hxxps://sdl[.]adaware[.]com/?bundleid=JD003&savename=JDownloaderSetup[.]exe

Analysis

max time kernel
916s
max time network
920s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://sdl.adaware.com/?bundleid=JD003&savename=JDownloaderSetup.exe

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 47 IoCs

pid	Process
2364	JDownloaderSetup.exe
216	Carrier.exe
2196	unpack200.exe
1472	unpack200.exe
4868	unpack200.exe
4540	unpack200.exe
1812	unpack200.exe
4448	unpack200.exe
408	unpack200.exe
3392	unpack200.exe
3320	unpack200.exe
1296	unpack200.exe
1032	unpack200.exe
948	unpack200.exe
5072	unpack200.exe
3084	unpack200.exe
4784	unpack200.exe
5080	unpack200.exe
1832	unpack200.exe
1764	unpack200.exe
664	unpack200.exe
4568	java.exe
5016	JDownloaderSetup.exe
448	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3276	Carrier.exe
2528	unpack200.exe
1976	unpack200.exe
3380	unpack200.exe
5020	unpack200.exe
1440	unpack200.exe
4480	unpack200.exe
3552	unpack200.exe
1640	unpack200.exe
4024	unpack200.exe
2296	unpack200.exe
2852	unpack200.exe
3920	unpack200.exe
992	unpack200.exe
712	unpack200.exe
1032	unpack200.exe
2068	unpack200.exe
1512	unpack200.exe
4696	unpack200.exe
5024	unpack200.exe
3144	java.exe

Loads dropped DLL 64 IoCs

pid	Process
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
4568	java.exe
4568	java.exe
4568	java.exe
4568	java.exe
4568	java.exe
4568	java.exe
4568	java.exe
4568	java.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
216	Carrier.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe

Checks for any installed AV software in registry 1 TTPs 9 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\Software\Avast Software\Avast	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	JDownloaderSetup.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	JDownloaderSetup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4112	5016	WerFault.exe	157
3508	448	WerFault.exe	161
3936	2044	WerFault.exe	164

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
1172	timeout.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
2332	tasklist.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4	JDownloaderSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 0400000001000000100000004be2c99196650cf40e5a9392a00afeb20f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd94090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b06010505070308530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c07f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b0601050507030762000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3390b000000010000001800000045006e00740072007500730074002e006e006500740000001400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab1d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d347e000000010000000800000000c001b39667d6010300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d4190000000100000010000000fa46ce7cbb85cfb4310075313a09ee052000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	JDownloaderSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\8CF427FD790C3AD166068DE81E57EFBB932272D4\Blob = 5c000000010000000400000000080000190000000100000010000000fa46ce7cbb85cfb4310075313a09ee050300000001000000140000008cf427fd790c3ad166068de81e57efbb932272d47e000000010000000800000000c001b39667d6011d0000000100000010000000521b5f4582c1dcaae381b05e37ca2d341400000001000000140000006a72267ad01eef7de73b6951d46c8d9f901266ab0b000000010000001800000045006e00740072007500730074002e006e0065007400000062000000010000002000000043df5774b03e7fef5fe40d931a7bedf1bb2e6b42738c4e6d3841103d3aa7f3397f000000010000002c000000302a060a2b0601040182370a030406082b0601050507030506082b0601050507030606082b06010505070307530000000100000041000000303f3020060a6086480186fa6c0a010230123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b060105050703080f0000000100000020000000fde5f2d9ce2026e1e10064c0a468c9f355b90acf85baf5ce6f52d4016837fd940400000001000000100000004be2c99196650cf40e5a9392a00afeb22000000001000000420400003082043e30820326a00302010202044a538c28300d06092a864886f70d01010b05003081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d204732301e170d3039303730373137323535345a170d3330313230373137353535345a3081be310b300906035504061302555331163014060355040a130d456e74727573742c20496e632e31283026060355040b131f536565207777772e656e74727573742e6e65742f6c6567616c2d7465726d7331393037060355040b1330286329203230303920456e74727573742c20496e632e202d20666f7220617574686f72697a656420757365206f6e6c793132303006035504031329456e747275737420526f6f742043657274696669636174696f6e20417574686f72697479202d20473230820122300d06092a864886f70d01010105000382010f003082010a0282010100ba84b672db9e0c6be299e93001a776ea32b895411ac9da614e5872cffef68279bf7361060aa527d8b35fd3454e1c72d64e32f2728a0ff78319d06a808000451eb0c7e79abf1257271ca3682f0a87bd6a6b0e5e65f31c77d5d4858d7021b4b332e78ba2d5863902b1b8d247cee4c949c43ba7defb547d57bef0e86ec279b23a0b55e250981632135c2f7856c1c294b3f25ae4279a9f24d7c6ecd09b2582e3ccc2c445c58c977a066b2a119fa90a6e483b6fdbd4111942f78f07bff5535f9c3ef4172ce669ac4e324c6277eab7e8e5bb34bc198bae9c51e7b77eb553b13322e56dcf703c1afae29b67b683f48da5af624c4de058ac64341203f8b68d946324a4710203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e041604146a72267ad01eef7de73b6951d46c8d9f901266ab300d06092a864886f70d01010b05000382010100799f1d96c6b6793f228d87d3870304606a6b9a2e59897311ac43d1f513ff8d392bc0f2bd4f708ca92fea17c40b549ed41b9698333ca8ad62a20076ab59696e061d7ec4b9448d98af12d461db0a194647f3ebf763c1400540a5d2b7f4b59a36bfa98876880455042b9c877f1a373c7e2da51ad8d4895ecabdac3d6cd86dafd5f3760fcd3b8838229d6c939ac43dbf821b653fa60f5daafce5b215cab5adc6bc3dd084e8ea0672b04d393278bf3e119c0ba49d9a21f3f09b0b3078dbc1dc8743febc639acac5c21cc9c78dff3b125808e6b63dec7a2c4efb8396ce0c3c69875473a473c293ff5110ac155401d8fc05b189a17f74839a49d7dc4e7b8a486f8b45f6	JDownloaderSetup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\JDownloaderSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
2364	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
5016	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
448	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
2044	JDownloaderSetup.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe
3464	JDownloaderSetup.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	4720	firefox.exe
Token: SeDebugPrivilege	4720	firefox.exe
Token: SeDebugPrivilege	2364	JDownloaderSetup.exe
Token: SeDebugPrivilege	5016	JDownloaderSetup.exe
Token: SeDebugPrivilege	448	JDownloaderSetup.exe
Token: SeDebugPrivilege	2044	JDownloaderSetup.exe
Token: SeDebugPrivilege	1880	taskmgr.exe
Token: SeSystemProfilePrivilege	1880	taskmgr.exe
Token: SeCreateGlobalPrivilege	1880	taskmgr.exe
Token: 33	1880	taskmgr.exe
Token: SeIncBasePriorityPrivilege	1880	taskmgr.exe
Token: SeDebugPrivilege	3464	JDownloaderSetup.exe
Token: SeDebugPrivilege	3276	Carrier.exe
Token: SeDebugPrivilege	2332	tasklist.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe

Suspicious use of SendNotifyMessage 39 IoCs

pid	Process
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe
1880	taskmgr.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
4720	firefox.exe
2364	JDownloaderSetup.exe
216	Carrier.exe
4568	java.exe
216	Carrier.exe
3464	JDownloaderSetup.exe
3276	Carrier.exe
3144	java.exe
3276	Carrier.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 2160 wrote to memory of 4720	2160	firefox.exe	87
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 4924	4720	firefox.exe	88
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89
PID 4720 wrote to memory of 740	4720	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://sdl.adaware.com/?bundleid=JD003&savename=JDownloaderSetup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://sdl.adaware.com/?bundleid=JD003&savename=JDownloaderSetup.exe
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.0.702335085\1031667523" -parentBuildID 20230214051806 -prefsHandle 1744 -prefMapHandle 1736 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e9e3f5b-e02e-4e1d-a309-56cf29df09bf} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 1840 21913210e58 gpu
    3⤵
    PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.1.1811268524\344290233" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2408 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62254189-191c-4bd4-bb39-454e057b32af} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 2424 21906487258 socket
    3⤵
    - Checks processor information in registry
    PID:740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.2.927628792\576915559" -childID 1 -isForBrowser -prefsHandle 2992 -prefMapHandle 2988 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5926fce1-0e2d-42f9-889b-e104e6198ebc} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 3004 2191602de58 tab
    3⤵
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.3.1275897623\1388185336" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fc4cbe1-4c54-4522-9bc7-3bc9846b9f53} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 3656 21906477858 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.4.1675975854\1941535910" -childID 3 -isForBrowser -prefsHandle 5236 -prefMapHandle 5232 -prefsLen 27656 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1285bf23-193f-4414-8557-2a45d42d57a4} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5180 21919633b58 tab
    3⤵
    PID:2924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.5.70414950\956335061" -childID 4 -isForBrowser -prefsHandle 5460 -prefMapHandle 5456 -prefsLen 27656 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c196278e-995c-4d11-b8f9-60c37aaabce8} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5380 21919fdbc58 tab
    3⤵
    PID:1900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4720.6.1673251603\816787328" -childID 5 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 27656 -prefMapSize 235121 -jsInitHandle 1224 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b12070b5-3dcd-4fc7-9819-be40a7b2e91f} 4720 "\\.\pipe\gecko-crash-server-pipe.4720" 5352 2191a27f558 tab
    3⤵
    PID:4952
- - C:\Users\Admin\Downloads\JDownloaderSetup.exe
    "C:\Users\Admin\Downloads\JDownloaderSetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2364
  - - C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe
      "C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe" -Dexecuteafter=false "-Dregistry=true" -DinstallationDir="C:\Users\Admin\AppData\Local\JDownloader 2.0" -q "-Dfilelinks=dlc,jdc,ccf,rsdf,metalink,meta4,nzb" "-Ddesktoplink=true" "-Dquicklaunch=false"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:216
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\charsets.jar.pack" "jre\lib\charsets.jar"
        5⤵
        Executes dropped EXE
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\jce.jar.pack" "jre\lib\jce.jar"
        5⤵
        Executes dropped EXE
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\jfr.jar.pack" "jre\lib\jfr.jar"
        5⤵
        Executes dropped EXE
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\jsse.jar.pack" "jre\lib\jsse.jar"
        5⤵
        Executes dropped EXE
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\management-agent.jar.pack" "jre\lib\management-agent.jar"
        5⤵
        Executes dropped EXE
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\resources.jar.pack" "jre\lib\resources.jar"
        5⤵
        Executes dropped EXE
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\rt.jar.pack" "jre\lib\rt.jar"
        5⤵
        Executes dropped EXE
        
        PID:408
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\access-bridge-32.jar.pack" "jre\lib\ext\access-bridge-32.jar"
        5⤵
        Executes dropped EXE
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\access-bridge.jar.pack" "jre\lib\ext\access-bridge.jar"
        5⤵
        Executes dropped EXE
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\cldrdata.jar.pack" "jre\lib\ext\cldrdata.jar"
        5⤵
        Executes dropped EXE
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\dnsns.jar.pack" "jre\lib\ext\dnsns.jar"
        5⤵
        Executes dropped EXE
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\jaccess.jar.pack" "jre\lib\ext\jaccess.jar"
        5⤵
        Executes dropped EXE
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\localedata.jar.pack" "jre\lib\ext\localedata.jar"
        5⤵
        Executes dropped EXE
        
        PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\nashorn.jar.pack" "jre\lib\ext\nashorn.jar"
        5⤵
        Executes dropped EXE
        
        PID:3084
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\sunec.jar.pack" "jre\lib\ext\sunec.jar"
        5⤵
        Executes dropped EXE
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\sunjce_provider.jar.pack" "jre\lib\ext\sunjce_provider.jar"
        5⤵
        Executes dropped EXE
        
        PID:5080
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\sunmscapi.jar.pack" "jre\lib\ext\sunmscapi.jar"
        5⤵
        Executes dropped EXE
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\sunpkcs11.jar.pack" "jre\lib\ext\sunpkcs11.jar"
        5⤵
        Executes dropped EXE
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe
        
        -r "jre\lib\ext\zipfs.jar.pack" "jre\lib\ext\zipfs.jar"
        5⤵
        Executes dropped EXE
        
        PID:664
    - - \??\c:\users\admin\appdata\local\temp\E4J1C8~1.TMP\jre\bin\java.exe
        
        "c:\users\admin\appdata\local\temp\E4J1C8~1.TMP\jre\bin\java.exe" -version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4568

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4044

C:\Users\Admin\Downloads\JDownloaderSetup.exe
"C:\Users\Admin\Downloads\JDownloaderSetup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5016
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 2704
  2⤵
  - Program crash
  PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5016 -ip 5016
1⤵
PID:4580

C:\Users\Admin\Downloads\JDownloaderSetup.exe
"C:\Users\Admin\Downloads\JDownloaderSetup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:448
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 2704
  2⤵
  - Program crash
  PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 448 -ip 448
1⤵
PID:4568

C:\Users\Admin\Downloads\JDownloaderSetup.exe
"C:\Users\Admin\Downloads\JDownloaderSetup.exe"
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2044
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 1252
  2⤵
  - Program crash
  PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 2044 -ip 2044
1⤵
PID:1600

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1880

C:\Users\Admin\Downloads\JDownloaderSetup.exe
"C:\Users\Admin\Downloads\JDownloaderSetup.exe"
1⤵
- Executes dropped EXE
- Checks for any installed AV software in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3464
- C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe
  "C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe" -Dexecuteafter=false "-Dregistry=true" -DinstallationDir="C:\Users\Admin\AppData\Local\JDownloader 2.0" -q "-Dfilelinks=dlc,jdc,ccf,rsdf" "-Ddesktoplink=true" "-Dquicklaunch=false"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3276
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\charsets.jar.pack" "jre\lib\charsets.jar"
    3⤵
    - Executes dropped EXE
    PID:2528
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\jce.jar.pack" "jre\lib\jce.jar"
    3⤵
    - Executes dropped EXE
    PID:1976
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\jfr.jar.pack" "jre\lib\jfr.jar"
    3⤵
    - Executes dropped EXE
    PID:3380
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\jsse.jar.pack" "jre\lib\jsse.jar"
    3⤵
    - Executes dropped EXE
    PID:5020
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\management-agent.jar.pack" "jre\lib\management-agent.jar"
    3⤵
    - Executes dropped EXE
    PID:1440
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\resources.jar.pack" "jre\lib\resources.jar"
    3⤵
    - Executes dropped EXE
    PID:4480
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\rt.jar.pack" "jre\lib\rt.jar"
    3⤵
    - Executes dropped EXE
    PID:3552
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\access-bridge-32.jar.pack" "jre\lib\ext\access-bridge-32.jar"
    3⤵
    - Executes dropped EXE
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\access-bridge.jar.pack" "jre\lib\ext\access-bridge.jar"
    3⤵
    - Executes dropped EXE
    PID:4024
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\cldrdata.jar.pack" "jre\lib\ext\cldrdata.jar"
    3⤵
    - Executes dropped EXE
    PID:2296
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\dnsns.jar.pack" "jre\lib\ext\dnsns.jar"
    3⤵
    - Executes dropped EXE
    PID:2852
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\jaccess.jar.pack" "jre\lib\ext\jaccess.jar"
    3⤵
    - Executes dropped EXE
    PID:3920
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\localedata.jar.pack" "jre\lib\ext\localedata.jar"
    3⤵
    - Executes dropped EXE
    PID:992
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\nashorn.jar.pack" "jre\lib\ext\nashorn.jar"
    3⤵
    - Executes dropped EXE
    PID:712
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\sunec.jar.pack" "jre\lib\ext\sunec.jar"
    3⤵
    - Executes dropped EXE
    PID:1032
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\sunjce_provider.jar.pack" "jre\lib\ext\sunjce_provider.jar"
    3⤵
    - Executes dropped EXE
    PID:2068
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\sunmscapi.jar.pack" "jre\lib\ext\sunmscapi.jar"
    3⤵
    - Executes dropped EXE
    PID:1512
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\sunpkcs11.jar.pack" "jre\lib\ext\sunpkcs11.jar"
    3⤵
    - Executes dropped EXE
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\unpack200.exe
    -r "jre\lib\ext\zipfs.jar.pack" "jre\lib\ext\zipfs.jar"
    3⤵
    - Executes dropped EXE
    PID:5024
- - \??\c:\users\admin\appdata\local\temp\E4J778~1.TMP\jre\bin\java.exe
    "c:\users\admin\appdata\local\temp\E4J778~1.TMP\jre\bin\java.exe" -version
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3144
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
  2⤵
  PID:1312
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist /FI "PID eq 3464" /fo csv
    3⤵
    - Enumerates processes with tasklist
    - Suspicious use of AdjustPrivilegeToken
    PID:2332
- - C:\Windows\SysWOW64\find.exe
    find /I "3464"
    3⤵
    PID:2516
- - C:\Windows\SysWOW64\timeout.exe
    timeout 5
    3⤵
    - Delays execution with timeout.exe
    PID:1172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Process Discovery

T1057

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Adaware\JDownloaderSetup.exe_Url_g5m40shbgs2egqdzzrwr1zykmzljk3he\1.1.1.6665\kkf2bxjy.newcfg

Filesize
798B

MD5
f3da41e2f01ec12a28efa662df2fa963

SHA1
9760227f497132829ec34fffec6184969043bba1

SHA256
a4544f806b5637e45e2e702c7997d0b6a52b805670a72aac518d189c3004d1c2

SHA512
ae4f56f93a2386abe8891ba5ba1cc7de166a28c6a2f3913870bed2926ac43469bbbf0b4b18acf2fce7c7f120056e36b3777aabbdf9715cc12d2159403e392e59

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\client\jvm.dll

Filesize
3.7MB

MD5
26e8f4be912ba6227a3ff9edd87622a0

SHA1
4500fee4a98635651e78c1aa3b7521093a5df561

SHA256
287e6de0c5fb6589c62c7d3807f5d5a79f7d4fa0326e3e90b41bd5b52c14bf12

SHA512
d79fd3252c5fac291ac9dbb4dd003ee665bc16bb4697f9442ca07cb9359f3d72fda47847dde611aee343747abcf0b7bc1cdc8cb7856c1883d88af94d6f345379

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j1859726488520243927.tmp

Filesize
21KB

MD5
d78c8560f8e96b062a543e03a5ae9c3c

SHA1
284bd7a500a889621bb2b84e40da264ca156d6f2

SHA256
e7d31f3c81ce8d7f24bb07e6ceddc2586181524502d1532291b816b0a86118bc

SHA512
81c57bd1dffe6b47ce810deb307f2585d11c6e1b08919f7782bb5962371781432613c4c383e1fd75d2686b81c1839134ab80d7460a4b945cd7463c34db937a80

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j2494865657936514514.tmp

Filesize
16KB

MD5
313b2a7b9ecadaef9e26144992729de4

SHA1
69e53050004272103bc7480c3a7a81e2d61831c4

SHA256
333462abab21ea468ff0946aa1efe9cb810fbbd6e4d8d5d27c2f6d11b1eefa37

SHA512
9ec10b80e29512fed7c943138742630806a8bbe569e7b1af529420147edba595469cdbafb4d8822faa58d4ab63523489262784011ec32c7537f79864f36f3609

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j2607282122365991060.tmp

Filesize
24KB

MD5
291d3ce1e405c26fed6cff9cc4972c5d

SHA1
8b203b03dedeb5322aa17580ec5f970bf7a5aa86

SHA256
e4b1fbbbf6e2e38fa0bf00968ce0be1cfb23e757976997dd8bdec8287cebd16d

SHA512
ac60a43e00db953749aace7de5ed59f0764fa758f48b54f807b358fda9fd3eaa60b0492355a6c75efcd3268fbf135833d30ae43cc0065b7ae4ec8f9eeb00c01a

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j35681649090468467.tmp

Filesize
18KB

MD5
40e4d92bc9092ce7368ade2779478d5c

SHA1
8247517100bf45b7f7909fe8b975828d7c7f0486

SHA256
e4b4e1e1c967d933c3e2c0574c0397f810220eaf4003de3f6d6683523f992af8

SHA512
de3938c5becda7cf43c19a36205b269cad23a73515a21921cb6fe5e0d14afcc6ce5fe913d6fc4123ffa81f1cc9b9f77a3d83aaa5087bcb06a6dddd8d90e95036

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j3841598679935591599.tmp

Filesize
175KB

MD5
85a07ea04775c06b097afb06b1225fce

SHA1
06a6ad876aa6da694908378f3c5a50e67b3b8017

SHA256
9fca342a226e9812cb6327eea913688cd2a57056ef4ec197fd8e951cd6a7a859

SHA512
2397485b4603eaf6f726c5d5330d18bde12875914cf00d4f10e91c1caf0fbc7f630c0f457ebb8b0ae6af802fe91133ca1d6e0787cbb2de1131c9285d9cfb5ec2

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j3932961580081613071.tmp

Filesize
133KB

MD5
9ebf0088ca46367a963e1a881f7e369d

SHA1
c0988b127857d586acfbd69d47f9da24ce8f453d

SHA256
0e0d4945951ca83bd55c123d6c39f3c6e4894a4230173cf86fd0856397b4ee21

SHA512
973215895deae01f423c84b8e053b9a1ddfcf818b4e206bfbf0026db230f6101c304a8fbd81ca12cf2829178adc3fb907255dec41c72ac3a2f9da3b723796b51

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j3967205113944468166.tmp

Filesize
166KB

MD5
2c596cf3d75fbf4061dbe15a4aa745d3

SHA1
9a22828197bd4f79a648d89a8043ddcbdd7d88ed

SHA256
f6058ce5ea97a9b5b764afb78b798cd67d6113734a4ccddd83cb8591ecbc6434

SHA512
d3e1f63c97b72d3d63745c6638fdff04350f08149fa6edd55bd6034d33cfd4bbcbcbf7ba5c94038aaad40aca2038f0ffb8454420bba2604e2c9d2cf32977980c

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j4387359387627972296.tmp

Filesize
21KB

MD5
b56af8a274e83897522dedbd068d27c5

SHA1
71803a464b6ef7ee3b4d9b1fa7022b5415778577

SHA256
2fc62b3a9a707c8d26acca8aec6b764ee9360798eb6f7f1724c6d754cb4c82be

SHA512
7093d54fbcf7c157210201dace7a3059cac0a6fa4a325e07efeb8f35b7cb515d04bbc61f36242db2d5cbd5db130a125107175392f6677f7d89ded00bbe1ae945

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j5112293839750749383.tmp

Filesize
201KB

MD5
9d731f92f6fd99721e1daf608ca7892d

SHA1
c5daed31d3b262d85f2d58a4ac666d5465e2cded

SHA256
859321842045f5d7829843a0238d712b656a26a9e4b652d5da1336049edb05cc

SHA512
ad00e2fae175971163df831464b7ee91d4dfc4b2731d8bc97081c32cb2f6c0b090766fecaf4aeb276ce1efe9855f46f0dad64c8649e3f7ed59fc37c6ab416e0a

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j527141783048733410.tmp

Filesize
201KB

MD5
f5c73c2a44847b039cd1138c705b0f14

SHA1
ff55f90265210ea6e5423815c476195f41c3ce10

SHA256
1d54d25f2bf8fdeb3ed4e172de543cc2de2c98e5835dbc74dc959b892ffa80f6

SHA512
6a5b96149b8c2c2c978facff128c76184dfb793e119b63953b418424baa32f63c8cc1bd3434877b51ede900d3ea110751e16a817890c671dc8bd6826bc03f300

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j5677549229756694525.tmp

Filesize
18KB

MD5
58d16419656220490df334e0fba3c39e

SHA1
5f4d7a299d7a6225b9cacf8480ad83354f4461fd

SHA256
ac78f56c2e145283c372011206a108e40d0531640d7e1e6d1184d5350ff88700

SHA512
c3e12041e22d02cb39799c64d838ff30811afdcc5aea35d037665bbbb18dc2c0f47c3446a6c2d7cc50278aa00989a8e7ab2913d6b21b33006b5cc1496b544a97

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j6563813990881270621.tmp

Filesize
18KB

MD5
fe4635ed39d1f047df14f63bc4652b08

SHA1
206fa3d1a9ec6e6931ab54cd954021673645fe89

SHA256
0d1cd81b3b37d01f435fa28807a4abe8e0e69f67435d0c896bc351b1121143a2

SHA512
05f8dcf1cbe52cf22b8dcb30771df18dcbf1885ba97302d7531fa36c7bbc3b6899427f3aada76e9fc52ccbe464d7d204b5a19186a05398678f071614553fa404

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j6673777178932300628.tmp

Filesize
17KB

MD5
61fe247b8b364701cd52190ffba02c1e

SHA1
d498e0b0f4145fe17089124569be92714a1d8570

SHA256
48811cb5339b06b931f2b7b3c4dea0a2cd5a4220242ce2419bd9a07b0ddcfaa2

SHA512
832343692df4cc7ec75486832b3b1c899d56b6362162a4806d7f378a14289f228b84dc7ed513b8882f429d6288687bc3a88e12cb963a168f993bdd335a3506c8

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j680637742747076323.tmp

Filesize
132KB

MD5
c406d2742dbee7c09f288f8ca6c49159

SHA1
2482e4bc0d083858574ec5dd83925e9f752bad1e

SHA256
345e31c4f943d54241a844a22fe7a2182c309bb6e2eaa28bbd6762aee217f484

SHA512
4431cdab3bef3773470d48d2ef77ba12745401f70221bfa2bc5c4ac049832f72e5cc166e700f1a35aa622a00ad64d1dbf546555fb844ca6458b3c9ffb7e11a7a

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j6946586796207562541.tmp

Filesize
26KB

MD5
80e2a1c2f9ac7aedfe89b0901a6e786f

SHA1
bac8187eacc1e306d9bfcc948304c02808f3661b

SHA256
6acd6ae76f689c51182050ae0413a125d9b6199c15c07134be6797c6b83c568e

SHA512
28aa059835156b02f92fa47d5fbef9a2965bd9deada48829c3d87e9aac2893e474cb6ba252107450ae8d2a4b51e4db865690491b35a8370e423d0c4b229c78bd

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j7194090015905404384.tmp

Filesize
138KB

MD5
2a602b89cfbc538bf170307b7e46b86a

SHA1
bad7ce44a320abb8f280f774d07ca6df8ba9dee1

SHA256
28b89439983a07e6877bef5f8f7983c8a09464585db0dbf8f7ffd9db7d5dcdfe

SHA512
c99bb09adb459197a97d38ba656cc30670a1d9eb353ef5f0af0cd4b63a80eb05b42036b09c7d5421231c1486a5aea5b4a7ebb697b2faf70c9347571ba85fb398

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j7292335567701975027.tmp

Filesize
145KB

MD5
68f64236adb80a83ad77ea685a3f7b0d

SHA1
1ae387c926daae203dade77d77c54a9b9218ebd1

SHA256
ac87090f7495625602e4a7f1524d2bb2083f9fa6afe2107e97ae500725c68522

SHA512
d4ff31af1e612fa3e9deea7c37d5014d3aca0d284cddb4dc5ccb689ea043ac07cec0215167e81fb780ae6f4c2edf4b277c01e0518a8d0092f0d442939e8ac4f5

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j7342425076579956210.tmp

Filesize
130KB

MD5
a89dae341c043e02c59432484e3216de

SHA1
08d4d946e8ad0850cd62716db2a586420f985223

SHA256
a3b9c1cb32f39db7b446c061e4924b386b1d3823301009a469dc8c0289e14389

SHA512
850b67e1890aa51cd38103634a1d7780d96b854a92a128945f4d0cfb817cf2910cb2e0f50e8ec6d255662c448cdc249e98b4967d1ead3ffd74c74b8cd718f174

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j7379673830288313291.tmp

Filesize
27KB

MD5
13431dddfa6ac7a6f5e15c3ebbe76b28

SHA1
d60e8f85b61658b8b6751a1068e2656e43aa3293

SHA256
58ddd0928bb65c054c4fc7e5d75df25c345d336393bab4a6f8fa3c2d46774572

SHA512
6add51f6fdf97e3052d0fb1e5735cb62f7cc9eba8455ecc2fbbb52cbce278711640a01a7bb0b8b22b1bd2daa92e83dab69231f38df21701a9bacd3c6a51d57c1

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j7760572154911403779.tmp

Filesize
17KB

MD5
5d5a9b20ebc79af57654ac99790e645b

SHA1
b051d35f825abef0f9c4e3e48787e22caa0dd6b4

SHA256
53e1f3e607364f3efaca3f5fefab1f3a4ea6281701ebe3364b3f4d80c6f57625

SHA512
107e5596b562aac1914ba1d0bb38377c2678475b7ea8877244cf6d12568e9f1e942c47f572bacb9036632df939df235469a119a729930cd1ab62cd7b9e316afb

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j8548299009283004307.tmp

Filesize
33KB

MD5
cb59aa985897a3f9ea08c3dfed3ed6e5

SHA1
7299cdbf6944f7c51767446e4b54230ccb537b64

SHA256
d2c4cf03ff8a181fd40ca04a3aaf0e8b2d0f7a9d18c4f6487f924719fe9e3a7b

SHA512
91e811f79a813a833c68d87a1c87041b1d88e2919d52d20ab5bbd9e57306f967f54ab61c513e75ee27395f1ee339d336d32204e944f39a8d6d96603651c9f8c4

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\i4j8941981960122978332.tmp

Filesize
57KB

MD5
148e04f2505fcbc7d643e6282952964b

SHA1
90a9cd43f4148938fa95f456cc39c3aa5ca79a6d

SHA256
fc3cd6aef7560171d5fc7dd43a42cb0cd837691188801f0c9c84c47df39e8f86

SHA512
58c7d105f5a8353a5e817fe7c9bfe1b97b1fea30d4f4146d14886057cd7d005e71f7e085b44ae9d1c0d07a6351e593a47bc04270607ba272101bf3323598752c

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\bin\java.dll

Filesize
134KB

MD5
a5865bb68e184eb43c7faa1d19cf6728

SHA1
dd112a50b04085d557c9cc4051c48bde925715c6

SHA256
a473752cb4fc6c967e4bc4c3c8831ae1df84a1d8f34b8035c0d95b95bf996614

SHA512
d95f6e4456fbf533bcf52d4858d19655c3c2538aaf98485c2c105324502ae642946463cb7fe9aad890473605b4368b487ef39e86722cef27aec2845031262766

Download Submit
C:\Users\Admin\AppData\Local\JDownloader 2.0\jre\i4j5393268721478243710.tmp

Filesize
1KB

MD5
d94f7c92ff61c5d3f8e9433f76e39f74

SHA1
7a9b074ca8d783dbe5310ecc22f5538b65cc918e

SHA256
a44eb7b5caf5534c6ef536b21edb40b4d6babf91bf97d9d45596868618b2c6fb

SHA512
d4044f6ceb094753075036920c0669631f4d3c13203caf2bea345e2cc4094905719732010bbe1cae97bc78743aa6def7c2aa33f3e8fca9971f2ca0457837d3b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
e15218d06256890817793c26c640c297

SHA1
008fec2011971304878601fa17c3bdd1a44f31fe

SHA256
225a9875b76e6e8e09818e6a8909f59da0385b769c95dbe220e2ccdf819ae2ba

SHA512
56302f8c290e2b48017f9613b620e29d80f0238e78179ce84c67ecfe1411f2c9941719bdcdc5e542b7041a829bf261635e399ebad6da174576b5ed81320d7240

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
8a3fba128e088732e2488b178c6823ff

SHA1
f3e4dbabf4afde01a261f0a89737a899a9ce317a

SHA256
a41ba3cb2820dd8f9a9ae80879b7b311b8880febd0996b72ec2067f691a2d758

SHA512
4b4f95c51e608d261ec28ae05887b4ff708aa1434e3f87c718b38a47b8090685ba2167a87d1fb4c1b9810a35c79ef33aea3f158828d3bd2a36377e46dbf416a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Carrier.exe

Filesize
27.5MB

MD5
a7bea54cc86e33386a7aeec02ef77100

SHA1
78059909f44c36933de0054b9f19b4fd09b8ca02

SHA256
21a096298cbc3189ce0462d07ae3bb7192794c7c77931db835b4936d25d315a7

SHA512
74ef995bf6f3f164b5981b0cf284862ad458139485341d93cd791901fa965a35c53a362db94c098c4baad9188426ffebd2e8c6dfc5b662c4b5af3540b27f9822

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OCommonResources.dll

Filesize
5.7MB

MD5
412ba91898313a54cf7db18b0e9e610d

SHA1
f1d893e079cd4599fbf0c862df337476c42be91b

SHA256
31640fb6e193a987986c6b655110189d8e30408b00234c955158973ec9e97b71

SHA512
8dd0e3e8ebe43379c5002f6133c49e509964b26fea8c46ed8dfc2687211c6d3a000cfc04edd2dd9d34df03400b5640f5172fa22913d65a784be191aa995ea558

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2ODAL.dll

Filesize
17KB

MD5
4f54b457229815dfa6174eecb2cd639b

SHA1
401d38258e91c9c3a8d5a5ac5cbc6b2e861301de

SHA256
7d3013499d2ec43a6b377ae7ab563248ebcfc09a8f0e4a6bd6a0043292010873

SHA512
fb4373b8f6dd5acc88c3cbb10116f394b5ce7bec078ed04da633c620b0e84ac6cfbfc03ad18b335ceb7e43adfc36e0c7eb19920788fa117f6f0d366e0ccb5ffb

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OModels.dll

Filesize
78KB

MD5
7a4ddb62db0d21cea4ab724e4ad732fd

SHA1
4cdbfac30ac141b6db788c4e4a9eed680ba5ad21

SHA256
41547db61fc5e43e0557ceb44670cbc40ea373feb9e7808fa357fded36d7748d

SHA512
523fe5f4729b06942c252db908d01c48261ce7224995e4d361f4084321893459850aef8ddd18a25474d3685fdf512dfe2f583c0fb749861cf744df1cc46cf440

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OResources.dll

Filesize
20KB

MD5
cfb06ff92b4bbbb61eb9fea6b9a866ee

SHA1
5998200da6c043a82d3f7b37e4770bad80f2787e

SHA256
da79b3c64ddf384b3d6c1864c3dd3bad1973f53db14db6623e360e41156ab796

SHA512
58197170fad4d931cf3f55b376d1c14d8c86a28a86c7141a0b1faf34025928a28444617565b0924250f6193104cd1b02501ec0ae438083336624fa3d41585525

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OServices.dll

Filesize
168KB

MD5
45631ab991cd733c675a5d0abcea00e8

SHA1
acad2f57465173b823541c05588f018559dcf2e7

SHA256
21a2bb14ce7a73a1ab28f0178e9c9a3a8add4d893a3934b465f812d8d541155c

SHA512
5262134ec99aae19f339d8fa814b583f6f407a84d1edfc6844b06f1907b32ccf29a878adc171392b6d7b49d788aa5c0de7b667be65bc950d86ea1be04184b0e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OUtilities.dll

Filesize
125KB

MD5
e0ffb8f465efc031de785b841564b1fd

SHA1
ad8a16e081032d4523ea3e84429f07e3aaf7feef

SHA256
1da093c90f1ef01776b506b151ea2b525155344a337b057d1c04665ce1d12de1

SHA512
6fa34f9b1e76fd18f3d136d55cf2f2d652756831fbb67db7d4cc2224892483a6b621e7bb4c925db43ab8e999727ed9dda37360358628adb904d4979456b153ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\H2OViewModels.dll

Filesize
9KB

MD5
74d840d8263deaa875ce9bf40861625d

SHA1
876d6d704e61856f7a4625d13e23254d42383464

SHA256
cd201abf119a063673da03e9fe81e4157031993d3f6776ef0afe9c070600d242

SHA512
a350612516b364a6f1eed2ea4289b1c68d4aee9e4160811f4537e270307e8e25c0ddfdaba9725913a5dd6fb179483247bad4f4c6cb19db2cca8b2da356854bd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Newtonsoft.Json.dll

Filesize
541KB

MD5
9de86cdf74a30602d6baa7affc8c4a0f

SHA1
9c79b6fbf85b8b87dd781b20fc38ba2ac0664143

SHA256
56032ade45ccf8f4c259a2e57487124cf448a90bca2eeb430da2722d9e109583

SHA512
dca0f6078df789bb8c61ffb095d78f564bfc3223c6795ec88aeb5f132c014c5e3cb1bd8268f1e5dc96d7302c7f3de97e73807f3583cb4a320d7adbe93f432641

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\OfferSDK.dll

Filesize
177KB

MD5
dc6d53b383ae4a1389ec23e676afb866

SHA1
0bf4672988a05e292b99000ba5bcc805c1b16d0b

SHA256
49ee3c4bd541bb0f930ca8743aa72063b182db59548254354b0ccc5276295826

SHA512
8f4af4f5384a541e32a27e4489aeb75bd8d9002486ceb281acd62e592f9a3494d85622293b98d7bb5da9cf9f5803873db2bfe2431bfe7f6c9a516c091089367c

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\style.css

Filesize
17KB

MD5
362fa1bf3819e45f44dea23764464801

SHA1
6ac9c0b66e3dcae13d04fe55467e06b98f245081

SHA256
676c33de0bcd9869319dcde8158da5cd4b49499240592bf6b95122068b23bb11

SHA512
34403c23927be775e96bf57a6ce702af8109cffb26608f5a49cd7e3cabbad358da30a0eaa36927cc7a9f01d61ba5f720ccf41c1f9dc5a97f1de940e83637fdca

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\EventHandler.tis

Filesize
10KB

MD5
1116d7747130f4552a91e61a3a6000b1

SHA1
bc36996a664dab24b941ec263679c9d6322e61a2

SHA256
5c09c6784f3fdc4a6b2998c4c9e02e366265ee5314c0f982859825576dc0eafd

SHA512
af34413f242b64737ac9f7076e449b0d0485842d653d1cad12b54b868f09817d3595cd935ad7e03003d536127c173d624dd9a031c079fdb8f897ab0b7b9474e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\Log.tis

Filesize
1014B

MD5
cef7a21acf607d44e160eac5a21bdf67

SHA1
f24f674250a381d6bf09df16d00dbf617354d315

SHA256
73ed0be73f408ab8f15f2da73c839f86fef46d0a269607330b28f9564fae73c7

SHA512
5afb4609ef46f156155f7c1b5fed48fd178d7f3395f80fb3a4fb02f454a3f977d8a15f3ef8541af62df83426a3316d31e1b9e2fd77726cf866c75f6d4e7adc2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\TranslateOfferTemplate.tis

Filesize
2KB

MD5
551029a3e046c5ed6390cc85f632a689

SHA1
b4bd706f753db6ba3c13551099d4eef55f65b057

SHA256
7b8c76a85261c5f9e40e49f97e01a14320e9b224ff3d6af8286632ca94cf96f8

SHA512
22a67a8371d2aa2fdbc840c8e5452c650cb161e71c39b49d868c66db8b4c47d3297cf83c711ec1d002bc3e3ae16b1e0e4faf2761954ce56c495827306bab677e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\Resources\tis\ViewStateLoader.tis

Filesize
16KB

MD5
85c33c8207f5fcb2d31c7ce7322771ac

SHA1
6b64f919e6b731447b9add9221b3b7570de25061

SHA256
940ef5e9f28da759fbf3676fba6da5cc4199b78ffc4fefe078ab11d53e70fb0a

SHA512
904188ab57cfb4f3d8c51eb55746ae2589852f271b9fa3840b82bda93f69c9f985e65f67169302d08818b707f36246f83f245470d5175dba5f0ad3a2482740c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\SciterWrapper.dll

Filesize
139KB

MD5
f9ccf333b9891dcc26c780593f706227

SHA1
159e902ef413c6a7e2a668913c3a7c52ff4833da

SHA256
ec5c5e6dabbf9a9cfeef6bb6c5e842c3ee0d5906224b7c30610f736a791ae3dc

SHA512
94214410d1b9ff7782abb6efce794ce3f51af2512686055a27dd5875bf34c7b1610ae5fef60f197c8c46259d930eb17ebd887f7b92b01f1182ca266735e1af7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\ServiceHide.Net.dll

Filesize
101KB

MD5
f534c11d6a35477b069e3fe23b004394

SHA1
1e13a0cbbfd33ee4174f2289c9549967c2a28ad2

SHA256
28dd9b9fc9d950fc9c5d27bcdb78aa76803ca7aa8dae8311f8e51700b9bb3e21

SHA512
b64bcd1796396a4e443a2199ac8d294b6492798dd2c56d067705a673661d8bc7b3b4337cea9000bbc188c9b82969ebfce412af1d071315228f6a50c2dfe915dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\ServiceHide.dll

Filesize
153KB

MD5
ceb35d7cf1620eb138a71c23059ff910

SHA1
6c1ebbfbbc30c8fc02c9742131115d4f760d2ee8

SHA256
b551b3066022b08e7da70e9bd191e691f8a26628633bd8524837319201ebd0e9

SHA512
dc8847c712f0071ec1d3982e05eb5d79cad22484b8e9e1c3c644607fb8d3f08b00b9b94aaadd84d3bed8e802c677df5a090e08589fef8c3fc246a5cb3ee2d813

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\app.ico

Filesize
182KB

MD5
1f0fa25c629e147a347578677ef48c43

SHA1
55067928730e6781b657f26242c13ccc843c06ea

SHA256
ca4422f74242954350de35efa9db4f92ff748ad278b56cecf02c0ca9192460f2

SHA512
baa962508eb3c5c1277f01f25e68b10017d2e0d7dfe876253d54497aa6e9bd6f2f1b4d88fc82bea962e4c252654fcbaf3c12a07e2097dd57ea62aa9aa192f80a

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\sciter32.dll

Filesize
5.6MB

MD5
b431083586e39d018e19880ad1a5ce8f

SHA1
3bbf957ab534d845d485a8698accc0a40b63cedd

SHA256
b525fdcc32c5a359a7f5738a30eff0c6390734d8a2c987c62e14c619f99d406b

SHA512
7805a3464fcc3ac4ea1258e2412180c52f2af40a79b540348486c830a20c2bbed337bbf5f4a8926b3ef98c63c87747014f5b43c35f7ec4e7a3693b9dbd0ae67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\5f3bf50163bb4e257419f910f803d8b2\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\bin\unpack200.exe

Filesize
163KB

MD5
8a7e94d3c3c2306ade5f2ea359cd46c3

SHA1
18c4a4549d990438ba734c4f7c3a4ef795e4297c

SHA256
09147c13d553dc415af12deadcaa9f11c042b7b94ada6479cf2b598a2cc2db0b

SHA512
220592f6af2ce1dcfedd0d29195d066508ca097604a2198f52d9a32b8d85e0953d62768c02922ac2a898fc410e6b7b9d80d870660ce602245182cc5f63cdbad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\charsets.jar.pack

Filesize
1.0MB

MD5
715bf147a0a6c08d80896c05b1f0a8f8

SHA1
c32f60783b8f88d1156f281292840c9363161cd6

SHA256
73f724323430aa8433d3f1a9a7cdc32f3450d9778253de40104cc3b7f9becedc

SHA512
6b447fa4c2e5299ac66ee4ae74cb37930b71e1be685a45e9e09c297fce69aac6b0293101220f8d84bbdc8c7a2d3e217ff24e5c07f1dc4108ac3db9f7b5d1a931

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\ext\access-bridge-32.jar.pack

Filesize
69KB

MD5
5728c3b4fa6212ed0ecfbebc6d27675f

SHA1
bd016f7d771be8bb470805d60b5fd09fef3f8db2

SHA256
0e0cdd6fcc52d83b05d7a4d97bd79b296b18d3f05f2cad2f8930320f88a2f613

SHA512
d12595d1d36ffc5b8d3b1318c6c2123976532d9fc7891dd1f188e8564e0215c40f8fdea8756834db65c01075e6053dc144fe2ef1ff013300bd129f967009eebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\ext\access-bridge.jar.pack

Filesize
69KB

MD5
8dc449083a63b0960aea4d2c5f9d7056

SHA1
afc70be3a93d9e9e54a22511eafeb9552a4a1417

SHA256
64cd7960df67fe820fd73249e33ebff8b886debc27cca574e280b7f904ffc163

SHA512
a7000f94e461e5bbc4b3014724aa8fcc3032035d8a4d87b39661158b4c9ba0f0e100c5812b1f3db6943acf74f46dd8d01d756430de2c0b3bcdb0126f45219e06

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\ext\cldrdata.jar.pack

Filesize
3.9MB

MD5
7f050599d5a949e28554e46c70143bd0

SHA1
89ee80b1763afff01feeddbd242a2a2ae2adc1f6

SHA256
8e28a9a69304e7e40cc32c28e3737ea946a5c58f635b3f98aa18e82108d7055a

SHA512
3552958ae53eadb88d027882933c3d241fa8d24b1e06af9c3e3f7a0b7fb35e420d3d29fa11a3ddc9552296a060794f380efad99202988657ee6507facbc178c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\ext\dnsns.jar.pack

Filesize
5KB

MD5
24256c78e903f2778b2125aea3bbb0dd

SHA1
795d5ec0c4933bae85705743d615633baab24013

SHA256
f8d066d6b01da73c4bda587566194fcadcdd86844974d8ec1b048605e68f7a95

SHA512
48e5e8b7326b868ccdd094701a9ac7bfd5a4ee08ee90e7ad6cd784cbb291a1ed87dec6ac29eb17d59987bfeb94851edd21c0cac6d4d0d207893dbe59a4131476

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\ext\jaccess.jar.pack

Filesize
36KB

MD5
db5fc50e4300e8a2506a9b9d373c4a06

SHA1
c8b45c420b9ff34576231d21c6559b241cb469b3

SHA256
d7676baee473feaec8a4ab47c1f33e3f032e55b390a8a6624f1062516f4a0e00

SHA512
2a041c9ae5e11c2b0f6788a6409cba916110248c0632442565cb8ad081d79ea6c341b348185b19d70153a62f1c43d880443b60b2ce26d415d2421cd6749d9691

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\jce.jar.pack

Filesize
50KB

MD5
65b6533ab0d6f390ccc9278bf8537493

SHA1
b188b52fa108e44504bbd8b7bcbcf6dc15a26779

SHA256
73535750ca73c8e4a448e8df7dc3c052a1944e01248f694a5108ac9020b3fb6d

SHA512
c2d0d68e24f0a000a9ee9ccc0b394dc185cd006c62e59715996b40cb6b8d204cf437e260ba022823a45133a5af5db5ef3e81e9a9ab7a86bfd0851d3dda00f452

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\jfr.jar.pack

Filesize
273KB

MD5
fb0a66cbe3d014a63489884b15373576

SHA1
24b80614d92b7c7e471e3cd4b2ab3c4c02f3c34f

SHA256
c23d0cd1688c3072d4ff80e4db6748a3f12b904f42e72dbb5f62a722a0221b6b

SHA512
6f3c14c57811ddd3f9a6bb613ff560c93fe9bc8f630ddadda2d09562fe23ebbd9fb12280138e7037d7997941cf5642f9262ca89ea3b620f0ec59fdf8719e5983

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\jsse.jar.pack

Filesize
372KB

MD5
9465f34d94be46543693ac6fbf2f22a2

SHA1
463e7384576a92908f7d7c82bae9a10c53ddac1c

SHA256
999fb6c9fb66a1f616697ef5421b359d2019062f7a96d1c5acf8c89b5587f383

SHA512
c9ad6b647001899791473a069cd2f470b59293f3aaac2eb9fde71e210ceefade07613542a44284cac994ba46c5c2538ee333f55d98a390e58a988b3c699e2b1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\management-agent.jar.pack

Filesize
195B

MD5
cac8766a81fb256c7107d100fb15ebf8

SHA1
d899b37a7135c3283753d7469a1d999cdb2be685

SHA256
9b0fb6851f18bf0cb174b4b2c21f086f08acabd9c63471f81f1dd8c7dc38556c

SHA512
41c7456f897a32274bd6beebdbac016cabd542bfcfba8a878c64d02327c32c710b8738ad974b152fc3d5c3d73bff4b6232aca952e9ea03d91684f0bce2d4925f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\resources.jar.pack

Filesize
3.2MB

MD5
afa7fc52e9e1cfc99dfd89c8454f309d

SHA1
26652b81ea8a5a7dc09e59367a89aa3bb51fcbaa

SHA256
f7679a3dd3c54e1861bc53552b37247d17917ce4884e07d36762ba74ee90aa54

SHA512
4ae19cab47f1980b550b3566279c5da085c74df133c6e46c403a210473564f2c4afd87da42bc2c1494dfa487eec21cfbf9a8dd7d2cada247f40325bcd9af5f06

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j1C8C.tmp_dir1713538009\jre\lib\rt.jar.pack

Filesize
15.8MB

MD5
a8a7d3222a81444e8c427d7ed69205c9

SHA1
832af30c46a007f4a60fccb0d526a4591b2821e5

SHA256
21f6205fdb4564decbec08919b0b75d3601f474375184b4042c989c74cdd5fc1

SHA512
d203511463a429bc7a0a383586e1c60efb8761cf416fa4476676dd4c8e1073ba3d182bb42563d2087df3317dec9136294af1f0eb7beb3f797c121aca6425e7b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\MessagesDefault

Filesize
34KB

MD5
f4fbc75c3547ff775553b18c71a1c466

SHA1
428da2c86cf302068d114b149ccdb3176ad0a31e

SHA256
55ab9578f36648cb37ed3802b51c6153466fdad6294e0b465601204b0f454a37

SHA512
de43dc5a888694e20ee257448a3bd6c5c7f8cac3e87c953ab40d5fa148637b7c29224db95d6f72d1e2c15c4f66e49e0ab2a1df9e4a67232c7979f7f08b3024ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\i4jruntime.jar

Filesize
2.1MB

MD5
f4eac342fbe8c4de974dd183765e6a5a

SHA1
ba7cb95a48bb243292942ebaf41882fdd8c79f76

SHA256
59e201332e806cec2e04f1c888b5c5b4dd5159f72ae77168d138c123dcab5e4b

SHA512
b8f42b2e64e55d905b54770d7ede484b0618238445ba216656f691ac94316d0f3f71be8f4c0635ffac423cd3ac22bdadec9e092b7259eaa82780d25335efccc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\awt.dll

Filesize
1.1MB

MD5
6a82eee0fc77c35ad3a0a6f534477cfb

SHA1
39b92eae378b8661b81ceedc94266b994f57709c

SHA256
92efcffa5247b0a039ac3900a3d058d58d597db7f895d3d05d3b6243cbfdb1b2

SHA512
2bcfab5ae496f6668c68294ec9d4916a1efd392a5ee9cf6a8ba1ff49aaa2a935c93c880e02c8d3ec6d17ca32a2564c71403e3dc86c2e9f5f667b7bae1eabb99b

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\client\Xusage.txt

Filesize
1KB

MD5
b3174769a9e9e654812315468ae9c5fa

SHA1
238b369dfc7eb8f0dc6a85cdd080ed4b78388ca8

SHA256
37cf4e6cdc4357cebb0ec8108d5cb0ad42611f675b926c819ae03b74ce990a08

SHA512
0815ca93c8cf762468de668ad7f0eb0bdd3802dcaa42d55f2fb57a4ae23d9b9e2fe148898a28fe22c846a4fcdf1ee5190e74bcdabf206f73da2de644ea62a5d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\fontmanager.dll

Filesize
613KB

MD5
9a6af576e5752cac2ed0128bd7f1b41f

SHA1
ef7e00663bb8f18b83fccd5cfdd14895ff1c5bc0

SHA256
92420b8b235e3f43db5fb0434809c722973d4717e2d10483a5e69c11e9659cbf

SHA512
16ef4822010f6e3a7be2ea98d7a3815881aa725ebb84d4b31e4a067751b3dccaeef55fe999ecaa851a8716161f225ef90583fa8ac852d5c2f733aee012e42278

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\freetype.dll

Filesize
479KB

MD5
7258964c0b49277fa5a9458401358a30

SHA1
f94cb4a408f12aec6fb5beca543404ebc8237ce5

SHA256
23251630069479a92cd9057d138d1a28f52afed905adf04bf7339fef6493c6a4

SHA512
beb9023222601f83c84b434ab8ee6742aba0d1d6f96f7d232b8608bfea2a1e356cc0a143904b7959f4ea901441ef134b35a25b4a3f990eef041d574ff12e9217

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\management.dll

Filesize
35KB

MD5
a0461348ae1b8ad6dfdcb946a16208c3

SHA1
35ba83948c880703281515c78b10a7846aaf7934

SHA256
35c5ff7761a658d5be784c1495a9fba299c1f5a2e5e4b4cedb74db65003427ff

SHA512
b2b26ce6a43f5f8a2219911bb435835273b37bb763d64d6062a34d3ab92080d4d5912845a01c947100c3537be9338180b39fd2b864fb70ed8c1d86dd5474a559

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\net.dll

Filesize
83KB

MD5
0f96a0a7d4e35e1748f1d61f4c8c7572

SHA1
dbddfb62ea707f237891d1c1ded0c8f0a9e23678

SHA256
62d8125718a18af6ec5de7bdf18a2dbdaf7d6b85098c50e321915744c4eb84d5

SHA512
3b2c7741a59ebe8117987b1637471659a7c887cbe4bdbef4b288eb976115a6b210198f70dfdd402987115403083a65cb7afe41a7e0783011534c355932d00922

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\nio.dll

Filesize
53KB

MD5
2252175f04c153fe9fefaabcbfced959

SHA1
dc53e697e8784a23e6e1912101a483ec9430e505

SHA256
487448c2b8eb1ada34790cbd23074886d8ed27a138bd8c01b29e5f58ee4a3833

SHA512
e78977af0943a80d37b13b88405e0dc1026b65fc5c263c12f92d1b4fbd0ffcfc9c7c3b4ae3bb6593535a96693086a29b9f69cdda465ec53980ba85e7c6968efd

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\bin\sunec.dll

Filesize
134KB

MD5
b55e28afdd840498a72a684808e7815f

SHA1
40c017620cf6fb132eefc68a45d270c6a967d177

SHA256
275c5f1906f5f014ea89c341309a86f3518bd02604ae10ac5c1a1ce16d54b6f4

SHA512
1b983b2b24f799f8c4f4e5128da3fe5bd3b68fad0ae6c81a6e61caaad2e1d60420aacd5da8aec1c3592e739f17f2dd3b52243ac3c20e2a1e0e83b7a29a0bec5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\lib\images\cursors\invalid32x32.gif

Filesize
153B

MD5
1e9d8f133a442da6b0c74d49bc84a341

SHA1
259edc45b4569427e8319895a444f4295d54348f

SHA256
1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

SHA512
63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\lib\security\policy\limited\US_export_policy.jar

Filesize
620B

MD5
01eef8cad0c8f14ccdaa0223a5ce4e61

SHA1
e5a7d04973debf5f482aa8a276e5d80d1c1bba61

SHA256
16993fca9271928bad797f4b8a0becd20f000ea076e98cb5a6c5de30bdea5b8a

SHA512
e1f98d2dbe4986541b3c028d6a645e0ad32f55f1304d75631346e641752791bbd7820962a2caec0b076de11dccee07c8dda27b9ea676a6bee100b393c658183f

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\jre\lib\security\policy\unlimited\local_policy.jar

Filesize
638B

MD5
468cdc7f9f92db2a68766aca4b0f454f

SHA1
49205cc918d1d4d593bd4101d0113e47d26b2a24

SHA256
7f2ff373b42c083ee6ecd1480cd29a999f252dd2eab5a0b0e25715b7aa7a5e74

SHA512
fcbc5a97092bd90b7863e4ba957acc81d5cc1ae13ff8b3099abefe89bc536fd8085ed58c25bd94fff7ab3cbf177aff35579510a4b3ef3fe36d29b5a01af4ae01

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\user.jar

Filesize
87KB

MD5
093865e0679f9d4732684fd1d4051bf5

SHA1
9ba49ad8aa24b284669e32d224cb71a95abdc32b

SHA256
6e35fa0a63e9257ce255e99ce09d109386c58fde86aedd93a8f3951877080b86

SHA512
66332cf0cf7ee9430194e03482ecd51c2e0e73de8489e758e302a4d0a4b0ffa15ba462d967cd5878cab011f0c748fe5d0a3a00ad4044331b6812f446db1f8cde

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\user\JDownloader.jar

Filesize
4.2MB

MD5
d410d688481adf28a65de25fb7eaf92f

SHA1
6518fc3a4ecaa1e953aa3742b183ebc1319ef37e

SHA256
9a6cd1c5462c1b5cbe969c6f05cb472690cbe93a6babe9cd72e43b4492b81c77

SHA512
64c89c9a93024571beecd57c4849ec63321f115732f008814532c937a845ecf1b421f454f462c6a65285983d3275da34d57a34075121cd0a5d679ccf1c8ad93d

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7783.tmp_dir1713538163\user\flatlaf.jar

Filesize
682KB

MD5
5ffbde70bd6472305015dcbf56e4c2fa

SHA1
8c748a660b5cb9389d20af0e9001ee45f9be86f1

SHA256
790e2a6e5e0b934a3418862f9bec451b3d9ca2f82be3867f2c8931dc350c8fc1

SHA512
e853f2ba7096ce074d7de4d0be4c930c9efa393bd15e9ab0cb1946b2a3e86ee6ac0d931e28a049f1519de0abdbae69b32ddad1d0e91554037f85ea2140e528d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
1KB

MD5
d936f730b410054acc4e3e25e83404f4

SHA1
1f4616c6b1bf5d4f6fe35224317d874d1c7b0231

SHA256
caed8ecae05abff916d5890e78182aff0cdf1849f9dbe1d353350a022e87bac9

SHA512
e5f94c2f8dc89fd214ef9000181fd354b855741c50629ce52cdc04060d9429e57638b836c75a5c4aa8318bce0bd984afbf5bc2dfabb44dc9551a9d9851961021

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
2KB

MD5
dd29c3aa7ec92dab71599b30279f3463

SHA1
f4b18364bb3e67271ad640616f49a7fa6525d91b

SHA256
9d8354f786f701e858574756218ec9ad8946729e2a1e531813a8767cc7ec6b0b

SHA512
07ca757177e594fca3d0e38e499b1a01cfc008e15dd35d46c6b6d30265c66e9d52b33b012f756de3a64be5fbad5ec04d7f0ce910403bbf180bb551e8fad47b36

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
3KB

MD5
efb1521b0d1e2d225f6c65219d9b7dd0

SHA1
6db169fbcba57777394c6b71f7d8ce1de30b11c1

SHA256
6469f54228abdb2f66f9239ead30d99c243f1fec9070f71ec625c86f1db3cf1a

SHA512
bf92712e1999026bf079ca74ea3d6c6efcfb348e439b1d18d16f51b5d1724cf2684d05793b5ae27ce6c2312956db54d842c1a3424619d22607455669ad815da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
3KB

MD5
edca91cb967fa7593cb18e0502066c77

SHA1
ad6951156655cc78b6773d8c1c298fb5b5323d28

SHA256
7348a3b926ffc3dd3f8b9083f3281f01778554d11b30698f4fc80cab75f2d466

SHA512
5488b4cd93c9c6e42878bf5b0c37107255c200e57391d20f67fb137373d0efd446e9c67f095f8d133da8277653817c9364b0e0e280290480a8250ef49d21c10e

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_1.log

Filesize
4KB

MD5
c0205d5353059a2e3b1fed1dc601303e

SHA1
0ce61471b4d7bbe3e408d0c0da8dd8cc95d3f2a2

SHA256
16a46b275d2e69c05f3af7dd5736a408a86023291bdec4fca830f233a713c9cb

SHA512
e3b54b932fe1374f081998a7275001832d32cb923fc02cb319235521cbc11d6f00de8de27954c82bc853e3e9c87fcb7ab9d8caee915f42c48b030ce01b7dd46b

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_2.log

Filesize
624B

MD5
370a4e40e8aa85b0b9252a934afa37e4

SHA1
d8abe8e94842b1f64829aae4edbf62cfa663aff4

SHA256
58636c8fb6b160cd5a314dd7af7cca76d69607345f14e8ea7bed77fe643c3c75

SHA512
d235ec6fb6b24be23f3ab88ccefe3846fd916e3cac4993ec8f8cc56fff91fc0dc913291bf8ca878c679d342bd380a7ba1506d161806bee5a0e076e87d0672da9

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_2.log

Filesize
888B

MD5
16ff841ec8b0933187c1fd1cd83364c9

SHA1
cc530ea0c46aaef23b3d091c700bfc955252ef71

SHA256
62501f341e5c7bcf6001ee1da80a06af6acdc9f929af369c9cad0a002d34f1bc

SHA512
f5f33be2830ee03dfe967a28657b470667a9e5b48c661e2038cee0e694f608c72ef29c8bc3a4fdc71db4fef36eb5e78d1e3dcae95f4ca82d8bd9787e22fbd430

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_2.log

Filesize
1KB

MD5
f9a8ffc139da86b9226d2ea82e2856eb

SHA1
703dc27ab0f38f6ca06deb0d154c14c1f8a7a215

SHA256
ed0f4f16457b5a6ff03f46c8a7b37f854b634b0908f6977af31e2524998a2966

SHA512
e98459e5cb709ebfd16a221ee06016e0c13574ffc9642872d10282ac378d9e04fc0fbcd0901172c927bca7d34d9cdcc2158f0ee93b95d9b30b0e6b41e7428f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_2.log

Filesize
2KB

MD5
c33722da20c7a110fa2be9855d5fca87

SHA1
1794a67c9a5402549a942754743a34ea3fabbc2c

SHA256
e128a8bb73d84789ce29ca10eaff6483e474e5f211f80a3c4aa333ff0d1b7af6

SHA512
6aaf498e8d53767ac7c042e4a88214c3299db0e43490a9ccfb6fd6f667fab6188706520b9ccd0e19ca57096be3a30a18615e72aab30be11b66fdc349fe0de073

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_2.log

Filesize
2KB

MD5
4309f4a0cbbdb1333593abf59168844a

SHA1
67c2b07d18c885af1316a7a9c43939dd7ab13348

SHA256
87a94261f2a0241a2c2c8818be05063c8cc9ec8a863cf044a23e5d68caa140e1

SHA512
576b0f96c2fbe0ae32d2beead233cfd352675d9295b3c407db7b35e8adb0ab65023ebbe1ef1d1ff8dd9fcd1d639608c4735db7bc332b198f8c7c48e6983669fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_2.log

Filesize
3KB

MD5
a27f25f207abe641c1ed3ed150511aee

SHA1
279430004513584cfba79b2114ad942358aad029

SHA256
7c241ad15976f09f3643a9d0bf0ff781a574f84a839fd57c3b7e9bbee79284ae

SHA512
f2ba04bfb9dff5fd3ed41ece5c2d4e3f1f2e74506672200328b96d553d1f82652207b4ece90bdfaf13fac243901ac33ce3d5569c27692820497e56e47bab85cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\i4j_nlog_2.log

Filesize
4KB

MD5
a9e6f7bdcb2f0c7bc6a90a51afa833ec

SHA1
0525fdfeb5488371e07cb2436b73ab5f57de71e5

SHA256
0b88b83acf6319277dee6464d406ebc8a7690563b5e516bafb60f5beec1ade66

SHA512
1170be91c042384f7bc8495677738f3bf1005a3c3898a1053c8e3d04b57d4f4815027a4117d0cb3620d83706998f2cbd1b2b50051273dbf3dcfd5ea4f423e639

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs-1.js

Filesize
10KB

MD5
e909d3252fc2369b39fea3e31cd22627

SHA1
07b096ff1f15a3adaafd0ce098de44b78671a758

SHA256
e6af6c84f4f3fe414b46c56412edbb5c45e7cacdaec8fb75232d69bf3f8a62ed

SHA512
d228d5cedc5e55d4bfb08a48e6fe89e981bac57c87fecd010c1f3c1d5b1d9886a24750ef7049a88e2653d9af2f1cfa56727335cb901e588e85311e0cb2fad03d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs-1.js

Filesize
7KB

MD5
10e34aa77c8a98db69bf0a146bcb7653

SHA1
2273862a6d849d15fed2a7198c6fa62a632720bc

SHA256
e9b77dd3bd60a43640b2e7cc8d28dafc5ee89df8f954edd402f04819082413d3

SHA512
df0dd2dffb2e94e58670756e306b7ddb622226a86af8455b6b8f64e2a42ba640352ef07894c3a5043a50d9b01fda15371d12b0fe4d0ed1af414648ad7f0929a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs.js

Filesize
6KB

MD5
27abc9d4745b8d7bc70b1fb5e17fe8c7

SHA1
22e69a0439ed2e54ae22f72359c19b69f254ea60

SHA256
014ff32a09dd3d9f71e5bd5c7221c1035212aeb798fabb9550569533bd99794c

SHA512
0d14b0e296339f52be43ffa89feb78f9e100948a211177411e83cbcc2c214e2b325d40eb25daa33c6271c99250b4734474fdb152e61f122b7844cd536fc858cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs.js

Filesize
6KB

MD5
d18925554c6cfa5f77e854a2681712e6

SHA1
9546a1c2d2265c8e43d03e634344a9f98a3141ab

SHA256
3121a8cb02563ee7e4ea47a0e973d2ff1802bb754a10294f78cc38bba2be6c19

SHA512
c4d0412ef86dbfc892341dd78cc020c064d3bce3bc317b8fa376f0cdd20d6bc572818b44c2af1610bc8703125334c362d7431b89af573017a80681424deecd85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\prefs.js

Filesize
6KB

MD5
1445726f9357e44302f6417b378303f9

SHA1
e4de5d3097c40d481ee93efae5c207c8d8c5590f

SHA256
83f5fd7654d8bbf8386c6fa1ce8bef150664899e4db5a7a014785cc76ede2b13

SHA512
cf992fc821bfcae8c04754b9e06f483b11ef4ebb87fdc7b337878f4692fbfaf7cc7d69d203f24d73685b31f2cca7b9d5fc4e84d8701c44a22c5ee23cd3f90bc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionCheckpoints.json

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a99d204cffa75b37fa5445376e0d542e

SHA1
b623232d648eb97c255f198a2ac01a05061565b1

SHA256
05e510e2ff4177f7c2dc070c42378046861923a2b0b1ea88627880927d959303

SHA512
6a87a25f3f0421eb85acd42f32eb14fcc56d4b05fd73f37a5ca419414aad85aa7a55961b8a3241aa3ac387db78abc4be5da78a14a72a78c5768dcb5d3fcb4b62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ebbvs5n9.default-release\sessionstore.jsonlz4

Filesize
639B

MD5
e48ec183c2a53af1f50d8b6befd43136

SHA1
6d197c0ea778b81ff878a269e6826e9eda3d5af8

SHA256
0e8846802b45860bbdecff5ee934db8cae577fb2bc5f8036efa615240c810f3a

SHA512
a1eaf2d4c4fbf8b8bdd01ae8344af0589ed5e0d6c210a24de921b937b9e419b7a25f09e561ef3d86da43a0be43dcf82e2171fab50ecf309e9c0c745b9b204569

Download Submit
C:\Users\Admin\Downloads\JDownloaderSetup.dyh9VY5U.exe.part

Filesize
30.3MB

MD5
c3c3b50075bd5c87cf500c255dd833fd

SHA1
0b3593f15ebc8424919857d08d016b2cda2b5161

SHA256
a43fa3db0a053119f73a7422453e54318a258a947e8c0fda294b09c52b7459fc

SHA512
f9bd8c26a63b3d7cf6d6f0686a93720f9d3007ae2f196bf195815761b5a38f9fb81f2de6400abd842cc634ab68a14db6741436295a0d667e0b51099dbaf13c9d

Download Submit
memory/216-3389-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3364-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3383-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3384-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3374-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/216-3400-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3404-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3407-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/216-3410-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/216-3413-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3417-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3421-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3426-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3430-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3434-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3438-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3451-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3375-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3371-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3367-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3366-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/216-3378-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3245-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3254-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3260-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3309-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3316-0x0000000002C80000-0x0000000002C81000-memory.dmp

Filesize
4KB

Download
memory/216-3326-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3332-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3338-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3346-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3357-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/216-3352-0x0000000002E00000-0x0000000004E00000-memory.dmp

Filesize
32.0MB

Download
memory/1880-3488-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3487-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3486-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3485-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3484-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3483-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3479-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3478-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/1880-3477-0x0000016B69100000-0x0000016B69101000-memory.dmp

Filesize
4KB

Download
memory/2364-2010-0x0000000007EE0000-0x0000000007EF2000-memory.dmp

Filesize
72KB

Download
memory/2364-1899-0x0000000004EA0000-0x0000000004EA8000-memory.dmp

Filesize
32KB

Download
memory/2364-1809-0x0000000075300000-0x0000000075AB0000-memory.dmp

Filesize
7.7MB

Download
memory/2364-1834-0x0000000000A80000-0x00000000028CE000-memory.dmp

Filesize
30.3MB

Download
memory/2364-1835-0x0000000007300000-0x0000000007310000-memory.dmp

Filesize
64KB

Download
memory/2364-1845-0x0000000004CD0000-0x0000000004CD8000-memory.dmp

Filesize
32KB

Download
memory/2364-1839-0x0000000007310000-0x00000000076F4000-memory.dmp

Filesize
3.9MB

Download
memory/2364-1883-0x0000000007270000-0x00000000072A2000-memory.dmp

Filesize
200KB

Download
memory/2364-1908-0x00000000077F0000-0x000000000781A000-memory.dmp

Filesize
168KB

Download
memory/2364-1923-0x0000000007820000-0x0000000007848000-memory.dmp

Filesize
160KB

Download
memory/2364-1939-0x0000000007870000-0x00000000078A0000-memory.dmp

Filesize
192KB

Download
memory/2364-3143-0x0000000007300000-0x0000000007310000-memory.dmp

Filesize
64KB

Download
memory/2364-3082-0x0000000075300000-0x0000000075AB0000-memory.dmp

Filesize
7.7MB

Download
memory/2364-2275-0x000000000FD90000-0x000000000FDBE000-memory.dmp

Filesize
184KB

Download
memory/2364-2245-0x000000000EEB0000-0x000000000EF42000-memory.dmp

Filesize
584KB

Download
memory/2364-2241-0x000000000FDE0000-0x0000000010394000-memory.dmp

Filesize
5.7MB

Download
memory/2364-2235-0x000000000F270000-0x000000000F814000-memory.dmp

Filesize
5.6MB

Download
memory/2364-2232-0x000000000A8F0000-0x000000000A8FC000-memory.dmp

Filesize
48KB

Download
memory/2364-2210-0x000000000E960000-0x000000000ECB4000-memory.dmp

Filesize
3.3MB

Download
memory/2364-2209-0x0000000007BC0000-0x0000000007BE2000-memory.dmp

Filesize
136KB

Download
memory/2364-2199-0x000000000CD90000-0x000000000E95C000-memory.dmp

Filesize
27.8MB

Download
memory/2364-2105-0x00000000085A0000-0x000000000862C000-memory.dmp

Filesize
560KB

Download
memory/2364-1931-0x0000000007850000-0x000000000786A000-memory.dmp

Filesize
104KB

Download
memory/2364-1973-0x0000000007940000-0x000000000795D000-memory.dmp

Filesize
116KB

Download
memory/2364-1947-0x00000000078A0000-0x00000000078C6000-memory.dmp

Filesize
152KB

Download
memory/2364-1963-0x0000000007970000-0x000000000799C000-memory.dmp

Filesize
176KB

Download
memory/2364-1955-0x00000000072F0000-0x00000000072FA000-memory.dmp

Filesize
40KB

Download
memory/4568-3149-0x0000000002910000-0x0000000004910000-memory.dmp

Filesize
32.0MB

Download
memory/4568-3154-0x0000000002910000-0x0000000004910000-memory.dmp

Filesize
32.0MB

Download
memory/4568-3161-0x0000000002910000-0x0000000004910000-memory.dmp

Filesize
32.0MB

Download
memory/4568-3169-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

Filesize
4KB

Download
memory/4568-3170-0x00000000029B0000-0x00000000029B8000-memory.dmp

Filesize
32KB

Download
memory/4568-3238-0x0000000002910000-0x0000000004910000-memory.dmp

Filesize
32.0MB

Download
memory/4568-3452-0x0000000002910000-0x0000000004910000-memory.dmp

Filesize
32.0MB

Download
memory/5016-3460-0x0000000075300000-0x0000000075AB0000-memory.dmp

Filesize
7.7MB

Download
memory/5016-3453-0x0000000075300000-0x0000000075AB0000-memory.dmp

Filesize
7.7MB

Download
memory/5016-3454-0x0000000006B00000-0x0000000006B10000-memory.dmp

Filesize
64KB

Download