cb4879f29ea505923d528bce28d5

SHA256
663c4807e721c8413df88f5745d3a53e97abcf5a6d60a96a25115c150136c3e5

SHA512
d19f44d5a9d1564ff5a79633afddc49f0bfc2ae25b0f7ad05b3d4526292a143976d6dcd662afd83809fa5ef89fdaa3dd3b894558c06634bda1afcfe0e74d9d7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
162KB

MD5
d251b6227ecd6f9dfd4b1eb7c193a0d0

SHA1
8d225857bcd0b914c74d153012795a5160dab9b2

SHA256
cc53eeeaccb51902aeee6f0343fe499b33f7d580b17c96cfa76fe0b26c545ffd

SHA512
622a4b3467647b2314542ffe091639b7bb0a68a0600b8d1ca3d096a604e0f231a5afa936e3737ccfd976c1d51f7a3f89bc0e8035dee31810c1ee9690f48e499c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
358KB

MD5
82d61db3552265e853c51ce0318a2401

SHA1
928ec2238c76eac65ac65f2586d362a4f31e6cd3

SHA256
d7e8df6acc00efbc0e17190e7bf70fd8ae2b2aa69ace13b377a7f1d0630811e8

SHA512
2c27b743076b64f6b43b2d07ccea6ae9e26b19e82b8599eeef6393ec87c003b6321131496707a40260519a2b299565270336682cd9529d5ea614d7206c9a59e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
437KB

MD5
db7ef2f2dc355c740cfb90f9ce78bd77

SHA1
49a214e79b9b99f21ae1bcbce7e7562c90c72b5f

SHA256
4854a9e6b20da6fbe84e25e7279c03ad2ebed5eb31d66dbedb17605946d4af69

SHA512
e6412dd4d7f5a64dcb26565e3c05b5135ed02ea870b5fdb56470189d6c7b8da5da5fd5a08c234b16e33e71166699b1a78bdfe9b2372a6f234de69d07c07e1c74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
b99b269e931013d4e128215fa1895541

SHA1
7c1319a0847d02b5d5f370c66689d5e7691f05d0

SHA256
53d5eb281c89460acdc6d6e7bf71145ff92959224bad8ffffaaf22f3ddda15e7

SHA512
4e6382e720e548064751a036795bfa7fccb8a178f75bf7bcf6b54a17b03c624c543e3d9e62aff5d7becdeac6f7eecc8667616124ed05fcffc9eeccf587dac658

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
52e9e2dbcbec70402684ce31efc54f6a

SHA1
cc0f5cee5f9904eb164b9fa6f5b58ba9400b5374

SHA256
56e26b2cba0d6e927b1b8dbfd2fb7df6ba84a143fec27630db805c90981c0008

SHA512
89e61fc3ba1b5dca3ecd14493b9a0cbc9c8274d4f81172dcf45e5793e63e390a4cc3431fa36c4530f7b54e43d27e187918e7c0c4c52592ed955517a34ea4bcad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
438KB

MD5
25864bebecaa8ac3b53a008d9858e1bd

SHA1
55ca5c589fce5e817c0c62557eb97e75fb4355c8

SHA256
9622f24a70f787f2a736a9f74e3e7519967c7f9c29f3dbaee9edb4f50b1534e6

SHA512
2c2fced969e25e629340f71a3ae5e8b7a65dd6361dacf044532f92619267d4a74aeb765734febdb2b8daca80b08ed734fcbad4d6b7ac16a974f66b18c3cbc252

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
2687031fca976394ac3d5700bb9e1e25

SHA1
e0945790609dfeaa00f7b92040cd63df3d8791be

SHA256
f54a3799d555aab90dac15262000f9b2a9edc56e399adbbbc76dd30b27d6e638

SHA512
280f5aa0bf609f4ff82eefa8d13077a088ba0e6f177bf8f34cb288ec8800aa3984010ae00cbafa2344cc88c1d5c8da514b9fb693ef76450ef2cf972e4c4f6be6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
1ba0b147943c9002f9d0cd7b8f125019

SHA1
c2095a85df1892ab619998c57d7c81254dbcff9e

SHA256
d6132b63c04b2552c5a36e692f088c834a5f7b72d7209fb42e461f8c2f81526b

SHA512
9700aa513e2ba6fe2af13f6c8fae48ff5bffb243428c9fc8ab0fc37ab745026b38051278ffa874d6848206996ab67a3be0968f600e24b5e9ded227fb06cbfbd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
448KB

MD5
7552d33182c5a302fa3755ac7fbab879

SHA1
d4369931d502684e825f318e45802ff4b9c53f86

SHA256
0a468ab0b36f8cb1cdc1ec65f1b58fe897ea3b62bc9997b6fb324f9414749fe1

SHA512
a4f7bb0a89a784d02e61fbab802a7be37fbbde1bab2a015e158309ec4fec2a8ea5bb5a818844ad22f04fbbd654ab2300f450652f434b0d12eb52b898e2467be7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
3092cfb364618d198a00780cbf6d164f

SHA1
473d956e10321efa3271d2a8adc6e1ced2b17756

SHA256
fbe9c9e00e193436ddc0873a5536e723e725986faa7459ef5cf429eaffa6e7e4

SHA512
52a50439142e58d8649d0c05951548f2dfce40d9b08cb96a4f4d36996b025cf4a03ca30f61bfa40efb62d2764aabe7a2b7d27baafee4e0c57ed0aa5cdafc4c99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
c22c4e7b15be33527e773f32baf64beb

SHA1
5188fc172e42a4f26e97e8169fd9884a21c223f1

SHA256
c283ebba347226f99f24528f171de16cd4251027fa96d94177685335e50fee7d

SHA512
c6a2f0eebbc3e048f78cb791f880bb146a006016a4ef816d9f1b153ab8e4116d9778dafd8f596c7a73fd680dcc4b1d8886b098457874a32a984a69fd1acce2dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
cbe157665fe2066c4bb43a351f83f445

SHA1
e15c97078aadd79e1ba09dc45363e82580772e30

SHA256
fef3a1856fa15243bb8266a7907d1cb48fd870c1c66cef55d600b8be201f8578

SHA512
6b260543474804ee767b872d99d91d657e8d98f5dee0a178c4afcbf4377db19ac1a3a586e6d4032941dda1e4fdeac1d584c1bef0c03a67486e06e20aa81d4edd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
24d6d9ddedb8c3c4a1974c33087eb8e6

SHA1
a7ca30b782d0cf7868f0d18b5663b243f33e57b9

SHA256
1648bee2d4c9011030fec4f52c8543e8189705da3cc3ec65b5da9ead8fe2ebad

SHA512
c6d9b442dfc38d30daaff8cb8bfd3622acc618c208069e059c716a30fb1929ff4500bd47698129daacd3e91a7c3b21fa70ddcbbb52eee93abce2704451ed2e34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
9f44bb6d993e4588cf5a7058427cca17

SHA1
f28d72701e9435e0129b1d2f4ee354620efd65fc

SHA256
33cc043c77e5c17c3808ed71a739abd5d8cb3dddcf2a0f73220f0c1b24de0647

SHA512
65135eb8be031ceff2283105a51f7b32707d6e158ac6cff8e8087963904feb02dc8e72a0d3c7f8f76d480dfe1ad707af76bad985c61aa284b59b47bc3201a5fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
de5997545663e5415ff5ae3170ba7d6f

SHA1
4d89b597c370e770ee861f2f428f2bcc767af14d

SHA256
f224ac47ef61ee61eac4948eeb1bfb1a0b2e280209f6c2d5522250dbb9c41121

SHA512
ca99b71e3314e07eed7cb1e7dfd1619cde371137776cd74bf22f784ab27198f70126a9ed73b350968a2736c2d00d4f3e26d1b39d626c3e3df81c9176758a6bf6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
aaed56e714a02a3523d8629de800ae33

SHA1
149286476a756dbe8bb8c78d5ca7644311163eea

SHA256
22b261f5b42befc443b731a2eda90524c4c055c6e2b9ac2d57c89f751a95c48a

SHA512
76f0fee9063e4e6c487e63618aff02ee281ec6dcc9200fb2c274d902bd776243d11781f351f0c5057ece7f5eb02b0782002ea7c96f7b0f909829ed7a172abff5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
a36b8f94695a4ecdfa7a0649d4bf048c

SHA1
5e52137012915164f467df6d6ffb349dbe2cb708

SHA256
18f2c1653bbef6fae1231190a6d7a6a122d3d4a6814a58f4c379b383727a58c4

SHA512
49df5630e9720c40b676fff16baff35d3e61a6446942d0309948529bdb3447525ba10eca6b7a343d2b81b31eb6adc52b6e95d36e3ea5c6ad75ee972a02daacf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
57cb7b27c3ecc9c2a03deb55e39f09cb

SHA1
261992c70a3c8624f31ef7a18eb78eac98dc8825

SHA256
bfeeb3ebec68b73ce87f51d1c5c28999d539be768c40bb653c2e87c9f5528183

SHA512
370a8618790b2ab61716efaf92d9c452610acd80c83c4faaeb47ecdcc1f5ce31e23b432918aaacae8e18b3a7136835536d834b25677a3f8c46071804d07f2a78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
6KB

MD5
3890737fd459b443874918e21a231461

SHA1
2b4b5b02c524347b600496862e215c2205f3e0fe

SHA256
f092e3b7d625e0d7ab7e8be8f4777201a1bb0cfb26dda1931a745815e9401d8e

SHA512
793655faf447b70c74acc3f8b0532a0cc89199fa55e85436d54bc8bf62c2b928966d9679aefb1abf49e8bd80af66929ab48b8f1bc07d11a8699768f8d5387354

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
ca2397b87db8b84576a224d924a7de8c

SHA1
5a56054a0c87f91df25754a1dbcdcb4c345bc336

SHA256
507de3c1a712541651613f07380a971af57e6bd9c83854670d932657ee9001a7

SHA512
d7d2e2ff0f7ab722bb4ce43e4b180279547e958547a30d28c7e66dd3a520909dd46ae6ca5a1724e32f8b482f738a58ac3c4a48ce7ea06221380932f435af45e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
12KB

MD5
275feadb620ef76310920eaa50118da1

SHA1
a89e7e7f9356eb2caf2d5a3ab3c80ca962fec90f

SHA256
1a69868156c083560d8b42b1c3990d37514fcc7549a91259563fe2b4b680ee6f

SHA512
7f2952d5c7a8e277d17a8fba38da0364434dcba92f08889286f01db5f876007c7aa5537d7cc8d56b1771ed7b6c80f833d1a1c75b4657543ab99c12112f13efde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
355KB

MD5
7874de7040bef472cfd8b01cc80edcc6

SHA1
42be2285175f33ad45896fb61f10d726d16a825e

SHA256
5492baa64342373038a568cb22719b5f2f88d1c0a5c16cd9f766d9670a4d66a9

SHA512
f1a473211702b84568b69366aba9e14ce8450459a767a134073f0c374cfcdd2900de7d278347e67e3ab7429715571fd7dd5a2144996f1fb0f1a3b0318ba54dbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
37KB

MD5
5d9a5c517a14b04cb33813228a7ea0a9

SHA1
b072fdc51c8c754574d44f80ea3adde4b3210643

SHA256
7ae0fdb8086a0c0ed8e53a0ccc00c1439a24543f43d4ca90a1927d2a7c85a89f

SHA512
a9c03193353c622983c3a59cc0222eb2e07a022d45fad6d1feea69db31505a250984e331bd2b1a9e4c60cb0c8107404150c9dfdb6ad6fcddc5ffdb882848c850

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
431KB

MD5
8dcc76e265a529945003b677709683eb

SHA1
fda643842327699379feef3e0c7831a58471073f

SHA256
bc4484910a30c6869fc7d77b91bdc98307b2d97f4d5be676ee96eabf4a0d1318

SHA512
2b9c534fd1bc5656c4f63435b0121a5d94b36b13614164e8176d01b427a9d9fae087de93fed274e20ff780fe88eb8a0863cfd0a3dca9fa46028ba3465caa691b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
96KB

MD5
6c807fe42231b21fdbffa0327ba9cf71

SHA1
cbfff5bf87cac11447944fc682a53a7139bb8407

SHA256
7e51cde3b258faad7888aed54e6f1bd44d09d92ba7482f7cbfb29cf2fa2ec501

SHA512
49459452e2371b2fa0fb126b685b2546bb9b56913c7e45f2faed0aeb93b328dd10ea2ccf9a1abefb2833f4d8970bc9ccdc0c20ed35f9ccc3f99b1171587f2add

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
437KB

MD5
e7a8c704f00702b8059d9841972732ff

SHA1
2628591f6a559055183841de3be8bbe62b1a44d2

SHA256
bc2795e77bab0cc6f7d030ea8b329f993ab8de4e699edeba247ef7c5d68fd2e8

SHA512
7cf07f91b278bebeb2b3702b1cbfe3e5dfef9e7e52aea013e266b9f1bb623421dce27b13abe73f764324484ab9174f96dd6e9d459acfbeef70206c72b89c303a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
438KB

MD5
5bb794fbd0bd65ccc36e2e8ecec03f5c

SHA1
390bd2b4011bc589c9f34b34910974591b1ded8e

SHA256
25c0408be664b64fde178796b81e7b38a257b7fdf4d92b50dfdce3fe3b391943

SHA512
79c1c3d9ea445b5b81cbe5a322f617a69dfc14934b6da2397ba1b2fe1c874553c58c620feaec13b24a1e475526471fbd45fa1eb8cbe2c50b83c2f4e922d8cee0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\sessionstore-backups\recovery.baklz4

Filesize
445KB

MD5
b95e5a4d6cc11dcf30ff8d83ce1622f5

SHA1
338d4440477c4787e9359c045c860ae56d77fc22

SHA256
fb4e1713845f7b6cdb1bc729aafc0be4a1471e6692437126f03a366cee6cde2a

SHA512
38ea3731a32a72448ed63e23506785c27ed3d550a23eb9c52906923d095b8af44328cbf9dc9667fd3393e695e108796882cb07275466290c38e9c6872773ddbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\default\https+++auth.wetransfer.com\idb\2867707122poic.sqlite

Filesize
48KB

MD5
405159e63554b7034b7ed10cf7bb62cb

SHA1
8853d8bb993ca69cab6d3bc671c1f815cb775231

SHA256
b126b17d238ba40d43c5176882d5278aa2082738b0d1e816840856e87e2f2a50

SHA512
0c1a304f2bb6c76c8a12393468a901da60c32bf88856189bd6867b0cba18122a51fe2fbf93e5165a5ee133e1fd07eec5b6b689d2bbce60440af0a470adaaae03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\default\https+++github.com\ls\usage

Filesize
12B

MD5
9e89f8d581f7c22679122e5e61ada809

SHA1
19667207e15b1d36dc50c4a72ce3163342b7862f

SHA256
421d4cbb4c59f5e94dcb376548fca28bde43197ecbae6fa1887b512b498919da

SHA512
14f5611a9a0f9c5060377765c08c205f63b06a06bcc36ea4d1e837734906a56ed887a1efa9101b0b168ff9d22a16583f02393841ad26c090f2a0e57c9ce0f899

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\default\https+++tagging.wetransfer.com\cache\morgue\92\{a5ec1c20-e835-4dd3-9ef1-235ba1b7165c}.final

Filesize
3KB

MD5
f9411804882741478b92612440fb9579

SHA1
9815df832521ef33a687e9405c26b6966ec1362f

SHA256
eeee3599ecdf16220af8b4f6e44747853d8185a91be0d4099be0bed09204d4f8

SHA512
dc50f3c1d4f1386c6e78a43ecbb5267fd1eb84821eefc701485be29c6fefce231d14f83f77b33bbad3753d16fbc54b914c33049c67a2e61412a475a919b65b64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\default\https+++wetransfer.com\cache\morgue\148\{7d0ba756-ef86-4441-822e-59c54f8dfc94}.final

Filesize
4KB

MD5
427a18e3c9a85a984f49d427a78610c5

SHA1
6d0e5b1f5a640311910021fc2a78f39b5d4a0039

SHA256
c262de87bf91692d2ec5f56abc1e052db6562eeb8424e3607c47e68663325b6d

SHA512
c5264b11c3aece8319642818d94930b85578fcdaced3af25f8c72ed971b5d805c9f0a5af9cb1711bdc0b5d81154fc4a59f41c8bedcf0062cf666df8346bc90a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\default\https+++wetransfer.com\cache\morgue\157\{d4d44d94-3614-4e16-9475-61e58773489d}.final

Filesize
13KB

MD5
ada5e1b3ad236cd53a4e24a0d5b497af

SHA1
f75bddf945615c8cd2e6ed5a946599ae03ce92dd

SHA256
1e755574dc239dc6bff09b57646b2f7ac903e3153281fd8c9b67f62bb6cbe0a4

SHA512
b8db6fa95421823a4f744248c9cf3e6b454a2cbc2c7159d2e77f9d936b08e44172e86e8c9ceb2fc39d3e4814588bb414215c2a813d43df98b8f56f6f0101902e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\default\https+++wetransfer.com\cache\morgue\215\{78958bfe-d286-4b94-85e4-e3319abaeed7}.final

Filesize
975B

MD5
190c864007ed3b4f011debcc29cf600a

SHA1
0b637352ab59f294fec69d28f52363c3f530ea09

SHA256
b4911aa66e06fc6d9ebf29e4b9cb0d39930a38974a51bdbf0054579e2d3497b3

SHA512
50d0b1e0a90eaf8ff14e254994dc5fe03bb8a786b32cabed8b6edd7475732555dab38c04ea0c4c77e39e247364f90468e0b05c425398435ee2f985d3adc73757

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
80b6eabf5e789529dc8a0ebf1a754f35

SHA1
cdb478a2ba696cfbd11f43e0723cd4127a9da70d

SHA256
63f13ec40ff1b1fb76052ea33f788e6d83c900ac093a2d05d28751ba0e4c6c85

SHA512
cf4f3584eb1cffc8b099a9b4894bbf031a11ac2ab2ad6b5cb88f45824dfc05ebfd2039362dfcf9e21e04a8fbb140965494d9b87aa43e2e5697771ca72fc2af2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.8MB

MD5
9325d237ec69c705a9b681e0785e753e

SHA1
0a172e73c99f83b3751de710732b98adff65ae12

SHA256
971f630b6cd4832d360e4788d07530abb895d4b32b83d82ada5c92eeb1beaf95

SHA512
a9f2de67c63ff56afa3dbf8a7585f443337a7b4dca18595c0961da9496c27a608117e853085f219365fb9eb027159057e18a68e8e9359959ec07926ba43c9fbf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.3MB

MD5
f8d5c0d1afccce535418f3d64b025632

SHA1
37b1214f1986cfb7562cbc37d66a5ef7e4cce933

SHA256
4c01ee75c8d8ca4ae7c581c4f6fae81846681dbcd59734cec71caa759670ba89

SHA512
2797da1caab956c00649b278c09da340c78d462722f1b461786bea251a7239203b8c22363d0eda669941f4093ac8c379f3b4cbaffa259826882b4ed2fbe13a5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ptqf56iz.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.5MB

MD5
e65b80bc1bf24064c46f914b0518ca23

SHA1
3d0199c6a9c5e5514944d163e4c095934bd4d3ee

SHA256
974446308c613d22aaf70f29f0688d639d2c84113bd7f146add93f504edb6b90

SHA512
9382bfe98d7ae5e2a76e8307eb06e9f2d5c2257e1005956eff6bf1cfca6c67c6c67d715bb2cdd9bb23b7dc20a4c8b6cf468a6620996ac1aadec8a38671e5c9f9

Download Submit
C:\Users\Admin\Downloads\931fuxLd.ico.part

Filesize
66KB

MD5
d1b551699dfec45d3d5db7fdf1802386

SHA1
7f6a2b0500655398a67e71abd33a7df5193b304e

SHA256
641d65de85efc716e9f87da3005bcabee528e57e5c3ae4e9abb477c68b69bd20

SHA512
55545e9005ea3c86617fdc87e5219e15e776c3e1eee121cd58916c624c0ba27de2912a6709f8b59410f2e7ec86d8edb6ff14e3351ef5524ed1674c7d640ae7c1

Download Submit
C:\Users\Admin\Downloads\Aufgaben\Aufgabe 1\Newsletter.docx.exe

Filesize
462KB

MD5
8876339a763c0867662de5b8fbdf5ae4

SHA1
53f01e65f511e1f79566107ecabeba4e1e61ac49

SHA256
8f9dcd02ae2ab3b1cac4561f67cc88c01d32db31bdf0158ae225e111006098ad

SHA512
6f96998e29ea1c154eebf7577d6323a29465dbd3a11bd29995ad19bb146ee0dca23699873c8f090d392c94ed5327c56e8f027abeae0453361f185d086db7a2b6

Download Submit
C:\Users\Admin\Downloads\Carlosjj-Microsoft-Office-2013-Word.ico

Filesize
161KB

MD5
213e5e6956287cf4da074ae3dbbbe4ea

SHA1
8a6d88204c3b08a11aa25e0c6fb3700b5be96f67

SHA256
607e17a53524f457be2fc5eee62791fa110ce2a57397cdcab8a12e53acc4ad0d

SHA512
44e1ae57973f27be2c4ddae36cd1be0b2ff642e713d50af1b939564e2f6ef0818526a596cc04828069730b322e73e5b65686cd88f3c8c8a67e591153f8501a43

Download Submit
C:\Users\Admin\Downloads\Fagot.m31X81t8.a.exe.part

Filesize
373KB

MD5
30cdab5cf1d607ee7b34f44ab38e9190

SHA1
d4823f90d14eba0801653e8c970f47d54f655d36

SHA256
1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f

SHA512
b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

Download Submit
C:\Users\Admin\Downloads\IconDance.-wrwr5yR.exe.part

Filesize
301KB

MD5
7ad8c84dea7bd1e9cbb888734db28961

SHA1
58e047c7abecdd31d4e3c937b0ee89c98ab06c6a

SHA256
a4b6e53453d1874a6f78f0d7aa14dfafba778062f4b85b42b4c1001e1fc17095

SHA512
d34b087f7c6dd224e9bfe7a24364f878fc55c5368ce7395349ca063a7fd9ac555baed8431bfa13c331d7e58108b34e0f9d84482ce2e133f623dd086f14345adb

Download Submit
C:\Users\Admin\Downloads\ScreenScrew.H2LoryiR.exe.part

Filesize
111KB

MD5
e87a04c270f98bb6b5677cc789d1ad1d

SHA1
8c14cb338e23d4a82f6310d13b36729e543ff0ca

SHA256
e03520794f00fb39ef3cfff012f72a5d03c60f89de28dbe69016f6ed151b5338

SHA512
8784f4d42908e54ecedfb06b254992c63920f43a27903ccedd336daaeed346db44e1f40e7db971735da707b5b32206be1b1571bc0d6a2d6eb90bbf9d1f69de13

Download Submit
C:\Users\Admin\Downloads\WannaCry.Q1NTCEeX.exe.part

Filesize
224KB

MD5
5c7fb0927db37372da25f270708103a2

SHA1
120ed9279d85cbfa56e5b7779ffa7162074f7a29

SHA256
be22645c61949ad6a077373a7d6cd85e3fae44315632f161adc4c99d5a8e6844

SHA512
a15f97fad744ccf5f620e5aabb81f48507327b898a9aa4287051464019e0f89224c484e9691812e166471af9beaddcfc3deb2ba878658761f4800663beef7206

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.L0sx0upJ.exe.part

Filesize
424KB

MD5
e263c5b306480143855655233f76dc5a

SHA1
e7dcd6c23c72209ee5aa0890372de1ce52045815

SHA256
1f69810b8fe71e30a8738278adf09dd982f7de0ab9891d296ce7ea61b3fa4f69

SHA512
e95981eae02d0a8bf44493c64cca8b7e50023332e91d75164735a1d0e38138f358100c93633ff3a0652e1c12a5155cba77d81e01027422d7d5f71000eafb4113

Download Submit
C:\Users\Admin\Downloads\reshacker_setup.6l0PS2yN.exe.part

Filesize
3.5MB

MD5
9eb4ae6ae20fe3ebfd0b3f383c672801

SHA1
53b4bb42ca2d8afae66c39e1d44902d1141c1929

SHA256
3db29205423e339200ac1d1e1bdb657582ecf99abd3ee1bfdd1e0bfc04c601a8

SHA512
968e06f2b9f4134a6ab0008eaf42b779f320f374a2d90ccb62771782897bd81ab0535bc7ea7a98a20c0d7af64e7b013500397d45908f8cbd71e96098ac10ce4e

Download Submit
C:\Users\Admin\Downloads\reshacker_setup.exe

Filesize
4.1MB

MD5
0fa54be54c421f87da625916342520bc

SHA1
177674653365c29f4da964beb023aa5a1fe06fbb

SHA256
b611be2f35cb44efd1c29df03e7ebe62bd556a500585680e1afa5e073eaf1756

SHA512
73edfef164fce793bd584f478948b5d9b7d4f2bb4d673bd5e331b7afe8585c3ff933d489cc6a302661d2478f121c9c9a77c68013c3df1f8aa8b49ea75ad9fe7a

Download Submit
memory/824-1107-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/1700-1959-0x0000000000400000-0x0000000000698000-memory.dmp

Filesize
2.6MB

Download
memory/1748-2526-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/1748-1963-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/1748-1965-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/1748-1966-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/1748-2507-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/1748-2515-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3360-1109-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/3396-1211-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1218-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1213-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1212-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1223-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1222-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1221-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1220-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3396-1219-0x0000029790130000-0x0000029790131000-memory.dmp

Filesize
4KB

Download
memory/3712-2554-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2552-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2553-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2533-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2555-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2534-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2558-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2573-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3712-2551-0x0000000000380000-0x00000000009AD000-memory.dmp

Filesize
6.2MB

Download
memory/3752-1905-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/3752-1960-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/5488-1199-0x00000000059D0000-0x0000000005A26000-memory.dmp

Filesize
344KB

Download
memory/5488-1200-0x0000000007240000-0x0000000007344000-memory.dmp

Filesize
1.0MB

Download
memory/5488-1198-0x0000000005950000-0x000000000595A000-memory.dmp

Filesize
40KB

Download
memory/5488-1197-0x0000000005A70000-0x0000000005B02000-memory.dmp

Filesize
584KB

Download
memory/5488-1196-0x0000000005F80000-0x0000000006526000-memory.dmp

Filesize
5.6MB

Download
memory/5488-1195-0x0000000005890000-0x000000000592C000-memory.dmp

Filesize
624KB

Download
memory/5488-1194-0x0000000000E60000-0x0000000000ED2000-memory.dmp

Filesize
456KB

Download
memory/5488-1201-0x0000000005F10000-0x0000000005F22000-memory.dmp

Filesize
72KB

Download
memory/5492-1110-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/5792-1087-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1085-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1084-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1088-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1089-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1090-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1086-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1078-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1079-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5792-1080-0x000001ABDC100000-0x000001ABDC101000-memory.dmp

Filesize
4KB

Download
memory/5848-1067-0x0000000000400000-0x000000000044A000-memory.dmp

Filesize
296KB

Download
memory/5848-1068-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download
memory/5848-1062-0x00000000004E0000-0x00000000004E1000-memory.dmp

Filesize
4KB

Download