26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd

Analysis

max time kernel
556s
max time network
552s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 19:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7z2301-x64.exe
Size

1.5MB
MD5

e5788b13546156281bf0a4b38bdd0901
SHA1

7df28d340d7084647921cc25a8c2068bb192bdbb
SHA256

26cb6e9f56333682122fafe79dbcdfd51e9f47cc7217dccd29ac6fc33b5598cd
SHA512

1f4da167ff2f1d34eeaf76c3003ba5fcabfc7a7da40e73e317aa99c6e1321cdf97e00f4feb9e79e1a72240e0376af0c3becb3d309e5bb0385e5192da17ea77ff
SSDEEP

49152:RoOF3Wh8esAMmyyImtH97VTjrtlEfmSX4b:RoYWh8JAV/VH97F3tlQ+b

Score

7^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 2 IoCs

pid	Process
1932	7zFM.exe
5960	DDNet.exe

Loads dropped DLL 22 IoCs

pid	Process
3548	Process not Found
1932	7zFM.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe
5960	DDNet.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
103	camo.githubusercontent.com
104	camo.githubusercontent.com
106	camo.githubusercontent.com
107	camo.githubusercontent.com
109	camo.githubusercontent.com
110	camo.githubusercontent.com
102	camo.githubusercontent.com
105	camo.githubusercontent.com
108	camo.githubusercontent.com
180	camo.githubusercontent.com

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\lt.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\yo.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ga.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uz.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\bn.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ar.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tk.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\eo.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gl.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\be.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sw.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\it.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\es.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ta.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mn.txt	7z2301-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\gu.txt	7z2301-x64.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z2301-x64.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133677044875218694"	chrome.exe

Modifies registry class 54 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\ = "DDNet Map File"	DDNet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\StA-win64/DDNet.exe\" \"%1\""	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo	DDNet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\FriendlyTypeName = "DDNet Demo File"	DDNet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\.map\ = "DDNet.map"	DDNet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\DefaultIcon\ = "\"C:\\Users\\Admin\\Desktop\\StA-win64/DDNet.exe\",0"	DDNet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\shell\open\command	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\shell\open\command	DDNet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip.dll"	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\shell	DDNet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet	DDNet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\ = "URL:ddnet Protocol"	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\shell\open	DDNet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\FriendlyTypeName = "DDNet Map File"	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\shell\open\command	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\shell\open	DDNet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ = "C:\\Program Files\\7-Zip\\7-zip32.dll"	7z2301-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\DefaultIcon	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\shell	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\.demo	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\shell\open	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\shell	DDNet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2301-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\DefaultIcon\ = "\"C:\\Users\\Admin\\Desktop\\StA-win64/DDNet.exe\",0"	DDNet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\StA-win64/DDNet.exe\" \"%1\""	DDNet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2301-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\7-Zip	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\DefaultIcon	DDNet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\.demo\ = "DDNet.demo"	DDNet.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2301-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\ = "DDNet Demo File"	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\DefaultIcon	DDNet.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.demo\shell\open\command\ = "\"C:\\Users\\Admin\\Desktop\\StA-win64/DDNet.exe\" \"%1\""	DDNet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2301-x64.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\ddnet\URL Protocol	DDNet.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\.map	DDNet.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip\ = "{23170F69-40C1-278A-1000-000100020000}"	7z2301-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\DDNet.map\DefaultIcon\ = "\"C:\\Users\\Admin\\Desktop\\StA-win64/DDNet.exe\",0"	DDNet.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe
4140	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1932	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2452	firefox.exe
Token: SeDebugPrivilege	2452	firefox.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeDebugPrivilege	2452	firefox.exe
Token: SeDebugPrivilege	2452	firefox.exe
Token: SeDebugPrivilege	2452	firefox.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe
Token: SeCreatePagefilePrivilege	1324	chrome.exe
Token: SeShutdownPrivilege	1324	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
2452	firefox.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe
1324	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2452	firefox.exe
4944	OpenWith.exe
5960	DDNet.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 1540 wrote to memory of 2452	1540	firefox.exe	89
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 1560	2452	firefox.exe	90
PID 2452 wrote to memory of 4668	2452	firefox.exe	91
PID 2452 wrote to memory of 4668	2452	firefox.exe	91
PID 2452 wrote to memory of 4668	2452	firefox.exe	91
PID 2452 wrote to memory of 4668	2452	firefox.exe	91
PID 2452 wrote to memory of 4668	2452	firefox.exe	91
PID 2452 wrote to memory of 4668	2452	firefox.exe	91
PID 2452 wrote to memory of 4668	2452	firefox.exe	91
PID 2452 wrote to memory of 4668	2452	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\7z2301-x64.exe
"C:\Users\Admin\AppData\Local\Temp\7z2301-x64.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Modifies registry class
PID:2312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b80075e-c317-450e-927f-92228643c20b} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" gpu
    3⤵
    PID:1560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b2189bd-8d02-4624-a017-1249a9c43860} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" socket
    3⤵
    - Checks processor information in registry
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3004 -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 3008 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a790e645-1d77-496a-8467-c48fd0019c22} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:4836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3908 -childID 2 -isForBrowser -prefsHandle 3904 -prefMapHandle 2732 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {019d61c9-da70-4e51-bc05-8cd4ca29f50b} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:1972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4888 -prefMapHandle 4884 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c76f094e-10ef-41b0-bbc8-63f532c75791} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" utility
    3⤵
    - Checks processor information in registry
    PID:2168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 3 -isForBrowser -prefsHandle 5396 -prefMapHandle 5340 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {525cccf0-a3c0-4024-801a-ff2fedd4422f} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:3244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2183c3be-7075-475d-a610-42015cafa4e4} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 5 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e91677ee-267b-4b30-a8aa-c58cac10f9ee} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2804 -childID 6 -isForBrowser -prefsHandle 3684 -prefMapHandle 4484 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2ef1e79-d7a1-4a67-a15f-680ac32ef61e} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:4276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -childID 7 -isForBrowser -prefsHandle 5452 -prefMapHandle 5616 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a951d408-9b63-4b40-bda6-3089e1af9ded} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:3912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 8 -isForBrowser -prefsHandle 5984 -prefMapHandle 5436 -prefsLen 28242 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fae2b575-b12e-4311-8293-7f784c3b6bf0} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" tab
    3⤵
    PID:4076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcb12ccc40,0x7ffcb12ccc4c,0x7ffcb12ccc58
  2⤵
  PID:3508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1836,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2320,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2332 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3240,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3716 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4840,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4892 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4880,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3420,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3136,i,4230777563997684448,9027902024367541061,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1240 /prefetch:8
  2⤵
  PID:5080

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2568

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5352

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1092

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4944

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\StA.UPD13.rar"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1932

C:\Users\Admin\Desktop\StA-win64\DDNet.exe
"C:\Users\Admin\Desktop\StA-win64\DDNet.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5960

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x524 0x328
1⤵
PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7-zip.dll

Filesize
99KB

MD5
956d826f03d88c0b5482002bb7a83412

SHA1
560658185c225d1bd274b6a18372fd7de5f336af

SHA256
f9b4944d3a5536a6f8b4d5db17d903988a3518b22fbee6e3f6019aaf44189b3d

SHA512
6503064802101bca6e25b259a2bfe38e2d8b786bf2cf588ab1fb026b755f04a20857ee27e290cf50b2667425c528313b1c02e09b7b50edbcd75a3335439c3647

Download Submit
C:\Program Files\7-Zip\7z.dll

Filesize
1.8MB

MD5
4e35a902ca8ed1c3d4551b1a470c4655

SHA1
ad9a9b5dbe810a6d7ea2c8430c32417d87c5930c

SHA256
77222e81cb7004e8c3e077aada02b555a3d38fb05b50c64afd36ca230a8fd5b9

SHA512
c7966f892c1f81fbe6a2197bd229904d398a299c53c24586ca77f7f657529323e5a7260ed32da9701fce9989b0b9a2463cd45c5a5d77e56a1ea670e02e575a30

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
930KB

MD5
30ac0b832d75598fb3ec37b6f2a8c86a

SHA1
6f47dbfd6ff36df7ba581a4cef024da527dc3046

SHA256
1ea0839c8dc95ad2c060af7d042c40c0daed58ce8e4524c0fba12fd73e4afb74

SHA512
505870601a4389b7ed2c8fecf85835adfd2944cbc10801f74bc4e08f5a0d6ecc9a52052fc37e216304cd1655129021862294a698ed36b3b43d428698f7263057

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d571b354c91f07908e3b6320b2c9c760

SHA1
57f503cb6f5d0c2ac45efc1ef55ff44c71900ffd

SHA256
711f8428d980905ae63255f680523e862cd3d5fd564fb39f4ea9d75d625c2041

SHA512
4d2bf42b8bc6bea8cabdb701b0041137c2e8d749ad06af9f76362c411dcf9e24f12bbb9b236344cfd4af10e498ebe5de8edf96d90d81ef277a36e0ac98a7a463

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
37KB

MD5
93acf02790e375a1148c9490557b3a1d

SHA1
78a367c8a8b672dd66a19eb823631e8990f78b48

SHA256
4f2513f353c2cdd3177e3890f216ea666e4eb99477a56a97ff490f69a9833423

SHA512
e6354f4e4d35e9b936a7ddaebdd6527c37e6248c3f2d450c428903a32d77439cab78020a45834379cf814a79149c3dddf4e1280b9d06a7f972e5f8e61c463d6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
21KB

MD5
a6d2a865e9f16ea305950181afef4fcf

SHA1
082145d33593f3a47d29c552276c88cf51beae8e

SHA256
2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

SHA512
6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
194KB

MD5
cf18fafd6f82607054681ab95b728e3b

SHA1
0a3d3a5f536e92396d7dd5da64a882ab3664542e

SHA256
f6d6096e856ce9e4bcf6d4607ba739a1b209a4f52850fd01ee234a2861fde441

SHA512
1e621291cb833e0c8b48411b3de4abaf760b0cbcd1dda7d057b07a4f4f9a1ef873433ee46a5b3d008610ccdd56e9aa80497f6c3e859fffdfc7e3f01dc355faab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
20KB

MD5
c4b8e9bc1769a58f5265bbe40f7785ef

SHA1
07ff14df16d4b882361e1a0be6c2f10711ddce50

SHA256
2786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192

SHA512
a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
57KB

MD5
919d13ecf08e3da7e9f337e7b60d6dec

SHA1
3d9bd4aa100f69cf46ad175259edd6ce9864830c

SHA256
9d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0

SHA512
98d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
57KB

MD5
dbaeb78542b4795671ec1205748b09e1

SHA1
8decd4a7b818bb21b87479e0c1d6ec6207e9c19a

SHA256
6071a9aa07b50328aa5c3e6f3f861e89b53c5993ee0e8f3fd6e56e8812fde64a

SHA512
b40494660f44cedb2a495c87f19ca27e33e277c6ddf423fd47a8dda47a8e3d0c6d5a64defc90217cca668d9faf558dcc41e3d0fa6d03b56d710e43d2b46f691d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
71KB

MD5
3cdd654138fa8034b143f0b7f4c9bcb7

SHA1
c122acab0e4ffa86fd4fc262c5f77d99d510e061

SHA256
d922b35c3d7c531d26564357fc4ad810085fced9943b455747afd7b251e74a7e

SHA512
b3e82b5c00c432c781f9b7d0db3815f399ebde31f3815f780e1db81f42d215ee505eb11858d7fa6854c91f30088ba6dcfaa34fb857f3bd35894beb94e3b4b8c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
23KB

MD5
bc715e42e60059c3ea36cd32bfb6ebc9

SHA1
b8961b23c29b9769100116ba0da44f13a24a3dd4

SHA256
110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

SHA512
5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
17KB

MD5
109a8cceba33695698297e575e56bfad

SHA1
2b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053

SHA256
dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d

SHA512
6d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
19KB

MD5
f5b631335f170065edf1b148e10b34d4

SHA1
ca34f82af577fec763ed38f0436d20f1cf766f62

SHA256
99be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846

SHA512
c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
349KB

MD5
e494f3a0e6de2b52aab05454a66020c4

SHA1
25072a94224adf42839557977484b48d8f480d5a

SHA256
258aaebd655aea46d0fe5fc97b62a2cc9f94f187726c0eedaeeaba3cdc278258

SHA512
a6954312df8f9c60887601694be099184ac9a888622ec6b351419a75ecae02ab9c5477918c9d27ff56d09a378d7e7a75467d1a42c4d1f172ff9bdb150f73284e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
23KB

MD5
de8c6574e9057e4b6ea7b9437db4b9d5

SHA1
265d520b6a04b434f5c3fc8c28debac183898db2

SHA256
51f281fe367854904b3db4b6f4cd70ccf90414335716482aceef382c536ae746

SHA512
cc8791772d03ee3f4b13654d2bd3354ab1ec28322ae3522187603bde00b1a5d940e99e62dda0fd3a7faf0ba9c3cd42425d0e64196f954bdb93c979f5e990e7dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
305KB

MD5
e77758ee910c9beddec1a44c9c2b8a51

SHA1
f417fd0d2b9e16b498bf690be10e7adea583ee62

SHA256
b4bc44c7523a36406a248ccf4dbaf1d2f5b352551b99242c0c75595255d99fa0

SHA512
8bd1b1515ca03a71fd3ba7908dcd116b87ad04861b0082c7151dc74b2dd4ae9e89d7ff00c6f3ab618746614f86061e1817abd61e59f26c1068333afda76f7640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
437KB

MD5
2e4b05c5cab487584b50739c9ec6c4d9

SHA1
1e2dd66d96c35c6d6c634085311679566de63955

SHA256
895ec60d0b83983248b48421fe0f63d9a3011591d3c56aa9d1a8b0a27921ac9c

SHA512
7d38940cdec315844f5323455c83c6ff92385df97bd8c0cd8ffbbeaed3348ab0eb6cf61e510c661e24005b1b77bd75dace8c722ca7cc1e8f13abb3a8d8941371

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
204KB

MD5
4cce8c53f89c87100973c85ae1d44831

SHA1
6f59a16fd3edfcde63031cdc75afad1d0c0a2d5d

SHA256
3a1f0b53f75079f3f1c8600b7a0ac13dde374891a311d1342172dfabbc37f374

SHA512
c67627ca3e0bcd25fc5f842c4015ca8a86c0e49ec224ad2d0036e9c243d4a2435bb3617bbe28cbbd3869da1d3c905b9fcfbb1d4f1d183a2e862c701456bf2945

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
210KB

MD5
7280e0f0974a27818c118744ba1495ce

SHA1
f9915e83bb5616bd788fbb9419faa689c4b42834

SHA256
12a6fce33183eb190b5cfb4b02f7e592b7e3b8111a815b4e63317c3190682feb

SHA512
2bdbd6f05d125d3d92e27db206e365f0fa3d6b051a5d1aeff1d0136ddb186361a0e0d7bfa7459cf68f2b97dba1c710832a6d52d9d473cf76ce613fa0709f66e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
114KB

MD5
7a26e9e436f72c36f7e0314b1b2ebcfe

SHA1
a945c52062ff4e49514d1a16e290b0948473429b

SHA256
22b622b616dbb92ce088eed13bc12cd7e57a6ec486c54353745b2dee81803442

SHA512
921699f495684b3b8742a3abd94542a7b4868c8704dfe37d35f9b9722d8ce75cec9fa4fe7b05a04d38c48d6193fee6be475a63e6da7d5b6955f6616990f82234

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
122KB

MD5
3bfe3496cee17eb9277d679e9a8f86c4

SHA1
c7174e51f39c9a98c6d05279e1514284ef2bd246

SHA256
67aeb5fdc29a8667267e5d62221453c7ed4141f1e307bd6ee3575dc271655358

SHA512
04daf255bb251eaae006bf80be7aa265cf507a40fe6a550bd7c4d803d1a6aa2eb89de380866b779c223642628634afd5496786e7712a7c99fb785013b9265173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
176KB

MD5
f0a4d6460bb3e9895dc19511baedf681

SHA1
0071479e77b1712d01e3ba69952db48ff8c32463

SHA256
e9ac994d02ec847f354ad99343f013b4389e42e0410512be0591eca0b833fe22

SHA512
6b75108616a76659c0395d0ca622d31941eec2fb82b691983b2b7be302402cec1ffa574d8694370c14854231760f7f743f0b6ef3eccf489db9ca4b49bb024130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
190KB

MD5
2f8f4fd7265ccbd6f3d3478a74a42e95

SHA1
0c75954b5d680de9c46d53d5d3eb82c3fc98d49f

SHA256
26739d6bd7ce008fd39c202eb384fe549f69d90172fba33f2b25ad119d2a6247

SHA512
a1007ca4d9aff50e191e839dc72b158cd2e703017ac37a8acf40c8fb55a2e298d22497e551f38639b7cc28908ebf45b17bc4a92ab63422531dfb54679b838bb6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f03a811fe0d88280f18332249bdd57e6

SHA1
2c84ea6e4604fa5e1d30be5879ca74442396ec4f

SHA256
c23fe3d8507b6d5300610ffbcd2457a23874115560f4a284d2441d9a1c9d21fc

SHA512
614182803042ed104a9c0c106ce00ee2ad752e640b611983c58eed0803f6ad2df00f70fab8217b3d86742ca715e765820ff7654ad2d1715d871a68d55a07b09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dce4c7e5e57034e5ce4ea466cc44f9e0

SHA1
d93e80ef354657e37cac021edd5b3e684bb892ad

SHA256
415341710c66ca4e76f4bd2263add8fa4b8aba58b075a12880e41497d4997059

SHA512
ce3b58a0a9f7a5587bb050f8e384afeac57dc8f64fea6b890add9131370fad49339c8eaba06edeaa4a442c9876bca12600f072f6c962b516b0e328092c80cd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
a8d9f37ddad699e7fad36fc72900e29b

SHA1
908b8d1e4fdab5d31b268d4ffc1bded17cb6ebab

SHA256
65553db66bb0ca583e993ba6f94c59b8d4e37af37e2214c03dd447f4b9441990

SHA512
876aa0d5cf43d517df03dd17e55f9a634c3f6502f535783647c1c32814eb4adaa60e7681cb70105e05324357fae53b24820d73cf1904bf6049ad5fa7d8a67909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d3614e2cb069c34a9f85d03d690f8d82

SHA1
e0db19d2312ad5c5138dc023e9bf7699cadede04

SHA256
7ca7a492b868d9cb954334317758210362152ff5b3670f231f1c5a9fbe6c0747

SHA512
8336e8cf8a6fc8b69850279370e85eee8cc2db26c049878ae20e72625e98fd90f7fe5b6a0fade16468d27f0fdd9cd66a7fd332fd541702959e985bd4fdf18a9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
88b1b1b706c93fbeeac953f7315814ca

SHA1
f28dd5d6c2ee841d2686af515ab3333211a3cdbe

SHA256
45731c88f6bc55227d6b04a4f85c06f9ee14f06f76b28955433f59cd73a96e2b

SHA512
f8f277f6baed3f23b6f216d200cf56c46145f0658666990743395a02dd55cc8518e8d5a7d43696318da09b4bd608983716183a3d1d94e229d860a44733fa8b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3c7d92237e53c863f9c4f8f5381148d0

SHA1
03e64dfec1f99426b32592b0709b3f9b09b8d90e

SHA256
5dfa08560941ca74ecf92d16468bc92d4ad32325bb24789984f3be3e81f7d17d

SHA512
afe4448f0247a77297acc85076b5fa0553fc46563f7fab9b0712213b9c590dabc272e7426405a3bc8b6f8ea87720d3e9d463090995242276ef84f95e88ccf876

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
90e56e194efbdbef5a8eceab431e4203

SHA1
c83bfab234d79c968a95b29c2a725278dded1df9

SHA256
ab131089cc098f2fac14103efe222e125c95683ee3190830b6e202a36b52ae78

SHA512
3c176263ea48293631331ea24adc80664dc19c29823cb6ae9e752abc653d62de1e3d88f3a229537dc087ba8fdff70e5062e75e80dddf00f7cde6887c09b85934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f6d51a1038c99fe111fab7f9bf306818

SHA1
ed9d90dd0c7dcad61cfa2fd0a96440f7a39b6a85

SHA256
ef0b6fa0389218215828a39f0713f285085148cc1976be82246b2bc41c17109a

SHA512
0ab535dce1509f706b73b1adb00eb4d23395629ef92001bd5ceb33c61bd2e102a49814118a98e0b1017cca5f6b6bdd3b3873b54377c7f5973e2160513cefff2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
41798898dab8c70b79b72be3351cf21f

SHA1
de65523cd473fd4c2435b0d447ba795205b9aae0

SHA256
eacf0d45ef857fae0ff5f91c71a195f78a0942f5d64133eeb7b580894847ef22

SHA512
bdf6258be85c42866f9d882f48ddac54b5c7db804ab7a72ac1c8d37f32511619afa7678a7b87aa9d3363a725b6aae1d8399fb3e4291c318249be2e4741cb3b5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
de5d816a603fd9b3acdf9e7ddbb0c1d9

SHA1
6f00aea8b5f1cc79da1a33cf61cbbbfcf6ccfde6

SHA256
314d3a04b2b3996bc2e0163f410c4048f4f43b09fe798188151010c61e25dca5

SHA512
33f1b5c408f7c3eb54a1842a06f5c527524234110c7db4c002a88bdc3ed660980e6df8c2caaa41a8b8bd51c71681df6c83e311e5ee86b84c83ca1b7ef380b845

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77dac138938ea861761d6e36d7143386

SHA1
65aaf9c5db4d704db24bcbba7903df797e9a4aa6

SHA256
df7c43ef5c957dda19f11a69f5ecaebb7da4439f337b8b0d797f9c7c8113d040

SHA512
7ebafd2e006c8da3d69ece047a547ef783f97c28c00a3e715f000564815b14ca4ce9e0b579fef0c8724564c984ca41614e01805ce454f3da3bdea24f82905dae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a739882968f0cda9721ffda0ab12ad9

SHA1
9ea4b144ca659b25b64b10137fca0e6dd2a1657d

SHA256
e7159da511d3ea755461b3de5ec98447541f69926ab1c10585d5fc93113e086d

SHA512
54ba7a49eeb6b11a50b8b1cbb0e861df607dde283ae5fc71a387059072884d65bfc472f0c8575dc80bf2d5c544d6f4c382a1ec6bd4b5c53ca90884d9d5969130

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d4e386c1990705d20b09809c5cbc77fd

SHA1
04798c7829aca0230e074a5cf3839fd1178c5023

SHA256
7cdbcebd1b791bf1ea7d861e6ff0cb049408a66dcf427942fc7fd6ca49c214f4

SHA512
8d3c0a403d89ee3859e1af309f39b2ff2859c6303b53aaae6f88599d71c87894240c8bf05bb14cc01d5b37dc8ccdc5f9b5b8f08682ee45a1cd66280a1bcfbeb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fb5dceeef7434169edb0f594bfdc28b1

SHA1
cdbdd624c650d833bfedf4f0ac78f2a2b5d13289

SHA256
3f6ddba419b022b74663551277e5463ecd863e66863ffddf7229eaa719be0e4d

SHA512
c4dedaae09cf4aecb659f60281a5ca62c17d0bf7909ae1656e7575afe176b11d6442a8e9a799aeef7609381cb999b5e6526b8be8845d820f9c5a88a3f6932e79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17ca516019daa307f19ebabde186bf04

SHA1
e4212818702dc3463ca0f702830e84a1b0b6d990

SHA256
f57a38e6505fe9afec7acb221bd594321a5c4ff6f6214f3df6a27a98f05667a7

SHA512
d24d3b63101fc2b3f23521d5dd919b3f30b0fcb844568c0f914a0c62653e7167f86cf828b7b7139b920259b2f60b7ccd366fc65e257ab4e9f114b88ba0710455

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b1846646e434833f0be2527dcdb2e321

SHA1
b53aea6ad3db8615a1330d9243c523e80c7aeda5

SHA256
86e6b5ceba3be743ec656815f3162132bb1dc054fae135f51af6d759ea2e37d7

SHA512
f67ad5f396f74c73add1aab584b1d9e3a833526b237765a04e9b134843a6e98c81ea71b03d1c184b2e57fc345673019e44e1107ddcf352b8998eedc195999a1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be008b67013f7087f97b6d042fbf5ac4

SHA1
0317bb354a4680b50188bd56f4cdf8a3afd01913

SHA256
fb8e9ae89379fe2f095853c111cb724df491b8074d7f1fd0ee6989a728399199

SHA512
310101bafe90ab306df02002a0f0186bbd9388e27993269c5ebd5ec6923091b4f09f76d35f00019eda9da46380a95aa3495accd76d509f34bae569293f5af11e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
17e80e8b70ff43456c2e337e3b1d95a4

SHA1
835b6179cc14d0537c20be4e8e855dfda041cc4e

SHA256
f7fab9e049c1c066abd702673820cc3452627fe51700a72768d2159fbd605406

SHA512
c9316cd1db04a6c877a9e81c39380db5041838d35c4554834b71368899816596dba0a4272d70b8731659e364b543e8b1594b1be9098c5954e8e50bbaee58c15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
129305a6ab02241c6e0682ad6a0eb61a

SHA1
b374d09e14a1a86f56ca94057a0445e93871b4d1

SHA256
9a0979e6bbbb709bbbefba5f108aecbd2bbdbc8a0bac8874c9aeb90dfa456c87

SHA512
64a5952814867801abec6f253829886af0be2388bfe3453112b3cb8675672f71692467da4eafac6f9240b29f449eaaa7ecef7e235382e3a9ceaa9854d055dfe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
91be789725493f9406420a01d7ee8db5

SHA1
8b5cad54049461361d00667af2c4d693e52202d1

SHA256
09f036fd405620e2d83afdd0f009ee8e352b1d004979e3bc8f3d744679a8375c

SHA512
db01f73a7e769abbf1e06a0da3934192254c6b06377efbb63fed2f5e4da5c9dd4f6872237948824687e76a1ef600f5b527058c754b836ba002d81f027ea853fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9e173605c6199fc8bbc06b58a0e7cf5f

SHA1
334b5accbe2df7658a1b1dd057c87f7da7e703a1

SHA256
aaa76ea95aa9db5e87cab78d452d3d118df59d10ded4cb8c6732555aeeae2f4a

SHA512
301f2710c4f43b06887da0dc88fbf219227168fbbd132661e1d2b034b00813eb38333f6a8c4d76ef8b6996377604f9c41b934a8536a3ba294a4fe661a0388a22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8132204c9e21d71a13bf334689e992e8

SHA1
7b5ef01abc63c18c316e4585bff82b9f4201a043

SHA256
817c712d3b4565186a758ec8086c3d0e1694fac31ff2e0403eb671ce8550565e

SHA512
beb6b9e57cc04ec94978cfbcd227312c035498a3b7adb4bdeef27aaf51b0c5a473948e7988aaac650cd0df685aad2ea49e7d2548cd996a41565f03e479b61c07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7f63f9f9a665b8b25ec3caf6beac457b

SHA1
649a01c709f2e515e4af82398fe81bc8e207899d

SHA256
9211f3871a30f6dfd531cedb430d4d8a99e28113a86ccb76bdabc95358c7745a

SHA512
b8449bcf0ea471f917b3ce90806cff61c9885fc4bfe5cc33341845cc161f78a489c476f7e0aeff6710d6854fee086d68f2cb7337c7f88c17fc9364a647fb1cf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0727150a61f9172d6f40993694e2d046

SHA1
9b8fb0a67ff526bc7355b6f093117566e1c01701

SHA256
cdd6cfea0f8c787a6cab6aa963ec1e3386a0406603711f807a08a08d5077d857

SHA512
5378163aad6ff36493cb2a2c44c4e737e11ebe4f06d0f0fb2aca62f7af810ad632858c2c3c7ae7e4e84dfe070eaa6ba0d51096e0d20c82bdec16a393b1b74df2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f791f275c5dd7472ecbad4c8b049e294

SHA1
e8aad350564a965e350a36cf21d8267db397d949

SHA256
f96d20d44b457b37e6bbcd1705c624054f3f90507594ebd805be3824a0725025

SHA512
0f65d6704530682002babfe990f3094b0be35eaff29f55867da99e68ef8270bec6bb0a09caa94f4570707b052aa7d98dfe098a307ec0eecfe455757cdd3f23dc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f5361eca52399b87778de0a6ef5cdcdf

SHA1
c10a275db1cb2c57d7d8e2286ec7034fb45ddd9b

SHA256
0e2425790e3e2d0a024aef19b608b705a1508426bf312e5728a84aa2765c53fe

SHA512
3ea15c788944e28da32cbe12e18e31703a78821d15773722fe22e05b75a780bcec0eba095d8584bb174e080438d583841e7213463362313e5dca782ab4d569a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9a9e3cb5492d7de9826a294f9a36d57d

SHA1
2bafd79ac00c2fd29f196b4d593893afa537a87b

SHA256
061a111dd978890890e387609d0596c89dfc69a7a30c0ece19ef001b1f65227a

SHA512
ad4b8ced74101cf707d2d3581aafbb6ee85f4ddf34536ebaf5c762f16ec43d9a6bf84030d74550b97b21a989ca5d188b111fb5962214e7a0fab172a461bb7bfb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d38db0485567c1a3263599d479939fa8

SHA1
0b21b9b9dde5fd17123509beedc1573ab806a317

SHA256
251a20530d8445636252a8d60c79f42fc5caf4d97b82832cdd19cae7de69b0fd

SHA512
04c1d5908c8ac421941ab8f56fb4e57c50f66705be87bb5924f9fdc56f1b97e3683b898eda5208f24d219c536830e71d986828da2c5b4c37d99345301cf7617e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52bff860578018a42aa54febf42fc5ac

SHA1
653f99e4f704a92ad9aa44c5da622cc751b29279

SHA256
7848b6951ccefe01fc9f1e42196766c2e75ec36bae2543b95638163b8fbbdd26

SHA512
2b17682927ee4e2699f018998432402de9f37c26111fb51b50d9bebe800bac0b16b13a5d84ec7ed29b9ad7be3b8159f872bd8b81a6bb46a6bd22063d9613a3f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f1b6a6e97f42f44be75d4beffdbcd34f

SHA1
cbee78cc084b1556feff84d31a966d5e5a4d7e85

SHA256
422c03553b4989c4056e4d2a5bebe7c081258b859319b36905216a828e33a5e1

SHA512
f46b71f19af30e17a6a32d9a90d7929eecef5ba69d084ac00f882a00883b929d8b76e237612aac1856cda0b376e1cdef958e2e0ef4b79d4136375868f98e7b64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c88c26fc5a52a34dd58bd4667ddc7ce2

SHA1
d486e5c62dbae66c31669c607da9cef595c561ab

SHA256
2759af4ee4dfbf194f5c09c00b262228fe2ccb2e99ba51f5255c2bac542e2dbf

SHA512
152eb30385ffb09f436cdfd4f5d8f2828d3c88ce6c873b70ec18c98b19c922d699c66ecc4eeaa0f30ce66485371bf63ce5d47560ca3414542573998fb2bcbef1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
df514b853bb32db0a898753ec1a4b4af

SHA1
163f18d4ae348408f8725d427cd8fffc3582fd71

SHA256
11fac28698378fe69f6ce1681e03bcef9e460341c65c13da04bed52ebb6866b9

SHA512
cd0102f1aed0923a24c65af635d44770078786c680943593b9b8059ca962606924b9851dc3c4b2ab236dd1e00b18820dc5029dc8bd1d812804eb64a545519e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ba73090f43a184dc2224c396648b9f8f

SHA1
40e22c1a457f622edfb4a1530c3500bc801781d0

SHA256
eb1f9f548b001e06f22e80c6433c81e319113416d3117f82b36e073355aa3285

SHA512
96c10ba269d9ded9e2af0716c78138e6e2c19eef46127ac909061c7a8a45edd16beeb4941ac78ae73d9f7aec121e28bd2a54c57400b1ed1c73b1d6f78fc1abf8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9dbc5c3e20e566beba8775c7ace85de6

SHA1
cbd248809dcd19ef3941d27e379703746c60be3b

SHA256
cfc268aa28a0fbbb453f05c8957194ad849a6e4af9c20444f2dc7e70e9d1cfdf

SHA512
36d4e6ab57626456e93c78302093cab94b2a098422f8236e3852f1ffd0c8fc8e962f1791e5cf6163329c45ec55f0b4f3a55bdc2a717e54db24e23df39bebfe78

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
6284af48a0c4c48b4a67d114c2fa5439

SHA1
b6cda902f2a56286f0f3c230ef1ee6916b4cfb80

SHA256
e5156ca18de3b8c231b8220071f695eb2a22affcd2f48e191b33e3941a1a7a5a

SHA512
3c543b7bf8770b7595f1f38c5f62932b4e77d71689463c938a71b1697419e90cb34b5ef27fa74b4a9fa03f7606fd65b18bbddfb65e6e56d1cdde7f071328dfb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
79fc921ef6ddb9fe4942214e829f2a0f

SHA1
f96283f4fc7816a400fe83ebf8d45b9580b7b52d

SHA256
c4494a4161b0025b01ab86456fb2d06c9379b4b95ececf3ff1a1733484c79613

SHA512
68d29ead54aa559e775d187a5ea25ccc16b57a20f7d6936a5f151f0587145556be76858a429948f31970324d62fe1017e0a404d47c7ecacaba9accad7d52a9e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
194KB

MD5
238c6680fcc82c47c0687880d16f8366

SHA1
0f94579ce0362f57419eb1b875b0caab2c546517

SHA256
6c0c63d2cf6cdeaeb264c71e1715b39713bba46d5206cd0e3427c17be194a182

SHA512
e1ee4c26065872eb01ba5b4a9c6683b1c4ae9d3d600f37cf57e12fc1bc6a47e5ba6a298ae748626c1f3d07f339fc59fb9aa15f27e4ff37059e01ef5e88ee3c45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\doomed\29472

Filesize
68KB

MD5
9124100e1afd520c391900a705831283

SHA1
81284717786ede68f3dd620ed661a208846390f0

SHA256
b41a914bc7ad6001dd5b9fd5c1c800e138119fa21d9d14092ea7c2940475c5d9

SHA512
933ee00bfcae067162a6f3f25cd8fc2463ad0be3f3962f5c56259fb555dea643d04269c56d14a5ec7181f34115edb23ec3ce56867ba8aa29f4465416cfeb499e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\03C5414C101F2F03E0251F68E14AC8998D89E1D8

Filesize
124KB

MD5
0bda7c3ee10cbb1c69ac805c7a8bf27c

SHA1
5e3470324e8e1e0bb236d782a61565a79afccab7

SHA256
f44eade4df9280b24c95eea1d7063e223b5ad834bd871d828c7a67393976d789

SHA512
829aa9e61e228d58bc63f648559780d668a59df576eebd1fb5e03b26a0edd941c866231067317a3cbdfcf2dcf67b1cc6b2ba5bbf295ec3805a3bec7678d43a0f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
791KB

MD5
13d9a6df67002ce92942b4cd9d7ff2df

SHA1
fb0cf33db6633a58582611ecebaed0b360f0d1e7

SHA256
74eab5ef8c7aef354d844e7ac9947d646b7bcb1ce4b441febf56d0e11d600f82

SHA512
b5533e222750646a3d222f0f354226ce9751e66317182da614653e7385592d2bd1e3f5de67cc7dee9c853f0d0a141117a50c202a810e24c8f401cb905b9bb09b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\4BCF7D608B2663D7D1515223C0F13E5D72484770

Filesize
80KB

MD5
962bec4adba76427d10cbb84d8ff25b8

SHA1
a83f7722d4ccdce980dc79a7c893921518239c07

SHA256
ecde7f1d704ddf4daeae46cfe494ee869deb2b7302a3c9f3a811aafc1f8c0f26

SHA512
2126a7e7b601e525b59a284ce0e967752aa75a4ae205937cf742ec1e43ba4567af9b54e430642257338e77e6645448625c2a066583edfbd05c83b7bf9bd2e0b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\705EEC7711E1081A5A4278AA905A36700F726042

Filesize
86KB

MD5
e35ce859ebdb1fb8822bb77220eb15b5

SHA1
a4d43b86bec8aa417d78665251a44fd40d3ab9cd

SHA256
48321ee0717c601d48c7152a049dcc6fefd144c48aa7b6d5d1f71f91c4bb9df2

SHA512
3415f62fb406f8891e207e499dcd664b62548fd690626cf740a1dc9e7abb583abe7f9bb02c294cee9d4a18057bb76f60e47dfe54470ecb98f9b49d774ecca74a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\8B2EF5E7C200034B9D66055C0C2B57587E121BA6

Filesize
14KB

MD5
9693765a1dcfdedb5e767edaeb45294f

SHA1
c6f83579d3e9077ce46ecb97f19cdc3c5ac81e59

SHA256
21088ceaee99695bf57cc45e6e939b52e63ed8377bcd09b6c1088d726949e454

SHA512
667e1d3f9f94fff9e952e113400d0e55d28713cb43793a8e4658c0c359243cc754f959e5386a0a9d55dc5213493c4d58e64ee4c77a461ce8ffa3f453005a0846

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\AF6E7B7DB9908D7B867517AC33D094ABD56E38F7

Filesize
81KB

MD5
cb44ca2efe23a36fb741e5180fb7b7af

SHA1
be6295269c42cc8c26f93263e7dc34512ae255be

SHA256
0a8baf5028c57be5686c6bc094dddb2a8953a52941755db16a6090c0c9031814

SHA512
ec28cb463f8918f9eec5b91fb5c79c3d5cd5f5217c1a15fdb4736f5a43c41274e0954c85c07e6838af71db21132fd7b484e701e11bc5d530342ad29275c8dfe7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\B6112E34CEA1F7F53B6C52D3C5799C6C2B45B8BF

Filesize
65KB

MD5
55fc4fa6aa61797931bdd61f65e566b0

SHA1
4b48d6a9cdf5a8414f395175622cd4157ad34afc

SHA256
808d96b2705b7a9647ae82e79417c59454fbee425fba22985433b35f5cdc1874

SHA512
e6674866680de823e65c8f13e06a604bd37d60a16b06857fe2a3bfe455eab823219725ddc0a59bba90fca36001b085ef84a1f24bbab4c8f42e9a994c0a701a97

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\BF0923D6C9AC3F4148AB74C98E937ACD57DCEAD3

Filesize
97KB

MD5
e58159ba9e803e8350f3b57debbc4c4e

SHA1
18ce789ccc20c888ab9737d3ddbe45711ded74bf

SHA256
ddb7ee3e1ffb825ef6963ee76003b2cb33b7c540d10dd6cb0674f90cee4b042b

SHA512
cb6a06076fbb7f4d5d2e82e1243c591596871d8ec13f7134590ff272e8abfb7fc78753bd702eb6d867cb56ca34b93e4c803b5787291dbbe7792cafb9e5a6f5a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\C88FE6FE8ED0018995E76FB6B4CAEB37655B5835

Filesize
2.1MB

MD5
b0d831608c796bfc11d9fb15a96cb333

SHA1
35633bbfe28edcbd1c1009a7bddec4ba9698cd17

SHA256
33528ad5d499df8493fd7de993a4ce4dbd016adf80c623326c636b515ca19586

SHA512
7eca9291157dc91d9d2afbb5b42fc0a3e7a957106322ec07be93b76e9b4d16634741fbceaeec6afdb24b14b21cf8ff43048e15e49f52270bb43e3d58d7af397c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\D207CA89781848E7ECA4C658F22D4AEF1B168DD3

Filesize
368KB

MD5
179f623e94e18769c6477ae0b38f2053

SHA1
af22d5224c6bc4248e90cde9ed98f5f9a5d99421

SHA256
842a1bfb5bdfebaa6e2e29cba27ee90fc173700219784475e519354f8d888207

SHA512
b5b761173015b4ee9937ad2ba942f1cd989d254b1e8bdcfd53d9d878cec2e32d25158f8e406fdeb2e3bbaf5b536919d3159e59728d8224dd4d244920ef51d438

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\E1B61C9BA0BC69AC321127A6280DFD369388EE63

Filesize
47KB

MD5
aa41e6a5306e62dc940c6c296e8f72a8

SHA1
6ac25adcc17dc8b36fc3b8d3aec72d746cdd3638

SHA256
94aa050b4cf7c15c6c8ec3e436a26c7303d3bbfc61256367fa286cba3154b692

SHA512
a915afd1a51e2b38ea5a6dc699be80645ed0fb0b1da7ce444e3a0acc23a642028c62bd8fa2aa3b6c1bf54439c4073797c08d789af55002d25ddc40c35fe80053

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\E6C22A3DFCD18E3C6145370266896FF76AE3F7EC

Filesize
39KB

MD5
f922f99e9e9efc1b830e84cb1700a2e5

SHA1
af6e5d1e26d71a4ba073e46014d5007a59e82fb7

SHA256
194e0102ea61bed3348070b9d01a692807958945283a033841524398d1954a10

SHA512
717163fd1a271d89722a9128a6f9f1036c0adb4a55c1a026299d16b6e80725efab212c51cbc7be1f7e72f277578a486a0b3b3a246e2102a885cfa2799ff73d35

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\E86994FA82B1413370C66B8F4BC7FE8FC21E99D1

Filesize
33KB

MD5
6e1c9a47d26834fa6d9cc9f15e389131

SHA1
0a2f2588af917877320b0e4c606265c5fd2cf76e

SHA256
e3584179e117b8343e031202fb4d07f3fc8f69b6f878fdf3838877794e99ac4f

SHA512
480e8b8a6bebd01cb75de69a6f1f6d630eca55b1426188d6bda1fb8b946be38ded710c793fa987f011158fe48944f097b86ad5dde0913d6c49008258055a3cf8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\ECE281212C7D34C2D33214DAB8505B450499A76C

Filesize
86KB

MD5
8c01cd0860f33b823635c3aee095e61d

SHA1
65c21fb2af07510776fa64df84eeb3e14aa879af

SHA256
aed70cda2fedec13e85e4bd762db8fe9a2069d0c3ad939e20560fbb055210f14

SHA512
ed94bcf777021f7095ebc3b90086cbccc115269a382839483f889a5c996a6dc33a5553f761ea1e2570147c96ca8f224f81b5902cd15c6e92c307da7c7ea3ad08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\F5A1FBDEF4E6F115791D6C8EF1598942067B8080

Filesize
79KB

MD5
1ec67fd524036b0c10bb4c9b75b91bb6

SHA1
82207f956156c11885d65ee322e20fa83f80ecf6

SHA256
32441a7a75f75b3ed1e31fc9524fb7cccde95239b92ee9168984b81320a2f44d

SHA512
4f99cd0a9e3479da0513444ee28525578ca03e40bd9e3b6f7ec0abf67d90a14207cd31295b56ff6212f02439f1cf37ae461c2df0baf19bc7492d8e1f826e8bf4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\F8FD20B3FEDC40556B36AD9EF0C3340C3B574766

Filesize
17KB

MD5
a8b323a0d216ff94f9d9554a9e21a0be

SHA1
8859503dde1b70b6571613d4f28eb442bd8914be

SHA256
451767c6d1ca5cb0c96d1013cc0c2587eb47122e2a0567be58e1eaf3f7da0b6c

SHA512
c7b4d7cc349bb688fd44bb129da1dcef1a31a5ce0e71a5b6cd888ab2cc25704da0a578ef925b6a1a3b90bb16d76a76fb035e716dbfd18d2048d7e24873e0cfde

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zEC87E41CE\StA-win64\data\shader\vulkan\spritemulti.frag.spv

Filesize
984B

MD5
c40ce2c551aac2dd72a74b67dd7644fe

SHA1
2bcea92975d2bb4d5853a2bc20fcd0c9dd9ffa60

SHA256
2f91be33933bdbd054b251ffe7b4c0843b73b443ce0505d9d6f1ac94760b2ea1

SHA512
e59d461dc9d11516b892e58cc7faf35a5d30190aab43d5cc330b419f6803005d2dd086c7eb0903f39aeac09f10282f62a64ba14a49d621677c578b76d66048b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
8KB

MD5
42e7c03e0e1f688a33929dcf48cdbee7

SHA1
aefce3b65edf536a8bb63b07360e015b1614d9b2

SHA256
53b45345d657255d27ac9aca2f87f6aabd13aa64dbf62a2223dd701c5771269f

SHA512
135016f4884e58cca2a142d15ea30f57d80ae00f0cab963dd50e6ee62d24e97162b4d50958a0baf96787b57eeb493c5008d1756cd8486aeea23b06df4dad5210

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
02b538b1d4c9aa9efa9d07928209d80c

SHA1
8439a0f3a9104683a644be0cddd1199cd2209c78

SHA256
8c636dacc799be5d5950ae109e98af176bc9d5c6e07599a77154e4da89f8ddf4

SHA512
66ca45e46f950a9e7c11c6162cc1ec118a019e5b86a150bb6256735ca168f918b057b30bff6983ab2c9220520e083540543e7f76ec2bfe0724152d16030f1acb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
41KB

MD5
9b68885147e3cf950d8293520c43d908

SHA1
6d0b7c9b45d99543102c7e143e02370daf54df6b

SHA256
d9bab8db2203c8700a7e55dc0c44549a54b2e80cc310e0e058dfe5b6e6219834

SHA512
c1753acf347e6bfa56974e8d7484f41cef81d1e93fe1abea9e78d47765d4dfdb39f8cdc2a245fa00a087b318b2c771c0a3dda6b97aab4a1bb3fcf329a91758f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
fa1a596fc41f250233844174af505f62

SHA1
feb54407360320a17888a2e44966418e6dd31330

SHA256
64a7c5a6e93a70002feea2b8a95cbe56cffbcfa992f197732530e7f079b85d00

SHA512
daadc0cab5fbf986b1849fa32a399304801e24f02f221227401d77ba87703e10368ad68ca5220391b42c7b9ec76d36583b87073e3a3f6dc271bd7e013ff77276

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6298f35c3607c8a4ec9e29b08a1b25bf

SHA1
0fbc184a9b865648d1f23ff8dfd9f30b45b81367

SHA256
1cc3c85c5c0e432d3e74c2495e0ef79d5b3541e0319597ec201ca377c0ef592d

SHA512
9c8aacbbcc22aaad1ca8ebb14df697a6af0c177ced97c435da85731083368487d232204de7628b4e9918964e264a84b7d2a7d96aec74b4fead26d5501b49d559

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\b9ef4059-5f4f-4c02-9ee3-a2834540ee3c

Filesize
671B

MD5
8f7c6825ef178b5a474096c5d9db096c

SHA1
e1500dd3176e785531059f28afdf3f2be79b19b2

SHA256
e3eb259f53456f7e97a7d043017713536843a1bb31db88aeea1cdb6ee1df57a9

SHA512
590943b3fbc51918d841bc624bce3a4eff28f01719762c289ec37c6c0a667a99562bcb1a5e53635c8935bd9c3efd3db05db3ffe1a123fcfef5c14f626e8abf79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\cadbc22f-f9e1-40e1-8ff4-a6341a55b7b6

Filesize
26KB

MD5
7e2ce8e9d5d01a5cb3d1f3e48a6904ab

SHA1
8a15a858217894e0b9725db403657bcf1368c057

SHA256
26c5d3c31d65d07748fdf7746792292ebd33b28ca260d36ee406e7c671f47deb

SHA512
0ba603cfd30607bc7d69b98230a3cf5e445ab74a80e7b642526428850b56388b4d9bad5df0b7db7e30507d67c59875e12840243d650a9c3030a58c24ce15723e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\cf4e2c4c-4d6b-40a6-8425-c31294c8c517

Filesize
982B

MD5
839a9766a1bbfd4ab89fa04eb1079cd2

SHA1
d20d1ce9943349655c3e54bbb8fc03e99e7a10a2

SHA256
97c9f865186d1ed6a5dee0e630ee34aed7cb4c86635b71632ae4feb7eba41dd8

SHA512
94e8bf706709185c61aa9e7dbcbf2b2011cac8d3ed704b149678297428e2c3e5f914770acc80bd532ba0fa5cb60fbe864be1d9c0edca23024e1271ca9f29499a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
12KB

MD5
30c95171d2d3b6ff3c362fbca553a0c0

SHA1
935415af6af3efcadc26ff9756164f6672e4dc8c

SHA256
2ae935ddfb20476534864732125abf2b78afbfd06fbda0bf8d397fac01878b99

SHA512
d274d9c6d6ce0526ea9d1fb591adbbe197736e060be60f59ed014c0a44cc4c19f2b19993c393476390f6619437001181fdf22a85bffbd13a41a4d37f0f2d0922

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
c54709466933602bfb8aa1abc3f76f15

SHA1
4f62a6c127cc088e9d2de332b189328807b433d5

SHA256
163775107cc645939b68c52c4a12ba152efaf584f992a2ab320e174010d546d1

SHA512
ca4b7c2505d91433ee66d5ff149aab9002c9a79e1fe45621e04644c38cc59d3b6e08b12b20d8471a464964a0234c7e220aee9452a219ab7cf9d2618f89154041

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
13KB

MD5
67749653fb2552c6d75d72c0261a471a

SHA1
8efcc899e6a008aa366e4720856b2bbe9f6da5a1

SHA256
d3455193ce4d1999855cf5524ecf951a9edc468a8563dfbbe842c35d1cfa287d

SHA512
94bc46155285820df42ea72508e8750495301448d4f04c2c340b4a4c9a8166c775815bc973a7ca10d2979b14fb163878fe53ec04982f1c1d6fd841079f65bcef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
362985746d24dbb2b166089f30cd1bb7

SHA1
6520fc33381879a120165ede6a0f8aadf9013d3b

SHA256
b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

SHA512
0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
e1d637c0eacba1fde01cd28f0fa8bd0e

SHA1
0f7d9fdd06b2e500a7f4db3b66d89cfe7ff61c4f

SHA256
d7e2ae9dabbc7937b284fcf75905a824cc9801788ba8737d77139d1f01eabb3b

SHA512
af804f31aa415b364f58f7f8f832c52910f9a7860a025badbfee17e2cef1177d5f0c82f90a211aa90a1ddcd588e3095424a2a0ebe1c8e3f1559ce99d40988105

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
a6ae0e44d0aed6151b8815585a61d051

SHA1
abd55aaa05251f93b30698b23bff186f167d8425

SHA256
8b50ca8479b8081b373bc2f394c670a77d13df42c5477aaa5ab274036412de65

SHA512
89a0b5856df28d2bf8a839f489cf9ec1fc0706647eb678fb37416355d637f831d18637de44dfa4042b97c8f2a6bbf2731093f3ba9011e327c2a2dc538186fd3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
79cc88c932e936dbe2dece2b43c9ac5d

SHA1
3e1f94483e6f691e8519dcf6d689fba328068f91

SHA256
b49741216d0ee84193b36de164607211a1400d78da9de61a4fcec9d7ee21d2ac

SHA512
2845ceeda2d65ae34dc6d87ae2c6d91473623c4e5051c7c8576dcea12b6f637d03476cc75b7632e9e69892fddc31d46c42ea166bbc69e68b1b42c58ced50c136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
9a9aa6b18a4d7ec8841a191c4ca0da41

SHA1
bd8afb1319a5dd64e562d59561dce1a05939b927

SHA256
e806624b4d435520252e216d84543f5b4b382ae7ce1336c47fa3115e476855c2

SHA512
e914969c168a03f525a8580820447096cc4bf35ebe60ae43d9ffda583eae63bab706d376dff10744ea05282cb3f1584e1b0806a3b73bddef77a7d57b4d500077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
1e93fa23eadc439de04b2915a62b7506

SHA1
462da6205594f56e3f522789fc47ac9ee6264b65

SHA256
f1d980791fb92d8d21e7b264516ee9447be4b625028170f9a870b2284e878523

SHA512
33c925e551f9efa79a2b714f2b9f73d7f3f0da54d2a46104764595d5a08cbc6519cb97dc0a952eae3987a0675a50ffa27a8c53253dcc61bb73758b1bf60cb974

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
ecc6da37204ea8a39ef5505b447a831e

SHA1
e69cc7cf5f3a561de2dd454c86530bb56df17e3f

SHA256
7b98d2333527f812f90d44eff737afab52375b6bec5106860fe5a394dbc6e458

SHA512
07af60c05102ddefc5c1491b46fc111561b8702e8a5a5edc94c5694f0b5105bdf602c96c9d0d2bd41355672c026f025e5373d2afd301cbffaa48b259f1f3ba30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
617e2c87740e7fe40792189988d2b9b8

SHA1
d90b9612279fab3e132142972a76cba7f844785c

SHA256
50d798679dae2b4e3a8e7405418c2b744b554de32d2498b3f3c8cd0a93b9f043

SHA512
3db090fdcda435079cece286519e38996c9797caa17fcda4b820014288d892f702b9c297d2c93be0fc5ee0b6bd5255aab0c7e570df8fdcda55366c843dbafec1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
9ef7dc250b1e591876dc7c28622746f3

SHA1
c635ddd74c4f7fa18e9d5a8e73dedfe57255afe8

SHA256
6a2393f9407fc37f9df9f9028ebbfbf1dee702c284ca1e9435b46d8f72876712

SHA512
5f4ea0801d135a2cd725afead5210f602c1e8338f0b9d3484f805f950de08c7ae5cd514d9be51de47f3f775134725a2afd99fc845d1c5a8c6b4ed6cbeb27567a

Download Submit
C:\Users\Admin\Desktop\StA-win64\DDNet.exe

Filesize
3.7MB

MD5
45bc2dda5e3ba38a8669c99d250efff1

SHA1
a71dd535407cd9fb92703fe499dc53ccab3f9cb2

SHA256
a2d96ed66e3a9f69577a7cc20e24ec2c0ff8358bf80d62c4a7e6a76d9ae775aa

SHA512
2eaea29479bf2f00367327065eaf4c8171bc3d410287b31c658ccd252bc272652655c6882d97f27d83d8fb75182258594318baa6c688ccc372d75ca7a8a8484e

Download Submit
C:\Users\Admin\Desktop\StA-win64\SDL2.dll

Filesize
1.9MB

MD5
8d1f885c12acd28e8ecb9ab29cafa2e2

SHA1
91cb94979d695231f252617333d87c5fd79cd2ba

SHA256
cbdd472ffc6b6b965bed1897ac748257ab1cfa33dd39f19c35c40cc2a48c1d7b

SHA512
cda11e125a2af7d7676a87cf6b15ed169955b83bc7027031271064b9235ee740c7cdb33b887c848af128da72eda497e1bd947722c5757821ea436d171d28db10

Download Submit
C:\Users\Admin\Desktop\StA-win64\avcodec-60.dll

Filesize
2.7MB

MD5
19d37e42e15cc57fd9430feab54e638b

SHA1
398f3d4f06e4b22244223165cd829c26f8ef4aba

SHA256
72f9dfc4551b13fc6c1101fe34da7b5255a4b45d2e5a29763938d8d3057652a8

SHA512
60ee03bce3ba320f2c63363744f54adf721eb9514f33173fa53806117b48501fe9bcbe66e5465a5c5aa16ad3c6ab38e17170ef0d71eacbc8d94969d9a78ef761

Download Submit
C:\Users\Admin\Desktop\StA-win64\avformat-60.dll

Filesize
452KB

MD5
857a711da19f5a22aae8d6fcdda8ed82

SHA1
217ce92e4a83ec5782fd7990969d54b0dcf373dc

SHA256
69e39ed914154bc021681b71dedc08592e3a35c54f345d448a27f429d833d563

SHA512
5df4b02c33b21087eeaa41e93e06cc63b41e7ec761b6309710ebec2625cb661b58e01f2d52f1f681ea2832408e0e22fe9b0ffe0fa9987bacd36b8b9f0140f787

Download Submit
C:\Users\Admin\Desktop\StA-win64\avutil-58.dll

Filesize
935KB

MD5
a380b1b55583caeb7f0bd3b1be55b81d

SHA1
6e258ede726aee0199e91631bfe0e43d8f957df9

SHA256
57c2b9b6555a82307423218335bde6625317a5508ab03d3a62816ae0fb98f127

SHA512
72562fd20554b67192fb82fed611b6bc9d8dd1944378d28bce45b94f4ae9296714337ab54cef52309452a0658f49e8c35699064411819b7f6b05cc4950b9d5f4

Download Submit
C:\Users\Admin\Desktop\StA-win64\data\debug_font.png

Filesize
3KB

MD5
a8e8d9199fe2a9772dbcfcbae6eea4db

SHA1
8f1a937fd3706954335af4d76b1856a11d615094

SHA256
12612f2eddde68cdfd0368193c5ba5addf4d434e14a9d62fde311025f5b25d73

SHA512
d0c2ce089543c8cdedef0977993ce88bae79e22f0e5b5affbdf12e1fe21d06f7c5acd5014be9da0b1688ac944a58e6d4be72a568c4c1919a9f0a4048bbb1ef7f

Download Submit
C:\Users\Admin\Desktop\StA-win64\data\editor\background.png

Filesize
54KB

MD5
ccaa244fa269002f3a6a49357290b6b3

SHA1
9a1cefcbe24163c696a1e54f6bd6bb84f41da841

SHA256
920b26fddb9c1e013343a2c2b78d98002678ab9f71e9a24a799e8b67e8902302

SHA512
02a6056fb649c0f1c0fa68702bd6d257c30f8590e758e257cc8b4f469de9cb60b05ffdd4944a89e0bec60865d4e246cd7471a49ee5a825c86f5f166b791f9ba8

Download Submit
C:\Users\Admin\Desktop\StA-win64\data\editor\checker.png

Filesize
114B

MD5
2cb6250dde15b170a5515f6cc3053859

SHA1
99b632d9941c1d58333838f479f8336bba1c2666

SHA256
b7e20610ffbd33005b64f3549e252404e3a9dc87435c16075888d41633b44545

SHA512
f76d713db0cf6409623c2b1c0330846f8fd66e38b920160f7339443cd37d31f5b90e380799c83880effc2b1cb27e8efc6bec29f0c9ec9a75ce4140a2a16c937a

Download Submit
C:\Users\Admin\Desktop\StA-win64\data\editor\cursor.png

Filesize
1KB

MD5
231ba143dc4247ac24b364aed137c978

SHA1
422c977ee1c307795ffa1862c2370b9143c0d83d

SHA256
05d5f8cb14f0f9c460ec4710f09937b9a057585f6d545a53382e607c394a511a

SHA512
cf8eacb289192c033527e5fc4ec0da98c2877a5dc086e282cc7c795ebb7e16d630e7c5322fb4e893f45cedbe0b1d4afcacc873423971d389b0db73ef1992b2fe

Download Submit
C:\Users\Admin\Desktop\StA-win64\data\fonts\DejaVuSans.ttf

Filesize
739KB

MD5
be189a7e2711cdf2a7f6275c60cbc7e2

SHA1
bbf4ffb55ff0245a88e185353c010a4edaca80ea

SHA256
7da195a74c55bef988d0d48f9508bd5d849425c1770dba5d7bfc6ce9ed848954

SHA512
bac9c62c06be700ce8067b8b5ed3263329ac84b3bd98e8daeffe46d13a00c6ff338fb5705f447529bf3897ca2e26ec10a1f329ecf30bf02f1473cc8d7e991818

Download Submit
C:\Users\Admin\Desktop\StA-win64\data\fonts\index.json

Filesize
515B

MD5
336658ed7229b0e39f40149d9fa739e3

SHA1
3996dd4897b41d38342e2cb25a85a5714c75fa42

SHA256
93aa9ed6c63f4b0aa0967972e02229df7b2274ba03492733d50b7bf18a39f9d0

SHA512
85a43706f7942145d686d43c4d8efcf42f47471ace22b432fb9520e6b19ee2fdc7f38605910264448f7ea0b0b4cf4fb41de16243ab01924c155fbb1b85d20bc5

Download Submit
C:\Users\Admin\Desktop\StA-win64\data\languages\index.txt

Filesize
1KB

MD5
2d214b47f4ae81f7ae25da4783463e73

SHA1
833e807bcd1bcc5b4913292e3ba329262fcf8eb6

SHA256
b8219fd60d12922bca9d3e5dc092f5998502a68802726c551c3292fbc1af74b4

SHA512
f86bb8fc2bc32e10139ac0ea1307e2c99bdd9357597cc58b813f84594f7379ccf38563971004b2e417c18d6fe258f1a9d7814fe4752a863748deacce2499583c

Download Submit
C:\Users\Admin\Desktop\StA-win64\discord_game_sdk.dll

Filesize
3.3MB

MD5
4402cd4891c256ee40046c6092afdcbf

SHA1
914e01743c7591beb79a61417b262caeb23e2c20

SHA256
a6b6d7df00a58dc50248d91048578d0fe52182286b487ef89a961fd10467dbd1

SHA512
78da4181132a02d7d17ba4b2839018dc43d7d691c8bb01d34e5f7439df9c92951ce687e9487df158c44e764275b45d6800f6629ec2a175cc4ecdf868292291e5

Download Submit
C:\Users\Admin\Desktop\StA-win64\libcurl.dll

Filesize
511KB

MD5
320b4cf812b92d1bb91604e33741d9ae

SHA1
1860eb0e6f85a11285cb9e98465ad8f13bac0be6

SHA256
9a8038c80c046ca40e27fd1258d761cff67eb78dd19b4bd0d43691b88092ac5b

SHA512
a9b0b7bcdced5bbcd5c986d4faaae0e0fc8682c5a701d44db8985b5fdbdc81909a0ea967f15d573255d81f944263b5c6ccd8a4a13402184a1859d184e5bf635e

Download Submit
C:\Users\Admin\Desktop\StA-win64\libfreetype.dll

Filesize
665KB

MD5
016d0c4323ea3ff355ea65c5b8681de5

SHA1
2012e44afb45dbec98b5cc18bfb0e7015c7feede

SHA256
0aa497aec9b462765c2b0142c5387f2af761719f60d24c072eddb4604a18291f

SHA512
a416d51e883a5b64bc3199ed1eb94a9553b16c10dcf45f9b6710f82ccf4f48096029062e53e4f86f99c9a48b009f74152799c2090d81b64f695bf6591d2d574f

Download Submit
C:\Users\Admin\Desktop\StA-win64\libogg.dll

Filesize
33KB

MD5
5ea985fe0821b513fb4d002514f0be00

SHA1
d3ddb70c56546d53224e0e742c13e630a86c6f21

SHA256
5187cbb032ccba2ec40f460572576e964d6e089f0b9ec75d975f4a24c7f45ef9

SHA512
2a7bead202c013981bbc5ec505e36f3ab898d88c971a3a5efd21862470579b20769ebb5241e4854a2ed192fb1e9b7a0c8473bf3669cfefd67ff42c780bd88276

Download Submit
C:\Users\Admin\Desktop\StA-win64\libopus.dll

Filesize
544KB

MD5
d1e88f2125d7bd8b1d375aedcf1fdebc

SHA1
39f1dd204db03aa2194ff07d29a149377b04b9b8

SHA256
55a25a986ef2bf874503e9800668fc5292a9ebe3b011cb3569706c8629d0dd95

SHA512
f538b0b192be0218e22847e79c398a2232aa59dcf4a97827511c1d296b8fc68f3988e63123e28d94018cf55c0ee771cbf56958e345ba3762056ec1ba760d478f

Download Submit
C:\Users\Admin\Desktop\StA-win64\libopusfile.dll

Filesize
49KB

MD5
f69a5de7fad79e0cbac3909d71e06acf

SHA1
03342585c470080703b0aeedd28143cbcb37e8ff

SHA256
5f25c3fa2feaae3d6e7c129b043b1a5b51ae4db1bdfc2c9d4f77030e24bd8f74

SHA512
315df87137af0befe212e779a8daab0e1857e18422219bc389123ab2d3b50e2e9f074c57c7d13d61e23ff93eec58e31257d2bce4292e25cea025ed0eb278e208

Download Submit
C:\Users\Admin\Desktop\StA-win64\libpng16-16.dll

Filesize
278KB

MD5
b00a038c1d88b01cad2466e28170c915

SHA1
0ac91b6f328a64cb89ad5c51cc173f13c0db2438

SHA256
2df3c84118fe9d0b4e973242740dd9a7f79ba92810ada5e2434766f750e026ef

SHA512
aba737edf594a588ef2a26d466496ed545b451709fdb250626f7f07e24fa52298b5bebea0e7e1548ebe9f936464ad6315d373f666742ee975320785e52179ca0

Download Submit
C:\Users\Admin\Desktop\StA-win64\libwinpthread-1.dll

Filesize
55KB

MD5
328445252bab42fb5a44fccf48e69ae5

SHA1
3234bbc717fa215e605eecb3c00e27b3501918e1

SHA256
b08e275950001e5743c7ceb2dcf74f7026994423f7d5dd786971d58c5be34644

SHA512
c9ffc5fcd9a0ac57757261238198253aa1c031164b5250602d2c2e7a97a44cc11d0f8d4ed4e6c3632331cf34a666737772c8cbe87d4f7ce2836e3cf6560cbb6f

Download Submit
C:\Users\Admin\Desktop\StA-win64\sqlite3.dll

Filesize
1.4MB

MD5
64b13a1ae3e9daa39a4804b6474a69c3

SHA1
bfc823b27c3f978a7784d40555f3110f1688b95d

SHA256
6733f301b8d14fcac361ef4d0faa00952ba54db46fbf4102b6957f029ada83b9

SHA512
2e4eb98678d81baa253f61796414341df26b3d5899800c421d68477cc1eac3689184f7d64d58f600ad1bf5a17e1d56c176a5ead4e36c273c5eee78bce015f71d

Download Submit
C:\Users\Admin\Desktop\StA-win64\steam_api.dll

Filesize
14KB

MD5
3a97f4e6f92ea7bf279bfb44d2ea7fb6

SHA1
69ffb92a9e170114cceb8da28ab1fd7ad0ab9960

SHA256
8419eff782543c45281e05ebb83a5a932149c6401f28f8f0f763206912bfdfe1

SHA512
3e5346c786c744421508fe5a26bb88792e2823c5bfc3185cbf5adea6f620dbd60b49e643a3c00d945d2d03d6b843f1a4fee35aeb87aabe297d62bcdcc33185a6

Download Submit
C:\Users\Admin\Desktop\StA-win64\storage.cfg

Filesize
987B

MD5
289d88fa4da40cc7cdc40b398820e4b2

SHA1
d8acd6d08d488ee3c5c97aa56e46e891d9b29799

SHA256
9ad3226c30f0c4193252baea4beab73d83b482a3ab247857da49aa9c09886cfa

SHA512
be7f966d7c8f39ed3c905a3110444dd81f8ed0ba1db2aa613c07606d7a1d6cf2d1282801aaa6127e0658a86add5486f8af75b26abf178470c847e74178845ce2

Download Submit
C:\Users\Admin\Desktop\StA-win64\swresample-4.dll

Filesize
124KB

MD5
7c62683e9cb722a834af8ec332d5cb85

SHA1
f1379ad24dba6f39c93810f8add52f98922c5665

SHA256
45f8c1d799fe4b25e802659fbe8de3c6b5e1b663a5e6147025039e1c291064ef

SHA512
f892abc7acb1f4bb4159cc2935b296e852f8c84247fc89e17f8bb7df99d460bbbba541a73bcae54d8d623b0609f2329e587eba8c40f411a6642ada8921e82be7

Download Submit
C:\Users\Admin\Desktop\StA-win64\swscale-7.dll

Filesize
595KB

MD5
7e12f3203f35bbc00b47d4d92f47d2af

SHA1
d2e396428554f2d39616d56d9161315c1bbc12e4

SHA256
e3cfb82cc6c67a976fb378c1b1ee1d79557fef63a426fbc0863b6d75c3f1504c

SHA512
2d969ff6fb5dd59b478bea3d5dc43bde9a48ce71adea079bd6287c0ab1ce7126547e5ef73b48b30469b1011ef8431dde63b0b6170a91ee518415e0bf3930dc74

Download Submit
C:\Users\Admin\Desktop\StA-win64\vulkan-1.dll

Filesize
1.4MB

MD5
af9b616f8dac435c0b5017b8a87eedd8

SHA1
47f09d8e12b0cb5559fd583c5eb08936cd3767b9

SHA256
aa269102360057118163c0a53917c3c80cdbb5468c1c494f23f6ecdf21140efc

SHA512
7a0307f465ae74537bc86e1e74c7032125ba17544c0f7f01af11e8463149911e23e627fbca75110e39922ff238d93ecb4d0cbd72a2630a8901cb4dbbf2241f59

Download Submit
C:\Users\Admin\Desktop\StA-win64\zlib1.dll

Filesize
112KB

MD5
72c6ab0d812123687d9571257ead6f9b

SHA1
23f69d3e25b520eaf4b7c142c828d06dd05c882a

SHA256
f30c754851e160f715f05f94ff97d55bbf50533d0d39376cd0eabf36f135c512

SHA512
24982412c82970c0666a38afce91884f51bea50c0425b73c51c066e8682f8227851756c1677a1f4d81c7c40ccd45ca1c4c5b9d2c1cfe9d9ad91c48de3875c09c

Download Submit
C:\Users\Admin\Downloads\StA.UPD13.rar

Filesize
49.6MB

MD5
3976d72f9edc779ac8998a58ddbb2bef

SHA1
26036f6fda80e73d46f8e0bf4aa4c4af20d4698d

SHA256
e6e259bec0c92a3d835a8f08c6b7712a594eff5e6200ae644c0f560866b982f6

SHA512
aed25c70960d6fcf96008b62d86ab9980a43f5a356c5af59947009b435703f45b1d69b92d2209ad5b8b67d0b813213ba8b32da39e46e4e7eb409f28d9359d384

Download Submit
memory/5960-3571-0x00007FFCA9010000-0x00007FFCA9038000-memory.dmp

Filesize
160KB

Download
memory/5960-3565-0x00007FFC98F60000-0x00007FFC98FDB000-memory.dmp

Filesize
492KB

Download
memory/5960-3573-0x00007FFCB2800000-0x00007FFCB280E000-memory.dmp

Filesize
56KB

Download
memory/5960-3572-0x00007FFCA46F0000-0x00007FFCA473D000-memory.dmp

Filesize
308KB

Download
memory/5960-3575-0x00007FFC98230000-0x00007FFC98394000-memory.dmp

Filesize
1.4MB

Download
memory/5960-3569-0x00007FFC98780000-0x00007FFC98B43000-memory.dmp

Filesize
3.8MB

Download
memory/5960-3568-0x00007FFC986D0000-0x00007FFC98777000-memory.dmp

Filesize
668KB

Download
memory/5960-3567-0x00007FFC98B50000-0x00007FFC98D54000-memory.dmp

Filesize
2.0MB

Download
memory/5960-3566-0x00007FFC98D60000-0x00007FFC98F59000-memory.dmp

Filesize
2.0MB

Download
memory/5960-3574-0x00007FFC98640000-0x00007FFC986CA000-memory.dmp

Filesize
552KB

Download
memory/5960-3564-0x00007FFCA4310000-0x00007FFCA43BE000-memory.dmp

Filesize
696KB

Download
memory/5960-3576-0x00007FFC95550000-0x00007FFC955E2000-memory.dmp

Filesize
584KB

Download
memory/5960-3607-0x00007FFC98D60000-0x00007FFC98F59000-memory.dmp

Filesize
2.0MB

Download
memory/5960-3577-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/5960-3632-0x00007FFC98D60000-0x00007FFC98F59000-memory.dmp

Filesize
2.0MB

Download
memory/5960-3578-0x00007FFCA93D0000-0x00007FFCA93E2000-memory.dmp

Filesize
72KB

Download
memory/5960-3579-0x0000000062E80000-0x0000000062EA6000-memory.dmp

Filesize
152KB

Download
memory/5960-3570-0x00007FFCA9C70000-0x00007FFCA9C85000-memory.dmp

Filesize
84KB

Download