1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f

Analysis

max time kernel
527s
max time network
578s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2023 14:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Royal.Full.rar
Size

2.4MB
MD5

c8d06ef9184701388bbf4407a304103f
SHA1

a12f32b92f9c26c0a0808796844d39ef59c1a0be
SHA256

1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f
SHA512

f15ca50d69a81ec3b529af42d19c73ebd9b2589eac1e2b52aa644fe7cbe1bb8a64dac7f16773e69a71819b84eca7e6956bbc5459a37848230988022f0274cfab
SSDEEP

49152:OFH026eImiJNJR2J/TT6DTbjmFyEqDVnPD+okNyf183mJ8BN:40Bjms3RkToTbjaVqRnyd72JQN

Score

9^/10

agilenet

Malware Config

Signatures

Modifies boot configuration data using bcdedit 3 IoCs

Processes:

bcdedit.exebcdedit.exebcdedit.exe

pid process

1020 bcdedit.exe
3768 bcdedit.exe
3424 bcdedit.exe
Downloads MZ/PE file

pid	process
1020	bcdedit.exe
3768	bcdedit.exe
3424	bcdedit.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

reg.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	reg.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

ROYAL REGEDIT.exeOPTIMIZACION1.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	ROYAL REGEDIT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	OPTIMIZACION1.exe

Executes dropped EXE 4 IoCs

Processes:

ROYAL FULL.exeROYAL FULL.exeROYAL REGEDIT.exeOPTIMIZACION1.exe

pid process

5536 ROYAL FULL.exe
3344 ROYAL FULL.exe
5740 ROYAL REGEDIT.exe
3740 OPTIMIZACION1.exe
Loads dropped DLL 3 IoCs

Processes:

ROYAL FULL.exeROYAL FULL.exeROYAL REGEDIT.exe

pid process

5536 ROYAL FULL.exe
3344 ROYAL FULL.exe
5740 ROYAL REGEDIT.exe

Obfuscated with Agile.Net obfuscator 1 IoCs

Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

agilenet

Processes:

resource	yara_rule
behavioral2/memory/5740-1569-0x00000240C9E70000-0x00000240CA062000-memory.dmp	agile_net

Drops file in Windows directory 1 IoCs

Processes:

ROYAL REGEDIT.exe

description ioc process

File created C:\Windows\resources\OPTIMIZACION1.exe ROYAL REGEDIT.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\resources\OPTIMIZACION1.exe	ROYAL REGEDIT.exe

Checks processor information in registry 2 TTPs 60 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exereg.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\FeatureSet	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Component Information	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Component Information	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Status	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Previous Update Revision	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Status	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Configuration Data	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\VendorIdentifier	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Update Revision	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Configuration Data	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\FeatureSet	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Previous Update Revision	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Platform Specific Field 1	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	reg.exe

Enumerates system info in registry 2 TTPs 64 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

reg.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Configuration Data	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Component Information	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Component Information	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Component Information	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Identifier	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\Capabilities	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BiosMajorRelease	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1\Component Information	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Identifier	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Component Information	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Configuration Data	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BootArchitecture	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0\Configuration Data	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\Component Information	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2\Identifier	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Configuration Data	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\Identifier	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\DiskPeripheral\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\1\Identifier	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\2	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMinorRelease	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses\PCIBus\0000	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0\Configuration Data	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\DiskController\0	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\Configuration Data	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	reg.exe
Key enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoAdapterBusses	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\0\Component Information	reg.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\FloatingPointProcessor\1\Configuration Data	reg.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0	reg.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral	reg.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\MultifunctionAdapter\0\KeyboardController\0\KeyboardPeripheral\0\Configuration Data	reg.exe

Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command-Line Interface
T1059

Processes:

ipconfig.exe

pid process

6132 ipconfig.exe

pid	process
6132	ipconfig.exe

Modifies registry class 64 IoCs

Processes:

OpenWith.execmd.exefirefox.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 8c003100000000005556211b110050524f4752417e310000740009000400efbe874fdb49a156f7862e0000003f0000000000010000000000000000004a0000000000635e2000500072006f006700720061006d002000460069006c0065007300000040007300680065006c006c00330032002e0064006c006c002c002d0032003100370038003100000018000000	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0 = 5000310000000000555602191000372d5a6970003c0009000400efbe55560219555602192e000000d7e7010000000d000000000000000000000000000000db36fb0037002d005a0069007000000014000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 19002f433a5c000000000000000000000000000000000000000000	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\NodeSlot = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Applications\7z.exe\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\ၩ𸠈〫鴰	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\ၩ𸠈〫鴰\ = "rar_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\NodeSlot = "2"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = 00000000ffffffff	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\rar_auto_file	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0\NodeSlot = "3"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	cmd.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Applications\7z.exe\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\rar_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0 = 4e003100000000005556021910004c616e6700003a0009000400efbe55560219555620192e000000f0260200000015000000000000000000000000000000822807014c0061006e006700000014000000	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Applications\7z.exe	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Applications\7z.exe\shell\open\command\ = "\"C:\\Program Files\\7-Zip\\7z.exe\" \"%1\""	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	OpenWith.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\0	OpenWith.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\.rar	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	OpenWith.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = ffffffff	OpenWith.exe

NTFS ADS 2 IoCs

Processes:

firefox.exefirefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Royal.Regedit.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\Royal.Full.rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

ROYAL FULL.exeROYAL FULL.exe

pid	process
5536	ROYAL FULL.exe
5536	ROYAL FULL.exe
5536	ROYAL FULL.exe
5536	ROYAL FULL.exe
5536	ROYAL FULL.exe
5536	ROYAL FULL.exe
5536	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

1264 OpenWith.exe

Suspicious use of AdjustPrivilegeToken 21 IoCs

Processes:

firefox.exe7z.exe7zG.exeROYAL FULL.exefirefox.exe7zG.exeROYAL REGEDIT.exe

description	pid	process
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeRestorePrivilege	1356	7z.exe
Token: 35	1356	7z.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeDebugPrivilege	2292	firefox.exe
Token: SeRestorePrivilege	4840	7zG.exe
Token: 35	4840	7zG.exe
Token: SeSecurityPrivilege	4840	7zG.exe
Token: SeSecurityPrivilege	4840	7zG.exe
Token: SeDebugPrivilege	5536	ROYAL FULL.exe
Token: SeDebugPrivilege	4980	firefox.exe
Token: SeDebugPrivilege	4980	firefox.exe
Token: SeDebugPrivilege	4980	firefox.exe
Token: SeRestorePrivilege	3700	7zG.exe
Token: 35	3700	7zG.exe
Token: SeSecurityPrivilege	3700	7zG.exe
Token: SeSecurityPrivilege	3700	7zG.exe
Token: SeDebugPrivilege	5740	ROYAL REGEDIT.exe

Suspicious use of FindShellTrayWindow 20 IoCs

Processes:

firefox.exe7zG.exefirefox.exe7zG.exe

pid	process
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
4840	7zG.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
3700	7zG.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

firefox.exefirefox.exe

pid	process
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

OpenWith.exefirefox.exeROYAL FULL.exeROYAL FULL.exefirefox.exeROYAL REGEDIT.exeOPTIMIZACION1.exe

pid	process
1264	OpenWith.exe
2292	firefox.exe
1264	OpenWith.exe
1264	OpenWith.exe
1264	OpenWith.exe
1264	OpenWith.exe
1264	OpenWith.exe
1264	OpenWith.exe
1264	OpenWith.exe
1264	OpenWith.exe
2292	firefox.exe
2292	firefox.exe
2292	firefox.exe
5536	ROYAL FULL.exe
5536	ROYAL FULL.exe
3344	ROYAL FULL.exe
3344	ROYAL FULL.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
4980	firefox.exe
5740	ROYAL REGEDIT.exe
5740	ROYAL REGEDIT.exe
3740	OPTIMIZACION1.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exe

description	pid	process	target process
PID 2292 wrote to memory of 460	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 460	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 988	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe
PID 2292 wrote to memory of 4608	2292	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Royal.Full.rar
1⤵
- Modifies registry class
PID:1396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:3924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.0.799611133\1296155975" -parentBuildID 20221007134813 -prefsHandle 1860 -prefMapHandle 1852 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c199fd4f-5cc7-4023-8d34-b469aa1900af} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 1940 25470024958 gpu
2⤵
PID:460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.1.1958221586\2114777175" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32222ae2-d33c-4360-9cc9-20bde2d431b1} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 2332 25461f74f58 socket
2⤵
- Checks processor information in registry
PID:988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.2.518388843\1381679298" -childID 1 -isForBrowser -prefsHandle 2980 -prefMapHandle 3028 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10c203d7-07c8-450d-8f21-3a8fc910a5d3} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 2976 25472c08458 tab
2⤵
PID:4608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.3.1711605481\1348921574" -childID 2 -isForBrowser -prefsHandle 1412 -prefMapHandle 2376 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {858d1b91-ad4a-47e6-ae8f-d9cd9173c519} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 3376 25461f6ab58 tab
2⤵
PID:2788

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.4.1454365067\224744415" -childID 3 -isForBrowser -prefsHandle 4148 -prefMapHandle 4144 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d88869e-a7ef-417d-a869-68b2f8b43a87} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 4168 2547415eb58 tab
2⤵
PID:3260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.5.393554362\136553369" -childID 4 -isForBrowser -prefsHandle 3692 -prefMapHandle 2800 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7d1b058-71f5-43c2-9892-2096350e4a83} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 4536 25470391358 tab
2⤵
PID:4356

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.6.1560003737\997022539" -childID 5 -isForBrowser -prefsHandle 5020 -prefMapHandle 5016 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26d9e63b-c7ba-411a-86d8-6b54c179597a} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 5028 2547852a558 tab
2⤵
PID:2096

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.7.1779466240\2131034641" -childID 6 -isForBrowser -prefsHandle 5044 -prefMapHandle 5040 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69c314ca-d682-416f-a730-6cd55ae9fd62} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 5072 25475462858 tab
2⤵
PID:3040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.8.343013593\2009993818" -childID 7 -isForBrowser -prefsHandle 2912 -prefMapHandle 1288 -prefsLen 27020 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3422e8d9-23b4-4038-8dc5-1dba21ae40ce} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 2812 25461f6ee58 tab
2⤵
PID:5584

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.9.623233056\1838244843" -childID 8 -isForBrowser -prefsHandle 6092 -prefMapHandle 6068 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46782c67-6cdc-4d9c-a6e3-21f8c6ab7dd6} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 6108 25472cede58 tab
2⤵
PID:5484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.10.778002715\798194998" -childID 9 -isForBrowser -prefsHandle 5816 -prefMapHandle 5812 -prefsLen 27331 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e11b4795-998b-4c89-9db0-bdea1be4c833} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 5756 25475334f58 tab
2⤵
PID:5944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.11.1413974880\1515302251" -childID 10 -isForBrowser -prefsHandle 6388 -prefMapHandle 6332 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62c42555-6843-4f35-b75f-3da8a695bb64} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 6396 2547473ae58 tab
2⤵
PID:5240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.12.674770126\659608224" -childID 11 -isForBrowser -prefsHandle 4624 -prefMapHandle 4468 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61e2e91f-ca73-4d52-88bc-dd2849e9d718} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 10576 25475b3d858 tab
2⤵
PID:1484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.13.189114752\279376268" -childID 12 -isForBrowser -prefsHandle 10404 -prefMapHandle 10400 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {524e88ca-137f-471e-abfa-9ffc089c8762} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 10460 25475bd1b58 tab
2⤵
PID:5292

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.15.764540405\1437210678" -childID 14 -isForBrowser -prefsHandle 10304 -prefMapHandle 10300 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd22c7aa-e021-4f21-9f71-b4ba1f899cd4} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 10308 25475bd0958 tab
2⤵
PID:5856

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.14.644733900\85817713" -childID 13 -isForBrowser -prefsHandle 10284 -prefMapHandle 10280 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c45085e-95ae-4b73-a433-8a2f39159498} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 10292 25475bcf458 tab
2⤵
PID:2452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.16.694772382\451843191" -childID 15 -isForBrowser -prefsHandle 9988 -prefMapHandle 10088 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c14fd49e-2da3-4ffa-ac88-de98b4e7aad3} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 9992 254785acd58 tab
2⤵
PID:2928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2292.17.752686740\557532512" -childID 16 -isForBrowser -prefsHandle 9912 -prefMapHandle 9908 -prefsLen 27340 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73e6fe0b-7a2d-4de0-83b2-4a72afdb3322} 2292 "\\.\pipe\gecko-crash-server-pipe.2292" 9920 254785adf58 tab
2⤵
PID:5308

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:4016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Checks processor information in registry
PID:4480

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Program Files\7-Zip\7z.exe
"C:\Program Files\7-Zip\7z.exe" "C:\Users\Admin\AppData\Local\Temp\Royal.Full.rar"
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:1356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5436

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Royal.Full\" -spe -an -ai#7zMap8929:82:7zEvent17815
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4840

C:\Users\Admin\Downloads\Royal.Full\ROYAL FULL.exe
"C:\Users\Admin\Downloads\Royal.Full\ROYAL FULL.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5536

C:\Users\Admin\Downloads\Royal.Full\ROYAL FULL.exe
"C:\Users\Admin\Downloads\Royal.Full\ROYAL FULL.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2992

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.0.1479430758\1997588291" -parentBuildID 20221007134813 -prefsHandle 1432 -prefMapHandle 1680 -prefsLen 20890 -prefMapSize 232711 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7be8e21-49e4-48d4-b656-433748ffedef} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 1784 1e1e27fce58 gpu
3⤵
PID:6004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.1.322560567\671907868" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20890 -prefMapSize 232711 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9a25cd4-ae61-4b5d-8812-5df68d162c70} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 2148 1e1e28d3b58 socket
3⤵
- Checks processor information in registry
PID:6008

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.2.211875568\133840138" -childID 1 -isForBrowser -prefsHandle 2740 -prefMapHandle 3136 -prefsLen 21372 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {723cc2d8-e952-4be2-9284-67a00cdf60a5} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 2932 1e1e606c258 tab
3⤵
PID:824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.3.1791335841\1577195586" -childID 2 -isForBrowser -prefsHandle 3856 -prefMapHandle 3852 -prefsLen 25984 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3d74ed0-817b-4775-b54f-29ceca1658ac} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 3876 1e1d5f2e758 tab
3⤵
PID:3352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.4.1470237985\698722744" -childID 3 -isForBrowser -prefsHandle 4196 -prefMapHandle 4192 -prefsLen 26829 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d316276-96d6-46eb-8864-aea9c3ecf7a9} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 4208 1e1e70b2a58 tab
3⤵
PID:6128

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.7.1306991658\1705749390" -childID 6 -isForBrowser -prefsHandle 5060 -prefMapHandle 5040 -prefsLen 26969 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c07e93eb-b2fc-4d43-83bd-d37e42b371fb} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 5144 1e1e8edfd58 tab
3⤵
PID:5624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.6.1709389192\211434105" -childID 5 -isForBrowser -prefsHandle 2644 -prefMapHandle 4648 -prefsLen 26969 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afc18617-2912-4408-9e49-00af45420d85} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 5044 1e1e60e7258 tab
3⤵
PID:3772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.5.1235460586\651633098" -childID 4 -isForBrowser -prefsHandle 2448 -prefMapHandle 4864 -prefsLen 26969 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c10baae1-7962-4ca2-bd24-704a03d3b3ae} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 4832 1e1e5cdee58 tab
3⤵
PID:4524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.8.2008277605\1482023675" -childID 7 -isForBrowser -prefsHandle 9556 -prefMapHandle 9504 -prefsLen 26986 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {803d655b-eba2-4fab-b979-e49be2dbeb2c} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 9680 1e1e7d59558 tab
3⤵
PID:4704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.9.594052625\736933285" -childID 8 -isForBrowser -prefsHandle 9008 -prefMapHandle 8968 -prefsLen 26986 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2405763-5351-4697-a1d8-56cdea647359} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 9016 1e1ea147058 tab
3⤵
PID:4592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.11.1414111974\969994695" -childID 10 -isForBrowser -prefsHandle 8924 -prefMapHandle 8928 -prefsLen 27240 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ad45d3f-cdb7-4ad0-87b9-50434ce10810} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 8856 1e1e86a7258 tab
3⤵
PID:5592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.10.789766588\1551957159" -childID 9 -isForBrowser -prefsHandle 8936 -prefMapHandle 8940 -prefsLen 27240 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9308e439-0b77-4279-b414-9f53ca2cccb2} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 9528 1e1e85e1158 tab
3⤵
PID:692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.13.705380571\1032384332" -childID 12 -isForBrowser -prefsHandle 8704 -prefMapHandle 8700 -prefsLen 27505 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cc7780a-eede-4de8-bc6d-57534bb5848c} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 8644 1e1e8f6bc58 tab
3⤵
PID:5828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4980.12.1056968673\1195500471" -childID 11 -isForBrowser -prefsHandle 8684 -prefMapHandle 8680 -prefsLen 27505 -prefMapSize 232711 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61880c35-b5f1-4ea0-856b-dfb3666407db} 4980 "\\.\pipe\gecko-crash-server-pipe.4980" 8692 1e1e8ef4558 tab
3⤵
PID:4400

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Royal.Regedit\" -spe -an -ai#7zMap21361:88:7zEvent15250
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3700

C:\Users\Admin\Downloads\Royal.Regedit\ROYAL REGEDIT.exe
"C:\Users\Admin\Downloads\Royal.Regedit\ROYAL REGEDIT.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5740

C:\Windows\Resources\OPTIMIZACION1.exe
"C:\Windows\Resources\OPTIMIZACION1.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3740

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\BE9F.tmp\BEA0.tmp\BEA1.bat C:\Windows\Resources\OPTIMIZACION1.exe"
3⤵
PID:5704

C:\Windows\system32\ipconfig.exe
ipconfig /flushdns
4⤵
- Gathers network information
PID:6132

C:\Windows\system32\bcdedit.exe
bcdedit /deletevalue useplatformclock
4⤵
- Modifies boot configuration data using bcdedit
PID:1020

C:\Windows\system32\bcdedit.exe
bcdedit /set disabledynamictick yes
4⤵
- Modifies boot configuration data using bcdedit
PID:3768

C:\Windows\system32\bcdedit.exe
bcdedit /set useplatformtick yes
4⤵
- Modifies boot configuration data using bcdedit
PID:3424

C:\Windows\SYSTEM32\reg.exe
"reg.exe" export HKCU "C:\Users\Admin\zks24rg.reg"
2⤵
PID:3660

C:\Windows\SYSTEM32\reg.exe
"reg.exe" export HKLM "C:\Users\Admin\ntrfke5.reg"
2⤵
- Checks BIOS information in registry
- Checks processor information in registry
- Enumerates system info in registry
PID:1420

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.guna\Guna.UI2\Licensing\.licenseengineversion
Filesize
4B

MD5
4df604c34ac416cd49e8c15db087a2da

SHA1
c9750283f2d66c7e445a63e2e52445c0a017bed0

SHA256
64c6eba21ca5a6d3d07d2e216c48934a2105b4eb2aaf04db0ce74fb73be813bc

SHA512
54a97ec47d699a4063c9b45d7e61e90eff3730e4acc696cf21e31354679af1142ff2f89dc768c45bb6729b5db9c565696d7a285aaba714cc68885a7b57de9ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
98b8d1a12bdfa007f65733c8c7658c8b

SHA1
980b23adc14f6bdad8d470679f8446a9894aea4d

SHA256
22cc3be354f2a0cdf4fdd680ff443ac2052db5a4ef42be57238336b54db07088

SHA512
8b0bea75cd2a33fe9f5dbe1dc8710c715f169aef0ae7171f0312e8d2ab63883e1687bb74480d16f00a6c70092df285ec11a2e0ea4d5aa9bbcf16fb2bd86b81a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
d88e88ac61eb60ba153e2ab3b7502f98

SHA1
8c1f758a05c843c8356c30e4b3c7b9e27d4f9bbf

SHA256
da7a9cc24ab4f632b0697d4943a2037440335ae83f9bb3ed0467cc382611a01b

SHA512
9240d3d6acb52ddb5699696d5f826a7b2550296302cfd9fe6b8e7a5e2ada277432879f824c11c85cae23629f23675d3a15845ba2e17324572e015ef0199296ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json
Filesize
148KB

MD5
ab91a856860f4825498624a366dee506

SHA1
49ad07f9bf79d0ed45727d58ab873cb376d345c5

SHA256
42c45500ed2b7f56ebf8696896934885691ba979bc8229021986cf13f23708bb

SHA512
d549bb7187791884665c4006c5ce57daed21475f4d57c5e1571413362a2189ae938e812d2f99d8ee831db97b82af26a2dd3ae1185f0b665d935d6a3b05f28b0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
Filesize
148KB

MD5
37d8de58fc2c6250b82fb4b9dc4e91bd

SHA1
863b5a0f8e73e0052e6cf00e7044ca6e686a1cb6

SHA256
6671a12b1d08d1aa1a7eceb73be553ad5f227f81603f05eb71d2bf01a1add55d

SHA512
ba0d39414bdadf01cfa8538da85362bf36fa308c07eda016c26f7af482f7acfa59f4dd543e95605bb35f6ed156a920941398869144521fb3883818a79c1b6715

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp
Filesize
148KB

MD5
38b113b3cf2cfb85079c6335ade63821

SHA1
c74a9e102847b711d4413d827929bc10341ef83c

SHA256
017c449407faba13ae2b0f9e6cc6dfebdbc2aa26e2f75f35d7d65a00cffc763e

SHA512
9fa2898ae6887cf9b657229fe9cc356d268069556ade49eded45cbf150c3ee48b5b41717bf527765a065b5b1d6d16a8ba71c3bafcf78869e4e8da48ac1748984

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\15654
Filesize
13KB

MD5
109ce0fbb96c064e235e0beb0a803db4

SHA1
36ed9cc690beebb39f0755336642415a13b19fb2

SHA256
c6e5fe3084894daa4dfa1b8832f31d034ece6e1a71fea57a684a1d44712617ac

SHA512
a04f719db6dc74310b6c48bc3e89b80ce58f160025d75cce9c8e48f5a0b7c79b77072fb7a9ac73e31c0ef2757cf4d39c371a991713bb00a20aa98a4995d02dfb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\16765
Filesize
38KB

MD5
b6afbdd1a31328c167d3fb19b9f56794

SHA1
6739486e8b3aa6326b2015aca49454d469f21b97

SHA256
52556ec0bfea289b9d350db99f85825f5c41f2ff449ae50fb99f7d5232b238c0

SHA512
f70d1849754cb8e2419bc656b9acb44803e610e9ad8fb60afdce24a4303ac9bcf60d60f16e97d0e80533ce14b51d70db8592fcdb85835121f53c2321ef06ff88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\17405
Filesize
20KB

MD5
d26a51ef86e6853d5cb6643e3adaa927

SHA1
3f071843bbfb8f636bc3ddd6f3b2f345fe768fd8

SHA256
1934c7dcdda9c68dcc51e6557f83e9145fe68d9b9ff44fa5974bde11b002b3ef

SHA512
b8231925a8211d4c3a0f4aeff86991ee0b1d051ed08dbf07641cc416129f8661d850250dc30645dc0b05e20ad9d13ef97462dce7c3fad11b4e72830f3d23f11e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\25534
Filesize
29KB

MD5
42f0e257cec1c8eea22e10a288afde57

SHA1
06e947878bb109472cd82ebdda5c1a5895282b77

SHA256
a32bca5fe361be1a847aa745711d4b963424447c08dd84ea0bcb529639123bf7

SHA512
443081bc60ca8a8ab2662eccc8c73aa479f9683bf627a497957fca21a92babc95ea8a0dde6d2ab7f2a064d9c2d44033481e020fc1e4498a99641865c63c434c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\29827
Filesize
55KB

MD5
a70afc8fc21a6c8898e1c8a24ff0a50f

SHA1
328c4e29e4c0807edca77afad8f968334a4ed419

SHA256
15f0eed0699b643b0eabaa9a601f7ffb89501878db8d9ae89d7a61f78d71c330

SHA512
8fb7382ca60835402c1cd204f391dd42d8aafaabccefc2fb37b7a10c97127958d0ffeca4601176f0b6afe05caa21ce9967323d708d988e792823534ba4fa9219

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\30411
Filesize
11KB

MD5
06a06cb33312f27434a5baf08d00cb0e

SHA1
edc96566d25a39a5b90a6e198e4578f335841315

SHA256
1b79eb49fb3cac39b88351709f77c108c4afa72bdefd163acdc5dd8c495867d5

SHA512
836022065c996782794ca3130b10bc788b3fcc17c7287bdaf9b99276825d45c58ad3ea43491910da799f2d7e5dbab1e6a02863345c15eed9d777798477c01d17

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\4354
Filesize
9KB

MD5
d80a884f38b74e88481b5d5d4f1a3d61

SHA1
e584884dffe2d274848c7a38ad4ba8f194c9f9d0

SHA256
8e04beb5b01482488b4f12ee1ab45ff307127af574796d8614a33d962d8695e4

SHA512
acadcb3ca18949c6e1c5a6ba6bf6a0bb2046d52f2719f8bddf8bb1c6b1f8c7c6858ad0e1286a0dad446aac816f60ce07acb68f7c0a9e47dfa66482e829a83e76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\511
Filesize
96KB

MD5
b52075f46c5dbf73470303d345df4e43

SHA1
caeb0322f38ac3860d2a08843fc7883233f5ae2c

SHA256
b3f45aa1e95fabba1eed630cd73668aa75e2302ba1d50f91241832eda973c4e9

SHA512
e95e08af9fbdf43836d198c04c85d0a015d02e7394a14381b4722d9e28d6e1d31c87c1774e55320d77266d752b8c92c89a8055edb718813f25faed13e1af4655

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\5828
Filesize
85KB

MD5
34f2a8cf126cf88a44d1219e097fc3b3

SHA1
d28ac1c4596ad63aae31382baee83e1a9fd56ce0

SHA256
0b0881a761b2efa975ed2e9c2e340f17e14c941c5bdf4c42e07de4938aa923ea

SHA512
fa6103dcb34c7f93d754946984f96fc7fbd986055ad0f25f7bd17a97ef4d96de642557725d17acc7eed26a620c5e63ce142d3acc391560fa5953d6661c5b0c5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\0439B2E4CBD7F3519FDF4705FDEC4CBC26FFE204
Filesize
18KB

MD5
b109687470cff6fe5158e3e01c764a42

SHA1
544e9b04423d5a784261492e36f296d842ed6c7f

SHA256
e701dee8dd515f835759fbd51a4e42db62f257837bdb56b30e56922358518917

SHA512
20dbcd1678c0e3f21d0644faf1387726475cae12efb6b59ec338f241dd14fe1fef2e28adc5fe594a170a6312a241b6f6868577567bcd379201d6fd1364b14652

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E
Filesize
14KB

MD5
7d5399931a1577dac8c59154b676022b

SHA1
8444f1074d5e039cf7562beae15fda9f69ac64d2

SHA256
d0280b43605596ec753980ef7dba334ac15f65bb26d5af98afe75bd7413f5c28

SHA512
fcf4486a8dbb89c4192fcdc0c1115b9e84e40cef3363048e023ac6d40d8acc0042427bff3b4ab38c14719f4d40773a019384e14309316552ca2d9b30f5ea562b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\41D6C33D226DE9B670D8F5750AAE431A9A056E8B
Filesize
1.8MB

MD5
0077e77509820407e146ba1417b6f786

SHA1
800eeae945aa6461bae6b0c9a60f417bf29036f9

SHA256
ac091b210f16c20cb4c5b33c182ca3ba995bc936deb2aa0a08f1af085e00c699

SHA512
682da1cb2bd1fb7ced5f3ad3440e1d49b56c389e35b371300baad41b466e404895f8f43088960dedfc63578a7a433b2f0e7af757f2d49b710fadef3772c40404

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\60925D2481C2143C3D7991EF3CA36A51AB037C35
Filesize
11KB

MD5
081446a4714857627b12d67354ecb48c

SHA1
737ebd8436189af45afcfc6ab7e40dd28f311399

SHA256
4b0254906bd1844b07b44712d2ad5f5aeccae5c3dbd1c270cbf001e8e9e36e65

SHA512
286a5e6dcaee1a08cb3d0ee7c8773a7873aacdc0094ae0f488f5051c369d57642d697cb6d0d574d594add1f5d193e17650d70756df6cf594c191fec2588da35f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\60ED919B53A67A8601D758CE9C937EFD059A90E1
Filesize
9KB

MD5
596f5eba212a000a3e4660c2ef9a1541

SHA1
4ee4ed67a7c9e86ea0f4c72874042299e194049e

SHA256
519822dfd71bcd5fb5767589019c8fde7887abb2874c901a63f81aa67dc97d15

SHA512
0174e52a7dc9b2cfc03b8dbc559ab59c1734b7553637bf36702228d34152ee3e8562c78798675f93c431e498e0e8f591e9eb6a31ebe74a23373052dd1d60867f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\629E4982D710E52B9152686C66C4F8A8B12F16E6
Filesize
40KB

MD5
7cbddd4861bfb08d9a7b5cb3f838bec7

SHA1
6e8050ddd189ed9d608cd2f03f71db03444c01e3

SHA256
cc151ac672514c714f83688e5c39300b4fb4a5f1c1b4cafe125affd055affa0f

SHA512
cc5453cf15b6c0a3afddf3c5500ac7d0e6d7f5867ade0a067476dd98e322127d5c488a8acc5dad3c34666d0437cada5313bdba4762b42f0bb274e97a8837a7df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
9KB

MD5
1c93963a1e8f1884455463063761525d

SHA1
a155d120c4d10f986d811b093eb1f5e9d4308028

SHA256
e0051aa9595eec7c83bc9983b0407d0c1c8e73753454ed10f505283a3f079d14

SHA512
a770546cd18f52767d6b4d016bdc522cb40311d87e94b17380ccadfaf485b0a3cd74182bf0cc0d63493cfb1591605ad536de479b01059e13154531fe696f0334

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\891D4D7FB472385DDA5600B178249FBA7E2A8526
Filesize
1KB

MD5
4f0ca986a2782006d18840edb0f92eea

SHA1
f6f8aceb3fe86d69b3461c7fa253a92bb4bb8131

SHA256
691ac66c42c7c4c96632cb283717a68d2d1175e4ef831873463c22a9c3e74b8b

SHA512
36d0e407d7cfc069b45c9068df44e7fdb1dfef5303767b00c4b68b0aac10f7914a386083525c1cac5aa78a85db62d202a5f63b88ee49584ebba1c7e41092d479

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\8C7D0ED9839071700AACB3685D3D29A7A613EA16
Filesize
11KB

MD5
6e00f93e59b8d48fbb53a7f723388884

SHA1
3d2efa416885a6624a4e2ff780509d2c870af97e

SHA256
ddd8d4e6fda70fc1505435f7aa9b3d39934fa257d651a0ba05df069b784f04e1

SHA512
79652dad9cc7fce8c4e12921aebd54f27c94d5e6a8f35cb360d58aee65e5c37b390fd9db4ab9aa84a598c6fb6f9adcc2274d6df0153502a5ae61085dca881f47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\976E223450E23E3BE38694BCCE7FB53FCABE8875
Filesize
36KB

MD5
181161b9af50fccc00c4520b1360ee58

SHA1
913e5b539f0934bfe3a74f4c5635bc01966ca98a

SHA256
007e27b4a9e40a748bc45e5239783dd69e3e8ff16e57bb636e8ed3fde8a30d62

SHA512
d59777a50a3a5b6bdd359431d5b533d23061ae4052f9aff6349d7ccebe7de7310707de256f961ca94524bf4668bb42a5bb9f4594bc48812ec4550d7ff03d3124

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\A292F867D57E2D4C8E4A0ECB8A84D9D413032844
Filesize
9KB

MD5
1f918cb80c8109bd5b3f8df7cba29a1e

SHA1
ea088aa4e4879b76c572ac1c2c2ddcaa533095f7

SHA256
d42493eedc6d091b9d39f581068dac1b027db41b6dc1edbc2e196ae7589d5566

SHA512
a9addeb7ff298a5ea5170e24b5322ccf26bfeee5fe63be3f63eff4b62985dfa2c9a71817c2d4a064b82cc25287d282225299df1f57f15768e91b328e65bc5981

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\A6087C7B368E9D562B614610C8974396464A094D
Filesize
2.4MB

MD5
54e9ac101c20bf900aabf5937d8ac4a4

SHA1
515ba2e774b8386b8ab0715f417cd4fb19769737

SHA256
aa97ef93bcaf266e70dcf03f89f934f5f9efd54f370075e9eebcecfca2510f63

SHA512
8f53fdeed31551ebaebb179c1e3828e5724c3a89a8e0b80ca81567848f76cbee2de19449af29c6062f10c80833e417afddd8f88f2eb18f23a96dfc38334db183

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\AE16348A6A3035681E42F1E80B962708F6F26CCC
Filesize
116KB

MD5
86ede81645cff946b9aa71f74f5a978a

SHA1
cfa83e71027853de0e1ef3cd167759a8c05bca2b

SHA256
49de763fa8447944ad1f83f10c2ca93136c0eebbfbf761023e10aae22b232f1c

SHA512
ebc25fd87016f81d4b1809f38fb70516a927e5a411e82c47741f0175321747d4dfbd88a14687412cc4318db31847a1614870df00a789f15924bc4eaa002fae48

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\B62189E12FFE0C034A2320BC61827EBD07D5FD8E
Filesize
33KB

MD5
343703dcf862ed640c18b8501690f6db

SHA1
f4943e2485e1fd6ec5455209f9efe88f41989071

SHA256
7f29c0c82922267673e93fd39d9b7b3520c4e85cce3eba76ca744385e5a3aac6

SHA512
cc15df0451a9deb44b6d3fc9b87c12efd33195d49dbd3d2bd2f8480f5d5f31a56de98bce5503c467a867a8d796883c2bccf95e5c09d6f21279b2c96b3b5a7e9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\B62189E12FFE0C034A2320BC61827EBD07D5FD8E
Filesize
338KB

MD5
e9b3242dbc8bed3e92eed3b69c9e3ffc

SHA1
9a130088af002c81bf277d8d45d12c8d6a98bf7f

SHA256
bfdc0a9b6980a13ae0dd33a8878bf116334fd2345261084db0e5d1dc293a50df

SHA512
665d9497b2a8817ed2c1ac177034859e8c3e83bd88751e6265c9fd616fdfc263844aac8aae736424ceffef3f2d71d3846e22903f61f51729967245c438f8b69e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\BF2450E7BB95FEAC69AB5C533E229A5A18779D3D
Filesize
18KB

MD5
d8d594aad008c4e143d5356b57092219

SHA1
741232331bd7e360707c197933f56fd3734cf607

SHA256
ca16037577c0a5021c681b5b3b9d2f0cc2171bfb7907f6424b23f624864caca9

SHA512
9e0840cdcbaa0209e9ab223c05e8776fd70f3bcd1b8be2c31d01033347d37292399d9bf345ba845dd81865e09b1f4f82a9ef08a49d4469036707a7ea1547dfce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\C29908DBDEBD80E757D638E13908EA76ACA75F60
Filesize
10KB

MD5
e0c0f907e91b69b17e881f5811e21f6e

SHA1
30887246118afb10aa886f4547ee490a147f38e6

SHA256
0a61f6bf50da474a6e347b2511d55dcdcfb58c48bf06e0c38735ec384db4fa6a

SHA512
1c6fa2e57052ccc1c4d67604b9d31b7ff9661cf245a736c24d394b4734e4b5568018c262c52a8b2b9f58e76f6c7d5271d302a2acfc999e88393e9b5a6aaa3c79

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\C79080D6B96DE2577C1D688BA27AD43D8D789F0D
Filesize
19KB

MD5
6aac10266208b9422541520297268f78

SHA1
5644e01fcc3412dfa885644ec93bfe5d094bd7de

SHA256
2a256dc941105b4cc21f738ca9256e0486c14d50df68bdcc0c1e8d4317732711

SHA512
6c332d72eec335da989882dd7735c3a81201f94ede7cf269c7b3e895aa2a2fa1e1ce5dda84471f75f884daf5444043c35eaa03b25df906d066cb0ced97bb89fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\C79080D6B96DE2577C1D688BA27AD43D8D789F0D
Filesize
19KB

MD5
f428d23e80169ab917e996ffe3cba85b

SHA1
c13acc12def5a870368aa5ea9222c0dfe223cb4b

SHA256
a387fdf1f96a8bfb248d215096985ebd5203a50e4a0cee1f69fb7c5bbb9592d4

SHA512
10d0ed175e09e51bc024836fe724fd6a497905249e858683bb54a9ea70e0f840a07c5c73f06d016416b713d30be87a286111f9d0ca32424c93d127faa5768bc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\CC2652C751DF47FC81164D9249EF0AB5F1882AC6
Filesize
12KB

MD5
9dde062fd63e4fc5f5d33dca30cb48de

SHA1
8231777c4e01b2614ac9ec5e62f1176b6905ef17

SHA256
d517dbfc3d98c832be1e39359afb35a9edeef4d7fb7012608476f6651a05cb13

SHA512
8bcbd0f75f571a139f5f3d34f97fd343baf721b1fca9bb968f850aa292dec72ee1bd6907b07a779a85236f7d1b12a030341b6e7485287bfb2ddfdd5d64eaf2f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\E7C8FE0DF50443C645A65A5A26507DE8382788C8
Filesize
806KB

MD5
b837ed48bdba3dd0388e854258ebb84b

SHA1
91e83282c25a8b70519878c992c1974823e5c8b1

SHA256
3df3f196b0629a6e536f82d9049f262c2af6fd6768cc531b985a0d7595c639f4

SHA512
9b40d8d3eb9f11e378236691be33e3546474b2a5e73ebb2d71035a10374882380a3526c52cb961d2db661dfaf8b6e54dd0273638f233646897735cc7169ced41

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\EB2D1B415D6B6B4F7E5099BC7CAEB6CFE7E4AAA1
Filesize
85KB

MD5
9ca3ddeff45529e985cddf1ac0a06fbf

SHA1
0d13236ff87bb866b55d5f485fe3170b7f6feca9

SHA256
4c64b978a58d1d2e2fc7b9e9cd1e089d040a4105a1b9705334183a84a42ca01c

SHA512
c240611daf94d258519ff1d928dbe0b972872d036eb4d6d4c25463cede964717a33d1e9ea4acd5feec4604cbd3828d3276e47cf8fcb2a9dcfd8c07065d958cb4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\EC049B8E38BEC66905B7CFD6CFD7A1C24B5F4BCD
Filesize
14KB

MD5
c6e5f1a5bfee9ed1cd9c01acee9996d9

SHA1
b1ef2380d48f750cdd2d4c672920a6ca380f77ba

SHA256
afcb5a7e1fe3993ce724558d5cfe4314f8cd885142f5ffa042d00ec1e6382be6

SHA512
e07fa304382f722ac97cb2fb2c7a7b85c8d76973f2c8322a4759c3b41600c113af926131399b54b265c8688ddc470a83a29fc59db72dd87133790318d62b82ae

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\F15F4EBED399D0DAD392F67D6A0ACABC35F59CD3
Filesize
42KB

MD5
6776856493e3cd05aa294fe929aaabe5

SHA1
311a90aa845f104debbdda44b2bc8bfa5c83f73d

SHA256
fbe9d7dc8a15ee104ee6f874494c9cba4a4f2e18448df4da77955de5acc25805

SHA512
f1c97811f97ef3e067c168a8476e38a11870d98d7d3d44d21e3f6a46e88d99cdfb2c9b6c2b24342b564af1d83d6113ad71e543dcbe26da9d4eee9d6913b7cf6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\F31FFBD75455975FC14E55A404444A4A15C968E3
Filesize
15KB

MD5
d9e1967f85c98457b3e9b76710ca9bab

SHA1
ae2db124913ef22466006804771a07acde4dd22e

SHA256
ceb820b685827e48e9d3a25fdf7f99a48b0e5ec010a10dae22cdf0054a702b62

SHA512
94a76754fa59454645f658bec148ef056cf95cac7ead2c48e56ec78e40018e72be1c4ecca3b3cc4c156e203b264258611911d9442e83d5442dc0557fb05b6abf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\FF7230D1B7CE9E6B0A0E581C11E3F4761D7DDE30
Filesize
55KB

MD5
05f7564559bec140abd5d0fc90a0a74f

SHA1
66c29cd6e8586131a35a0b5b64e820bf0662669d

SHA256
3982a06b02582bb362235210a87895cffe8e56a680fe2523028dac6e90aa0ef0

SHA512
5380cb2d63f4f3a4c74416ea49ff81e898c75c98326986fae8c185f17f1cbaab2462418791fef6ceaf6f8dc9cb9ffe5ee583a8bc9fef82f60703113c08cb7843

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\startupCache\scriptCache-child.bin
Filesize
464KB

MD5
5b6d9966d20791c38f3948d133bc4014

SHA1
e033078a3e395fa5ac0c24c92ba9e0d2f9129887

SHA256
181aa6dae48c54c9e5324f6810a4bab386f426d6d90d69f3c99fd03edbb77fe4

SHA512
568ec26dddb29f09c182b16af91f3b908e2890e1c3261547b70550827633719047ca0d7fbc0d2846c7bb1da1ef1a3ee278b4073567348d5d8e02417c8e439d88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\startupCache\scriptCache.bin
Filesize
7.8MB

MD5
58eca903151d33e4e94a3ca1cd67fc69

SHA1
e4de4f8e3c95df10350c0faea630db9365d003fe

SHA256
da1b4746bccca127edf75170cbe525ebc9f0cfa9b55d09808502a715bab4998c

SHA512
7025ead03ab649524bbefcb9d34f52011d715ce8cc66cc62da7437b0b043df8fd088b0650c8abed59fce9abea7294697e1b6f55a194c922eff9ce8111f8cd8b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\startupCache\startupCache.8.little
Filesize
2.3MB

MD5
9feca21262708ab7cf932869e3e75d57

SHA1
a224b61a0e3453fb89e0bb86b182eb1d5530380c

SHA256
0a4767fcb5f62268c36818d660fa8ed8bda260cf249dfaaf3ecdb4ac867d243b

SHA512
ea8066eadce6fca874ffc1fce8e2237880a069eca74108e8ce8c6628021c7a00e74d48210feea6076b80807cac4ebd88c94f1dadc0c0e0bca0588dd95e078560

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\startupCache\urlCache.bin
Filesize
2KB

MD5
8e8689129b203c0c380aa5f7f2e12689

SHA1
cb3d5c5c6e8806d7ffd0d7d6efc1a0d2a198292a

SHA256
8a7e5ffafdffc35a6268056e521e96507e6727cf4146ebfb005b338cd92e3292

SHA512
af758be3f24880911baab68fd1f946be15c0b9b2d66966609f5c49d60d1386922a7f3bf20547b824e044c91a806e135f1862efaa0f0a278bfc2d95faf487d1c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\7b9938a8-649f-4789-aaa0-6cfb2019daa2\rabu64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7b9938a8-649f-4789-aaa0-6cfb2019daa2\rabu64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7b9938a8-649f-4789-aaa0-6cfb2019daa2\rabu64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\7b9938a8-649f-4789-aaa0-6cfb2019daa2\rabu64.dll
Filesize
75KB

MD5
42b2c266e49a3acd346b91e3b0e638c0

SHA1
2bc52134f03fcc51cb4e0f6c7cf70646b4df7dd1

SHA256
adeed015f06efa363d504a18acb671b1db4b20b23664a55c9bc28aef3283ca29

SHA512
770822fd681a1d98afe03f6fbe5f116321b54c8e2989fb07491811fd29fca5b666f1adf4c6900823af1271e342cacc9293e9db307c4eef852d1a253b00347a81

Download Submit
C:\Users\Admin\AppData\Local\Temp\REGED3.tmp
Filesize
8.4MB

MD5
aef05dc94f2827af3f58e7b7eb46c7e7

SHA1
ee37bb8114fe6be4e9c917b45780b86416721e03

SHA256
37c8821937e4bc3081c35fc05acc12e342a1e1aa943f3c65b85591e25085ae72

SHA512
a931cb5cd3c17f1002d734e8ede1129d4e225e0ef338c894a39ddc4b704348b785b209e9e76cd386bf70f769215a58ab33fd509755cfabd217475369d3d52a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\c6ef4c2b-9a55-40b4-957b-c3cb74191397\GunaDotNetRT64.dll
Filesize
142KB

MD5
9c43f77cb7cff27cb47ed67babe3eda5

SHA1
b0400cf68249369d21de86bd26bb84ccffd47c43

SHA256
f25b9288fe370dcfcb4823fb4e44ab88c7f5fce6e137d0dba389a3dba07d621e

SHA512
cde6fb6cf8db6f9746e69e6c10214e60b3646700d70b49668a2a792e309714dd2d4c5a5241977a833a95fcde8318abcc89eb9968a5039a0b75726bbfa27125a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\AlternateServices.txt
Filesize
5KB

MD5
f1655a14b91bbc55e64865efd97b5105

SHA1
58f028f31931be5de103bde4e3d71f7a6a04792e

SHA256
c1714f29cb2a56d117fdd27c3a33834e181c657075f7e5605288bf5307ab19f4

SHA512
fd62bca48faae71f053f7b3d3a0f1841126e8bd01e69ce5cc088773a9563e4392009a9f4b65d92529e866616a3dabf1e6c56afc5b150c2b387b3fe78f69aa393

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\SiteSecurityServiceState.txt
Filesize
500B

MD5
d45bc8be4cd34be3e72b80eae636e60c

SHA1
a122b854c4657bab9691e491e5d4dd1bb043e2c3

SHA256
a045c0b281ee4fe35cb76e023c43df6814f187c88ef074b103ba43a1b5cc9a40

SHA512
f34e6d543efa752259ae5f141558b3f5e805f56b185deabbbe07bcf821e9753aeb345417353c9b80d6f6b26788f6af4dec0cc56edc0106336b791017e903b813

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cert9.db
Filesize
224KB

MD5
cb78f2e78599c7238694e3b9d29959c7

SHA1
f7d5ee3acf48668b1e6a6922fadc018fd9c867ff

SHA256
f6ca773177cc01a740800430798ceac6c3d15a4a439b4211afccdd4a21fa9062

SHA512
3c8649e57c6e1ca7a0893af99289ad551127aef6eeab3760a34d8d77e69d2347d0e3d3af89e09194ab263ac9ef6c3b670b12807b4448466f80879a2fdf3cfc59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cookies.sqlite
Filesize
512KB

MD5
b9e9205c0c61fe215e4f2a586adb10ad

SHA1
04a260b8033af05fe02452dc971de5cb942d8c96

SHA256
fb284c55ff2c09c247989354a113549f946846ffc6ae25f3136413f02f7fb0f0

SHA512
4091e7262893d3f17df6ef46946be6ab00846b32fd7f7d7bf35e8e1817347c62727269a33d45a75bc3d96a111b7e53edf6e168881e93734e764e823cc4de7ce5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\crashes\store.json.mozlz4.tmp
Filesize
66B

MD5
a6338865eb252d0ef8fcf11fa9af3f0d

SHA1
cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

SHA256
078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

SHA512
d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\datareporting\glean\db\data.safe.bin
Filesize
182B

MD5
7d3d11283370585b060d50a12715851a

SHA1
3a05d9b7daa2d377d95e7a5f3e8e7a8f705938e3

SHA256
86bff840e1bec67b7c91f97f4d37e3a638c5fdc7b56aae210b01745f292347b9

SHA512
a185a956e7105ad5a903d5d0e780df9421cf7b84ef1f83f7e9f3ab81bf683b440f23e55df4bbd52d60e89af467b5fc949bf1faa7810c523b98c7c2361fde010e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\favicons.sqlite
Filesize
5.0MB

MD5
c2416ffff7be987f5e94d93e79f735f0

SHA1
0bc3fab5285fcfae265cc0523ec048acfd4946a3

SHA256
d0c9a974afe5cbbc0fc1e12d1c22cd210cb387ae5c3c5d03a8910553c26acf00

SHA512
6ee9a3a86f0f1cce19ad7f59b80cf5333e5d74dfc586ba11a311efd6aa065b353cd6474116b3e5987b58025864d8864b81f7aa49c82080bcb2566aaba889572f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\permissions.sqlite
Filesize
96KB

MD5
a6afe9916601fad173a7091574553310

SHA1
a864e4d8963d2fe9f346a62e7fcababead7632a2

SHA256
a4ea28d8e60d8bd42e4599de9a7757b2e3041df02e9d5a9a033bb06721f9efa3

SHA512
f0c2a173863be8a7568a9ad7c76c262e71cf4ffd30e8c68c5949ee2396d2e46ed4614bf43e29f8ced593c37e651a1024f4dff2d78300d034252e71418391bbf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\places.sqlite
Filesize
5.0MB

MD5
9ec0205fc19c4537a3a721e2da91cc2a

SHA1
362ad382f8721f6fef37e75ab8a0414065e22528

SHA256
9921ba304a8e15762c9777404ea548c5cd3b9f655d4d41092d878572f6476a70

SHA512
943b2708fbd489088366d5050130b55bdffbdaa08d2de9b1e524beabe1987efbd6e125d69a8d0e49e748b10d2fab50ae683b8789c25e463d3dcb159909205654

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\places.sqlite
Filesize
5.0MB

MD5
1b7a8a61080c4afea4df73433caed4a0

SHA1
5138e87fe99e689d7291ce1ea4b943e41c0d4d80

SHA256
a1537723075a4d50d6dde43f6640faad77de8744e00c3d4ee31ceb10f4236100

SHA512
8999380339ad6f8a8ee7356d8643c967a33b41f6eaa2911a02aedf76cdec5182577a61383848876c94b03ff6093323e63e855c685a8278f398a5eace68ecc8a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
3dbe15eb3a9bbe3896a33bd5067a65db

SHA1
cf9fe8bfe9d936cc3eb9c8ba4d1e262bf327dd2c

SHA256
b48abd42d47109675a9093305ad4736873f78942a2620a73df9c369c6b8728bc

SHA512
03118df0855b3ae4e921edc34e58e5e6c3ca0a55edac81613190b20246557af8c457ed48e5c5e810d2bcdc60f0b62559ca178802df0e2722db12f387401adc7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
7898a0881efdf46071f6f547677b413c

SHA1
1ee09f6af8a9e6da7c2c3b327427ed4b57090479

SHA256
3cd3c261f6f2012eaa076939cd75eba690c337965da00850b1d334c59f712484

SHA512
27f2be627089cd10c0a7c0b9689a1f8615f71990200fdbb6da18fe3c23c2f85ea8551a2cd4afac99903031aad50ed2783a0907f4aef7b72d75062a60e6dcef74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
46e69f6a8843e7b2882e462c11147f25

SHA1
08927f64053f355e7022595e7038abee7c20383a

SHA256
bc55b829a981d60088656edb1cb3d11188cddb852587b0e166f0bb65ba22e66c

SHA512
dc89c2ca584cedc9f5aad8d8fe32688b3dd25d833985f1822b38d4ae81cdc4d7660e3db4c534d5af5856e4e5ff442c67e6802b4a8138d8a7237fc8e4fa646dd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
564c95f3ae5bc34b1c219014872f4527

SHA1
e5374451b0892ca03706192eabc871f21515c039

SHA256
4b500777b995eaccdcef884cb3ac2c01bf7fcce235ec29a766650f6af31b3695

SHA512
e07abb9a8bd6b2938a1d43b4872b67ebb60ac88b3ae078bf2791d617680c3937de52531a55ce332d7ba19d18f060dc51a82a0c8c00207e8d95b8d49ef34d23d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
4742285659b9b512c7b04d971348ee6d

SHA1
b22b89df1d4560f42c1121c631b0b6cdb5d36cce

SHA256
fa4334f1d7c7754b605f5080984c6452d2fdc8cf1a480758686e16ada3a1ef96

SHA512
103deda87f10921f957d54b3444e10db85b810e022d83382b3f24a57c89a5ac40f965fcbbcd375b989721b743b14b4e0754ed75b9b6a01bf6094ecf7f6db7020

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
c247c601ee2124f63b22ed32d5a31696

SHA1
a11c14515fba1b6086034575810095e1d7a2e2e9

SHA256
d47d9acd4f522f801ef9434444a99ed0f669fa93d5282533300b7b01b58dae0f

SHA512
6ba4f61f554db14ac8662d586c97f3cc628b073f13f4708a11f306760e20687e81071427b93bb763c4c884ed6e4a881e1fc14d5b53630c8a0830c64bfba3f9c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
6KB

MD5
296e77139269ec97c2e9e38e11c80d23

SHA1
063bbaa30e0558f9ec5df56b633e9d29530a5b06

SHA256
5e2459ed300fdb5cbf2b5a3378ff66de0eeb75d63836d4d50bf105802b6d63c9

SHA512
4ddc8732009f11e9b32cddd7e27693e031fc6f7090fbc8c011a69460174f407a42d9419816c2dff0bbbaa94763e878583cf6e3d916327a099709ee6d519952b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
b10d638ac2b240aad955549640f73294

SHA1
36b826baf5a96020ff7351c9b1b8b2c1038d35f2

SHA256
390fa71978f350bb365857f9d94a9a794d8777b7cf0f0ecbec5bfd444259c9f9

SHA512
ee67a51f4686ff9954a845ebabee197922b56fae43d3384cda2d049507407f86f3c6b8e79cbfe8c23b2357718703a964ad543a1343046198485b9cca8378e1a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
34afd691d42f8690bfc254ce3faeca17

SHA1
33c796f33a4f3922d7eb3e200bde1686de9ac24e

SHA256
fb960442d897f351b1ddbc08ba5aaade52bb010936e03eab02d4fbef70673659

SHA512
011455e261d33a2e70311586a1f5895adf0f7b30277c64c5dfed0250ec24fc19eb6c4e83c2664b8881b1836311d0f7e312b308f73e412e14989309200344e9e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js
Filesize
7KB

MD5
7c4805668bfb5eb4fc03c4f71c197a35

SHA1
9a4b2fbcc1dc2315cf3f927a95817b4792d800b7

SHA256
723eee6ed4e0257a3b8964023a1437f42845de313e30631c520f53966d5fd412

SHA512
672e5d09f954eca88a7a5fb8ba1b563d2f378dba39929f7086ca43a8adfd04fc9a477a9f00a0242e5b1ba72f9ef81d2c6cc9661075176a648df2ebf158192496

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js
Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js
Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\protections.sqlite
Filesize
64KB

MD5
300f990ac0fa543296b73fbca429eb2a

SHA1
43c15d37462b60a5bfc487866b218b697545b984

SHA256
347d5d523d82ccc20274d1fcb2c653e49077fd3b4e1613c2ca9087b850969027

SHA512
a2834e54c94180d8f06ea4bc010d326aca3ed0512c8850d3fc0828d0931068f5b9831ba86e9aba75342120192f24dfcf3f6a06d95921aabaeeccc5aac353a3e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\search.json.mozlz4
Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json.tmp
Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionCheckpoints.json.tmp
Filesize
228B

MD5
66bdbb6de2094027600e5df8fbbf28f4

SHA1
ce033f719ebce89ac8e5c6f0c9fed58c52eca985

SHA256
df49028535e3efe4ed524570624866cca8152de6b0069ebb25580fce27dccebc

SHA512
18782069ef647653df0b91cb13ba13174a09ce2a201e8f4adfb7b145baf6c3a9246ef74bdad0774a3023ec5b8b67aba320641e11dd4b8a195e1c2b448202a660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
f8f70ec911000d863f450d45cb0118ca

SHA1
3826de4f8488a8a2903acc81e8da8dd2aacb7f70

SHA256
faa183f774d0e4bb231a9e09fff5b0a89abde655c998d41e6b2971c9ceca6024

SHA512
5f89f5ae4ce9272756dd2dcf8ddf5fa5bfcd74557c9bec82d8542a54845fd99a4a0390aa98f607d9b850160686f054fbbb5165674dc3adc123a865db4d9f501e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
26177f491db7571f39334f82da770e77

SHA1
84cbe37b282c9a89fc1fb73ef2dff0a2bfd86da4

SHA256
5db653100cffaea3f3f2ea0d5f8e03cb109e854dd79455f35b73ee6351bde1f3

SHA512
28db73b321b57979343fd559300581e478eaa1ecd7e45e86685cccfd1b94154e392f964a34a2892a79fd6dcf7089bc6443b2796f0e5aac74b53965286ac67975

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
4077ef89467ac408e3efc5464cff36fb

SHA1
a53fcf1d7aa9a85056fea48ed5b2b5b54a9c6980

SHA256
a61e81a879a706f2866511c8805453a7782da02118768ef4595c2a905db3d01a

SHA512
d80f5141c9c44eaadcb606cd3f8630750bc733286c3c239e8d77a2e6c93de97cdb00a3d585faefaee3077f88bc884bf14b4249eab1d7f706c012880dfdfcddd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
7f8b77bde3bb09f30fb9b5baa723e614

SHA1
6e0a2f73aea02641e83a2ef9ae021e90d25a4d98

SHA256
2dbd11cdbc8b1dc75563ff8aa2aeaf8bcaca5af6964c3784adf9b0fa9de579fb

SHA512
bafdc0bbf5d0222830ca898e08a9c689a27701533e13a25414e657a93d9a17807af0dedc06bc22abb30d1e517368067474be1b6ef2899de1454bd1be3ccd0e72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\upgrade.jsonlz4-20221007134813
Filesize
6KB

MD5
e02f5331231e25542aa9b2edc5992098

SHA1
9f3c7b814fa4cf099b8f6b24dd475cd4b33defe5

SHA256
be53575b43b568a064d0efccb0bfb7bad80436065bfe1394e797ab92f03cf29d

SHA512
2dfb9f4a765b909c58a16f212aa098e662d4d43502c7f90af26a636b057346916d68fc2025b0621142697ed664968d608fffcec5b5469d6372b702924f7b4bea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore.jsonlz4
Filesize
6KB

MD5
e02f5331231e25542aa9b2edc5992098

SHA1
9f3c7b814fa4cf099b8f6b24dd475cd4b33defe5

SHA256
be53575b43b568a064d0efccb0bfb7bad80436065bfe1394e797ab92f03cf29d

SHA512
2dfb9f4a765b909c58a16f212aa098e662d4d43502c7f90af26a636b057346916d68fc2025b0621142697ed664968d608fffcec5b5469d6372b702924f7b4bea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore.jsonlz4
Filesize
6KB

MD5
e02f5331231e25542aa9b2edc5992098

SHA1
9f3c7b814fa4cf099b8f6b24dd475cd4b33defe5

SHA256
be53575b43b568a064d0efccb0bfb7bad80436065bfe1394e797ab92f03cf29d

SHA512
2dfb9f4a765b909c58a16f212aa098e662d4d43502c7f90af26a636b057346916d68fc2025b0621142697ed664968d608fffcec5b5469d6372b702924f7b4bea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore.jsonlz4
Filesize
6KB

MD5
45cec89ef5cbe6c60f28bdffd496606d

SHA1
804bad8511838644b64400f44e21b482bd1662bb

SHA256
b46f19c9709a807d9f53b78991114243a72c12734153756aa25011cbc1b3c943

SHA512
7f2330b992f38599549e050ff232a14aef5792b15d3e5643a2bb64b9d5a3427a88faa8602a4b4f7730007fedce452ee4ed5da91385b022f86c634ae1e2e87fa8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage.sqlite
Filesize
4KB

MD5
fc5bbac1c9f007685ab1d5e9f00cbbe8

SHA1
f2d4605a9092952efb701343c5ab05acea151183

SHA256
d6f7c9171558cde224c85257b1a2ebbb69fba095420546e89279b0ac531db993

SHA512
a088aee689046f6d1ae96f97ac075bf871e5208d46698e34201cfbfa15878d96fe7bdb0544c14009de66992e1a4727a23e37e44dbaa5164e98beea537e0e53a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++send-anywhere.com\.metadata-v2
Filesize
72B

MD5
900c14b030ea177082ed9240975c93a8

SHA1
0ad8fc504a35987c6d551d18f470364cab265359

SHA256
11dbbdf245d62e4ae58fb805ea9439ba39caa623485fcdd7f1661ae846bea112

SHA512
481e405b9ff888b9c4417f72f41fe823d1c19270b32a30b4af14b03a5f9b17306443f40222193cf3744cba2d023f9e63a0cf907d701e8f6497fbac84467bb022

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++send-anywhere.com\ls\data.sqlite
Filesize
6KB

MD5
61316b0372268a23fd1fb44d65fe7648

SHA1
ab9a43e7b368d68e0c355c8c2ceeb2edcdb0dfbd

SHA256
9b73c64d0d4a01e95639fea7a1b0bcfcf9e06dba5adf6145655ddf35176ebcf8

SHA512
63f336ecb8a52a556094aeaf2ffd0b7cc2c013fba91c1a03e249a78fd5b5cd36ac634f6f1227e25dbf09d69cebdc51f99d25c7747ae76d954b301485790fa957

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++send-anywhere.com\ls\usage
Filesize
12B

MD5
78b959076fe9482cc0adac24cc2b965d

SHA1
050e186278ae00660f697abbfbb0ff1d9eec35bf

SHA256
ae5d6177000fef893d065b528b5c2399b0e1602113f47a9a53e82833d3b79f2a

SHA512
7dc74a53725dc150aa7922718fda0f55de373d8da5543d103788a2256572480d401af5ed25a7fa396fa5cb21a7c1f4c4a5bb6e68c0244eede48273ec9e0eb5b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite
Filesize
48KB

MD5
870e6122af50177ee9ade4fda3ef2190

SHA1
f91df68aa58df3087727f31ca51e45b7df26affa

SHA256
e5c31907066e2b5f5e0620e719bdf3f6e2c34275b99098b70f32ec4065def2f6

SHA512
ae2952706870183d64c1a8c596f00e98cef23967e0d38a0b311d7dfcc6bcdb72154ee4c9b5891937a4ffce33419f634f1d456c07bcbbdfd21393c61936421bee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
4e2687b26e49357aa43c44b964edc338

SHA1
8b0a8412686b76d86f2fd30de580da91dcc472c8

SHA256
2ed8f08976b2012bf40cc47e799045994aff37d23029efa2a993f9e4f7f08308

SHA512
33809f5edc1078c4860090882e28fd6a415c3fb6d6c30957bad1f4031e10dae1235c878b28990cad7a7984e528e4129fce8b28c572023456d6d9b0276a972d50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\xulstore.json
Filesize
217B

MD5
6d87256a2b21b9603b7d731eb033b9e0

SHA1
8e2603f254af21d5dcf310fdb5a688e9097aefd9

SHA256
5b3e57bf27b98cae50a753101df9a00a1f6d96886c1a92c4106a6f7eaf6d09a2

SHA512
67bfabf0b5d3fc75b5223a5da836e6909b2af8d98172120fc5efc0b0f6ece72b6cafbdd97ac170bc5357d85a39b15fda7e2df861981d193f84cfca82f360e156

Download Submit
C:\Users\Admin\Downloads\Royal.Full.rar
Filesize
2.4MB

MD5
c8d06ef9184701388bbf4407a304103f

SHA1
a12f32b92f9c26c0a0808796844d39ef59c1a0be

SHA256
1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f

SHA512
f15ca50d69a81ec3b529af42d19c73ebd9b2589eac1e2b52aa644fe7cbe1bb8a64dac7f16773e69a71819b84eca7e6956bbc5459a37848230988022f0274cfab

Download Submit
C:\Users\Admin\Downloads\Royal.Full\Guna.UI.dll
Filesize
1.1MB

MD5
8673eae95d67e5eb19f0eca3111408e8

SHA1
ad3e1ce93782537ffd3cd9e0bb9d30ae22d40ddb

SHA256
576d2de2c9ef5bc1ea9bdd73ae8f408004260037c3b72227eed27e995166276d

SHA512
65c4eadf448a643f45fa9a0d91497bb25af404c41a3a32686d9e99ba4f4e50783d73f5b13d5df505cc62c465be300746d84a2eaa8000531893cd0b19d6436239

Download Submit
C:\Users\Admin\Downloads\Royal.Full\Guna.UI2.dll
Filesize
2.2MB

MD5
8926f5ef3fb732f23a2591de3d71ac19

SHA1
748525449b986d9e3e426f55f02846a342977b80

SHA256
7d8e0a8437459db0f30e7ca9303440b1f5c6e5bfe6c086f245ab6261e262407f

SHA512
7f959ada6c451a791c589eeba47bce1fa9d32bb8e2baabb3e5b2c9d7d11a29a569206d1df8edfe307bf781dbfecf1bb9849db84822d0484551bf6e498b3b8358

Download Submit
C:\Users\Admin\Downloads\Royal.Full\Memory.dll
Filesize
37KB

MD5
27f9ea7b94d212b7594140fbe9f98ec8

SHA1
322b3e30d7219d08dba00505643fec9ed6bd0b3e

SHA256
b259656f0c179d8f7337abccabbe996c3137f6be5d2749d004a306974065921c

SHA512
edc80c376d6adaa3ca75afc04ca9c4a8144a15d37fdb852b38b133b8f5c1121e63fb42f6d3b31bb1c9070362d30f8cd62a3a7916c7020205891efbbd2ad01650

Download Submit
C:\Users\Admin\Downloads\Royal.Full\ROYAL FULL.exe
Filesize
1.1MB

MD5
fda397328e79d6cca7978a841b969376

SHA1
6bc7f376c0f3e2f19436f03f2e8a623ae5d26a97

SHA256
b9c44c97eee69402b6cb0906a47e403bc3043e7c303add0179d4c8d28faefdaa

SHA512
f7e2b220ebccccab13fc27f9a11923466c0cc0fa7c6f1633de19f63cc55debd7ac1f494650271c4f58aab3c879369e8cb6edbd25f6ca36351a73ae3ae0bbaecb

Download Submit
C:\Users\Admin\Downloads\Royal.Full\ROYAL FULL.exe
Filesize
1.1MB

MD5
fda397328e79d6cca7978a841b969376

SHA1
6bc7f376c0f3e2f19436f03f2e8a623ae5d26a97

SHA256
b9c44c97eee69402b6cb0906a47e403bc3043e7c303add0179d4c8d28faefdaa

SHA512
f7e2b220ebccccab13fc27f9a11923466c0cc0fa7c6f1633de19f63cc55debd7ac1f494650271c4f58aab3c879369e8cb6edbd25f6ca36351a73ae3ae0bbaecb

Download Submit
C:\Users\Admin\Downloads\Royal.Full\ROYAL FULL.exe
Filesize
1.1MB

MD5
fda397328e79d6cca7978a841b969376

SHA1
6bc7f376c0f3e2f19436f03f2e8a623ae5d26a97

SHA256
b9c44c97eee69402b6cb0906a47e403bc3043e7c303add0179d4c8d28faefdaa

SHA512
f7e2b220ebccccab13fc27f9a11923466c0cc0fa7c6f1633de19f63cc55debd7ac1f494650271c4f58aab3c879369e8cb6edbd25f6ca36351a73ae3ae0bbaecb

Download Submit
C:\Users\Admin\Downloads\Royal.dHRSQmd3.Regedit.rar.part
Filesize
391KB

MD5
968272008de1344aa96016da98e657c7

SHA1
aa9a3f76767868c7cb07df9165a307417c5d4e8e

SHA256
fef9f4a1e1779dedfc68d27ca50107e7c2d90323ca54c18b0152abfdc0af8a93

SHA512
11906ff0d8c8c8f0bd897d9759e0f891367c6ec20a7c104d539703291efa31d8759e92bae64d8c896cb32fa62c3095e30bdd2ec364b3ff5143e764b3c8e8256f

Download Submit
C:\Users\Admin\Downloads\Royal.gTzJcF06.Full.rar.part
Filesize
2.4MB

MD5
c8d06ef9184701388bbf4407a304103f

SHA1
a12f32b92f9c26c0a0808796844d39ef59c1a0be

SHA256
1978db25b0822465385c2248519395a1d262d69cc55cde9eee8f3cf7c6cc384f

SHA512
f15ca50d69a81ec3b529af42d19c73ebd9b2589eac1e2b52aa644fe7cbe1bb8a64dac7f16773e69a71819b84eca7e6956bbc5459a37848230988022f0274cfab

Download Submit
C:\Windows\Resources\OPTIMIZACION1.exe
Filesize
121KB

MD5
5f235a97061c68878a38d84c8549bd38

SHA1
8823c2eb93e55cb2e58501149a5ce16382f54a38

SHA256
7f8f1f0abf93d5914fb9350690fbd1a485deebcd0fcd2654c7fcb83abdea338f

SHA512
a25069d2ea350fc90a93754c6888521dde0659933895dea9ff8d8d78c55fbf7121ee114766de11bf94cf65f970fdfa54a5018002b00f8e9842334460e210cbe3

Download Submit
memory/3344-1203-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1194-0x00007FFCB87B0000-0x00007FFCB88FE000-memory.dmp

Filesize
1.3MB

Download
memory/3344-1197-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1198-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1199-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1200-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1201-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1202-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1204-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1205-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1206-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/3344-1207-0x00000253A10D0000-0x00000253A10E0000-memory.dmp

Filesize
64KB

Download
memory/5536-1174-0x00007FFCB87B0000-0x00007FFCB88FE000-memory.dmp

Filesize
1.3MB

Download
memory/5536-1186-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1176-0x000001B574120000-0x000001B57423A000-memory.dmp

Filesize
1.1MB

Download
memory/5536-1164-0x000001B571D20000-0x000001B571D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1177-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1179-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1162-0x000001B571880000-0x000001B571996000-memory.dmp

Filesize
1.1MB

Download
memory/5536-1180-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1181-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1182-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1183-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1190-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1189-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1188-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1184-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1187-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5536-1166-0x000001B574240000-0x000001B57447E000-memory.dmp

Filesize
2.2MB

Download
memory/5536-1185-0x000001B573D20000-0x000001B573D30000-memory.dmp

Filesize
64KB

Download
memory/5740-1619-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1573-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1620-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1621-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1624-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1631-0x00007FFCAECB0000-0x00007FFCAECD7000-memory.dmp

Filesize
156KB

Download
memory/5740-1632-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1636-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1583-0x00007FFCB87B0000-0x00007FFCB88FE000-memory.dmp

Filesize
1.3MB

Download
memory/5740-1584-0x00007FFCAECB0000-0x00007FFCAECD7000-memory.dmp

Filesize
156KB

Download
memory/5740-1667-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1679-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1681-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1680-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1695-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1699-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1713-0x00000240C9C60000-0x00000240C9C70000-memory.dmp

Filesize
64KB

Download
memory/5740-1569-0x00000240C9E70000-0x00000240CA062000-memory.dmp

Filesize
1.9MB

Download
memory/5740-1568-0x00000240AF530000-0x00000240AF63C000-memory.dmp

Filesize
1.0MB

Download