952a0c261f263416f2dde7896b526539bbad9fa81ba382f7fbd0628b9a18c3a2

Analysis

max time kernel
600s
max time network
584s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27/03/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

launcherfull-shiginima-v4300.exe
Size

5.4MB
MD5

3e1ad25616e2d1435fc938fc4fb0cf79
SHA1

48baffa8089e4b29fa9acacde0ef4e82a6f28771
SHA256

952a0c261f263416f2dde7896b526539bbad9fa81ba382f7fbd0628b9a18c3a2
SHA512

f165a25062fcc5e8f5b69fd7db2f97668d88ff236a509120a8cfd78befc45e3777f27030654bfc624a4b54da12152225f61c05ac945ef37cbf0451751f0b995d
SSDEEP

98304:Y2LidbOU72RGEaRja98Xq1N/dIFbpeK0TLzE9XuS5tSXylo/LHz0k:HSbOU72naja9HYFlz0TLzE9Xgym/LHQk

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4516	jre-8u401-windows-x64.exe
5220	jre-8u401-windows-x64.exe
2976	jre-8u401-windows-x64.exe
536	jre-8u401-windows-x64.exe

Modifies file permissions 1 TTPs 1 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
2156	icacls.exe

Drops file in Program Files directory 36 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\dll\ntdll.pdb	javaw.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	firefox.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\launcherfull-shiginima-v4300-pc.zip:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	612	firefox.exe
Token: SeDebugPrivilege	612	firefox.exe
Token: SeDebugPrivilege	612	firefox.exe
Token: SeDebugPrivilege	612	firefox.exe
Token: SeDebugPrivilege	612	firefox.exe
Token: 33	5732	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5732	AUDIODG.EXE
Token: SeDebugPrivilege	612	firefox.exe
Token: SeDebugPrivilege	612	firefox.exe
Token: SeDebugPrivilege	612	firefox.exe
Token: SeDebugPrivilege	612	firefox.exe

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe

Suspicious use of SendNotifyMessage 7 IoCs

pid	Process
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
3148	javaw.exe
3148	javaw.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
5288	javaw.exe
5288	javaw.exe
5288	javaw.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
612	firefox.exe
5220	jre-8u401-windows-x64.exe
5220	jre-8u401-windows-x64.exe
5220	jre-8u401-windows-x64.exe
5136	javaw.exe
536	jre-8u401-windows-x64.exe
536	jre-8u401-windows-x64.exe
536	jre-8u401-windows-x64.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 3148	4900	launcherfull-shiginima-v4300.exe	77
PID 4900 wrote to memory of 3148	4900	launcherfull-shiginima-v4300.exe	77
PID 3148 wrote to memory of 2156	3148	javaw.exe	78
PID 3148 wrote to memory of 2156	3148	javaw.exe	78
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 2096 wrote to memory of 612	2096	firefox.exe	88
PID 612 wrote to memory of 3164	612	firefox.exe	89
PID 612 wrote to memory of 3164	612	firefox.exe	89
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90
PID 612 wrote to memory of 2984	612	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe
"C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -classpath "C:\Users\Admin\AppData\Local\Temp\launcherfull-shiginima-v4300.exe" net.mc.main.Main
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3148
- - C:\Windows\system32\icacls.exe
    C:\Windows\system32\icacls.exe C:\ProgramData\Oracle\Java\.oracle_jre_usage /grant "everyone":(OI)(CI)M
    3⤵
    - Modifies file permissions
    PID:2156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:1440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.0.1728579446\415233900" -parentBuildID 20221007134813 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d425eb7-fd97-4f80-8815-f750241b6f1d} 612 "\\.\pipe\gecko-crash-server-pipe.612" 1856 29904ad6c58 gpu
    3⤵
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.1.428749020\1545020701" -parentBuildID 20221007134813 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2200a12-4cba-4587-9233-5f5c5fdc0e68} 612 "\\.\pipe\gecko-crash-server-pipe.612" 2232 29904a05058 socket
    3⤵
    PID:2984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.2.163993273\991121182" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2848 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acef3e4c-5de8-4e8d-98b6-e10f49664dc9} 612 "\\.\pipe\gecko-crash-server-pipe.612" 2900 29904a5f458 tab
    3⤵
    PID:956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.3.1517146723\1949180159" -childID 2 -isForBrowser -prefsHandle 3444 -prefMapHandle 3440 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7f22221-2979-4451-8d22-ef05fe3d2197} 612 "\\.\pipe\gecko-crash-server-pipe.612" 3460 29909f7f258 tab
    3⤵
    PID:2944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.4.1744249786\374909309" -childID 3 -isForBrowser -prefsHandle 4284 -prefMapHandle 4280 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b517c074-a335-45ec-be3e-00dbf4b86837} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4296 29978869358 tab
    3⤵
    PID:812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.5.768602213\25061610" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5036 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9608455d-8cf4-467d-a7e0-3ea114c2c6e3} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5020 2990b004458 tab
    3⤵
    PID:1000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.6.2136116171\1140181562" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b82566dc-5ad3-4d9e-a7fb-55be306bffab} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5176 2990bebed58 tab
    3⤵
    PID:884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.7.1678464074\2037547051" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fdcd03f-17fc-4f72-bf01-cc59abe0fcba} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5368 2990bebf358 tab
    3⤵
    PID:900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.8.1858338951\321623332" -childID 7 -isForBrowser -prefsHandle 5856 -prefMapHandle 5852 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {610bb10b-f8ac-4949-a105-af8665e8a32a} 612 "\\.\pipe\gecko-crash-server-pipe.612" 5868 2990dd2c758 tab
    3⤵
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.9.957831037\225345569" -childID 8 -isForBrowser -prefsHandle 4416 -prefMapHandle 4436 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f05ebf50-755c-47aa-808b-7c30277d58c3} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4824 2990b6c3358 tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.10.1585858846\473459579" -childID 9 -isForBrowser -prefsHandle 6504 -prefMapHandle 6500 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {563f281f-49e2-44a3-a6e3-9d0d6b7ec394} 612 "\\.\pipe\gecko-crash-server-pipe.612" 6480 2990dfafe58 tab
    3⤵
    PID:2460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.11.1909190503\760780918" -childID 10 -isForBrowser -prefsHandle 6684 -prefMapHandle 6688 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb18db61-36b4-4c01-9ac0-94aa7f8a9fa9} 612 "\\.\pipe\gecko-crash-server-pipe.612" 6676 2990fe42e58 tab
    3⤵
    PID:1168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.12.52665382\1583630892" -childID 11 -isForBrowser -prefsHandle 6228 -prefMapHandle 6224 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2b647fc-8bca-483d-a85c-af2bed313492} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4824 2990b6c3358 tab
    3⤵
    PID:3396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.13.446185392\1973961004" -parentBuildID 20221007134813 -prefsHandle 3380 -prefMapHandle 5592 -prefsLen 27414 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd28e148-4521-4831-acd2-c31d6f0c1f04} 612 "\\.\pipe\gecko-crash-server-pipe.612" 2384 29910c2c458 rdd
    3⤵
    PID:892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.14.981571471\828543410" -childID 12 -isForBrowser -prefsHandle 10784 -prefMapHandle 10780 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e742e65e-8a91-4241-9bc6-c62fc698289e} 612 "\\.\pipe\gecko-crash-server-pipe.612" 10808 2990fd4a558 tab
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.15.563430716\4099578" -childID 13 -isForBrowser -prefsHandle 10504 -prefMapHandle 10548 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f7ea489-2774-481d-af95-8819bb226fa3} 612 "\\.\pipe\gecko-crash-server-pipe.612" 10488 299109f2f58 tab
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.16.1762839586\1927060874" -childID 14 -isForBrowser -prefsHandle 6096 -prefMapHandle 10080 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e2332ee-801c-4198-a047-733b8cac996c} 612 "\\.\pipe\gecko-crash-server-pipe.612" 10064 29904df7e58 tab
    3⤵
    PID:4580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.17.1020630859\1831122916" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 10292 -prefMapHandle 10304 -prefsLen 27414 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1792c4d-f621-4bfc-a8f5-f5257e1439fd} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4452 29910c2c158 utility
    3⤵
    PID:3308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.18.425582633\1764999158" -childID 15 -isForBrowser -prefsHandle 6344 -prefMapHandle 6332 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {020aa3ef-29f4-4c03-ae8a-124cb5a206ce} 612 "\\.\pipe\gecko-crash-server-pipe.612" 6280 2990dd2df58 tab
    3⤵
    PID:768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.19.192254884\1539309765" -childID 16 -isForBrowser -prefsHandle 6344 -prefMapHandle 9792 -prefsLen 27423 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd44e6a0-694a-4bb9-9a26-19d5efcac35e} 612 "\\.\pipe\gecko-crash-server-pipe.612" 9744 29910ba0f58 tab
    3⤵
    PID:5612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.20.430370550\1428073446" -childID 17 -isForBrowser -prefsHandle 9296 -prefMapHandle 3188 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aacd9bb4-1217-4e62-afac-2ff018f3b05a} 612 "\\.\pipe\gecko-crash-server-pipe.612" 4392 2990db76558 tab
    3⤵
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.21.262981634\1615688815" -childID 18 -isForBrowser -prefsHandle 4380 -prefMapHandle 6740 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf716f5b-5571-4428-9983-7c7e5cb58fdd} 612 "\\.\pipe\gecko-crash-server-pipe.612" 10792 2990fc7d058 tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="612.22.462643510\2142580226" -childID 19 -isForBrowser -prefsHandle 1304 -prefMapHandle 8948 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1432 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ddf2082-7462-4e86-b394-17e343f9fe6e} 612 "\\.\pipe\gecko-crash-server-pipe.612" 8952 29910afa558 tab
    3⤵
    PID:4168
- - C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe
    "C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe"
    3⤵
    - Executes dropped EXE
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\jds241031593.tmp\jre-8u401-windows-x64.exe
      "C:\Users\Admin\AppData\Local\Temp\jds241031593.tmp\jre-8u401-windows-x64.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004B4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5732

C:\Users\Admin\Desktop\launcherfull-shiginima-v4300.exe
"C:\Users\Admin\Desktop\launcherfull-shiginima-v4300.exe"
1⤵
PID:5728
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -classpath "C:\Users\Admin\Desktop\launcherfull-shiginima-v4300.exe" net.mc.main.Main
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:5288

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\0097a5acc2e74f8db2c2a113bdd9f7f2 /t 1588 /p 5220
1⤵
PID:1660

C:\Users\Admin\Desktop\launcherfull-shiginima-v4300.exe
"C:\Users\Admin\Desktop\launcherfull-shiginima-v4300.exe"
1⤵
PID:5828
- C:\Program Files\Java\jre-1.8\bin\javaw.exe
  "C:\Program Files\Java\jre-1.8\bin\javaw.exe" -classpath "C:\Users\Admin\Desktop\launcherfull-shiginima-v4300.exe" net.mc.main.Main
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:5136

C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe
"C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe"
1⤵
- Executes dropped EXE
PID:2976
- C:\Users\Admin\AppData\Local\Temp\jds241181140.tmp\jre-8u401-windows-x64.exe
  "C:\Users\Admin\AppData\Local\Temp\jds241181140.tmp\jre-8u401-windows-x64.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

T1222

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
ed542964bb66e41fe68a84f6561d3b59

SHA1
d7d945996ac9ead5bfc6fcd4fff73517a8664127

SHA256
5522115a4673d505eacdac361ab9dce66b9b1002e8d0aaa62415c1dde9bf98bf

SHA512
c9cda99ce89d9a1f088f38c58dfc03ad98aeadbe50c074e809b63ebf8c54f603e6a2f2a8a6c60aa1c41f8d2da135322e1caca5f8077f5b9d1173b02d2fedd118

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
c881d1eb8d82731d972854d2d7355e84

SHA1
c705845a3ca73077d0853ab8f2b1de742700eb7f

SHA256
b8c528c933f84afbba596f45590a2c1761ff494ee7b1038503efe720ca64272c

SHA512
37e338b87fd796a97179f38e0203f22d1dd0279abff6e8e674e79e20864e6f32bcebc2e3d1ce15105ca9765fa0537d8173ef55f44f1d3f4ae2bf3768027271d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
b2655f790053cae9fbf1d5c722528cc5

SHA1
39ceda9cbbfada69f721442ea6f440ce9f239d86

SHA256
5aca3cadf943020669170b188814b106ba7f3faf08eae8687f37026aa3723dd8

SHA512
b8364eaca24ea8b55966e8d5ae1109e4f24d0eeaa69d6e51ca68f6bf20c775f0b2953123cf2d5ffaf8bd6d0cf80b9d03538d83109e704925ee698c5f5cdb3c8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
2d0ef8296e916253b28c7b9a9187a9f1

SHA1
fb682ce1cdb048633dad595d8039985abe9613a2

SHA256
9bb9a3588081a1b186c3bec0af0681d6517e448e77ce5f9b517e5f28c30184ae

SHA512
5b75f9f2eff6773ff531052b77cfce87e5c04f98863032953f16c00b86d64fb1cbf6fb6643f53f2ce9b1ed0073803cf4759b96d236f3b420e00a52bbacfc9027

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401_x64\Java3BillDevices.png

Filesize
27KB

MD5
8e52efc6798ed074072f527309a1ba25

SHA1
347d4c6b4f92e7315d9b199a97dd5cf7d86b2431

SHA256
12491ebc4eb99bf014d3bc44f770114bde013e84cbec2633303559a8c6e5f991

SHA512
0653c6e7f94ac36fe555db3eda8465f99d17cdbab91ea6413c6bd68dbbbb4db5df06e5d62768f6f4dfcef8d207d771e0b6924adfe403b92729bc4c5689e4fca7

Download Submit
C:\Users\Admin\AppData\LocalLow\Oracle\Java\jre1.8.0_401_x64\jre1.8.0_40164.msi

Filesize
11.7MB

MD5
f9314cb63805a3f11dae7d7a5a2944f8

SHA1
7f02ff2df429932d391e75f4fd9f5743d4edc74e

SHA256
0c7e367be5764aad78eac418f6a345480986c5ff435f83fecd75fdaa50cababd

SHA512
417b40f92c76861569b64afc00b237762622dbb5904f7db08aada5694b4124b14d272a9b2f065f19bb6457d0ff7c7ab9be311ad943d56da368905d90d38fbdf8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\11737

Filesize
20KB

MD5
40e20db99c2f25969a5808ed9240165e

SHA1
6ffca07d8a7e9dc8ed975a0f051f1123c8adc202

SHA256
cefc8ba8dd28ebf9acf10df02281b593b0d9ede5b27c3873f784de8223ee0c5d

SHA512
cd7758ecc14f92244e343414eea0972ce2ffb0456dc0845e7fe3c4f4ecf64e9d0d99211d41c026057d2b0ef335e6097fbeb269acbcd8a0a391c0ca09a91e43e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\13901

Filesize
9KB

MD5
7d3be001a9df12bbc23099d505a2271c

SHA1
f40efa7db6aa522c90159593e501cec721e26d4f

SHA256
0c4e7f78ee83d4ba938f011401d0daeade875ab7975aacdd965c7fe042c2868c

SHA512
3cf43a0a6f515d53740cc3fb0df11ace1ed0a8835a3b0d374882c476bb38461c0cae80255fe19ea6a1d711fc5a17e56317e82b76af34f921878d0b019ec7095c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\14743

Filesize
9KB

MD5
54d5ab7e8792990eb8f010d3ca7a41f0

SHA1
583151cf9069087e34fcf9010aa48a0a8a20c7af

SHA256
5b5b09cc25456532fe4376edfc5bedafd2cafdeb7a573dccc10ea600365e6620

SHA512
33ecc88e75f38ffc12b04d8f22ac1fd911ea062e30b326c2a075779154741a6351a7765c776f2bba144794efd61677dd1b6e2701cf569862fa5eae3dc881571e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\15580

Filesize
9KB

MD5
3efc305bfd47c9d9c5610e913e31496a

SHA1
5bfffba2c6d6f730bc0fbdcef4f0ff4023f1c91f

SHA256
e6ff575256a0c34a1aa0dbdbbc8cdbc215a372361fa75f81ba721718c594d748

SHA512
1e131f63195f2a90c2e5daaa15ebb79886073d11c496fb0d603502142c06d16c4e787c3c4a68bdd0a6836b0d4ad800e0488dadb8f8fe0d368ee979235418497b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\21405

Filesize
9KB

MD5
fd9dbc34e053a5bd81507766877268cc

SHA1
05b4267de232e7778486424e955069f1634361b1

SHA256
f17eda749243b85edf6823d40f2c897ac0f03e9bc1be66685d9ed200d5c10283

SHA512
257bea4c4778623d8c677d1e891911b2beb15828c4224a30e45dea1e239f4d1d3be3e0c0b6651bd6fc2bae242fcbdd240eb24b278bb4a710b424c92ec2c6689e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\25624

Filesize
9KB

MD5
47a2b49902dd6669664cb7fbdbffc78e

SHA1
0e96a334594d2bca3900cb4335d2f2c6fe1b7a20

SHA256
bd3a26bbce06bcc3eb896f273f7cfa7291843085e331a2871b391d8bf4fa7e62

SHA512
6c21e760a1405ee2ad6804013062140318de82a469829388af650d5d2f7efb27f788de2cd6c1ed3b0e7a74c2df92f273792c3be0c288df14c0a5d7240f21e938

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\3801

Filesize
14KB

MD5
91e6230d8ad8e7a0b32419af09a0e1ca

SHA1
0f0a529b07c0c0ddc14fb815a9d3fa24631e4f71

SHA256
15ff72186869680a8efd58bb352f6e421aefaf8fd2778ecc2bb7beb251b17995

SHA512
20178fe97150cff579522c7f50d6aa272f3bde310e2f9a2a18973552d63def4c154cbcf07b2add9ee0c454a72f040c3296436eace3abda0013a57b121e51c1a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\7931

Filesize
14KB

MD5
41f2e9767ccb2effd59e2903e813d5f3

SHA1
5ab78bd84591673ca6e8417ad663cf858d50b411

SHA256
eaddf698e8a1bf7e3644c3b561115f72207fdde88c70b88d753b3c9ebba5e2eb

SHA512
bc1a09576f440bfbf14790cbe09bd3f2f0417a9d80c482fdaad5de3d2abfa22af25f9b12ada30a3fa37c04e541cdc5fcdb465a5c57c1b405f6627f39ab38d85b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\805

Filesize
28KB

MD5
c33e7cb19b4c35df8951453725f3a2af

SHA1
abc849ed94fe6f2c2f0d0b9cffe409f34ce6fca1

SHA256
d08129552f3dfbc905b2bec4456cbf0249f520513a475d97c581f9bba6296c9c

SHA512
efbf04f6e16c22b3cc798d8ee54bae3e92fe8a2a9f44169e67f00348b4a9e3f19b3dde537087d01e81259c0d31703cb89cc6a86dfda49887f9c4a3da104e4f8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\8100

Filesize
9KB

MD5
f00bd615d14e8d34b9869c8eb0519c55

SHA1
12eade9663554b79e914d97fcee32a6d64ba1e2f

SHA256
629216bf5847086d477940bfd77e5f62989d7439ceb4850ba06df932ad301fc3

SHA512
91a0f877ea86afd4059f75b4c7a80d91225243b2e6b39c82d6fba012ac6246cc9862a9da6ef93779068b349e641354709ec0c75be4bd17da6cbcf2b0a2d6a8ed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\8829

Filesize
9KB

MD5
cc3915e48a684102e98fb54e8e1f2b26

SHA1
7af2fb1a3b8e1ee777b3667a16edc09a1d857daf

SHA256
b620e4e22664d2ac2eeaa51357821da0e73ca874ee5414af89575ea666c427f3

SHA512
04a81e1c38d9f20fce5b428c1b7b8cf2f1a7afb6d20f7cb2aa9d39545514115561eb11094dd4e23ea707af1562ead27550c34eccb3e07f369b2635ef8fc64d54

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\doomed\9771

Filesize
9KB

MD5
0f464f4a7fa5313a283c3960ce0c26e2

SHA1
7fe858dfcf6e7c60e84c8fc557c58828c634355f

SHA256
df90c2ca16946e6bfbcaf00a6c9677151618dd22519b7608f6bde0470313d740

SHA512
c4ae50643e606fd3cc4f07bc62e6377e3716608192d977e9f09652682b0b8c559808fc2cd28327bf3fcd56f609289fea573d36a9cca5746dd1260516a4323f16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\00BECA0DB9025CCD95CEAC18A0CFE3F67A47922E

Filesize
115KB

MD5
aae7fe5fd7b2280cc5d50b3254085c74

SHA1
f03b9082ca3f4941269c284331f174f2779a33d0

SHA256
7dfdffb9612ffb715c4819a55bbb364c2263897e479a2339a12c478422fd48e4

SHA512
8d05722b1fe57ee699902b8875e9c86a502532ce851e2cd172e9f833c0798134d09b94842bfebcc0750278fd0e407c90e1c57aa8a72cee15962479682b42cbee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\16FC7E0FEEFEADEEBD723F94A6ECDA64A5AB1CA1

Filesize
115KB

MD5
34752e56a25e195761d41b3f07d9cedc

SHA1
a6e91d4b3e0a2bb088e3ddfc604c43238cedec8b

SHA256
6deb1fb5f30ae8a84a1a8135c1909fd63cd2fdb4c7e2485069683f1721157497

SHA512
f10fde4fb890859f27e1873a9560523f901a242764bc5f84a24f35402a366b22011019e94cd2b3af9f634c9a7dfddd22ecbcfade743bc621bb1f1009c8f4b205

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\2325E248249AFE340C77BD180792AE0EAFDBA651

Filesize
51KB

MD5
a64082e96079338811b912ff00221965

SHA1
f740d6781689c351b146b23f4e9e5b6cc445c9b3

SHA256
78a6da9d7e65f34e8d6ced10165037ddb627f13c0a2371f4f8eff76f77ecebb9

SHA512
c069556e6e3fc83da0c94a68e16ac5ceea145aec67debd39d83d62408d99b20216121aad3506b8e10e2cdacd74489e342120306fea3dfced98ac336a06694aa5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\5C8C1E30C4D2BA6FE3627CB8CD488D5A1B4B7AD3

Filesize
136KB

MD5
2f5cfe4daf9f12047d3b4a7642c3d7d8

SHA1
9dbe30400a7ce46a782a4a0b4ca33bccce9f0ea4

SHA256
d267dd1f7605d6acd692368edfa28d59ad92361c12bc792b2dfba2c47fdf187f

SHA512
c10095db2af43832081c968ef874687a4fd39ee72ad7c1ba56f23d1bfb9fa43323b8e89a177cf75e4bdec070f4cc72215feb8a6fc24fdb010e2bded9c2062378

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\699CE167D440594CB88CD65F0B7678CC3A928F5C

Filesize
60KB

MD5
4780bde40b11bae087637ab005cb31bc

SHA1
9a4ff64407b7f35a31da627d341c6a8758eaa4a1

SHA256
6936824b0c610be6b1dda04dcd64649d5c97cda57049cfbd5bfd2b4e603ef28d

SHA512
e2bedc0234ee5f0239b8371b2c028db2297324b8e4c981ffa56864b3a05d7d0f3b24bc3143ecdee1f1481521b7c18662e0ea342aa27e0e3e71920d48f67b1988

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\7409339A31C01CDF44C04426FE991DD13647F042

Filesize
72KB

MD5
2c7bc17763babf22d19d3317840c2893

SHA1
ff22be0bbaca29dc1d748b808063c5cd6bf0e8b5

SHA256
eb662c36992fd7aaefaf5fcd61b9676703f355b8e66e35fd12433c25ea65dd4e

SHA512
39e1d7e49508e2121a7a6aedb5d53b18de0abb83aaa1cc59f47c11bcdac9e6ff07e4d6b65ba8a927234ce81d4ef98ccb247e58e45db4cf96c65a9939958850b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\9FDB5DDB73C663E17B064178A3CCE367C2D96FE3

Filesize
196KB

MD5
521c176e82315c874bdba00bafcbe103

SHA1
0c4c4f8637384be5772637dc834b60d8d4953483

SHA256
04d2f575a57e8285d3aac0473a8a7ac8fb4e5e64954661a311325f00018e1d47

SHA512
c606171ac3501fc48f95a770d0bae1a1a0caf7013d7855d8187e389aef9435a766becc7fa5cf835355bc811040f3aeda29a1d8edbcfd417d2fac753dc9ea8964

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\B427CC26430B485F58B845676DD53944274AB36E

Filesize
121KB

MD5
a444d1068304afecb53ea38618c5afe4

SHA1
41545d4601167b5b023886431fbc0900ba7e0fd8

SHA256
54d168918476bfc9d812b033d4f57feb68f368ca053be1601b2f0e622b9e3ac0

SHA512
fc22336df0d472f747674577c09b9b5062ebe5f814b4855a02b07526dc151d7692cce980505428b94c9bd88e37b4abb13f41e77df2bfff63284bce07defe69e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\BD099C2708D1BEBDAECE5D7FC8D12B10CB545F07

Filesize
13KB

MD5
71c47ec89a2a12aa9dc3b77cc2e5bf15

SHA1
e201cc6eba56e0f5325343b12f0d989b321b8a1c

SHA256
29b23ca499ce1b6da3babbec1d419ff5476de0691e8e41fb0c312bfb6252cb87

SHA512
4f939cb7a519527568cd0202f4ee3adff0c55b87e6316e822350c464fe0ff1bd8c1185e7c1cbc115f10e0ce754bea44bb63d0744a5d728ee1803a3b9786c9452

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\C89A1EDFC2B7F2D511226B5972962151151D34EF

Filesize
24KB

MD5
f8fbcaa6eecaf0a1254287d7c3db0c5a

SHA1
b21af9fb282b3c4699e7780c384482fa4e2526cb

SHA256
8c9e78f68cea5c082613f05f098fa51e27e6198086697f9dbd325b6bfcb261b5

SHA512
f970e04d186454c1727e0035f8915a33d4cfe9670590c0b3c93cf420dee959d748d9782747442419275285852723fbb2b87cd4cd52a3cfd5af06e123c974e3cc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\E18B9D74F9FC81959EA7E80F69389BC0FEA45924

Filesize
16KB

MD5
f3bd0269f075f837bc7559529293083c

SHA1
4d84c4a6c445bed78531e307e98f38724e5d9d08

SHA256
a3833380883bbaed451f8902c77f299ff5c8b1555b50a460d52b4de26e730a5c

SHA512
2b8c0391ce24a437953ddbad60b31afccbf61af3c3b0d8bd8aa864d826f13c0c9b3320a4bbdaf9e5dff5a31cec2aafe74a8b6e579a76dd1a9e90886f76f26359

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\EFD1F8D43DDC746C487BA4609A60ED768B81C7B3

Filesize
121KB

MD5
84dea72014509ee40040706a24bc4f6c

SHA1
21e38b0958de528e3cf96368b1ec970942ea74fc

SHA256
66eaedf0a979ca464bbaffbe1c7d0b6fa513c18ffa6f9e39eaf4182dd77ce24c

SHA512
a4d0c878bc5f67de8e474c14096535d526ea3ecec68ad1f2cbe13524025d1876118109c03c4a118601ae31e95b9d93e572a8f7c802ac2a0ec29143de4d3f72b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\cache2\entries\F47DCFD69C8B809E5D5BC2F22653E78120EA9FDC

Filesize
1.1MB

MD5
8da6fea7bf4f9de6a07719d7b1e37de1

SHA1
6f96430c711323b940a5fd82ae6f6f39cb11ae03

SHA256
7b1cd9b29aee0121354604380129874aab10e4aae069c36d4eba9e72a7d2ed16

SHA512
df04a9292001569e0acccd79ec50468f6a977a50995e6d379b608e23fd1948e19ed65da010644a896b750d6b3346fc8dc49e5e928d1b721c23f0d6e3a306c8b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\d8xutbrp.default-release\thumbnails\84607fb83b5206c656edbcb6bb307062.png

Filesize
1KB

MD5
a4e3dec615867334fc01bb2b71796edb

SHA1
6ca3970f02d7ab704f5b82849c2f9163a9bdb9e1

SHA256
5fa0608bb3291da5006676cc5880c90c3d591c29e0f96ffad8a35cc961522560

SHA512
ff4192657fc611ae0938c3962a541eac877a66d372924a8df62aa8e99f6be4431c6b706df232aff96269746a448fa8a23e7d1c8a9d809d74782baa78a0af62e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds241031593.tmp\jre-8u401-windows-x64.exe

Filesize
5.3MB

MD5
1f2dc58b7c1c7135506e6eec6924a0a3

SHA1
557ba573be11cff7d446010a3be2783c7dcd5084

SHA256
1d248cb77cdb3b609e5a61acbf527d0ebeedf14977a7214d6cfd9f4c1e3cbd70

SHA512
c72e144f8e7584ac9ac17e53f6d222e8fbc17e9c88059a885b4e5f4498a9c4848454c300330a5c1f8b872d43a3b28337707d3aed764112a0c7cca9f3bc3abe71

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds241031593.tmp\jre-8u401-windows-x64.exe

Filesize
4.5MB

MD5
c8c195a1967bf6f3625fbcaedf90400a

SHA1
e1919df787e0bfe2cd84012cfc14c57c4c43654c

SHA256
2302c22c13bfd3afbf3fb65a7819d6f664def4236a403a3d30cc0f1018297e23

SHA512
0f39fc88cc7eb276445a76a1d81249660b729d68a41ed48ee8d0e8da6833f09f71739f6698cee5bce5ef63676505c28f1c4265742d970083c346d01a76297906

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds241181140.tmp\jre-8u401-windows-x64.exe

Filesize
11.7MB

MD5
abee30ce1eed8be426d4b2fbd6807aa0

SHA1
c2ff9730d2d25dd38eb7be988f785e87b4832f3f

SHA256
214533146b0d52e04df40ee71db5320a4c843f6c01e74dbd484bd04e96a24231

SHA512
5c810d425bae236848f0e17e2f3730441be4bbadcaa16f8559cb532d7eb6178b94f913a243272a92de41099c331bfb55b04fb8006aaf5605919b5e4e3bf81b9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds241181140.tmp\jre-8u401-windows-x64.exe

Filesize
7.6MB

MD5
31ec12273be47fd6e582e6960ddab57c

SHA1
d56b0132dcc3dbbe04fd94794fdc49c9dece2981

SHA256
241951c4cab97c4edb7f6f26c88ec52d2a848ba71c0462d68f82bb968dc8f296

SHA512
df8e14339d5d971093d6083305d3b0f037a6377bd89b2ce62c65e235b4ffe8ccd838f08587f5bb2274bfa057ebacd1b20a806ab7986cc99123002ebd9e49d8dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
154KB

MD5
7f4fd11aa302fd236e2f42dca914d69e

SHA1
d5aa40ab6e8f8522fb676d0689d7654cdb77de8b

SHA256
ac39902dae728acbe7443325c23f7747361c8bf9e440c1a80d6eb6fe9bb429e1

SHA512
675f414d305dfd1452856597b53a749e6e88d929c93c409f1856d529549d178cdecd1fd2102008489aa059487a7b17b4a3840605ec6fd11969cb5589e0987b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
168KB

MD5
dcd33af7b5f32d8f6bc94433393cb036

SHA1
e9239d0e3f0474c50f60aae237a7dae8b5c2bd98

SHA256
c63fcf4e87a6b60dbe5f5733bf2270fa78ce286fd72ec1f3c232c25f9762fd6b

SHA512
28a9210cbd88ba523e520391ea594b254f68f54237c1e1f426b144a2caf719949d54f582cad5d82ab73a64f577161c3975b425b0b5f2e1da5ff0da9d6202cccd

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
176KB

MD5
06f50c9e63de5a9762819b272ec65a4a

SHA1
bf650f6572934847c45ffe6b39d7bcac3d03b98f

SHA256
4efb462081d886f51a357edb81ad12f57e7e476a22ffaf974f59e06fa5ff23d8

SHA512
82d676faf23d6e3d4ce74e13de7f9418e04937354319570779141bb905bcdbdd44248b6e0e5e4d084dfa92c91bf4d3a7925fcad53e95e34757e84f71f177d497

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
177KB

MD5
f3f2d5a044b00db31b75d4edf80b4831

SHA1
304d376a956dc0534b342869318a82f67989e242

SHA256
d842d77c48e002de2e6b6dca77b79f75d494ce99909cb72c7295a034c6b263c6

SHA512
b9b45ed960ffb2ae0433d10f7367ebce29ce33e666f4b2f671a03ae3dddc3f46a076fce47d73ba5a3eea701b4b0df651a83c343979b181e96704a6b42fc236a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
187KB

MD5
98d006956909455e4d607b6d4c34513a

SHA1
1ed4f55eaecec23801b195f105993982f000d0cb

SHA256
759f3c97ff8f875b4ce2cd59aa0bc8503a30b51ade2a1143f0867447b71d6aa9

SHA512
e0fdaa146a0d3777377419f191c713ce7a89ea33b80959b7d0b7a887bcdb832d3c7268410c9bcd1e3946edaf0fdbf99545dc991f5f064373ef13cbc28f32f527

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\shig.inima

Filesize
139B

MD5
571cc0288e3f5db4c85ae85dcd1c64ce

SHA1
181bbac9970e40769a089666de6555a51f5718d4

SHA256
36ed29282e1d008064f2c06952eddabdf7c73b58e2bc5215a497ac4541be6553

SHA512
16b64e01c673e8541f3b4a85c19cb5d922e6dfce772b06ca4dd0710b60e3d9e0ba4d3a34cdf19e655bd27feec6adfe7b90b355afd5193f792de4db846e112b50

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2930051783-2551506282-3430162621-1000\83aa4cc77f591dfc2374580bbd95f6ba_f946a443-4b62-4b42-a859-c2054434f5ea

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
2f0b1bc5fd163a0d0d06289f3995be4f

SHA1
e7fbb061324e0d9ca0e96e042d3462454bb5d919

SHA256
b194c69b9f2475b0ec0eb11fb85d8bd000b998665644e8d9b0db701b32ffc7aa

SHA512
64b952f5a89c050853177a1939b6531740a750b146b7b17e5086f162556e806a218155bbf626d1e3617caba9bcb80119d14d8a88d99cb97195c6e0b9bdaa1a02

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
17KB

MD5
2b8473202f8b5c2ffe94947b5dacfeba

SHA1
832818f4e1d0cb4a33fc86e2e848aa7b155f1820

SHA256
5c12833620307f9480b2e63f11cf8252000ae0057b2d69397dbe7f858d2b03ce

SHA512
5d20e637f599ab73e5372f508d0b5941e68e9abf3000a20e5fd99f4dae3ad2e27051da87c85f876c07b146d15a8a6d59ea9883bbdfa79bc85ea96960d7f1fb1c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
f14f22cae7a3c957e925bcbc76d0094b

SHA1
f5764b51a3e7db7531745756edd4f022d68df259

SHA256
2d2c6681240460b9933f2f6e4f56d1badffbbb7144415ba1618f25ec8cd19c4b

SHA512
f8787fb2b91eb9b2e41ad82243607644c2ddb65ba8dca27834119ee9707b4c4fe71c3bd8af60b3d55a375bce01189ebbb0741ad13ff6ebc0139adf0554d23315

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
0394ed3e3cd545c8ad4630d7ed67714c

SHA1
566457fc8b07509eaf3374e0ab761620cb39e3f2

SHA256
a88269c1691bf64abed3cccc79e7e30db1fd6c825e1b1fca70f7737b75a7d30b

SHA512
35af34a743e0654296962642cd4669cc164327f718a03104d8b71f5017f5c11e9d98ffc78f0bd450f7acd222629ab6f7d2bca200f6ea1d08441f16fef7b97a7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\08ba407d-2b4d-4f53-8978-244f5d648148

Filesize
11KB

MD5
1b4d02b61f9f570362412af8bba52e9d

SHA1
a0fb413cf1463833836a14c1f944fc6c6ebea5e5

SHA256
fb9f4b3f357df194fed38b5260d2111ff9e5d4ce95dbdf65f769a65f4aeb2bc1

SHA512
44ef841c9937ac65b87556c25199b5e8e51200d88cdf034ca3e0ff007f57344817cc5eff8a683824d38cdc3c977a11896984eeaf58c7294770880be55f4fec1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\c21fb126-c645-43ff-8140-1f508d556a7c

Filesize
746B

MD5
783b6b251bee2b7e65c93e30bc83eeb6

SHA1
754e5abc4c55a74799b1198588fed59324618fbe

SHA256
f935e918b6b7e3025ff3dad779568f0ebc717b509e9afff1c7cc3707a4ae5c5f

SHA512
bc7a7d0ed3f9e5734658a31522d76fabc4137591511f3dc081b2f4e4c64b09a5901b9b05cc4d33ca636eecab6a5f18291f3730151eebc4b1daf59133b52f9827

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
6KB

MD5
dd60281f47ca5fa670c148c74a5e3822

SHA1
98c47e9fcecdd2a8a082f1684f46b600335d1a1d

SHA256
e35afaa9d742d978757dd8b20cb8371dcf12bd23970430f284f933b132284115

SHA512
045f10b4ce1a58c99c27f7bc72752d372ce24963bc029b57193318bc97e2d1360fd00157828921b843a6c5038750a759ebcae68e6af6da45e4656487c886720d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
7KB

MD5
0788f42966989adeee6b842875d44075

SHA1
ee05306614d63c5f82153a450ab45a61b6d5c56b

SHA256
3bbef5097c2e0af98402be970f66147aed399f11c1533d203dd618a6e234c737

SHA512
7a58caa47b0a5916f1a54f4de29e158072a54f848a1a3da3f09f06ab3972e73e5957d96ceddd4a41bfacfd07a41be07849a97bdb8ef03f9d0459cc29c6f67d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
7KB

MD5
e024acbcfad9ee6e74874997a555eff7

SHA1
50fb9cf1915df6b7c25cab73760658f568d41c7d

SHA256
e7e8b609b2f13068965f9d41e9e16976eaf4947c71e1148573fa3c1df3f6cb37

SHA512
fc8141da76300dc1454a371cbbbaf3617520d209f7e664b1c52b7dbc8387254182f7d2c42161576daf235016386706d12fff79a6ca4e310f17eb533a00638196

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
6KB

MD5
8a5d442372b235ffeb7a33d8252e0d09

SHA1
5032aef6f7c0b6d079740193b07b56a46a51a890

SHA256
758f62a957dd572f8479cfe7f114b7eda59b867a726da6ebb74a1031e873c219

SHA512
20b43ec9db745d5ee8108599d8cf1bba77a8e9a94c0c7e9943e70552eec1c1cac14764e1d9516c1224119d8c503130883a7fafcf1f482b1e18b5c277c652f1c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs.js

Filesize
7KB

MD5
f22a2825cd72a7716e188c72bb2077ac

SHA1
5f490033d0ccb47b6ba61a68c08406552d1bc200

SHA256
45343d31d0f1d2bca356debb60ec1abccde319aa1f719487aac6d57ee9b23523

SHA512
4043e86fc7f2eb0fbf923042721fe6933724750227ab0b9ab88f61609a84ad5f6209ea7bd7b4af6b766e1e6d4ac39b5173b497390df08d761a217cd3c49886b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
beec3ea98cb4c0b36306fb5b32804d1a

SHA1
4ddff59a807cd7b0225a8c08240f37fbd676bde7

SHA256
efc6518a87eb1a42c69b908bb132d79a9e75e1997daedac074d900d9688d7c0e

SHA512
0513aa2c760bd1385570ad6b409d6b5e378f480817fd153e6ec2c40821e3099832cf9ddcaa45a1fd19b5307e35ca9ec4a65a0f55879ccfed62d8d415e99bccab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
cc600c7dae810707eb3a7a226e8b6d59

SHA1
510292140d6e0179c5105c95beae11d6c9de704b

SHA256
36fdec944c8ac12ed5e0d59d71334fdacd8d5188a9f09662e8c95e3b0949dea4

SHA512
cb3632227e95f75e6ff54037a00f45c0164f66c2dcc2c27836f2768bd17af6c8f0d37c19c3b6c9d49c3445f3cc9b0215cf2a7bfaa4468aa09f8ebf568e489bd9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
5b19e532118d68e0dd64eede82d9b5db

SHA1
4c03cd1298afd983df691d8e21075c611285ce14

SHA256
cb416652a7e592ca82f3494d6a7513a28af78aec445276ff00630ad39c74e43d

SHA512
7167cb9fe707a7cd61b192efd1be0d7c709ca92104513b34a46af4eb262fb1bb5c274f2cf9ae2aef3c587cdd95d5181f01af8cd88ddf63c3943b4fb401e37462

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
cae195eb105161990ac48318a47b0f12

SHA1
aab5fce6edfb5d56e2d5fd5488d6ce5570d00cab

SHA256
89612bde42aabb114fc2699747f6884acdbd4839ecc11f295cc4fc97e762f1c4

SHA512
04dfab323d1f232d200187fc5e60f3acc4841de34c685b8f332a7f38c9013190ccd9b1477e4a3e49dcc33ce631d1c8914863acbdde29ce6d10fe22083f1d196d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
db1dd594a92b0939c282121da7144ea9

SHA1
a1b8109b6cee291a560b33488bb00f6471ff8347

SHA256
f0e8efc9e03a35e7a614375d120b3a40c835295390764c0e3d7a4dd70b8350ff

SHA512
4b5a71e5dfc95f36792e8e9bd5e4a98d58c56fa6e5309ad34c47ea0263e5766b012737a2b3a0b73e9adcb207eb0d5044dc568ca4603162363bb839a843deabf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
681286453443b3feb95334f31079df1a

SHA1
f4f188e1bc07ff37b7bb448c68dab91e7e0010c1

SHA256
85b508c28ad28df71213688e50b583ae58bdf8bb76c428c6027c66d361355f78

SHA512
5ad45f5e3c05cb4d6cbe139df2ddb6062723dc311f028a7e1387cfbac1e51b5d92782a35ed61413e21ba07ef630cc9e7a336ee4431ede97dd7e08761b5194149

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
2640469211fd73e1bc16276a3985b636

SHA1
67ffdcdd369633c53c9d162f979b97b34cfd60e3

SHA256
855b880d87245efa3b4e01765f775286fac56a253d89949ada4bcb40a9dba50a

SHA512
dbb13151b16a48b46df21a23227656cb205aafe39c01e0dc534a80c4b53164ce1254b5f45ade60b2653c7fa35b05bd15492b017e24bdc8385ee79e4622a1d7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
f94fd30cf3c1343322cb936f58aca545

SHA1
71711551e64f4e2a331c0879270d648bc3d6482a

SHA256
c39cd1963618e27c3ad5b9224d12a5422b090c5203f4af36aa66846635d7e751

SHA512
f0698ad520110db9c71f6b564c6a70626b04df7c8c823eded31afcc124ea33d70eb1c4cf79fe651c2bb1600bbe133816441327da308f65b23f7f5ba54ef91f19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
dc7e5fde1e2e8599a1082dd0712f169a

SHA1
9af6ead3634804219b96675f77e41c919eadd640

SHA256
305cf610ebbcc3c84ba55bd4ad3b568d3ac0c284ae83f6f73f53a8bd98053266

SHA512
c6117a56cf080df71fe695c7a1dae0525c90a58f05361b8c053ad946d90de959220c02c2be076f90743ba6d137544e34e39bca60452234f0164fb6026bf896d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
10515c33c1e74dad30f250f539c6ab50

SHA1
a1ab503da9b34e5305bff8ef48340a4f079122d8

SHA256
2dae91dd5e78b9e7b07120a70a43645be9989b8c0797dcf1379c58bc4022896b

SHA512
b5353f2f6ba614da36afa647b71d734b46c9d9558b9334a4f462ae87430ed203a3a6169257d557f0bed2d120bbabfce260e21814d415f8ea7147c10235376cf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
d6b8ccf01e04a8b2c3571c8d814f346d

SHA1
4dc85f754a41b71d2c66c29e91bd6a981076a09a

SHA256
9397b29b20b3f1613c918cae1d603333899a07ae10eda33645a5b7230a9ea41f

SHA512
b35b0d6aa99a2f88756f596a258f0fa3a47962030debb4f680f251df92c422abcc04000345d6ea0f8b5b4171b7e1ab005aff6139cf3cc6c131ff2dfef26176b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
14KB

MD5
108a8f99e8979eca65de7dd974a3802b

SHA1
7f8474410b83e90a51c2bd9bf328c6056ad3762e

SHA256
3e90006ff4c324ea7e52ccbe93d49986058be318c7c22fc31cd56cda4b0cbdcc

SHA512
7ff8ae31d30b220b9cf28e74781833cb8b9d533470360e309c5d5e884ddde06c9e3327409d00ea1b546e1e3f46ce5c8e21d06e03f45613f18a3088550fc3b664

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
3e49da5c9f06dd875be7c3c419bd7624

SHA1
e4f414e067fb77669f25bca5f6e4695397a90df5

SHA256
7302c86a48106c5f736ee0782a7daf7bb3d3f7c09e30489b3885bba52c3c88d3

SHA512
eb9f3930948b9b2d52332dbf085a202144e04387e93f95cc8c616e407b8407480eeac2204b6af2d5e8b095195db385c17472ce02c7feb35865c329317c463f43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\default\https+++mega.nz\cache\morgue\85\{82c123b1-49c1-4f87-a3c5-2f6855a82d55}.final

Filesize
1KB

MD5
3efa9abd92666265dd81c4f4311a96f9

SHA1
41b6b716d67b93555e444cd453f3c6e3f8c9522c

SHA256
5066b1841e8877db31312ef3af86f9bc9234c95071119e025764f45241a4e2e7

SHA512
5961950f077501608a0f2975e7f69c483eeacc4eec4ac77fd650cc1131609501f87819f93ed23aa508a90426156abf038a859fac4112d2d4435bbb634027cd6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\default\https+++mega.nz\idb\1409365021%s2p4.sqlite

Filesize
48KB

MD5
40ae096800ba54c7a2e2524d9b496872

SHA1
9e6e6032f3c337d77491b5f4055627520c8be4b2

SHA256
660f90ed894f22971dc33fe030cc452ebd73388c184956c76a4ae8384db897b1

SHA512
44b54592c310d65f00b2a331a10148d7b92769989aa5122066e69d771b94a57971343e5a0a3905dc7a057f5993812e03d49605931d002bd7a98e79e33776be3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a6e2c0d6b59075fff94c66f804c74cbd

SHA1
56a81d3bc20afb57fcc4eb43f6862b4ee9a0ccaa

SHA256
4488d7e333fb1e3b4f981576f37b5fbd3fc32b88d465bf2356dbf5ee3d008641

SHA512
54594421b00052ae2fb0b4adadcd9ec8a89be1c56ee623f21f7793e6c648084073b548e18b11f38d17fd15efd2ed291fa94ae5413a261ea056173d4b243a4fbf

Download Submit
C:\Users\Admin\Downloads\jre-8u401-windows-x64.ErbDSmV-.exe.part

Filesize
31.8MB

MD5
4ae946dd2862f18ed52056a694fee483

SHA1
a88105b4a8ff43c2f9ba827d6d0f9e05182d59c9

SHA256
a5ee8f3a72ebe63a4338a52ec6ed4fb9a14827de5a0e148fc51b1fb3f54fc3ff

SHA512
64b62717125c6e6f897a12b3c4cadbf400f6c679e4af95653aa359820ef3e3aaf97bcafeff7bf50047507938b93f055b53937b784974ce5c732fd622a5366309

Download Submit
C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe

Filesize
5.5MB

MD5
cce01f5e0156c4593820d84e21a3b91a

SHA1
b31a9b95a304b0f12998c22fa9597482cccc1e62

SHA256
62e8dde321437f80ea0c1d0cf0203dc1d8e9bf81ff4b328b808da284a1e7c11f

SHA512
54ff61a29e95a8744b0f97b3bb85297e424b723c1273d809458178b49dc4263170c5d284ccb9da3214c4d3286c81ba2e66a27a8a7545c83d9aa1d069a4422c8b

Download Submit
C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe

Filesize
6.3MB

MD5
ee90f733bd4ce3a5a89ca05a5ff7c141

SHA1
a4241752bb913974e54eee7eb76e36c501dca795

SHA256
031f7a13011ce6b2b5b4d7f98026fd6eb0d08694b5e39de8f03766073e8b3be5

SHA512
b0f247c7252277d139d9c6f943975c381c2beb72aa56fa292efa11a66a1962c1891f8791d5b458ab7b0bdafcb915e516ae5924b811b74b566877499cc842d289

Download Submit
C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe

Filesize
64.4MB

MD5
af1d24091758f1e02d51dc5f5297c932

SHA1
dc3f98dded6c1f1e363db6752c512e01ac9433f3

SHA256
e52a8d0337bae656b01cb76c03975ac3d75ac4984c028ba2a6531396dea6dddd

SHA512
8d4264a6b17f7bbfd533b11ec30d7754a960a9f2fbef10c9977b620051c5538d8eb6080ea78e070904c7c52a6ce998736fad2037f6389ad4c5c0ce3f1d09e756

Download Submit
C:\Users\Admin\Downloads\jre-8u401-windows-x64.exe:Zone.Identifier

Filesize
405B

MD5
0a679edf6d87f488162413a6b7fb063a

SHA1
c4d9561f421b647fe5c63b6f02cece771c2db916

SHA256
080622fd66c7d2bcfcc43862369406fdf24d16c4c9217d596eee71a63d622d3b

SHA512
b0572fa041f39e1d7acd6a7bb57a992cabf9665a7ce0f02d980e010bbc145935d252affad244d115deecc515deb33b8eaa434b4583767cd8fe0b5a0a1a64fbfa

Download Submit
C:\Users\Admin\Downloads\launcherfull-shiginima-v4300-pc.HXVTqx1t.zip.part

Filesize
4.8MB

MD5
90d2a84071f24e5ca91fdf09e32fd018

SHA1
820a27bbf7d27bd61b39efda6b58b191e1ecf4d9

SHA256
eb8b2c7d51ca85de8962a91626b2bfdf3900185810ab80ff789b217471532728

SHA512
a5a0b6b1830b3c90013407f203403428a9db3bd95138809014845e775dd184bfbac33933d7983f95458326600d1fbd7f1d70b3e1f6698e062ecbd080f71f00d9

Download Submit
memory/3148-98-0x00000295E55A0000-0x00000295E55A1000-memory.dmp

Filesize
4KB

Download
memory/3148-136-0x00000295E72B0000-0x00000295E72C0000-memory.dmp

Filesize
64KB

Download
memory/3148-135-0x00000295E72C0000-0x00000295E72D0000-memory.dmp

Filesize
64KB

Download
memory/3148-4-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-54-0x00000295E55A0000-0x00000295E55A1000-memory.dmp

Filesize
4KB

Download
memory/3148-15-0x00000295E55A0000-0x00000295E55A1000-memory.dmp

Filesize
4KB

Download
memory/3148-59-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-73-0x00000295E55A0000-0x00000295E55A1000-memory.dmp

Filesize
4KB

Download
memory/3148-19-0x00000295E55A0000-0x00000295E55A1000-memory.dmp

Filesize
4KB

Download
memory/3148-49-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-53-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-45-0x00000295E55A0000-0x00000295E55A1000-memory.dmp

Filesize
4KB

Download
memory/3148-134-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-33-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-42-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-137-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/3148-24-0x00000295E6E20000-0x00000295E7E20000-memory.dmp

Filesize
16.0MB

Download
memory/4900-133-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/4900-121-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5136-2359-0x0000019FA8480000-0x0000019FA9480000-memory.dmp

Filesize
16.0MB

Download
memory/5136-2366-0x0000019FA8480000-0x0000019FA9480000-memory.dmp

Filesize
16.0MB

Download
memory/5136-2328-0x0000019FA8480000-0x0000019FA9480000-memory.dmp

Filesize
16.0MB

Download
memory/5136-2372-0x0000019FA8480000-0x0000019FA9480000-memory.dmp

Filesize
16.0MB

Download
memory/5136-2346-0x0000019FA8480000-0x0000019FA9480000-memory.dmp

Filesize
16.0MB

Download
memory/5136-2352-0x0000019FA8480000-0x0000019FA9480000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1495-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1513-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2037-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2068-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2094-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2095-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2015-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1905-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1846-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1833-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2152-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1826-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2156-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2157-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2158-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1811-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1732-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1713-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1667-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-2030-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1330-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1238-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1482-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1477-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1470-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1251-0x000001C97AC70000-0x000001C97AC71000-memory.dmp

Filesize
4KB

Download
memory/5288-1258-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1262-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1270-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1274-0x000001C97AC70000-0x000001C97AC71000-memory.dmp

Filesize
4KB

Download
memory/5288-1277-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1284-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1403-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1324-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1379-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1351-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download
memory/5288-1347-0x000001C900000000-0x000001C901000000-memory.dmp

Filesize
16.0MB

Download