Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://45.154.98.21/...

windows10-2004-x64

10

Analysis

  • max time kernel
    237s
  • max time network
    235s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-05-2024 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://45.154.98.21/pqkizk.exe

Score
10/10
darkgaterjacline6662executionstealer

Malware Config

Extracted

Family

darkgate

Botnet

rjacline6662

C2

91.92.245.171

Attributes
  • anti_analysis

    false

  • anti_debug

    false

  • anti_vm

    false

  • c2_port

    8094

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    UywffNfy

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    rjacline6662

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Detect DarkGate stealer 6 IoCs
  • Suspicious use of NtCreateUserProcessOtherParentProcess 2 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 2 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 19 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 64 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 52 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 61 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 31 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch -p
    1⤵
      PID:796
      • C:\Windows\System32\mousocoreworker.exe
        C:\Windows\System32\mousocoreworker.exe -Embedding
        2⤵
          PID:5432
          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
            "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
            3⤵
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            PID:5152
        • C:\Windows\System32\rundll32.exe
          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          2⤵
            PID:3104
          • C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe
            "C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateCore.exe"
            2⤵
            • Suspicious use of NtCreateUserProcessOtherParentProcess
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            PID:840
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://45.154.98.21/pqkizk.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:4928
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://45.154.98.21/pqkizk.exe
            2⤵
            • Checks processor information in registry
            • Modifies registry class
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:388
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 25457 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62cdbf9-53f4-4fc1-93c0-96e5c60da937} 388 "\\.\pipe\gecko-crash-server-pipe.388" gpu
              3⤵
                PID:1296
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2432 -prefsLen 26377 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37eccbe7-9178-46f1-a512-7a4d56500325} 388 "\\.\pipe\gecko-crash-server-pipe.388" socket
                3⤵
                  PID:4920
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3108 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 3008 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d91e1074-7ae7-4cef-9ff3-2d3affbf3466} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                  3⤵
                    PID:1476
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3984 -childID 2 -isForBrowser -prefsHandle 4000 -prefMapHandle 3996 -prefsLen 30867 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beedf06c-5783-45c8-824e-6e44bec0c61b} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                    3⤵
                      PID:3488
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4684 -prefMapHandle 3672 -prefsLen 30867 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64f13a13-62e2-4bfa-8aa1-e5bdf23566f1} 388 "\\.\pipe\gecko-crash-server-pipe.388" utility
                      3⤵
                      • Checks processor information in registry
                      PID:1800
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5776 -childID 3 -isForBrowser -prefsHandle 3080 -prefMapHandle 5524 -prefsLen 27137 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {402bfc53-cc06-40dc-ad60-baadb6763d4d} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                      3⤵
                        PID:4368
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 4 -isForBrowser -prefsHandle 5908 -prefMapHandle 5912 -prefsLen 27137 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6bfadf6-b84c-4fd5-85ea-1b7435c66359} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                        3⤵
                          PID:2152
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 5 -isForBrowser -prefsHandle 6108 -prefMapHandle 6112 -prefsLen 27137 -prefMapSize 244658 -jsInitHandle 1124 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3bb2095-658e-4d04-b73f-f20593318cff} 388 "\\.\pipe\gecko-crash-server-pipe.388" tab
                          3⤵
                            PID:2488
                          • C:\Users\Admin\Downloads\pqkizk.exe
                            "C:\Users\Admin\Downloads\pqkizk.exe"
                            3⤵
                            • Executes dropped EXE
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of SetWindowsHookEx
                            PID:556
                          • C:\Users\Admin\Downloads\pqkizk.exe
                            "C:\Users\Admin\Downloads\pqkizk.exe"
                            3⤵
                            • Executes dropped EXE
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of SetWindowsHookEx
                            PID:6048
                      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -noexit -command Set-Location -literalPath 'C:\Users\Public'
                        1⤵
                        • Command and Scripting Interpreter: PowerShell
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        PID:5944
                        • C:\Users\Public\pqkizk.exe
                          "C:\Users\Public\pqkizk.exe" .\iopsmxt.a3x
                          2⤵
                          • Suspicious use of NtCreateUserProcessOtherParentProcess
                          • Checks processor information in registry
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1080
                          • C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
                            "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\temp\Feedback.xlsx"
                            3⤵
                            • Checks processor information in registry
                            • Enumerates system info in registry
                            • Suspicious behavior: AddClipboardFormatListener
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SetWindowsHookEx
                            PID:1736
                      • C:\Windows\system32\taskmgr.exe
                        "C:\Windows\system32\taskmgr.exe" /4
                        1⤵
                        • Checks SCSI registry key(s)
                        • Checks processor information in registry
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious behavior: GetForegroundWindowSpam
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:4296

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\ProgramData\hebkfhh\eakackf
                        Filesize

                        1KB

                        MD5

                        3bab5166b31357853d605925ad08a924

                        SHA1

                        c33c4ed81f45e2314e424952e66a847bde2ab4e5

                        SHA256

                        be29288f273a9b1ada6f0d2efd357ab77ebce541b372648b83aee47ecf0dabe2

                        SHA512

                        e18d91d89d20921fec7a11586ac15bafa678c258947e98d158e5c2ad2358dce7e49fee154d1caaa6ada09a7ff186fca4a44035a6d28276f5cf10e29964a91736

                        Download Submit

                      • C:\ProgramData\hebkfhh\hcdcbah.a3x
                        Filesize

                        616KB

                        MD5

                        ea4c817dcc8c6c32d1f45e43cf0b5597

                        SHA1

                        ecff3ccf7ad82bc34c65b0d9ea47b6d8ca0885c7

                        SHA256

                        f248e466d14200392fe4b31a216d481bef492add5eb44e82f17ef346e26fdc9c

                        SHA512

                        a40c32c440db3dcde68bae693ff518be0318c552c67fd1a23f5cdcc9c1d658d54c37f798bce11cf29ea4bd88f42eeeac47332537bc2ccb56c857e5b1250f9b79

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\md1ejlmw.default-release\cache2\entries\5D3592FA6CF7E5444E4BCCBE25EC4A68044378E6
                        Filesize

                        614KB

                        MD5

                        1225525f93ca3c80c76d1d3c9ec4e6b7

                        SHA1

                        8169d87fcbdb9fc22d7fce1304e3843502d79eff

                        SHA256

                        7066d94ef3cfc70820e54e8046c2351e3ecb07c118e992d8a1e31a47e2b57867

                        SHA512

                        64fa75232f25bffc16ea00f80dbe425ee58f7eebb0144537275c8c424a4afe58490421f2c2f5094642d469dee1148de6cc0fae3b53f454f39a9b68313f5a9140

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\md1ejlmw.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
                        Filesize

                        13KB

                        MD5

                        47788a2658b57d7bd420bea1bc9caacc

                        SHA1

                        58bc21e4bed93ff99083e28797889575a835da5f

                        SHA256

                        9d9b990d43f609f8e9b4899a64314b848aca931a77ac5aadd249557ec17f312b

                        SHA512

                        2daacaa6d801da29fae3f387449deae79f636dcb095d18bfd4bcb7d852c2e567dbbe4f2562314525af62e62d00493de4f971bf460d8fcc6f034114a09e628b87

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_upsuaoim.dsn.ps1
                        Filesize

                        60B

                        MD5

                        d17fe0a3f47be24a6453e9ef58c94641

                        SHA1

                        6ab83620379fc69f80c0242105ddffd7d98d5d9d

                        SHA256

                        96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                        SHA512

                        5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
                        Filesize

                        225B

                        MD5

                        830f9e3a20a50ef5a29fc8b6e2d912ed

                        SHA1

                        5831c7532293063bd9c2c59c4359d3641e7588c5

                        SHA256

                        a4486a26174e63b0208cfa61533e2b519b2dd97bc82d959087504a543694d36b

                        SHA512

                        b486e49696e0aecc89f640997a3efe5bb38fb54379451e1018758d6a28a28b5376b73cf0cc72b90775c3dbd96bd0836e38c5fe9669c27db85e1707517324265e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
                        Filesize

                        692B

                        MD5

                        75d7a9cc2bb8188399a0d2de6788673b

                        SHA1

                        aa1b8ed9167f7a25a953f4cf9b68825642759713

                        SHA256

                        8c18c37fcd5587a07f685a3758d90b160b52db6b5375b060f6462f9b8d237e7b

                        SHA512

                        948c982cb31c92202cc911c858fe3011e4a6d5c9be4971482b4c0d3cb5e470bac76498b61dd6bf5212869259a6f1c82a64c3c279b7d151a500b6870904f894fb

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b8ab77100df80ab2.customDestinations-ms
                        Filesize

                        24B

                        MD5

                        4fcb2a3ee025e4a10d21e1b154873fe2

                        SHA1

                        57658e2fa594b7d0b99d02e041d0f3418e58856b

                        SHA256

                        90bf6baa6f968a285f88620fbf91e1f5aa3e66e2bad50fd16f37913280ad8228

                        SHA512

                        4e85d48db8c0ee5c4dd4149ab01d33e4224456c3f3e3b0101544a5ca87a0d74b3ccd8c0509650008e2abed65efd1e140b1e65ae5215ab32de6f6a49c9d3ec3ff

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\AlternateServices.bin
                        Filesize

                        7KB

                        MD5

                        7d2fcb2cf9c7ce8024a43b13ae51a62b

                        SHA1

                        5afa158cbbf7595600844e04532847a9716551a4

                        SHA256

                        992bed5a9c05b91793a25d68a07296e9b158b12deb58a3ce5874055ce891e53e

                        SHA512

                        335dd2a22da2bb90165cd1faababa4f5a8f5811d422b5a0f638bea1cd41965fa19a6a367c984e2a92e3ad90132df37d581a02a581c6853dc14c029e00cb8a192

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        5KB

                        MD5

                        1db8aa8b0b670f2f11dcae69c4e095a0

                        SHA1

                        7d758017cd2c66d91818342926cb9776ddcba72b

                        SHA256

                        67cc7f98dee241c2f33c647a73aa48893ebd177bfa9e0a31feb57db5787f5dd3

                        SHA512

                        9f605517854f733b1af696cc9725d458bcb013526913e9e03983650e1aea09161b36eaf7b2050f789916960e055fcbc786f3a4148ab23b625f02bc75ac273997

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        3KB

                        MD5

                        66377b07f5dfacb21f50b13a97ee3893

                        SHA1

                        5f0d071da4a884578b7ee9f3454ec52d13f89e8c

                        SHA256

                        34e92e3ef04ae3fd6e2fd2353fa7d3b69731b535b7b51880d8809b5384cf08ce

                        SHA512

                        451c37c81b2c1272d9e39b1d9d60da6f3f27d7f940b43c908d4918817a5f490c190ad14ddab209b0293fe912e360ca27aa51fb3cf900534b38393ea3f90961ac

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        23KB

                        MD5

                        7d100297cde7f6e13628d4b86e782651

                        SHA1

                        f1bace7af294e18149fc581ccf8a8db8c61a6d53

                        SHA256

                        8ff2445ce2d751ec7a533c5f9971283965ce57826c0c270d3d0f758619f9b543

                        SHA512

                        89ef30b82cad28ff8e5f4dd359d81488598812df46a2bd86f241fc5bb9644e0f1867085c3ab0b2d47e6ec269ac366d840436ffb82e3019c400f863f04d34996d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        3KB

                        MD5

                        92f3ca16da5e0a1004fd17be041e7d58

                        SHA1

                        f6f0357a6b300c6021dec5d41d390906059aacdb

                        SHA256

                        9631bc95ab4fdd1f647dc3cdb4a5ccbad14e75febeaeecd218d228341ade182b

                        SHA512

                        6b860f6bf59bf51dc4f539d3c76ef132091e84179f80d408fe4f18d51898ab34442d2a0d81604891a34c750c92fe4bac743c8f46b7f52c16fbbe269253706555

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        6KB

                        MD5

                        0b4fd0aa224d1d11522f39991d21322e

                        SHA1

                        97e870099f71b3da3fefc29557c3e83c54b87c49

                        SHA256

                        df89f09f35a195adf69deef68e6abad097f277a7a169253277e63c5101881a6a

                        SHA512

                        8c64956708b15e2db9ef8437eca9f37790e5c0ffd5985bbfa72ce8a56fbfe31f72eb775659e77f3f3523324c773b10f5cf564d4567b8b907fb89246e6718eae4

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\0a1fc49f-86c6-4e5b-bdc3-f43182f7795b
                        Filesize

                        26KB

                        MD5

                        d3c25a23c1609a6ef0c6082ecde274b5

                        SHA1

                        73665e1700f8fa15b044a6bba214b650c5806757

                        SHA256

                        8f7323bcd3f4d22751699d43934cdefae605834204b9cedc01d3ac5279e3bbe0

                        SHA512

                        2f76c99734c4ee2e29275092a3425ba7d9e0959881a2c2ddeb499c3953481e83600f875a875d6da400fdfb268300cc3ed34fb4069343105fe5694e10ee8b4f77

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\e4665bf2-1c80-4183-a2c2-bc0b99051fdf
                        Filesize

                        982B

                        MD5

                        59983f41ef98a41f402b1ca2789348db

                        SHA1

                        ed2b296b0a2d6b974504b63323b95f037e22dfa0

                        SHA256

                        ac8d5fe24222480936b993f5bcfae127e4b3ff08a4df657bf37a3441684bdd80

                        SHA512

                        7261baf15756f9ac4b1ad4121d64dad07968679e297e79baea062bea4ca529c4fb66d0f610d94ccf7c89ba3199afd81eff80675cac3c3b99d4e427d8c2b18ee9

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\datareporting\glean\pending_pings\f5bf71d6-4ab8-42b7-803b-56cfff910509
                        Filesize

                        671B

                        MD5

                        b797d9f7c85453081c793e06805ef2e2

                        SHA1

                        99f3fe04e4faa4521c84c1d370ba18b2e4ef8e66

                        SHA256

                        623ffcb49439bb5015e9b6a4cbabda353b03712060dab82d9d6f7739ed7a7d73

                        SHA512

                        e80daff57862beaad686f6f47821ce8d997a160e72267e49d686a79bb3c8b40fe1b4507fe1f8a68a0b25c1163f42319957ed1ce5e3bfd1adfd62d860df21171e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                        Filesize

                        13KB

                        MD5

                        2063bbd6a8197cbed4407670182bd52b

                        SHA1

                        1022b28b443cfb1f647af3d5c148214cd808d349

                        SHA256

                        d0e0d7a0c0cd8d4615a721cbf96c357098a8b09cd2b9e8c20d07c73361f10e93

                        SHA512

                        82093b035a8a2fdbeb644a790b205820948c3a7819040d1279f05d2b885614da81087247edfc5b9f1a4c9c51451917231fb65ae906b2f01f7d61083ba694a1a0

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs-1.js
                        Filesize

                        10KB

                        MD5

                        5d369a0ee48784828af1e90e7dde4d41

                        SHA1

                        51c437f596dcc4087901706a07d97997a83a9302

                        SHA256

                        66c286e53dfb23e4a369581809dfee031e49028f8dd06657692bf6a2ea83a74d

                        SHA512

                        03925db52b9752260a3b42a60fefccc7e576056261e535f33eeb8ae6c2e1915fd6e022ef0c74e4b3407e480e82deb58364f30a008725eb7dd0acca03bc8bcce2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\prefs.js
                        Filesize

                        8KB

                        MD5

                        b1bcf44f55fe0c45eb7a44bbc4724392

                        SHA1

                        80257df79416024c2b321341bf4ebb6921c7577c

                        SHA256

                        6e9607f5ec5ddfc035a185116aaef275b88eda4edefcc9530f749e8bf38e25b2

                        SHA512

                        2afe51021a4567146b96ff00d1d06d86ecf6550c373001e3971c033e7fa3493591b40f3b678b21485e77223627b8a48d91e598a071f617e6b5e3a195bebd7d7f

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        1KB

                        MD5

                        b8832ea598373a682ccf16b4f683852d

                        SHA1

                        90d15dc0ca0fa7c213ee8616d74f4bd26b673e90

                        SHA256

                        2309ba85dcfdc3bcce2996f17d48097fa9ffd963bdffa20fd55622011acc405f

                        SHA512

                        0bd8ee6ec9128d1f0599afddf83ec2e1bab9a26e810af03919d4b26dea0ef3a8b77a821903de0c62cb7806af6c7d3386280a2777baa356ba7803447bdc469684

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        1KB

                        MD5

                        47a56b2106b2922a33bdff4e4a5ae889

                        SHA1

                        75517d0cbc106863bbcf814e4e6e0327211b5184

                        SHA256

                        0a6d68c0cc96ef76c640a4ef8cd87dc8357eba4246ed7c8acbfe8f469a7b2a0f

                        SHA512

                        c785be4eee49302fbbdfc7b17e9f76cfab94d085e6c7eb3fc40f523dc9abae0b25db42ccb829fbd0a60b5df9adcf656989f2f8793639e7c24e8b13802f48b7dc

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        1KB

                        MD5

                        ae133642d596af8dc358ff72a8ce2cd8

                        SHA1

                        21e5fcde059a3fc531a934fc3fec9274eb123d57

                        SHA256

                        cfc0ba64a2013d70c722848ed84042e7e324c97f30c0b874f093565c4702d3ee

                        SHA512

                        72824666f649c1431cf997c37cdf980ffee812619280ab40c96fc9fdad7f6663c544f7c33b7ba5cd982f328996980d25f77b1e7f64a5e44b460d76ae231ef1e5

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\md1ejlmw.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                        Filesize

                        1.4MB

                        MD5

                        34a7bed254b65f73690c60c325f274e8

                        SHA1

                        a9b46f1effe1b87c6dc7afc19781a21c9a38d634

                        SHA256

                        2f63c877503f0317a04885d3ef073e7d589f7d497e1b9dc69d5ddcfadb8eba0d

                        SHA512

                        1276c89d43b23910915e87c568124424fb6b27c03f25b91e4ca17835ff27e0775cfcdfde24c53dd1b628213d8bd2e3101fe7a0d60ea940a7e823d28337b9406b

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\ehhecah
                        Filesize

                        32B

                        MD5

                        ecb4c3f3fd4184bd15404fd8c5d1e218

                        SHA1

                        9c92d40a9c241ab3a3f15b2e7f86dbbee01a61ce

                        SHA256

                        6e13dfa9e8ffab80e209701b07ed61180d273b6c8901e0631d8a838e4e8e6510

                        SHA512

                        f5a4ec859b92dc1c86d71744f4031b312e5ab6dd908412d5255e41c9f12c6b2c8eb872640007aae7c27ea51b0d9c9c4f8d48866c60f578f7d02ea6cc82cbbb8c

                        Download Submit

                      • C:\Users\Admin\Downloads\iopsmxt.a3x
                        Filesize

                        613KB

                        MD5

                        c0087cb3fee97f3fcd1e68e022bb652e

                        SHA1

                        f0ad23f5c273282eca6f0e2050aaf1cecdbe71f9

                        SHA256

                        f79c91295fc56fb36c87bc14facdf3744d824e9c91ea58c69fa1ad8a83ad2b8c

                        SHA512

                        5b066153c4905ce718823bc1d629ecc90067a654d8cd5b65e5f99c5c04dc8aba481ac74e9cc47e99e07f5d9f3678134c4e25868cb5cdcb6488ebde9c0f1d9262

                        Download Submit

                      • C:\Users\Admin\Downloads\pqkizk.exe:Zone.Identifier
                        Filesize

                        66B

                        MD5

                        c94728a974809e07ecad6d24bf465c98

                        SHA1

                        6c19e248021a11b797e2b506d2c1df6a53470ee0

                        SHA256

                        821a35b2c92c81853fc0b1a91192173125db925b0cedf1276bed183f5d8b488f

                        SHA512

                        3ccaa1d2bc78e98d80869e89b1e2a05e5443f01a69c72204ce1e3cb556529228ecfebe6a58820d8671ed861832dfa507837e3b2786a863547e5819a9258c17c2

                        Download Submit

                      • C:\Users\Admin\Downloads\pqkizk.lFqfoefc.exe.part
                        Filesize

                        872KB

                        MD5

                        c56b5f0201a3b3de53e561fe76912bfd

                        SHA1

                        2a4062e10a5de813f5688221dbeb3f3ff33eb417

                        SHA256

                        237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

                        SHA512

                        195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

                        Download Submit

                      • C:\temp\Feedback.xlsx
                        Filesize

                        27KB

                        MD5

                        59ae599deccd4b9cea9904ad3827ffa8

                        SHA1

                        875a093570b7de0da4c772064e73003b720a2b0a

                        SHA256

                        d150773c1ed5fc64d4ee10ba4f8216285900494ccc23ae1e46f54325813e551a

                        SHA512

                        556b429ae696caaab7f87e77e69825ef670a4a25c87c65ddd9686860fd7f04b3415d268d0b267c991d05fa044a1a55abe3da040ce6c9b77d36c0043a266c2155

                        Download Submit

                      • C:\temp\beggdhd
                        Filesize

                        4B

                        MD5

                        880d83f56057b08b943502d8df054e25

                        SHA1

                        34d91e0dfdecc620a9f4175f57f6046431aedfe5

                        SHA256

                        95deb9239be7c32ded1994821f224070fae3598b9c2faf87a68294df7e77d529

                        SHA512

                        bfb9a23fed90cba92373188feb9e5b63f26dc483fd6363fd5db9a7d5013de7b21763bb5abc8a9f891448c2bca07b4ea50b3353e7628dd7122dd3a81d1cb7a1f9

                        Download Submit

                      • C:\temp\beggdhd
                        Filesize

                        4B

                        MD5

                        0574d68275c8273a839178e1490e38dd

                        SHA1

                        0966734beff59d4a785468c901ed901f61e69768

                        SHA256

                        4e1349ba2f21ddcaac87c99227c40fcd98dad53c4385562f539099fcc8a4ac29

                        SHA512

                        68a2ab21db880ec3d2b640674c13ae46f593cc0df5d69fba7151260baa6fc2f9ed7e63482ee5da200a3d19763705cd8c42674747028ed01a9070bd4ebe348fc3

                        Download Submit

                      • C:\temp\fakhecf
                        Filesize

                        4B

                        MD5

                        44beb2e4e055cfeb686c2308dda296a8

                        SHA1

                        c5a744abc3ccd2705a9b82c975c80bfbf6a5b2d4

                        SHA256

                        9a1b4463173d9144d801469a98d2b5118fb0130db69e44c6be70d81976ff6735

                        SHA512

                        77e9d638684dd2b922e1826c3841e80fd9db7b9abae9b9518fed61bb7bc5144924dabae9323f0fa996c03790fffa97a490b6a9547bad3d06ef91a717494aaeb1

                        Download Submit

                      • memory/840-2644-0x0000000002B00000-0x00000000032A2000-memory.dmp

                        Filesize

                        7.6MB

                        Download

                      • memory/840-2646-0x0000000002B00000-0x00000000032A2000-memory.dmp

                        Filesize

                        7.6MB

                        Download

                      • memory/840-2639-0x0000000002B00000-0x00000000032A2000-memory.dmp

                        Filesize

                        7.6MB

                        Download

                      • memory/840-2647-0x0000000002B00000-0x00000000032A2000-memory.dmp

                        Filesize

                        7.6MB

                        Download

                      • memory/840-2645-0x0000000002B00000-0x00000000032A2000-memory.dmp

                        Filesize

                        7.6MB

                        Download

                      • memory/1736-2605-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2687-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2610-0x00007FFD7F3B0000-0x00007FFD7F3C0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2606-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2603-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2604-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2602-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2614-0x00007FFD7F3B0000-0x00007FFD7F3C0000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2685-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2686-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/1736-2688-0x00007FFD81410000-0x00007FFD81420000-memory.dmp

                        Filesize

                        64KB

                        Download

                      • memory/4296-2702-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2706-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2701-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2703-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2704-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2697-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2696-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2695-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2705-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/4296-2707-0x0000025DC8480000-0x0000025DC8481000-memory.dmp

                        Filesize

                        4KB

                        Download

                      • memory/5152-2649-0x0000000002BA0000-0x0000000003342000-memory.dmp

                        Filesize

                        7.6MB

                        Download

                      • memory/5944-2591-0x0000024B55F70000-0x0000024B55FB4000-memory.dmp

                        Filesize

                        272KB

                        Download

                      • memory/5944-2593-0x0000024B570D0000-0x0000024B570EE000-memory.dmp

                        Filesize

                        120KB

                        Download

                      • memory/5944-2586-0x0000024B55EF0000-0x0000024B55F12000-memory.dmp

                        Filesize

                        136KB

                        Download

                      • memory/5944-2592-0x0000024B57150000-0x0000024B571C6000-memory.dmp

                        Filesize

                        472KB

                        Download