lumma | cb1bcf331721008e6dd6b46cd0f1880612374d54403836f43f264f924789e610

Analysis

max time kernel
1199s
max time network
1203s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-07-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maizu hack v1.4/main.dfb
Size

152KB
MD5

20b8e57e778d8c1b65a9f965b5b7050c
SHA1

4dc958b8e8e1e95cea82beac1afe2f91b88f835d
SHA256

99e7ffdb58bfbdb05b3f326655029cacb932809567b01392c63dc3d6d50fa50f
SHA512

b081b0c1ae9ef62fa3e37ee3900da84c7a0d81945cf8a7e81087999391f9366b07a46227008096e226e1800553afce5675f7ed8f72ad505324035be03da2091c
SSDEEP

3:H:H

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://piedsiggnycliquieaw.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

7zFM.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation 7zFM.exe
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Executes dropped EXE 10 IoCs

Processes:

winrar-x64-701.exewinrar-x64-701.exe7z2407-x64.exe7zFM.exe7zFM.exe7zG.exe7z2407-x64.exe7z2407-x64.exe7zFM.exemaizu hack v1.4.exe

pid process

7980 winrar-x64-701.exe
8188 winrar-x64-701.exe
8888 7z2407-x64.exe
8224 7zFM.exe
8640 7zFM.exe
8688 7zG.exe
7792 7z2407-x64.exe
8472 7z2407-x64.exe
4036 7zFM.exe
8252 maizu hack v1.4.exe
Loads dropped DLL 4 IoCs

Processes:

7zFM.exe7zG.exe7zFM.exe7zFM.exe

pid process

8224 7zFM.exe
8688 7zG.exe
8640 7zFM.exe
4036 7zFM.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

441 mediafire.com
443 mediafire.com
445 mediafire.com
Suspicious use of SetThreadContext 1 IoCs

Processes:

maizu hack v1.4.exe

description pid process target process

PID 8252 set thread context of 8700 8252 maizu hack v1.4.exe RegAsm.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	7zFM.exe

pid	process
7980	winrar-x64-701.exe
8188	winrar-x64-701.exe
8888	7z2407-x64.exe
8224	7zFM.exe
8640	7zFM.exe
8688	7zG.exe
7792	7z2407-x64.exe
8472	7z2407-x64.exe
4036	7zFM.exe
8252	maizu hack v1.4.exe

pid	process
8224	7zFM.exe
8688	7zG.exe
8640	7zFM.exe
4036	7zFM.exe

flow	ioc
441	mediafire.com
443	mediafire.com
445	mediafire.com

description	pid	process	target process
PID 8252 set thread context of 8700	8252	maizu hack v1.4.exe	RegAsm.exe

Drops file in Program Files directory 64 IoCs

Processes:

7z2407-x64.exe

description	ioc	process
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2407-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip32.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz-cyrl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ast.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2407-x64.exe
File created	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku-ckb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ps.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fy.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sq.txt	7z2407-x64.exe

Drops file in Windows directory 3 IoCs

Processes:

taskmgr.exe7zFM.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	7zFM.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

8384 8252 WerFault.exe maizu hack v1.4.exe

pid	pid_target	process	target process
8384	8252	WerFault.exe	maizu hack v1.4.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 9 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exetaskmgr.exeAcroRd32.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs
adware spyware

Modify Registry
T1112

Processes:

AcroRd32.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 64 IoCs

Processes:

firefox.exe7z2407-x64.exeOpenWith.exeOpenWith.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "2"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000007800000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0000000001000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e8005398e082303024b98265d99428e115f0000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{57807898-8C4F-4462-BB63-71042380B109}"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 0100000000000000ffffffff	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616193"	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2407-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	firefox.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Generic"	firefox.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	firefox.exe

NTFS ADS 4 IoCs

Processes:

firefox.exe7zFM.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\maizu hack v1.4.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\winrar-x64-701.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\7z2407-x64.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO4CFB5A29\maizu hack v1.4.exe:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 33 IoCs

Processes:

taskmgr.exe7zFM.exe

pid	process
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
4036	7zFM.exe
4036	7zFM.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

Processes:

OpenWith.exefirefox.exe7zFM.exeOpenWith.exeOpenWith.exe7zFM.exe7zFM.exe

pid process

3644 OpenWith.exe
4328 firefox.exe
8224 7zFM.exe
7876 OpenWith.exe
8792 OpenWith.exe
8640 7zFM.exe
4036 7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe
Token: SeDebugPrivilege	4328	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe
5212	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

OpenWith.exefirefox.exewinrar-x64-701.exewinrar-x64-701.exe

pid	process
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
3644	OpenWith.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
7980	winrar-x64-701.exe
7980	winrar-x64-701.exe
7980	winrar-x64-701.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
4328	firefox.exe
8188	winrar-x64-701.exe
8188	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3644 wrote to memory of 1768	3644	OpenWith.exe	NOTEPAD.EXE
PID 3644 wrote to memory of 1768	3644	OpenWith.exe	NOTEPAD.EXE
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 5016 wrote to memory of 4328	5016	firefox.exe	firefox.exe
PID 4328 wrote to memory of 3820	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 3820	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 1672	4328	firefox.exe	firefox.exe
PID 4328 wrote to memory of 992	4328	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\main.dfb"
1⤵
PID:2768

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3644

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\main.dfb
2⤵
PID:1768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.0.1283008897\243386487" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fc8f183-7673-4f95-aea8-0b231f6273dd} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 1764 185a1ab3b58 gpu
3⤵
PID:3820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.1.789165427\1786333655" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91113b09-26ff-4278-a089-6bc20c93836f} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 2120 1858f76fe58 socket
3⤵
PID:1672

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.2.2135699326\1103522451" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 3024 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd7c2515-7944-4ece-aff1-cd33c59b1db4} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 2632 185a1a59758 tab
3⤵
PID:992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.3.1228247756\1794350928" -childID 2 -isForBrowser -prefsHandle 3400 -prefMapHandle 3396 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb9d3fc2-7d1e-4eee-8fd1-5984fea157c1} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 3408 1858f76d658 tab
3⤵
PID:3416

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.4.941191951\2078417239" -childID 3 -isForBrowser -prefsHandle 4332 -prefMapHandle 4320 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cd4f779-0639-41b2-88b8-ccca046c90fb} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 4344 185a7b41758 tab
3⤵
PID:4476

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.5.1365594932\1110710894" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4888 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db193c27-868e-4d84-ade3-14acbcdad8e6} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 4900 185a7b43258 tab
3⤵
PID:4608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.6.1490303401\2026609610" -childID 5 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cffb31b-ba56-445b-b7d7-26d77de9bd6e} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5032 185a856bc58 tab
3⤵
PID:4180

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.7.1193335824\1248619049" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf381793-856e-4d67-a7f6-9bae0949216a} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5232 185a8569b58 tab
3⤵
PID:2284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.8.1126118609\881657846" -childID 7 -isForBrowser -prefsHandle 2944 -prefMapHandle 2664 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6640d234-6dfd-4a18-8d7c-49a7e7aa2822} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5488 1858f767858 tab
3⤵
PID:2424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.9.1034881866\1601125052" -childID 8 -isForBrowser -prefsHandle 5552 -prefMapHandle 5548 -prefsLen 26328 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {941ca2ea-b553-490b-a64d-c6f6430689e2} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5564 185a7fb6358 tab
3⤵
PID:3532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.10.1925352260\1885491102" -parentBuildID 20221007134813 -prefsHandle 5692 -prefMapHandle 5684 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b803f950-42b4-43ad-8210-04bea6ab07a7} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5780 1858f762e58 rdd
3⤵
PID:3092

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.11.770556760\520257173" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5752 -prefMapHandle 5764 -prefsLen 26328 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4347f184-f17d-4096-8a2c-90c2f208fe43} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5852 1858f76ab58 utility
3⤵
PID:4740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.12.1361757281\2022549700" -childID 9 -isForBrowser -prefsHandle 4664 -prefMapHandle 4636 -prefsLen 26768 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef822a0-b92a-48d3-a34c-0428daa630cf} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 2664 185a96ce858 tab
3⤵
PID:4860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.13.1509250468\1190218926" -childID 10 -isForBrowser -prefsHandle 1316 -prefMapHandle 3792 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f61e4771-b42d-4736-a605-62b661b1598b} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5420 185a7fcd158 tab
3⤵
PID:3112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.14.39818225\1898036117" -childID 11 -isForBrowser -prefsHandle 3908 -prefMapHandle 4704 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a23ccb5-f4fb-42a2-9b32-4e4eba90d6e8} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5428 1858f765c58 tab
3⤵
PID:1192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.15.1056461831\1296660686" -childID 12 -isForBrowser -prefsHandle 6528 -prefMapHandle 6464 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d0f8d00-f2b6-47f4-863c-65d2363b004c} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5420 185aa9df458 tab
3⤵
PID:3644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.16.444295863\315070399" -childID 13 -isForBrowser -prefsHandle 10660 -prefMapHandle 6512 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e25c694-bf31-4b60-b030-d6d22ef53820} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5572 185a9807558 tab
3⤵
PID:4204

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.17.1876468354\1696143844" -childID 14 -isForBrowser -prefsHandle 5620 -prefMapHandle 6400 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e8337c8-a17d-4a99-9a6f-a683a08e6ec3} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6296 185ad3c3058 tab
3⤵
PID:5036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.18.466774308\2077175293" -childID 15 -isForBrowser -prefsHandle 2512 -prefMapHandle 6160 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d6647de-8dd2-4d23-8e2a-e8fd69bb7095} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5432 185a97d5658 tab
3⤵
PID:4628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.19.233075473\1597368957" -childID 16 -isForBrowser -prefsHandle 6160 -prefMapHandle 6312 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4021f6b-a408-4f8d-8aab-6bed12c018de} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 4708 185ad985c58 tab
3⤵
PID:1120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.20.1901216773\860152449" -childID 17 -isForBrowser -prefsHandle 10540 -prefMapHandle 10616 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d25702b-0b72-4550-8176-3616b3ab337c} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 10552 185ac168958 tab
3⤵
PID:2704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.21.972904493\2031082489" -childID 18 -isForBrowser -prefsHandle 6572 -prefMapHandle 10588 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a9d78ec-7183-417b-b8ac-45a57f404ec3} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6548 185ad9eda58 tab
3⤵
PID:4404

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.22.1979375060\769720591" -childID 19 -isForBrowser -prefsHandle 6080 -prefMapHandle 2568 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91ee5edd-3cc2-49f0-9004-5392f6290146} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5004 185ada07058 tab
3⤵
PID:1960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.23.1397983744\1111949357" -childID 20 -isForBrowser -prefsHandle 10248 -prefMapHandle 10244 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0589a32d-868a-4bd5-a48d-4638ecf8c817} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6732 185ae562658 tab
3⤵
PID:3832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.24.724621394\1928712935" -childID 21 -isForBrowser -prefsHandle 8524 -prefMapHandle 8532 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae7106b4-8192-456a-8fa5-c78cba48b124} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 8516 185af22bb58 tab
3⤵
PID:1100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.25.473267385\288631564" -childID 22 -isForBrowser -prefsHandle 1296 -prefMapHandle 8568 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3e05f03-89c2-45da-b72e-565e3f4807f8} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 10384 185b07a7358 tab
3⤵
PID:5676

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.26.763582850\191087447" -childID 23 -isForBrowser -prefsHandle 8684 -prefMapHandle 5524 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57437752-6174-4ee3-aa69-3e0ece706501} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 2560 185b023f758 tab
3⤵
PID:5336

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.27.1063056664\1039969241" -childID 24 -isForBrowser -prefsHandle 4100 -prefMapHandle 4380 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9315121-8bc5-42b5-9dd7-3a6aeb778086} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 10428 185b03a9558 tab
3⤵
PID:5344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.28.987347418\1882350149" -childID 25 -isForBrowser -prefsHandle 8196 -prefMapHandle 7568 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9469a77b-70a8-4736-b175-6dd6f579ebf2} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 8144 185b05df558 tab
3⤵
PID:5660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.29.1722698071\1238965247" -childID 26 -isForBrowser -prefsHandle 6716 -prefMapHandle 5176 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {66374f47-7602-400c-b4c4-6b1666732d6e} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9812 185ad559558 tab
3⤵
PID:6004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.30.625111228\2076912613" -childID 27 -isForBrowser -prefsHandle 9844 -prefMapHandle 9852 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1f5b59e-36bd-448c-9ccd-b2168e3dcc93} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6696 185a719ac58 tab
3⤵
PID:5804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.31.630643689\1757344538" -childID 28 -isForBrowser -prefsHandle 8420 -prefMapHandle 4456 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23c32e8d-6da0-4e4d-8028-8bc2ec6e176b} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 10128 185a96eea58 tab
3⤵
PID:5956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.32.494426320\402389263" -childID 29 -isForBrowser -prefsHandle 8072 -prefMapHandle 9688 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25024ca2-c7f8-4b18-92c2-5613f4c93322} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9660 185a98a1058 tab
3⤵
PID:6012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.33.1071073421\518270557" -childID 30 -isForBrowser -prefsHandle 7796 -prefMapHandle 7756 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b508527e-2d28-4144-bafd-af962a824c30} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 7804 185aa2a7458 tab
3⤵
PID:352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.34.237469781\979805023" -childID 31 -isForBrowser -prefsHandle 7536 -prefMapHandle 7532 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5ea733b-2567-4f73-be6b-bdca53dd0bfd} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 7488 185ac2fcf58 tab
3⤵
PID:5536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.35.1828581209\1323507274" -childID 32 -isForBrowser -prefsHandle 9444 -prefMapHandle 9440 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd99ddfa-e698-4cab-8490-3f46dd0e7bbe} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9452 185ac32a258 tab
3⤵
PID:5844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.36.188805372\924600043" -childID 33 -isForBrowser -prefsHandle 6412 -prefMapHandle 6616 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b52202e8-e80a-4d54-afae-8b5bf92e410d} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6572 185ac375558 tab
3⤵
PID:5548

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.37.597000313\506198616" -childID 34 -isForBrowser -prefsHandle 9484 -prefMapHandle 9488 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {89520431-efa9-410d-bc8a-91eaffb3d0b4} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9264 185ac372858 tab
3⤵
PID:5824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.38.1975648473\2146059679" -childID 35 -isForBrowser -prefsHandle 7428 -prefMapHandle 7436 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0e23171-7f3c-4894-9ab5-bc1e778c2642} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9268 185ac374358 tab
3⤵
PID:5864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.39.355387200\679823805" -childID 36 -isForBrowser -prefsHandle 9032 -prefMapHandle 7412 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48a8f06e-2f72-4361-8438-4a9c7780e74a} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9044 185ac375b58 tab
3⤵
PID:5532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.40.80597338\863702036" -childID 37 -isForBrowser -prefsHandle 1312 -prefMapHandle 9020 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f961dee1-8970-4cab-9c20-32a16297c642} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6932 185a9809c58 tab
3⤵
PID:6188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.41.438604776\2083164436" -childID 38 -isForBrowser -prefsHandle 6656 -prefMapHandle 6660 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc6932e5-3fd0-481a-9564-4b23eb48c6d0} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9228 185acdbbb58 tab
3⤵
PID:6224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.42.1818051710\1724543330" -childID 39 -isForBrowser -prefsHandle 9204 -prefMapHandle 9200 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6eb1e9f8-e55a-4b02-98cb-8f972420ea2a} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9380 185ad04bb58 tab
3⤵
PID:6248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.43.183460309\1686757140" -childID 40 -isForBrowser -prefsHandle 7116 -prefMapHandle 7120 -prefsLen 27486 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34a10f61-3a00-4bc1-85e2-e908dda6c619} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 7104 185ad04be58 tab
3⤵
PID:6256

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:7980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.44.399059033\739081435" -childID 41 -isForBrowser -prefsHandle 10616 -prefMapHandle 9908 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5f4d808-781d-42df-841f-2d9501e213cb} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 9916 185a98a0458 tab
3⤵
PID:7320

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.45.285942981\2109310816" -childID 42 -isForBrowser -prefsHandle 10828 -prefMapHandle 7280 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ff0e98d-ed76-4645-8e97-305645daadd7} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 11376 185a85c6858 tab
3⤵
PID:7624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.46.545528314\2027940364" -childID 43 -isForBrowser -prefsHandle 5868 -prefMapHandle 8696 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9bb97f7-2806-43c7-8b77-59f4b3e3b296} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 5656 185ac507358 tab
3⤵
PID:4972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.47.1933034373\216021103" -childID 44 -isForBrowser -prefsHandle 10292 -prefMapHandle 5408 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {090da9ff-8594-4e55-b146-8017fc3026b5} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6732 185ac508858 tab
3⤵
PID:7692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.48.782724039\10304991" -childID 45 -isForBrowser -prefsHandle 10724 -prefMapHandle 9380 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38baf5c5-5146-4979-8e46-22e4f5e2ed12} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6672 185a9808758 tab
3⤵
PID:7340

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.49.2002612307\1511773775" -childID 46 -isForBrowser -prefsHandle 10684 -prefMapHandle 2576 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {49ca9bc7-4363-4fe2-b31e-664d47e46576} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 6468 185a9856258 tab
3⤵
PID:7348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.50.2808267\1115219497" -childID 47 -isForBrowser -prefsHandle 6488 -prefMapHandle 8824 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5aca9a4-b42c-4128-a5d0-ab841eb07e51} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 8828 185aa955958 tab
3⤵
PID:4028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.51.1770585776\1721664592" -childID 48 -isForBrowser -prefsHandle 8388 -prefMapHandle 11284 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f38914a-e75d-4cdc-82f8-af62079113c2} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 11332 185ae0f7858 tab
3⤵
PID:5032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.52.1747351867\1544112765" -childID 49 -isForBrowser -prefsHandle 8712 -prefMapHandle 12576 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ac2657f-f241-481f-a404-75609fb2ca8b} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 2688 185ae2b8d58 tab
3⤵
PID:4720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.53.76262420\2095179900" -childID 50 -isForBrowser -prefsHandle 8812 -prefMapHandle 8716 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9038f78c-0feb-46eb-ab56-b0e1188cd7cb} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 8724 185aec44458 tab
3⤵
PID:7364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.54.1099839319\1240458513" -childID 51 -isForBrowser -prefsHandle 12256 -prefMapHandle 12252 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a175ba6a-2f7a-47f6-93da-466273328afd} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 12264 185aef43058 tab
3⤵
PID:7532

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.55.584916225\284099041" -childID 52 -isForBrowser -prefsHandle 12720 -prefMapHandle 11936 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec1d6ac-5089-4bbe-8021-1ad16ae12dd1} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 12820 185b09fa658 tab
3⤵
PID:7556

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.56.1740800185\129790455" -childID 53 -isForBrowser -prefsHandle 4708 -prefMapHandle 6676 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e78ac55-b291-44bf-9102-b31dd0305e60} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 2944 185af22b558 tab
3⤵
PID:8060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.57.1476043799\528928282" -childID 54 -isForBrowser -prefsHandle 10772 -prefMapHandle 12000 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd7e792-d1bd-41bf-a899-b282ee0d318e} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 8604 185b3859a58 tab
3⤵
PID:6400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.58.1070832837\331725177" -childID 55 -isForBrowser -prefsHandle 12756 -prefMapHandle 12588 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {525d50c0-716f-4e17-8eed-ba78b22acc57} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 12628 185b32c5958 tab
3⤵
PID:7280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.59.901935517\1273591821" -childID 56 -isForBrowser -prefsHandle 10660 -prefMapHandle 11300 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e22a4d88-4cbe-4f6e-a93c-cfba8c109562} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 8716 185aa408058 tab
3⤵
PID:3972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.60.708892874\117964875" -childID 57 -isForBrowser -prefsHandle 8584 -prefMapHandle 12368 -prefsLen 27591 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd62d05a-0f49-41b3-a2ba-f352596d9435} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 11868 1858f72db58 tab
3⤵
PID:6716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.61.1136750541\1312177256" -childID 58 -isForBrowser -prefsHandle 8712 -prefMapHandle 6468 -prefsLen 27600 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f25f1601-a93c-4f0b-9eae-8c01251102a0} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 11344 185ac14c858 tab
3⤵
PID:7140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.62.2062389278\1341306546" -childID 59 -isForBrowser -prefsHandle 12588 -prefMapHandle 9488 -prefsLen 27600 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ec2a161-4144-42ff-a5a4-7c460f07b552} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 12952 185ad89d858 tab
3⤵
PID:7436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.63.1004465402\909723823" -childID 60 -isForBrowser -prefsHandle 8416 -prefMapHandle 8712 -prefsLen 27600 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d99d3299-ed4e-4029-b910-4124ff56c0fa} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 12128 185ae755c58 tab
3⤵
PID:3980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.64.115296816\732970655" -childID 61 -isForBrowser -prefsHandle 12560 -prefMapHandle 11808 -prefsLen 27600 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {42ea1965-6a7f-4822-8874-f1279129eed3} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 12556 185a7b43b58 tab
3⤵
PID:5208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.65.1102073409\1768801309" -childID 62 -isForBrowser -prefsHandle 4880 -prefMapHandle 11468 -prefsLen 27752 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f25aecc2-3d61-44a6-a72b-10128a438688} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 4884 185aa873a58 tab
3⤵
PID:8284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4328.66.1428752319\661516861" -childID 63 -isForBrowser -prefsHandle 11944 -prefMapHandle 11428 -prefsLen 27752 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {19e59950-a208-46b1-a6cc-6207cbf7442d} 4328 "\\.\pipe\gecko-crash-server-pipe.4328" 12084 185a97a2e58 tab
3⤵
PID:8504

C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe"
3⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Modifies registry class
PID:8888

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2900

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:8188

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5212

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:8224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:7876

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:8640

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap2474:92:7zEvent15322 -ad -saa -- "C:\Users\Admin\Downloads\maizu hack v1.4.rar"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:8688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:8792

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\maizu hack v1.4.rar"
2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
PID:8848

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
3⤵
PID:8920

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=310481FA229ECF78FAA7CDE9149A8C4E --mojo-platform-channel-handle=1604 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:2312

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=0F1C2E591BEB18499A904797DE77B60B --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=0F1C2E591BEB18499A904797DE77B60B --renderer-client-id=2 --mojo-platform-channel-handle=1612 --allow-no-sandbox-job /prefetch:1
4⤵
PID:1548

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A7332DED9781D22A89D4C63B694EEF39 --mojo-platform-channel-handle=2200 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:9168

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A41D75671CAC3C2FA674733832D442BD --mojo-platform-channel-handle=2384 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:6604

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=992F55CF9F3F53FD6E52FE6D58D5FFEC --mojo-platform-channel-handle=2304 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
4⤵
PID:6688

C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe" C:\Users\Admin\Downloads\winrar-x64-701.exe
1⤵
- Executes dropped EXE
PID:7792

C:\Users\Admin\Downloads\7z2407-x64.exe
"C:\Users\Admin\Downloads\7z2407-x64.exe" C:\Users\Admin\Downloads\winrar-x64-701.exe
1⤵
- Executes dropped EXE
PID:8472

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:4036

C:\Users\Admin\AppData\Local\Temp\7zO4CFB5A29\maizu hack v1.4.exe
"C:\Users\Admin\AppData\Local\Temp\7zO4CFB5A29\maizu hack v1.4.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:8252

C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
3⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 320
3⤵
- Program crash
PID:8384

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:6812

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.dll
Filesize
1.8MB

MD5
0009bd5e13766d11a23289734b383cbe

SHA1
913784502be52ce33078d75b97a1c1396414cf44

SHA256
3691adcefc6da67eedd02a1b1fc7a21894afd83ecf1b6216d303ed55a5f8d129

SHA512
d92cd55fcef5b15975c741f645f9c3cc53ae7cd5dffd5d5745adecf098b9957e8ed379e50f3d0855d54598e950b2dbf79094da70d94dfd7fc40bda7163a09b2b

Download Submit
C:\Program Files\7-Zip\7zFM.exe
Filesize
960KB

MD5
79e8ca28aef2f3b1f1484430702b24e1

SHA1
76087153a547ce3f03f5b9de217c9b4b11d12f22

SHA256
5bc65256b92316f7792e27b0111e208aa6c27628a79a1dec238a4ad1cc9530f7

SHA512
b8426b44260a3adcbeaa38c5647e09a891a952774ecd3e6a1b971aef0e4c00d0f2a2def9965ee75be6c6494c3b4e3a84ce28572e376d6c82db0b53ccbbdb1438

Download Submit
C:\Program Files\7-Zip\7zG.exe
Filesize
691KB

MD5
ef0279a7884b9dd13a8a2b6e6f105419

SHA1
755af3328261b37426bc495c6c64bba0c18870b2

SHA256
0cee5cb3da5dc517d2283d0d5dae69e9be68f1d8d64eca65c81daef9b0b8c69b

SHA512
9376a91b8fb3f03d5a777461b1644049eccac4d77b44334d3fe292debed16b4d40601ebe9accb29b386f37eb3ccc2415b92e5cc1735bcce600618734112d6d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
14KB

MD5
1aa369e79ca29f0685df7d9196f6f715

SHA1
b3beafc81db03ccd1725094a47b963c27bf9d52e

SHA256
813757f058625f845b855576eeaf3fabf93255253debb2ed475447b8de01a5df

SHA512
5116d3aac6366a67ac3e5cc59e7346b0d0482932f49b2a73885aa3cedd9c6cb1ceeadac361c79d23f653407a4e5dd97ef3499b6393dc0395301e448a67cecbcb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\10953
Filesize
21KB

MD5
35977dc969aa086890094a99b51bba48

SHA1
37773a1261e6f5628af871b11e56c050fb86b330

SHA256
b498c0427adea966b55ae457179e539a013c1ece0732d373c7637dff658744f7

SHA512
bef506f1a6b769f01455598d867b56bd97780a6d44798e6d7fc6825fd6d33bccf3e8cfadd4a11a90b4f932131bd8b39ec17c4278a1dc4fcca58ef4878592b57d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\12858
Filesize
8KB

MD5
0a1e99cae1cec019cebbb4f0e2253c76

SHA1
9e203e3a4eae7d2d5222c740a296da48124cf8a4

SHA256
26247e31cf8e768a2a8cd910724bc06af2c1dba51327997bbabd7ee3fcfad630

SHA512
39bcc5a4ebb1e585837bf63fd26fbe6a25b1b9e8d337ddc4f3870c090d5c22ec91d9548df817b9223c157081def5e884eaecb36c083de15da1234ea96b1b70bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14003
Filesize
8KB

MD5
4ac7abe39ab987c718f9a93103a368b0

SHA1
fe6ca97b17205ac7261f9ba2ef8ada10e87847b2

SHA256
ca2171f4ac6be341f9fe761e693490530a484f42373b56d3577338e431ebf43e

SHA512
5291c67b8a40fbebee3e77092ac8e997e612fd592a3d535e07f98aa8538e2789ff1c8e4ca2ba9a1709de1dc96fbe58849e1741da0c0e2d9688e7e3ab13fce4f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1501
Filesize
14KB

MD5
b2e81d16da05166cacd7eccdeca2376f

SHA1
43eea2ed36b19738f9efa1a6910e670dbe0e39d7

SHA256
dab770639890b3739c10987cd35c15ee194c8ef7e18afd0180eeb6d0511f3e80

SHA512
96769125ab80502c7387ce248ce3e341aff7fab6e394029748ac2492b893aba6fbb59e9e9a3b1d020ed53d95926ffb77ab1e8f174025d28baa80aed42395be0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\1588
Filesize
8KB

MD5
82ea505fd19d2a1a111b833bcbda0acb

SHA1
6d2054d651eb1ba1980bb0591c78c21bf0441720

SHA256
8210be2076d8ea4f328de42cac6bbc11757f8d261b53ae89e1b12716a17985cb

SHA512
e79974ff097f82d600ab8ee76e6c156c8fe6b4598ef069afe2704d249e5962692a28a3c0dd1a50d52c883b8d7a98f17ba94e2d8455ca67c7912a3fecbd2751f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\15880
Filesize
21KB

MD5
0de672d643d95dfee954628172de3d65

SHA1
76cc684e57c8ac6f3c5bad673c0a7a5d82586e7e

SHA256
eea6e24135e652ca2da83a323dabb7435689e08c3d473076e0dbaf0b5143b893

SHA512
d2f2ef9c92cda8d042de3d94c6d9254b038a83ebb539b1961571117017cbf4d1175bd4482a9c685e7a3f2ddde7b383d6fb24375af0a5cfdc0776afe207896e60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\16070
Filesize
13KB

MD5
96a166ed3e86012d8a43a03ca13d4cd1

SHA1
3f8a69df4fd787f38d3d9ed85d5cc822f1cdd9ef

SHA256
3648d89aeda9a6d3ebbcd355d64168d7d7a0bce4644c7e093240f699cc8a36bf

SHA512
bfbb8bcf83634840322d0ded77c46590c8e5f34f2ba62a1a855b30e89cce62c86e510a42ccceb91c13216f3e8f13bf6b78fe9d24a0e0773b73b3b778e71d2780

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\16096
Filesize
15KB

MD5
e9d4364c2c8a08520d2966d8d91a02d4

SHA1
f5cf8a2fbc70a569874c2aa81c584a2798939d82

SHA256
402166ea2bfa4b686472d1125f8d097f70d04c0b81eb548275bb871020acab25

SHA512
2e2d08b9ed806327860837827f9d15dbcdcd1220c241087b788ac537bf57d49640b6839a094e75c5d43f6b369e6133f5632b7d7be88b9c41ad480f36e5e606fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\17513
Filesize
7KB

MD5
ae424ebff60e52d4c21a77c26710e0e8

SHA1
b4fdb9bae1e1a748b4153341717811d162e204f3

SHA256
80a4c619df317957135e8ff8e9eb6e7a0dcb8d208ccefaa6e53ae577b24868bf

SHA512
0bacd232d8ecaeebdbfed8c8099b21aaed7c946b6c970b08422a0b63b9c8ffcf14f5904677be9a7c4c452b44a8b071378504a3ec06406e7c296dfed9e1e83625

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18725
Filesize
7KB

MD5
52b7cdb41f91f3b4a7a1e3448afabf9b

SHA1
d8c044317859ec890fbbeb76f82c48a0d044ad2e

SHA256
1b488676eb75c3e94c373c2edbdf7da9b122ad307beb9af493b1ab95eaf01c31

SHA512
0f4b854f9f4f49811661c077b8b7e75499a976ae4308fa08567be78c3e7dba62a9a633b241d61ae8518b1a21d3eccea9792e610fb378ac4f102560b29b212dcc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19127
Filesize
21KB

MD5
c35d7da00ecca81e505350421f19beb4

SHA1
f8e4e2994c5ea52441b438be2d783ec837d25c48

SHA256
2a5bf4e07aacd3a832674ac55decba742db4e2d774b11ee0edcda1a2b810c0ca

SHA512
f4e54f65703f7ea3be624409d9e10d1e7d7caf7315ee37380f0b6c5eb4da7f5bf4c5b7617f2c99ea5cb49e952c7b4899d0144a965d6dafd351a98836ab65c8cf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\19919
Filesize
7KB

MD5
225790091b26fdb44e21e043886a8c45

SHA1
b9c44aa6a78edaef80d8575ccc6536ccb65957bc

SHA256
6f3b38009bc7002c586ea66b9b8460c32885efeae11084cf90ca5e17e36b1b0b

SHA512
abd44a400e38923f2431e0aaecf945c6581b73c2c3fcf1df79a064a604655db8a8123fd0ed50422df0db228e130043b1f3d9e5c20a0eb95c41a85c8369556999

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20297
Filesize
21KB

MD5
707e93b48d812222cdf016adaf7b1428

SHA1
53900b730ea1f358e729900e2673d31f18e0d179

SHA256
442fa785c23ce3db0aed8b290917e0a17e74729dbf209e7695b9d0369cb80b0b

SHA512
02324153f812f5dae9a5396cc0234e81b230192dbecec1a2ef507290205cf14447d8ea7f691dbca7a2f2b2598a6058d9af5f9b0b4bdc2120a6d976b273ebd431

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20820
Filesize
21KB

MD5
8ed2085fcf925f30e60bc9141d790641

SHA1
1b3ed6d15b4a59459da81039bfae82949211e941

SHA256
d586b062e36bc779c7da37a78f69f1394d0c29a70e80f61bbbc35592c1f5e137

SHA512
bc52750360d7c211c70791e1073fe07f2d96430cb11544370376d5834d8c4c8fdbaffcfe9b9f6e8d2279e75f35c7cd3f48d5388d9c3a631e5a313367627d2f07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21684
Filesize
8KB

MD5
eea07279ad2963d5dd696db3b57c013e

SHA1
7ecb57bebae3432b29e944f9c347b355588af8c0

SHA256
87239cf979e8745bb1e1d3f8fbfa2fc727c076076d89f2ef5e7baf456b388ae4

SHA512
877849eacf4efa5d4b9642316b9f1c99209e5e532c76a875541a43087b3083b3647419b6978efb357bee22b67fc9fa01a932aba64bbfa3e574dddee2b0681900

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21842
Filesize
21KB

MD5
4009927f393d2c9a3188078bf61732e5

SHA1
15c6163ad86b733b3028423879840b02e9062f2e

SHA256
c7cd0c200e062c3c7e8c8e4645197ffda470f8658cc8180afec99a542ab77c2a

SHA512
ed0384ebf6827b0c0fb62be6bca3194f9b21c7257ec2aceb0b59c369693276d3df7a74aad8ee0357fe4d376325e219f56b496583d5527c4413fc9fd0eb762fbf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\22435
Filesize
20KB

MD5
6029bdcbda6572274a838a545e1eca45

SHA1
1e859d9a5cf0343ac2fad6320f4224f1ff0d4964

SHA256
cf7d993c376d9d0f121936b0cef32ee7139e9c2388ec4c17d0793bcbf521b3be

SHA512
5e6da4d02dc90ce7d1b4ed713c15895a18af1744a0b670f0d69452d71ed8244482b215c0862258745f3fdd118460f890ac9b1c3e83a83f592d12089e8359a602

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27476
Filesize
20KB

MD5
b086b2927b8d9e944e4c35fe9d2a8faf

SHA1
5b43e802bb4a3e6f3ee8b5a2fa1ea829574bfa4e

SHA256
d48db61e4a270f30c862a7a6306265479dbd532317fdc23cefe3ce76026e5692

SHA512
4ee7d7ab1818c5391df4d20dc4cb44af9a25de1e9a89b8e0b5342945e9c6e4d9410b48d60256769ef329b25682750019c75315203ad911e01c9f0edc8aac137b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27848
Filesize
21KB

MD5
9b1406dca4f4cf897e9d1434f9e88aed

SHA1
0d7ab41ad13137833a4dc64b26245656755ae2df

SHA256
b6aea1886a2b272cf1b358d343a450693fd73bfd322dc846be637967dac552a3

SHA512
d7977723a766d0babd9c166d59ea90ffd6001a799e3c10bb077cdd952c7c91fde1f4d383ff8c5c0f8053488a87d2e688805eb26fb966ae4fd75568116ce357f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\28521
Filesize
7KB

MD5
2c463b31dcb031ee04fc1680853d9156

SHA1
a964c29811d6c97c3a24318da9905a775d0f73f4

SHA256
bf52e0ea9441e1759c5a0555f080de8ad4fc03ec15db3acdeb061faf5ff7e233

SHA512
5748821317b598d426ecc374513d7ec07804d29c054d00bf3871dbcdeeb10a5ffbd91046a41e047bbab6f98b62a73d30a418c95a66b46e6bd24d1aced4ba2c2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29131
Filesize
21KB

MD5
1a26e4f9257cadec9e2b709f79efa469

SHA1
40bf2fb7d25691e25772a514c4ce4791145c2056

SHA256
1223b101fbc6a3297f2551bda1dd21ad8d1c97f40d30a79fac0abe41fd95ac3d

SHA512
b5930ec3b52c2558a6cc71fa48441a1bfb6ee7aac8795ef7b497f9cee3f086fbb3cdcfd24041ee5ea0af92ffad82b84987c520c7f83b5212e23568addfcb0e68

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\29950
Filesize
21KB

MD5
e47856c918d679639c49437301f243e5

SHA1
d864853533b694ce84b9d98230ac449cd36059d3

SHA256
74c37c8453027bfc8575d05236985b0a8ea6baa2afead0ab98e2382cdffb71ae

SHA512
aa4d046c103902dc83c0d03dd333e469ea8fb9cd7d65c1a37bf1d5276643960a284dcc896d5bc27fd811cbb84c681690e6cbbb54c5da4821c1ae8bb4946f842d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\30899
Filesize
21KB

MD5
4ff6fee173b30bd5f12783aec62f6844

SHA1
82b4de777daeb04b36c69d99e9dd29296a5efbc2

SHA256
367b8d1fd58fc6b602b6d7adfc85ff41f5f653aabfb46fae5b6ba637cd5cbd83

SHA512
4b002fd501f1dbf223814bb172832f270e8450dd696e234563ad6110d8f158541cef40020698e3d4012603caa66564bacbff16276c8d657fe7894fb7f8af1910

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3538
Filesize
21KB

MD5
56cfa59af2696a07ec8718a54915b9bd

SHA1
e9d4ef2c1959c82d1586ea539913e347e35722ed

SHA256
4c42fd4f3917662b10ae4e59f8c4813c8a25876e64d4b44ae4ba52823ed61eab

SHA512
f34f185fbbd24c9c14a6e068b526614e896202f4b3d53898027bf7063b30778b0a622592200740cb90d08b7585e64a03ddb3eff6ea31fb780de37e123f65dce8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\3808
Filesize
7KB

MD5
96ff10a64a98f845cd17987a9c2144c6

SHA1
4bf0f331c3bb5b458e7f41a318730dc2e9dd0d35

SHA256
5b0d205c90874333e5d51dd7a188f402cbb7ee16f0810d119473476a51c0a8e0

SHA512
8b415cc58932d20b50307246a18269136635676da450c8d61d19b757eef7c072f0fd7a011f31fb0ff386277e9037942ab65c274543e9665f48eead9166091cd2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\4650
Filesize
27KB

MD5
237573946730387e0d58d8aae3d95652

SHA1
00a0e6eb5dc6f5b45c0a00af7792c5d4b6e9c30a

SHA256
bcb8e4080cf407690fd9eb4089eed5761da13185b1496ea1f36ad94300f2482e

SHA512
583f1ba9421fd45efa34af3a47b9de70b04e8d4350bb97d7d530a0cd6019a5f07576336feabf62535ac10292f680c196b90f9d369f82e0a5cdec068b1074f8c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\5359
Filesize
14KB

MD5
884b9911bb6dc969e346149150a5a611

SHA1
c8eeee89ace5f5663908717bb8843cfa065a1ad3

SHA256
6a5198f4cc1805babba121db110871082ca19e87281676499a057362bb5431ac

SHA512
8e48ef00f15343427c88bb0e22624d7ee93069e138c1c62a258f902e6fb323c7d6af84f4d9c1b05aaabbfae2a64ad4b2851099f4ffefa1a207b4dc45788bff08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7107
Filesize
21KB

MD5
11622fa3ec4ab83a1d6b09ff1d9c3ce7

SHA1
95ef4b09318e734e3f4bb1cf390f3d03b82defee

SHA256
beab9e94c5bec2f1fb5ee670c9b0cdad5cc38e9264882abef53b575a4783347a

SHA512
b626a2360d6654fccbb771c33091459b59078621178a63bf92a39fada5021ab796d73c5581f864d88348d17cb8b61694c68b1d6210753a7bf0bf3df5dba16cd4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7491
Filesize
8KB

MD5
7e603989d2532d29db5eca50a077bd18

SHA1
fe21faf1a1a19d62330d3397e9a9972fc484ac48

SHA256
9c61ca8f6925fdd71d28d79176e3c8f211b6196986ff15930c5b7d28f3f271bb

SHA512
31d624b402bfca99f21663716a35db47028e35ed0e93be3851c3ad2be02253de48aa8efc69c6cfa7d76b1377346c2da8dd34db6a58dc5f5062c64397408f2414

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9180
Filesize
21KB

MD5
12cf814e349bc367477749e7a5ef31ed

SHA1
530921b993e9f28f9aa4e905f63205c9e19424d9

SHA256
26d564777a689f5cbe0b1ba531340145ceb096423a37597588a574a14b2e9a04

SHA512
390518e089218f478d854cdff868c11799069deb0b600fd979a141f611748eb7820b27e8097703c2aa90f585df825d919de1c3d33d913c4698b344ac16075f09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\9204
Filesize
21KB

MD5
591dab149d8ee01d0c6c2217cd255392

SHA1
82408691b50fa74c27c48190a6546523ce8366ab

SHA256
60bc6dbbd84c2b1847c0ab7c9a73309703579ceef689fed8112f99f2c00badc2

SHA512
24e5b2721652e1c5744450a8295d41541a1bb4756d261fdabf1b67689356cedab98a0c76674d7ad75dd8aa749e7e31f462b8c77dfb1faadfa292c228cf104ef8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\042A8351AE757996F2DF68E169AE6E14A417C96F
Filesize
176KB

MD5
fb02cc94260cdd7ddf271355ae0491b2

SHA1
efaf024fc71ce9e5183939c92acb629bc8de1596

SHA256
f909dd9960e5bc730c5677c9dfd8074895ca8704e507b13011850dcaa8672c91

SHA512
1aec4698e5496ef432655d3d471f3d12adf1292ab50a67fc2061ba1cbe872ad433b88f8561232c2511d551e92b8782e45afdbc0b4315bee5bc817f5e5fb63c5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\0EA04E629B83B889CC605DD2A100E279F24C6AD8
Filesize
83KB

MD5
f6d813fde6039c19228fa9fd327cd745

SHA1
7a87f924287dc302205c3ef59430ca09a8ca9063

SHA256
470c2b880658a122ded37dd75f9d937551cfedb21609ccba3ddc1372efd2974b

SHA512
2a3639f7b46cee8fc201e15e447f5f9c91af12c5ee14c81c453b9d965d1444cdcb507abdcd0bef9de34ca9df15e1450ddc92765945d6e1c8f76c5c96eac97565

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\1331E22514F2B9D2713CD18073EA482CCB383695
Filesize
72KB

MD5
189e3b6577aa125b7ed1155bbdb9dd42

SHA1
addd31c4fcad3f9fa892abb410b506ec955edc9d

SHA256
0062a3a2a2962c03e05479301d6db51e8ce0983fd1c3218c3d396e974775ec11

SHA512
d994fba412777ad347593f13154cfaa4dfdf2f6b5298da598f6e72e952570ed64b57da8dcce1a2f009ac896a53cb95da3437fbea8534c19541e18a6a52b16db9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\14BA9FFE905D4E9B097252889727A7BCE84471AE
Filesize
2.1MB

MD5
e7309b64b7b2e9a839c8f950103ad72f

SHA1
aa38cfcce5d4bdefe9d1604601241551eeb4c61e

SHA256
639e217674b81849347292dd3dc24f14a1d3e196cd6cbdf3d0dd3796c757eeaf

SHA512
294d010871f4a2776238dba32fa4a574fd736943359742dcddc2fd5a4dcc1d048dd9193d3c85cbedb97aff43c9fc57f0fbb01d769ae92001129f904be3118968

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\15D110973B675A3959C048C1A844A2000695B978
Filesize
14KB

MD5
8f7cb8c3a845e92a4f06bb5ea9a8c688

SHA1
2eb5dbd24eba2fea15462898cb5605a2d6847a14

SHA256
9396d986b4f3d29a90862241f224acb977bd96c91a9f0bb789d17412deaa206f

SHA512
02b86ba573fcd1b94640df3d84c3822a710b5dd270631a61a0aa16f366c9d27d18a8f17a782d4e0dabfedb53c9379f0ffc654478c28a45482c44782f2ca28883

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\21B7B3522872C79D9CBB4FB1E286ED4B540E3157
Filesize
121KB

MD5
a5251eb80d4c0e8582f6e9e417d7bab7

SHA1
2d9fccf24aaf828aab560b37ac3318f4c2716d65

SHA256
83dcecda7ad1a6155ff1fffe29d265e8cdf5271fb1398c4a35e4144bc7e20afe

SHA512
876c939c7a5fc92c9a5b81e18c4b16c3d8e40d600a2222f16009b4545b3e3e23de1a8b80e9b43e767e5700058dee93dd808cce55cfe8b9ef18e2351a9590344b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\278C7D5E2D12984DAFD1C90AEA7F01A20C5DCE84
Filesize
14KB

MD5
54837baaf9f4ed4b825979c2182009aa

SHA1
df7dc95cdefc83a6f90ed4882e18209f2227e4f9

SHA256
ed50ede3d3608ded1f5f2c56c3ac4b2fe03da9d8eeff4e916f1d1d1fc4e9cc47

SHA512
e17b092124d8553ba18f6cce8113d185f0d98fb17893f209d89d609d61e26ebff3e7bb0d4382d8d3fdf25c59e36fa897c39f257daf6a723e677aa3bd4225c428

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2A867BE8CDDE988478A0E8E28A33DEFAC84D00D7
Filesize
2.7MB

MD5
cd90b780f9582d4f4a804a59025d4a24

SHA1
db9ab8dc99c75ebad671035bb5c9880f8451985f

SHA256
5a645c394d32602d188fb542f2cee1765ca900517d3e3c6d81e63f744fd500d1

SHA512
db0a814e835c5d8b4a779529b7d115c5492868d7ff3d784ab8ede138a93016d8f8c6449300f59841769538bf1ee8bce52b3500b5dd9f88a8ac0d30a5068268b1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\2B39F6E0C106454C7F9C02680B282D08118E7526
Filesize
152KB

MD5
69e02c1be3fd6740314eeef06f3122b9

SHA1
0e45a9f3beec70178ccaeefb45694d0e1eae8d71

SHA256
0e55cac30ccc2adb7d5e00e141ef3fa290fd9a25b3bea14c62208c4a00017581

SHA512
01a623dee99fecd32af2f8c4acedad12908cfcb2360fa1f38520a8ab4a02485617a10c1c7c6d7b5c555ed441d1746d814a7583c285de5ae72c93fbc928a45671

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\36386B2EAF32D5F02ADC36E7B40BD8283265063C
Filesize
29KB

MD5
d9669e70e6fb0aa0182bdca7da060dc8

SHA1
8783e4e1618fc5b90363a8c55cbb1f43378faa65

SHA256
3e2d6f71be23456abadd3830e37a1e2ca851aafe0f590934e91a3009e0981d9d

SHA512
f5737228f99bdadfb1f87b7b8a9f22e2202a531f4580818b2a33e2ba94ed71c5f2126cb34d3689e96b59f2c25571f404d6158c48670ff72bcf555d03b458ed4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3C4D37064D4BF7B1338C5FE086989AE657598661
Filesize
19KB

MD5
ab75733a55283bf3718c2eb03ec10171

SHA1
8db2477c4345f68119edab9d0a15c7a60bf83235

SHA256
677b5b4deade8d741a764815dc9ce6731f8341ce774d3fe82712ba2dc6b321a8

SHA512
8878bc7d7ffbd367688cb416eb018ca07c01f86a28fddcc8a3c1ba2110b873f50e04157091c0a1f54f8b76f1d85f87981d0ea63b5a661a053c36e2f3ce8ac623

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3E0D1A75B64E236E1F69F85135B2532375BA6804
Filesize
55KB

MD5
68d109af6a636805907512058c210aa5

SHA1
12c30b563f61823107b6d72452cf76da13a127bd

SHA256
264062631dcb016455e5b2819c1fe2e650deb02e8396458c0de7388c0cece5fd

SHA512
2f232f6e6f91f5f863328e8f9aa65b9c96390e0a70345f35e894ea4c74658ba5b9efe6f31e3ca94f7205816fa7ee5a3eba55c1d8d6812d7f8857ab6c862995b3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\42E1E0EBC51EEBAA43335477EE37682948B52F49
Filesize
60KB

MD5
f7b1107e4f51161e8cacf975c01dd72f

SHA1
4d92c99bbdccf683926ecc40ef2d9db55d3cbc30

SHA256
a466357bfe1a52f62e152d4499ebe3200e4ee96d23f4bf4e01bcd476564e22d9

SHA512
41379a5237849c01e004508bd7a325eb47df96f6a08d70fa022ee9c9f5976b0f5a6fcb9b5a27e282f90c334155e5c981b889cd377fb6e8086104541f6a89e285

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\44E3AA1AAAE37EC7F9A16D883FCEDF3079AA1708
Filesize
23KB

MD5
0f489d8b96bf002150e0adfb5a52ed33

SHA1
79ccbd2cfdd64d7a7595b9e261a2b595a93b15e2

SHA256
393e4910d07e50bc1d73d36bf68da6596208e36e2157c9f7a1c8de32f7d6e04b

SHA512
7178798edb88366b538d0b8f7c8713733b1541ec71ceb3b82415e3b5c19fd71594bf243f5f27ace3c89bae40a6a1315d563fca2fc3d35d91bd89e33343c42f81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5824782538ECD3DF1137EFF3F8EB80E1EE07DA50
Filesize
454KB

MD5
b97cdb2bdb67ec4622ce0ddb55865570

SHA1
07c443246da32a4788d000c74737b3bc03515434

SHA256
b16b66edf098ba2fa93c2c1a6945f6f7b54516d8c46014d2242012b9c5f71142

SHA512
962f7e61edef7da31405c3b484ab0e7c8dd52ff651289b426db7dc56756763151b8432c80809a9d028e1a8c57b13806e9d770ccf12539e4a363ebae8be8ca970

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5932A00535DD4D44EFE39BFA0DFA865E5D718649
Filesize
60KB

MD5
3f49e2e83d67658ec7e23c4d2032593e

SHA1
a1d98df11d6543ea8874ca7234bc67bd714596aa

SHA256
bec85388ce84f47c6aae44aab40fe00949d30794ca68099a65f6a3750a153a95

SHA512
2fb712c3c8307f37b71e4b603ab551b5b7e9092b1a4adf4a90d3157abdd360fe03c390f145385b989c5dffa16998c33dd2288729e2b825f75099428731216984

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
Filesize
32KB

MD5
0f8fda43e72e7bf2eee98a08da04566e

SHA1
dbb16fdbb70ce3a581b44a573da3033e8e8233a7

SHA256
9d26eb15c6039582d1db797d2287bd48e5fb425eb90ec91edb2425c88495fa7e

SHA512
7e9429e63a392167fd0d4e5aafc973976724976d7bd15080fbdbe2b9d4fc5795a6f253911326d38346b45cc9ac6a9b12aa5d1e0f4f7d698f6d486ffb8b4f7663

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5D24F2F336986383C5107E4D8ED17A853922EC53
Filesize
4.8MB

MD5
78505028a270968a5e56a77a32b12e03

SHA1
3616b4d350584b9ad3a6f7c9c85555c6a2bde7e9

SHA256
179b4e1839b7fa6eb4c55dc4ed833d41dac49b4e750720e188757d3422d482ec

SHA512
26cf0cbb1b5ef8d74339e84ddf0a47210ed22173013fc18ee20225e1a8d5badf98024dd1248e5a332d328f5be2d9ebd6cd9f53592011a75cde8b5b1144403b55

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\662063813A60ABE89A1811C992BC3D1BF0D2CD50
Filesize
331KB

MD5
77e8ea7c8aece3d844a7260566385b87

SHA1
f683a86046753b30729ab234ed00275049e18d9e

SHA256
66f74ff2a61db169723b9b4469625cd2a86ce25a138849930b12a6928c932fa6

SHA512
4a18896823562355d0f48499c5ffb4e69c1f36abaeed15fc06cbbd370364d2c4c9641d5703c4f0b1b74aa0744d2e3b4ed5682aecd26906bcd7bff7bd6a5adc0e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6B8254EF1C6F6BDAC70E183A18BDAA0971D470D2
Filesize
159KB

MD5
592d70e2d0b1cccf268458d69a6ce8cb

SHA1
063d51d2443fad486ef13e7bc9d72f55b3ed2a3a

SHA256
8e3ffb07c5c7a7e0653d0fa800e956247604047811e674bee77a837167395e6a

SHA512
6224888510675304969fd8ed125e0d7e4f49ca6e4c2e2eb822184d61b56dc1aadfd443407536ff187d669a4f3db764ee95c2548d0bd155afd42ccf4389448bb8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6F22AB92E0A1FCFB566FD979461F69E170CA42FC
Filesize
15KB

MD5
5a7856673f6d7458d67051c81a1dc401

SHA1
ec20f74c1bbf5a1f760db08ec8b47897216bc7f6

SHA256
c95f963c69e70f663c099ae36ecdc93adcf90f26df6a7edcc03d831a2d1e0ef5

SHA512
9dfb26a2cecd87f0bf4024b3b6b609a2072984b298d15d7749700ab87042bc76e6365c46ab2124463e379e446ec1f1818b675264ac7225c70f8f85f70f5a6e7b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\707FE3ACCB8E12A54CEA6A03EA60CAE11A6196D1
Filesize
13KB

MD5
6465bbc192e58b912c59367d6e5340d7

SHA1
9c6d3ba5e131ce935dcb98de11d53b6006eb44c6

SHA256
614f1ffbba2039a01fc4cb9fa58ee53a71d9465c3395758e3cf3ee273b3934d2

SHA512
15e122c446f23715f504eb43b20440fee9a039be40578dbf573841aea5ca1ae7b45fe730e1a0d4839c5db109b5d4d2aec5d00ba89c9981038a6323649fd4802d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9292336B7E2244DF65935009E86CC94DC70DFCB0
Filesize
13KB

MD5
cd7c31a375efdc38db0c59bc321613bd

SHA1
110bed90c1ce941c9a9ff08aad12c0e5bf61daeb

SHA256
9412982ec54feb632a201632e5e94a88037aaec0df311959e4073ad6235decba

SHA512
6921fb80c1856be061d14ebdaa44aaeb574130d103c196ea6690bb2c18e4081471d62ece2a6569b5e8c9dfa8a245b6e8e0ccbd84f53501342469c24bdd5481df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\962EBC8A8B25F05F95A2731ADFA6C663E5B20E2A
Filesize
231KB

MD5
478676ec577aa105d7fb1698950f80d1

SHA1
6a11c0b5c428d86f67331b70f799e90ea019fc92

SHA256
da8a876409d9c3ed278af6313ab9125e8ad78d28b591174249bcdeb221d30f78

SHA512
0fdbefd2ae2c5b799fc656cf10082cbebc8efdd60eaec608a4994ebe83d4936fbfebd0444b7d2dcf4d030df931c757c8438ee14c3bc09c07a3b9a0cddd66ee23

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\98548360A42A21A9012B7B8CEF232AD237A057C4
Filesize
968KB

MD5
9d0fc2dce49959c7e562ec8d5b116855

SHA1
7d40bb8927abc7d729a5d60b96db069eb2e6e759

SHA256
0e406f75d96f61722eebbc13270a573022153926de630775fe30d46cdc6dfcd3

SHA512
f9ff60d1373cfdbad759fe9ac0f6d942c973971769b061fd6b12979c96e9f7e1a8802d410707fc4411b4c604cdbcb55cba931143ad572359d5a4814b1e1164d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9BBF58CC405D4518964FAB12142BA18738BA2845
Filesize
61KB

MD5
a266f057b755da55875372f670708a8d

SHA1
f8a334d8e3bf3f65b97744baa315a399536495a5

SHA256
0026313ca7980024935851a311e2edd8b1468f230302fc57304152bd3aac6e82

SHA512
8af0116c85b46ad14e4a0a700d2e4fcf7674deb173f9b77e5c91cefd93f769fd57482bc2f2af3725326d75f5b42fc9d2b397e25a1efaf89a11db7b3e5130571a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\9FDA72A1348CA92DDF5ADDC8B4C3D06C91074CC1
Filesize
606KB

MD5
c476787f870b2bdd93d9b8d7bfcb3681

SHA1
5e01a9d13118f5b284122ee711007513017a5d0c

SHA256
42a55f14cb60f46ccd92ffab592d586222067b0ecbe2b309e57b1881e59005c5

SHA512
7c6031ba750096b8a15f36981700ed89028198e6c45b031b364083a7a8a03debe56afb1805a8b4942044247b72ab1ce29a98f072825b58ceccfd7b921b5e803f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A075C2D5994EB7E66A2FF5765F7D8800631C18AE
Filesize
757KB

MD5
dfafd3df57d9b05fe73dc53a0f44da52

SHA1
05aedbb8e54ad98f1dbe082db5fde941276594c6

SHA256
2c1a2d2a52d8924c56418b0d71369bed400252342048df44236bb5de5144819e

SHA512
6e1576723bc05b3ac0184fa2ceb553696a6c998988b29656fec2207ea206facd092351221509c17280ee4134e669838a1502764c70d5e91ddb86573f155140ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\A3E74E35FF71D2BDE70A3707F5CFD2643344DDA7
Filesize
28KB

MD5
b62e475b9a442d6a2f87ed407646a6ac

SHA1
f9bc10acdf948a38598dade73eca5bbdd544dcd4

SHA256
e3c9ff80cc83d5f64dbadea4b1a0a44acc469ca5ab2091ed733101bd92c52e04

SHA512
dcf6649142727775daf7fc00f05f47dcda20c990c1f4e758b73c9642b041c8a101137c8c40484e5b4d8e18443850dce6cd1dbb6321067c62ef9efe3be7432d50

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AABD9CA2D5CDF16FCE436AC05E52A7A6FF158F98
Filesize
174KB

MD5
331a076888da707c8ba45dd1e2d1ab09

SHA1
90931c91d77298c57c3c69de0f5ae907865b3e73

SHA256
212f913bb43c78202b0cd5d53ffd73733aa479a8599f290e27d7e41e3bc6cd63

SHA512
021f4c998096f8a5669f548b122a59ef1c65d5dca84d6a28a8c71917ef60d156b6c25184742269a5d85ac9255b2d6e74ad986cc23b07c97d9f9b5f77408c58d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\AD856D48E7284037BC2DF710E4FCA8B8CCE17713
Filesize
76KB

MD5
e4802d6d56a6599e44b49b3fbcf1d00e

SHA1
8fa7a00cc3d9270c849eb303df354659b9a85155

SHA256
9a40277e1ff1837ea0d712efd9308fea3051af8a65a78fd35ad10610f99fc3c6

SHA512
aa6a5b01697d7c49810fd364432880ca4d64f9f9e0de31d83d842146e9b5b03aebbd89d1caea0e24440eada70beec1a4c00004f6549fac8dbc69867427e96fb7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\ADF742B59F5467BAA73A65C780090FA6CF013F06
Filesize
18KB

MD5
0b6feedbbf2f2067e55bbdf254f84ac4

SHA1
459b5df595cdc2cbb136ac008f13b56b85702151

SHA256
804e41bbd885b4011cd8c6b03b4a87621fc0d12ab79d93d04d157ccf73f66110

SHA512
e2cb3576c153d0de5c8ba04e8aea8821afa28b138807e17b4c1c76a1096b91e84b009e16492557179c7364387f5501b4beabd440570f328d13f008b69b8a5cea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BF58E23BAFD9F72BC32A1DAF41C3757038FD4D84
Filesize
2.1MB

MD5
a9bfc450f4bd11892bdfe7a7e44cf867

SHA1
c17fc010ac3791d5fcb9c86364ed8ca015b4bb3b

SHA256
cdd4437161e7738810d1de0d11159488a05ffc74c3d02dfc874c24c27be9dc4e

SHA512
4af23b197660830ae4bc504df3a049809a607c52f937ce3111c6f4d628c855e9996e5b7b3b7903a4bdc89c9e102ccb3b0cabf29121e1ada7fbdf081d166dc71b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\BF6F6E8DC0489E9150CA7C5B2F333FAAEC0EE004
Filesize
553KB

MD5
4d4f95ddcc436660f6698aeae101b287

SHA1
bbb0e1fc70cdb34ef98a671dbeb99f263ac0ee98

SHA256
633604fb622dcc21ff1bbd6239356f47db374d4b92010f73032fa0f9a9ab09b0

SHA512
e99fc11c3aa75e0ee0d45eb45a0c9773c32e719388756d45e5cd1a0717cfa1a375a57ba2c960b0969b2f1fb0aa9a1206c2f589e827c09c225c378cd7cf45d149

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C01A5A91B3215B34E7411A2001698454305F7026
Filesize
13KB

MD5
077a3b6a6ebe331934ebd00f0bc0ea5f

SHA1
7081c40e771c753c886cd68384980f10df4b62bf

SHA256
03fc987b1849efabda4923e2c8a8b3bd801a5fc1dc0595eec8d5be670036b1a7

SHA512
c3fcadb0ccfaa1daff2283065167e5445f65f06ce24a13dd63744cfaa57c645428352d531fa0fe456c89ca25f1b3e5a3d5183d070a8f9b9cc1a14d31d69b506f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C67941130D7A12802253D0914D618D324EC29C69
Filesize
20KB

MD5
fdc5d08f05a397cbcc2d1cfd963b69af

SHA1
efb02d8ab52f09d098383ce13c345c87543a0e66

SHA256
5186bf04f68ddae3b89a10180cca1e354cc7d4c280c7fbe8f290f2fc47e28643

SHA512
9522da0b5154736c13bf4ff8cbe41c2f7e7f502b5803cfaf5a73494d4ac7da7d5733077f2d444afc2837f950922f7b263876bb389f57295761be97f6dc9b4363

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C91579A80B85ED9F54A872C522F425521789A58B
Filesize
83KB

MD5
709b9bd23df2e4a4a650b4a7a42c6af4

SHA1
8435a3142c98b10c44b91e340c3d73f627fceb39

SHA256
96ea8adec350e20f4e408b4db7c930aa23cbd80651998879355842b7ec7528fc

SHA512
e9c70cd87cd511724994d5506d42b6661f9265214639086730195df5744505f47e2de73bfaeef4038043273f9fe44faa2cb00eaaa92588bcfc8f3682e0a9c867

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CDC013B5F72525426525CA4223625B5509B4F2EB
Filesize
133KB

MD5
977075ed64bc15b9beebfe649870cfb8

SHA1
c674015900a160ed30835e7d525cb7efd6ef076d

SHA256
71b7f69086b2771c68122ff50b986c30bbfb0a2fab5c05decf0a7beb291813c9

SHA512
e9da6f6041a15c534f4575a4d6304c1c851edc2c198068dce225f7c580423fdbda7104e1818520bb206b43e7293ca18b098bcfecff6ec86cbc43dd73a23af652

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\DFC4BE53AEEFB6D930F23E6C3BF2B58E238DBA54
Filesize
23KB

MD5
99d64b069fa75437ca238b9fe389f973

SHA1
4428e165d25ec1cc4d9a25eeaeceb6e5e7623ff8

SHA256
e91122310250872ba51167964d6dbf98b957886ec5c45e40f98e0ea82939cabf

SHA512
f24f2734e8e3fa98626c123dfbfcd8cafbfa7d571111f143fac72d1cd79d5b87302ea003b3ce4ee126ad6038e22c8d32054e0f218b2e61c53580a66dd15b0d6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E192D5DF2E2546043A218E131612F775D26AC8DF
Filesize
1.7MB

MD5
8e56cbeb0e089e2fc1a200c6b86c1882

SHA1
b26e969d0349d35b1d52b6c38944f5d63234f54c

SHA256
be6b782dd93caef94383a7cea6c0a749726243b37e4366fa674d3430a111640f

SHA512
5396857c94ac3124e394a27be14250443da2a4f4b517c2f2fbb4568b077c197d794c523a9c2d564ac39a76319013acdcc893732e7937e513f879fead9e343180

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\E65EAD88299CEAF8521B10D2ACB41F6951ADC739
Filesize
23KB

MD5
62e2b960a8309b955cdf6dd0bf89718c

SHA1
b64d60305747d20824e50036df512c3fb534dd7b

SHA256
a026606552a071a0bd9887e8ade3f4953a8e58beeb9e21d91bccb9efce11c15a

SHA512
56b948bf0263a682ac956f74f4d33f603e1ea07c13fe6bc28d794a4ec5b3b1d846423c623e2fac9fc387ad30bc448c3582018bf1aabd3ce084643266f4d54d75

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EA87465A6B977981215042B94E7AB9FECDDEE708
Filesize
19KB

MD5
bf84768c1054b799e837c376870e1ab3

SHA1
e79b13fe904ffc476bc26ce6bdb76f807c304d6f

SHA256
524a004b3cbd7a7d90e5474b481782c6b4bf2e7524d104634295793c048a212b

SHA512
efe35e4c19521e96c878d1a742038d89a28c09f473b4e55cf87acee661bd7c5539de56359b4893900cffc6857963f0d9323f1d8f3ae25069ab5ebfcacc7fe932

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EB13361EF1A7E121EE6C8166F5CBF34C59B4CBB5
Filesize
40KB

MD5
47731d9a5913bad6226b95e64611588e

SHA1
e84fcc49a86450209b73e596d6bb208f658e89b2

SHA256
7a30feaf1aa4d54f978917eacf632d12877bcc2eba785a433d6c72ec9358e541

SHA512
08f1271187d18e55a654295aa583f618d1ddbc4f0ade793045bfe1592304f858eb43cf162ed7c1292d68b03cabeadeb7ea7e10851c4dfe5bc150550298489474

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\EFD48A7FC646B594279DCFFA178EFEDED86990F9
Filesize
16KB

MD5
b0246d6d3c3f1f3bc49abc5edd66b125

SHA1
7e591b76eea2ef79a1401d349b6f7b5f505a248b

SHA256
a7c4f1d1cda29cdf02fb1fa493a8a7569f444c8a507f877ab3b278c612467952

SHA512
89f2c3b7f50394015e207130bd53218e94d9cd5b37f3715b4a45351f29f1608b87b7cf9612f89aad8edc6e0f42bf090f0bc751009dfdad8d411c97f6bff92bac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F1EAC72F7321D41CA50CBEDC49E210B95EB43BAB
Filesize
152KB

MD5
ed65ae582fa94c9e7beeba422aa3b50f

SHA1
f2be859a35c77306b43315ea22fd03835aa12db4

SHA256
5d251e86dafef33cfd59f2c678dbf655e59847a8a77eaf6eb87d1dae93c01758

SHA512
7745676faf9f742ac75ff3000850454f8825b938a9d1b5466ad97a2fd68ab4a93d9bf6844665fec1d8a6c556bea21b416062a3d527f4a7dab3b97f65404c625a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F5CA651C1F3627D286FF042DA53955E838CFC94A
Filesize
23KB

MD5
53fa1a8390ebfddaa231972de930a330

SHA1
6ef25210b671afaedbd551ac4078a18b52283afc

SHA256
1ec2becebf8da0942588b12db28c8253997443afc81d91fdf9d370da232a2cb6

SHA512
42a002d10fbf1110d6cee1129a8733d59575e4aa6c201712f79e6b55782aeefd8a2f4480828c56a6709f2c3053eee1f69bd0f09b1d5d5df641564d60bf145356

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\F72513F3957C6A100EE7ED449E775C5AAE2D5950
Filesize
1.2MB

MD5
a7b2b4902f9977245d279848d8e878d3

SHA1
eec7ff872446d73b7cc8a61814117e2346097032

SHA256
a268f6baefd52f7b47269f762583b7b733766d0dbf7f290fc5395992e10e69e7

SHA512
da5c12a224c3d2c044c9c3bb167988b8869668ba2ac6981bdbf1f674ffc0d365cf2211205c8120134acfee26983293af4cb83870912182fb5da7a2e6f80bcc8f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FF3F09A761795CF52FCE3EA7C2305CC83C9C36E1
Filesize
17KB

MD5
df0703b55f153855b94a877901450470

SHA1
9f0f4f39291ef88be4b04bd3e9415d7bf0064edc

SHA256
bd98c1f5d51c10fd3d75919847480af2b8c995ab975920be3255b63e2a64596a

SHA512
05fb5c4ad5a50f82e88910b96bc753ae2fd140d53612fd789cf4ca274e45588267db2e8f3c795dcd5d0d6b4a0b7396b7888ccb0a4c5f55ba598e176747825fe6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\FFE639119D579A384CC93F4FD3487406CEE66CE7
Filesize
18KB

MD5
16d2108549d3fbade93c7c7d470170b9

SHA1
bd4e90392d8917e94ce2753be7f7f626f0584963

SHA256
ba2b1fc291742f43b1b21cabb33fe819201722455a88610a2af46409a98576c6

SHA512
2dba04783e00e766c235e6b0928b042e0b73823b1d2f3625525bce13d9d67a2d9580f04623e51e8c2dc10473a923286ddd9605ba9c5993a98324305cdfad71fc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\1aXV8xxSuCFBbyW+zZkJpA==.ico
Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\ZHqx7qW0+QlyGnufMQY5aw==.ico
Filesize
800B

MD5
3fa7fd62170bc96bb9ca8b3bc2d31e32

SHA1
a0e9a9958917431c64fdf4c89daa82a95da6c281

SHA256
0f41a08fe42fcd43c6b93fe8e5e3efeda81a785846bf379425245aeb05cdd283

SHA512
af1a6c705117c67b6bd3d19e652b812c87f3680032e65e48c3a1c4316a7622059db85f691876a4968cd421763f1147a8b64f6215c312a91394e1e42dc9e8fbb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO4CFB5A29\maizu hack v1.4.exe
Filesize
507KB

MD5
5241cbe1ca5ad91d9701dcd3e86d0be4

SHA1
42e2343018e6f26747f21310e1498a0b7558cee7

SHA256
18b8ddccfd60b09d5e7148f3a5ce61c61d37da4de9e4206ad28155ad92d70a5d

SHA512
208b7e3efce893a7a766d03f5185f065e0067b100ec5917fe9a3030906ce0740669d95ad2a128cdecf7cd70051cd04e1befa1fec5ce855a6a016016ae25950e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5ENC0TFPPBGAEYAA074E.temp
Filesize
5KB

MD5
e8b2dbee001b591e40b22777f750320a

SHA1
1e8265b2d856ebe0c2c3d596effa605e2fc7ceaf

SHA256
c5968548139d2f9302b62d0001403682f0f204f542a840772f03e1e6acfa7a15

SHA512
fb87f71e8d4d80a6f9bf225f84a11e4479dfac2307d6684aab7ba6f421db509efaddd4b17a966b6ac7f5d98e59bafd81598ef6dd7665da23db747d7e0f670393

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
9KB

MD5
53b18efb77f90f9321f234cfee083448

SHA1
2a414b0ee3e78de96e4c1da59a26a2ef687d2418

SHA256
9de89de2a504f0e9ff7d007e4835d414d42d473690c84a4857ec876cf50d29b2

SHA512
01081b75e41bb3cd68a9c71d277bc54c04c3068d8e5af81c9cfef3efb8699e4689ea6557bcb4e41835e1be8eb8dddb67ddaf677d20392da68a73ad3cebc498bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\AlternateServices.txt
Filesize
2KB

MD5
a00554c1571357aea5ebce89d1e09976

SHA1
790896630cbe710bd1ac04e3703f05c1a516879b

SHA256
11863153743acb8acdc349eab106af83b0c7a11c37d659ced285c70c672348f9

SHA512
1278552e5a159075a233f5a62f93621725d208caa2d8335d055d9590c84bdd1571d54a74852f4af887fb728b44ba8586a617a212bb09bc9e777997e566503d2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
Filesize
641B

MD5
d591aa6dcacdd71b235368eb9e6c9062

SHA1
910a9aa70427038d0f3b6040091250743edd0ade

SHA256
53d6d61409ecc427b878c61964f2939b09e83ac9689f09c64f61ab4aa0cd221e

SHA512
aa44922055f1c5a460d7106b2f6cb49b1049ca4566443ef0bfc0b883cefda745f2e15759d66419e4e5492a3fa43f351fe2efdb664eab978a47b7df956576b0e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
be3ec0db764f6eb5557cf66ac312d3b9

SHA1
1e8a0e4a8cb27c830f61eb112bd0ff26b9010dc7

SHA256
51cb911436a4006fd79dce06c9ac137fbab6e6a3bbd35fd52df111bc17c982aa

SHA512
6a92c4eefa0e6a773d91795a05079f82730447a78945af728451e73fcb169d340617b43ac973b3ecfccd6f377a684fdceb79bcb5ed46d090e6f67e70f6113935

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\457afa8f-cf7e-46f2-845f-b55f36b4464c
Filesize
1KB

MD5
7d1461929239a4a06049310cd70e17d6

SHA1
844d75c4e43de8e3be89a907f89e309d9652fe1d

SHA256
35ef0b22feb790b547f30e74d083725c359bf75cb75ab5ce2c0cfef61df15568

SHA512
5b6e7d73e5a6f3314dc045eb914f6af1cda4e9b4cb2c8a09c8912940b44ec2ad9ea823368fe9656ee41abed9cdb9b56128fc96d5066dc649e5df9a18e0d454e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7ff382fd-6ca9-4627-96d2-993f50e98649
Filesize
746B

MD5
481c8724d5fed87592bfaf73fe502a05

SHA1
224aae458efb0f77838444deca09eb4061ff6a3f

SHA256
1b1fc3f40ee18f25f324f66651f0b16c741380841608656a463ca486c640798f

SHA512
015812e7324fda3e3fdcf02b451a5cc4a05fa9d917e424a4bce33ab76e448358762d0abce669d13fb12896ba277d5757534e89ec1c2ef6af908d2401a2e443df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\9d1db1f5-1486-4782-9314-786ff84b7d9a
Filesize
10KB

MD5
371c9c8fa9569371b6d3f2286477180a

SHA1
f49a43afdb83cc4008f14d317fbb6d2cd236df29

SHA256
c97e201657341daf53c2e0f967922d537385623be0c1c2951603b1ea5cf4b077

SHA512
685366a4e3461e43d5aa89f59327872f41654dc43f9c5b2aab008815fd6239b66259ddb71380ada1355d3cba63198b6c8d62ba75971ad4fe7d85f71844932378

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\caff390f-63bf-4656-82cd-8842718f5123
Filesize
856B

MD5
366a7dc6b04665ed3baa6c30dff47998

SHA1
3e22264031840ca190a1dff841016bc05297ce20

SHA256
476d0b8b38d3845aa2dbac3ab13e2cead08b26f006c8dc3d01aeee6958769160

SHA512
3f0e29dd607cb4dc31f623b55e00159787d95fdf99ffe54361efee5bff4df3b19952e9df30f198890dc6b67999b039c5fa34bad3f61a7c94676154c7b7b0dc02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
7fef18872bf0d86d408154552930691f

SHA1
1ff9d8a7fddacc787bba4b083988147ffac827bb

SHA256
82ca824eb282cb4348f8ee5fbfb671192777a69c6e5cea575997bf18130258b3

SHA512
fba192a32d7365ed61b64df65007b3f98719fecf93abbc1a4ed79c1cb4f8c2b69639b74d7b8de3e10b551dc43d99882c2a5af9bc77f10f372e58ab1b26f14c96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
a8eb242f9862640358740a47434f1301

SHA1
636c9a2a07c4637fcef1a5c1a014ce4a2e3710e3

SHA256
7f3025a701887a910d1fecf73dfa826ae6077fd53a1877ba1c14adf726208fab

SHA512
4cbbcd2fc6bab13f6f97ed5992562c9b394e0cd0f5d9732a7eebd834f1dda9436e276eb05140c1b45a0dd54fc6374d84fbdfab7669a13d1ca1f18234e4046663

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
d9e4e5abde6808995e24f21f7066cb23

SHA1
baf62f3574c6843bda0ac382f5be6771865e6ec8

SHA256
73e1d9768f6eca17e4d2f0b1ee5dc45c7c60f6a1a77eb11753b6e3d917003d10

SHA512
553ff0a204e4e133c5273a3a87996442c8f375f77b6e89c1d43ba5201b8733d0ea5ca688bf02958460c569df975f6dbd1105fc887e5078df3c00f111f2e3a6ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
Filesize
6KB

MD5
2e051626c21af120563a044a99575850

SHA1
6cbd97e7d3349b286185aab75d46eaf62b734355

SHA256
f1aafe5ea7cb14215bc4e46479043078ab6d5bc1fac24941cf1ed9105400f7ab

SHA512
d15ba830b099519eff7506ac992b0f16890c915d02f116ec2eeb7889f247b9c7a0da53e4c2b5f1da4bdb655144f0c33f2bd66d8a100d844ee4653d4d4ffd7c9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
6965e00b7861da07ff1a84123b3e7b83

SHA1
79d8f17fa2e432e3810745c229e603b60d416035

SHA256
ded43fff969f64867636ffed90fbd5612bc3fe63e5458935946485c9706b99be

SHA512
d82aaf32cc62df9b06c748007d242947c036c9883d8cba51724eab2d071fb8bb5d2fa4719f19d6cac7b9ec0b59fb21d89eb9f51a2ea29af93838f7bb97263a14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
f7b7da87429430124afa512700eff3a7

SHA1
6a303eb5f0b456ca5213df8d4a4d40d714acf5da

SHA256
737ca8c664b93fd05eac74b82529c79ff2beb1495fa671683a93fc72d0da8c0d

SHA512
598674a2153573ff36f8e5b7d06db826f4999e5ba63951e6aeeaba4049e58d7ef2cd27b1f7806316e0ff74bfb15592685acaa363edfa0b52e6ad73b1cc795d7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
b96d5005ed58bf866a6dadcea019f42a

SHA1
b4b6b4004649696056e182c0aae9308aed409fe5

SHA256
8f772fdb42772591aaabbec268a1f8f05090ff65de1e0416b5b9d26d5141868f

SHA512
06f64d4bbe0b07f3ce2ee975740704040d8ac986669bb0edd530a976bd7a2a172bebc5dfef6c6a4ebbf3dcef6227a77d0235c7bbc83a58b54750f3c142ca2ebe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
a33cf7682152eb52e8206f0f2cf9757c

SHA1
3c86092aee628c35e7e1f1df7fb97d9d49ca6fd6

SHA256
0e8a7535b141ad9ef8173d3cdef2c096471d7efcdd9b429df7b6c75665b6edf9

SHA512
4cc2017f9303155829555a51181b2fc273724a894fcf2e03fa5b932e34b8fed1f1b538a1dc833c5120e05e5bcc8a63c808c052c200d9dd3843850a1f31676809

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
a0480db53ae2c81a3425e3083c1100a9

SHA1
16da3e18b6acfc922c92feffdeb4e44ac256eaf9

SHA256
0c76c4a8d4d97b487785098fc3d89a66a15cc838b0c8bb0e5ab6bfecb773fb38

SHA512
7613340634a2c870c1f3168be1d6d7738e7e3b5c58240b6db1efa532659bf7192374fd47fddd6c3728a002dab54de1699affefe170ba46c28bc30c40a6cf694c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
a911436fa6b02fe079861a94bfbd6ead

SHA1
d79ee80005355e6eaaa8e0663bb3d188c7bee3af

SHA256
30def5519a785e2e17e29db9fc437816909392e71845f205fed03f4aa24c7f4c

SHA512
fc200b11f36b891f054a42775ac468c76dc70979029987cc749376f48775ce8ce9ea81ea54324fe47113b3a11968ec6f7538dadbb462d74a98223097791761d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
624ea014bef6a8847d22a21b988f82bd

SHA1
f6da1c7283a2c10f1957c4ad100223159edce290

SHA256
ad779e85bfc80f5b29d44ddbd17a013c4759be21db0b9df9eb3d969cdc16c5a9

SHA512
a5792f2b3e991c4b6d8606012ee5fa0a003d901218aa1e7552133868be8b96f86c74b15c25e0b44daf9c882241aefddcc7d24cd9857120743d08314e0fca4f3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
9c77de99383cd2773d807f69e168a32d

SHA1
188a31ba463705060bc1b09f8efe8d32b9a2516a

SHA256
220a5bd591ba4aa41f731d5d6f8cfd8df3b2703fcbafd797e48973babecaf2bf

SHA512
070e3a4b4165f85654bf2d16b0fb390f9c86a57b122931d239ba2f4549129f468f3c280cbdd1de23aaee6a05127d8f47a5535d56a6f47a95ec279f498e34a229

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
484154662010bab0fce33244175332f0

SHA1
ea5d95a61707e1872345711b140c113f58b8562c

SHA256
7a8a041e68dff34863e8e1afb0593ddb86ee81203a1ee17dcc92ecea79bd05f0

SHA512
1c4583179d3fb10e2f4c4660eea5d5a40e646fc928edd9112a728e538dfc8f0d85793c28bfbdd12c60ea2028a08d6f8c1628c05f83a7d44e5d678faa10eab190

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
8KB

MD5
801406488d0d799da3bfcdd8afb58290

SHA1
d9a2d3f57720a339add557239215abc2dcf6a6a7

SHA256
99c4f05ed9d55d4b4df3911fb86758cd68bcfd167448f6c5216e3444bb64d5b8

SHA512
18fcc87f16c8a7eef60e0c477fea5441014517d1a7e2baf466ca2ef1ca446e29fb96c405cf8c017a97217832e385ab5d13a8f69fe02c533f6cae9ec3a116be87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
9KB

MD5
187049e64ff8f95d69439246b8d346bd

SHA1
0766e2e2a436bc4580290ab3a92ef238cb5620e0

SHA256
3d5458adf62a9e69cba086382e9964b63566f18879eb528b7a5ddcd1b2552b63

SHA512
e79a022e09c23f525e21dffb6186e4cbca53fdc49db2724bb496154d2042df4335336206b4604749357f07faa171b4fa2531a6fda84eb33527cb02ea83f50e26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
980a77e320b7b43bf6900a3463a42564

SHA1
b99315227f83ddf12e884b435222f076b6ce8da4

SHA256
af63a923f9864eb8948de5b8ba403f4e41006b45fb06796349110f92f44459aa

SHA512
4b24ea23515bdd445fce859a252c088242d2a6e494475019e447c16288eece361594cfee3ed664a7a84b784a1c84b9b0e5521cde0b3f6f0e74ea9b8d37d1ee76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
11KB

MD5
f711b67319fbf141d9c6828d30f7e817

SHA1
47fd8dd87467980cb71e49ff53af8abe1d6215b3

SHA256
a5c3dba0ffc7129be436961fdd488393d6002f5fbe933cf5b6cb7e9003504449

SHA512
843e578fe1f6af77a34ac15d044dbc6d6d5660345b8e324da4b80dbfdbe2c704d35afccf833059fddd761af1121978afe5736994c48d70912e21ecfcd448f89a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
15KB

MD5
dcf0f2955e633458e6bf7d49c8beeb99

SHA1
4c45364f3bfdb9c2b23e2b1456173539713029b1

SHA256
e19b3d7385b596ba3b4b41b51b25353f29cc44011665098c779018bb468c84a7

SHA512
aed4c29b331787ad886e174770eed6d15d39b1a91feb23cbed7767ac2b7e7a988db891070d2cc6562499aa2d72bacd835cf4bf6a8fe780840f8241686263697d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
14KB

MD5
a2b9de81e3ec1f6714473807e3056b1f

SHA1
db1de68c37a55cf0b81fee1357716b0a4d1ee1ff

SHA256
3b5944cba480b6fe87a007d1870bd439013759bacd7c4b47ceed71898f0678c0

SHA512
9f12fc2939a088f84086b91a227dea4970f58ea65533bb62881ed3bf439bb0352a239ed4480f44516b80033e61a3c4f7bdcd593a1300d41656e7c40e66f0267c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
11KB

MD5
578c2cd287365667a0c5f4ccfd729c2d

SHA1
3f2fc1b4548832c2844cacd6940535ee9f05a11b

SHA256
dcc2ca01d12b5529658c5b3dd2b407af609851a07f05682a6a8e8786569b39c8

SHA512
2ea506d379807ad33840d4be9e882ff3e1fbb6c0c806f82cf77577778fbd7bd0d3ed3881da78f244c6a7e38f588ca821727f6b82745bc9fa1d1c50952de96780

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
11KB

MD5
b2a3e642fd68e0dc4fc4d047b0e6354a

SHA1
b6036f90b91ab101d9a1591775bd6f8b4410747e

SHA256
d31718d5297b9016148e714da261aa7750aa75bc78a6aac599eefa52cfd26c74

SHA512
072240fc5f61cc35d04407fc1457f44d091722527eaee0eb7a5288c37dccb742a88eec4dd1920a69e4f5fb7f59bc4739f62d6bc63c00281547dcfd52266135f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
d62f9f20c4a00176279c31a4226f61e3

SHA1
a261f5629fae789dfff94d0c1a986285ab5e2dd2

SHA256
280e9faac9daab80ebc53546ff2daffed11e00502016ad27520813648ad403e2

SHA512
5f2934cf2b4dafe958d7b1f4746e2d9eeefb54a4702f028c1ba1072b1983c9dfc384dacc528dee7af75fb6e5d6b4a36b22eb79d639ecabff768836dce16e1220

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
12KB

MD5
38bb065e80aa945446c55556c338177d

SHA1
d884a11deed1161dbf3b1942b448acb71468c0b2

SHA256
6786f43d51f205974a9adccdcf2431886f9b1b5d841544533f05c22aa7790517

SHA512
5e86a73494d7eb7529a73f372d05ba4be38aaecd083f9fd55c6df07bb57d4caefda31da3e68fc038607c8864c20c73480a36f3a928014efae9d3fee694b2ecda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
17KB

MD5
fde3df52a9fa3695bbfd332577127cb6

SHA1
e0036ae3f396763f48f49d5c5bd9b8fe13b8b078

SHA256
7f342b85174a1547bbf7e0e67b824164bf46f8c237b491effec1ac53bbf520b4

SHA512
e40f79ce2a87cff3fd8ee58d484c8d0cbd5bc833352049e799db14f59e30feed45212e5ac30e57fa4ad87e191f5ce1bf2903cb3b937ed60880454da8509e45e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
e7b46d552d843fd0c65604dbf0f978b8

SHA1
e4f8364de72603e52a03a4e256b49ac7eec06249

SHA256
e050c1cd90ce62270760eab7e02efdc9b450ae0de0d2ec8d57f15bb5d9ee06b1

SHA512
0834c478781b474413b77317f139eb85e5fd2308ea957672120fc0603e9842b81c75c910c042c7e1b872b0ad9bb62921bd413553ad5b1e4169bc7ee101788c29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
22KB

MD5
e09a2bc171c238efd92415a20725c062

SHA1
7108925616efedaa5cd9adc3e92b9331f0cd19f1

SHA256
b2f8afb9035c1d8c9a65db4f56af66af384e4ff0c985f30766dc7f5b7b4c9964

SHA512
f4def225061341526c385e0c65af89648809f3c9b7a1ff983b91145986cfd856600a4efac9d2df6a1bb62ede0bd896a64d903137f4154058f44642109852307f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
23KB

MD5
02aa939872f8d43cafd62ac05f61498d

SHA1
475eacc5103683bdcb57f0f287f9468268efb0ef

SHA256
6a22b745a0baae4f6163e0d6f21095bf3708d0179f6e77647f17b414186507d4

SHA512
29a2aabb959146d05765e945700ab060a465f441ab3c30196c91cdc6a978f9aa2fc94df7b15556733d3331fdd0f7908b316a4608c9ce49942adc0b9bed03f141

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
23KB

MD5
3d4ca683fe43b52081af2e23b509b4c7

SHA1
b512a2cc9233a8d6569e5d72f66b957ea154ae43

SHA256
3e60fa15786e3eb7210734ab29780920cccf1630f039e74068ad82c5c4220119

SHA512
b9f0e7d289cb7b66fe7f8446cba58b02a525a49f12ee7ed9b72c756cf23f85b0494c62cbe18fc707409da068ffbb78a258b278e957650c297f3b276700e38a22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
34KB

MD5
df4c06132c33171bff7fa0c910dfefec

SHA1
7b4bb00f19a6b5b7f226c46c06d195faeb5874ed

SHA256
e875e7d1db5143f2b1124d2bc0cff6329610c3177ec8e9c10389abff749f303c

SHA512
34ee834d6db688e8e1c7f723cae146781a67a69e7e088e8a25994f7d0f7b6aeb9f2354dd5704c8b3ef8e3ba6f2d2f66fa9a4188ccd37237452b7fdd83c7adfbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
35KB

MD5
6a3f10c62987630a437e5b2bf11ee892

SHA1
377ddfe0933954cbc141d41588d071acd983b686

SHA256
42d8ea120ac90e4fbe6bf5fcb22f5b9fb452a78cf07d7fd27e4991284534ed52

SHA512
6fc0112fac8e11cdf0797c77a9eaf3152f952cbc2d107d22f6d7da107d80d62980e9a00c0750679aa261f6b2fd2eb6f940f1887a8d60601515ae8148ccb582d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
35KB

MD5
3da15f919154ae5a6f576ab5fbf9cf74

SHA1
0b7ab46d1c9368d1ee8058ce36bb2cf4164b0f4d

SHA256
fff57bae5c03d00b4e1328c5c19381f661cb7ac9a76c38c0d8f53d956df6c073

SHA512
47336f3291a1ba67b4249da66c66fec88c3e3c739421990ed059bf236fb0de7799682568151a1f3772174d18c518de30c155a3d137979332938f5df70456d2d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
24KB

MD5
e1451dcf3daeaab5b0e0d7cec175a136

SHA1
bce5d1d1af5a824fc8e3d0afd9e59d3cea95b909

SHA256
1fc75282a3ecdfdd3b3ac121d4823bda1599328be48eb4a1cd46abcaf911f5e0

SHA512
4e4448453835ea2a787079ad4e906ced855f3c26416838893c91dc570c7065a5d4d895b7a2e0f01aeb05946827ccb05c8da160c6226e81dd35dace27637c46be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
25KB

MD5
d2aba60d451284af61d9c9e5b146b9ac

SHA1
57f9ec2e321cd404ccc622da290c0c0eb0ecd33a

SHA256
f1a7f0293ddf361c5b4d531998788e659c20ee2d74b1a3af76e48bd3529867f7

SHA512
f2fb11a4fecf57f86c987e90ced019ad6492da52e1ac0122fb442cd34bb300303520659050f89951c0442479062cedc686dfd46382697213e0e4a3e161f428e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
24KB

MD5
13261150369374449defe3fa08681b87

SHA1
c12b12c94e0403d7030fba672b635446f6c598fd

SHA256
731951e47448fff651ff1723cc6794ca195a17ffd06d047562d5ca24c724167e

SHA512
4dd5f7394640966e262bccfaaabf9b7a8f35e461f63f55c6802c23e8f6981529a34d944eacd1334761f79ae61ad62c8289c3ec5ad0895a4af840f2125fa83baa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
25KB

MD5
0ffde9bb32fd569ea059aafeb28aacb8

SHA1
2e2197de769ac23ad8a577b307a8e3f66c234cc2

SHA256
48e77c63ea7a2224f31ba42bd1a80dfe10e6fe6374e28fdfa3506154e49d4f86

SHA512
01d8f7160a2cf105e926195520dcb9338fce9dcf4cd4fb41c7e4ca18f41cb531a048de753d6f9770859178ea0855d7f8ef38e2a4e97ae799a5c71d41a2038eb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
25KB

MD5
cc8513372b8f358a971f07d5681ce934

SHA1
313eb7a01ed42587d81bbe70b4363972f619cea4

SHA256
e3fcc6687f09491229a9f2cc1b22186c8e7e9789ec7c490c976415f4bd5a47dd

SHA512
9195c00c72641812258ab087968836d32845741c509533968b52e7c1282cbf61bb21b7456e78aabe3a43c70ff227c0b7a109860223c8001e87e43a406b268728

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
25KB

MD5
e4a9b75f597b309b8e0776723e6899b8

SHA1
a09315fc43614bdf1e9400da5b87db889fc01483

SHA256
61b3b43315a1206bdba02bbc2bee4cc61d09a73f40cc630320677926ecbe2c42

SHA512
a8f7d431983adb97781cd2741b834bfc8bb0b41d9f8c5491d6beb7eab4f427965674b299ad9af983075a90a236b673c01c8536fd5b53356e5fc214a6eebb11e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
25KB

MD5
4ad90c00f249aa9c0cd6205ca23120e9

SHA1
6449fafa02cf32184b6559a8a35fb87d56d9c7ba

SHA256
b640eb462d1bc684972167202098d8c19d13e07aa992affa7a30c58b0674d589

SHA512
4ebd6534b756175c28c41d366668e4b8ab6c5288d6ddc537675291a815aea9bc9a9bfbf8030cd3a0478dd09e018d0913ee9d77dc2d3f1fcbc3ea45ecd044e465

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
26KB

MD5
69d673c4305d86f576a148d65d252705

SHA1
bfbb66637654c4276f6dda870a4f8868db65e251

SHA256
5ede71345257763eb6a066276558e4c000b5d7e78f35fbfb9015328a68539dea

SHA512
42f914b1509e8bc632dcbfc53332926dc3f7e379c43f7b2299110b495abdc6dc1ecdcbde65ed737ee8e0c6aef79d7303d73d88492b3570fa233581cb795cd604

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
26KB

MD5
d614f7030c793c4bc3d98f393085449e

SHA1
1571fe37e354731f5da9340e239be9954c2aae7b

SHA256
9e7e45bd3267e1417c4af5cc6edea8129d3c8e5a6bbbff0fd8c82cd6dea4574a

SHA512
86aaaed918f75fcfba73626ee7ec0f48ca1a41142d0a52a880f8cf26c7d5fcbb9d19684e6f64b72d28f96f7879973e964c16b939d790111ba525ca58444d447f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
26KB

MD5
394a3b8120bb984e62436a6dfd75edfe

SHA1
3e2006733f00286339d34276a1d0c43285a2252d

SHA256
e96c1d58da2894e53c679eaf5b2f3afb33ef626f7b5db41b9cd90ff79dd17f13

SHA512
9d773655ced332fb839689efd846be46db8a9f7b061e42622f63c8b01a113137251d931aa0d16f791bf32fb360945871fafd49bfa71ec81376aa5d5a35fe79a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
26KB

MD5
ce6164331de1298423dcfae4ee8697c6

SHA1
0ff12851ac78e2bb49b6cbd645e9d41be9597016

SHA256
6d28bd1306f288a72e580bfe34434aa1cc36958a8bafd688f7b84fd229e11dbc

SHA512
d14f54f5f6aac8c356f47a5488837990ae402eafb48be940450a4fceaf870da07f01cfba719cb02af259a9ec1d1793e89157de76160ec721fbc60274e8b497dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.ezyzip.com\ls\usage
Filesize
12B

MD5
07f5dc1e4dd5089ccd7debb68cbd2537

SHA1
b5ab6aee635959aa4aefed843278f390fc4ec73d

SHA256
6439ad813fcdc6482b5b9fa16f1754d04e8e1e5f333c6547cc056c6035b9f4d0

SHA512
80d4ced7acc3596e5ccea6c75023fdba8c05d6c37a10af26823fc5cd832d5a6dae93bf80152a1fb61193d1d7b3ef0ae3b678f406073f8dab35d539e17cd3607f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.google.com^partitionKey=%28https%2Cezyzip.com%29\ls\usage
Filesize
12B

MD5
ef5bef2c23533b20775817e0acf08128

SHA1
7e6292d37817cb31904c13795ff44f14e69a7678

SHA256
0ef72b88336bf69ce23a2f09cd08268e0eb7ef6ce19e7fd0632c7179a22f7f31

SHA512
61c57a8772cbfd11f9118704795d4ac30259b447ab34575ae25636fa1f7138d015e89514ea9025abf3fbce791cf597023a3ac209ca3a27031aa2f01aff2cd0c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite
Filesize
48KB

MD5
1b9dddb1b9ab44d7eddafecbef446012

SHA1
5dcbd848f1fa731410862deae1735fe5b25eb3ad

SHA256
db45acf250b50b0b742da0b96681a4485945122dbe3d008fa7c381d5c0fc9545

SHA512
5ab65f74a4a56ce25c5f462580f7a6122d8aa66b90c0666cc8a22e76d648842ead594c6ebb3414d0714d5b8581d8f323abe7bb52dc25431d041e772929f18125

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cwoodwardenglish.com%29\idb\217648782LCo7g%sCD7a%tea4bdafs.sqlite
Filesize
48KB

MD5
8761ef19df50f9b7e424850e00ff6006

SHA1
e6b3932aa6ad96faf96e13de3369cd27f95786b9

SHA256
95074244dc9802bd8e9b8728ba301a8f2a0c9f150ebf4264d02eefafaa2a9bc7

SHA512
0e309430625037d3df52a1706c77ce6bc342bcbad841d825adf4c57b949c0ca3164cd22f141e042fc397fcae85a6c1cea10a3d5562cc07273a03f8bbfbaaef7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cwoodwardenglish.com%29\ls\usage
Filesize
12B

MD5
a4b57866747aa8bc0828ccb259689903

SHA1
b77c045f5580c81a6cd07a5e5d2271064aa52233

SHA256
395c2160a5f25f4ebff4939482f032465544c7d1105b8f93b529552a1f8f7b88

SHA512
f5e9b04e525e1bb7a913c3e02504f98b1f860cbc487029075c668cfb560bcf85855d7e48ad19586368becbb6157872b70a083a40081c2c109314ccbe9e5825b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
bb396ae528c1a3cdc61b56f968d81abb

SHA1
e577c52e8e3ec93deebb864e10313dd3a6ec951e

SHA256
0db584dcd7c6eb1b1fe61c21fa61430a8cb2a267b72dd92cd5b8b26c896d0646

SHA512
dc1d69f180929ccc72530d66aa79c9161778c9097bd1dd44ccab2fbe162582007a32ef6bf8ac535cc437174db6828fe64993668afb78f70e968d96b1c38785d1

Download Submit
C:\Users\Admin\Downloads\7z2407-x64.exe
Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit
C:\Users\Admin\Downloads\7z2407-x64.ir6DJ5b3.exe.part
Filesize
9KB

MD5
5945f84ab1fa4adecf9b556fe6de70c5

SHA1
b2a187a0682b5382f0fe9b38059fe143f6b4cb85

SHA256
7eee12bf1255fb0b6011bec9925ca52d7528e9cd81100d890bc51a28ae4929ba

SHA512
18d637a6a9cd77a9fd4f41a0dbe2560a3190fa907f32eaae97d634d5f6df253c5b5d753489b3028b30e615cc0790a273ff21e392bc99b7659c9231e10501f5eb

Download Submit
C:\Users\Admin\Downloads\maizu hack v1.4.rar
Filesize
403KB

MD5
45768dbe40703c4545fc0c1a0f431019

SHA1
68c53d26c48f31bd61042f8b7071c5bb6b78b0da

SHA256
cb1bcf331721008e6dd6b46cd0f1880612374d54403836f43f264f924789e610

SHA512
c984cc4032e0d276d63a34bc03563f422ca3e258a72a9d734304662b268577af873b33f5bfdc3f8a7e2e34ddd391c99a436a865842b502a9649a141242355a4a

Download Submit
C:\Users\Admin\Downloads\maizu hack v1.UuMKt3Cj.4.rar.part
Filesize
64KB

MD5
92f406bda2e0abd64800d9a5d678d58d

SHA1
ca8fc6dd0f50224292ea4cdc26d127e48b393b1c

SHA256
8d1a47710684bcb0f16dd8514f8c0c89a4a1869045a9c0c0ea680e3d635aa456

SHA512
10e2ad40bdad436607218caaceeae43d248fc22d8a0bf83017778d80f4cfff6d4e6f322541196560544d9419bf5484043f0ec31e638f89611905c9e32b9054cb

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.5LV2fWo2.exe.part
Filesize
15KB

MD5
0768b4e647494f8879e68a78aceec69a

SHA1
ee903db50a63f52087d5cbdf10964e63d9ebd4b1

SHA256
b6c766647c4117e535b85d668da78bfd39e05350ae8582321090684b3ef00be3

SHA512
7f6e0fa7c95f9010566476495c46d6f814c4ec4e9c068ce27ba9244fe833ee001ad507f0ae34a67f6347779033d5ca85698d370d0dc6b7b06f0c74f5c4e380cf

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe
Filesize
3.8MB

MD5
46c17c999744470b689331f41eab7df1

SHA1
b8a63127df6a87d333061c622220d6d70ed80f7c

SHA256
c5b5def1c8882b702b6b25cbd94461c737bc151366d2d9eba5006c04886bfc9a

SHA512
4b02a3e85b699f62df1b4fe752c4dee08cfabc9b8bb316bc39b854bd5187fc602943a95788ec680c7d3dc2c26ad882e69c0740294bd6cb3b32cdcd165a9441b6

Download Submit
memory/8700-5716-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/8700-5717-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download