ddfa9799f4c84be7e70ff0b3050c18ac0cf03cfba624b092b18d98cc1c227577

Resubmissions

24/08/2024, 19:39

240824-yc3avaxelp 7

24/08/2024, 19:32

24/08/2024, 19:24

24/08/2024, 19:18

24/08/2024, 19:13

Analysis

max time kernel
1199s
max time network
1200s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24/08/2024, 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup RealStrat 6 v6.1.0.7549.exe
Size

614KB
MD5

5e8c8e327b3ff8c676097588a3fcffb9
SHA1

369e62a460d49bccdb78b8c2927112a078cef249
SHA256

ddfa9799f4c84be7e70ff0b3050c18ac0cf03cfba624b092b18d98cc1c227577
SHA512

d5927d022b5ef6dd73805994ae0b158062bd8dbb8d19bada4f8b62ac3317babba732dd0df32b97b9f100cc140a8b23a30ee4413898eb951633fd31bc8e62a0e5
SSDEEP

12288:uaHc64b888888888888W88888888888+7GAnqDjxiZl8zAeONQ9uZsnDmi3b+zZO:F86v7U91BoQ9uZUR+zZdQ

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3956	Setup RealStrat 6 v6.1.0.7549.tmp

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
251	mediafire.com
248	mediafire.com
250	mediafire.com

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup RealStrat 6 v6.1.0.7549.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup RealStrat 6 v6.1.0.7549.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "210"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31127133"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "111"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31127133"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "2240766196"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = b09fca9b5df6da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "790"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "167"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "204"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "124"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "111"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "51"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 30b0c7815df6da01	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "2239606195"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "124"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.mediafire.com\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "769"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\NumberOfSubdomains = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31127133"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "99"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\DOMStorage\app.mediafire.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "226"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039570b57fe416e4dbccca910bc3eabbd000000000200000000001066000000010000200000004cab14df8368796d95bacba514bdbb315705584931fcef5459005878d8c89e85000000000e8000000002000020000000639ea758e96c471fd4dea9e52f074fc02d654983e9b8793779b6a1d1b7fb59db200000009e2fdb1dc8652d9d26798fbd68a008fd7b02584cda2cb5027784824d786d8cca40000000aa417d24a29cb4328c4efab0ce09172f3953fdb6ffc1602902c62f3307f7c2b4d6c492328c720b91518b77ffc2962ea3896273adc69aeebde4c6f3a308aff530	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\VersionManager	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "204"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "132"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "226"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{B0E0AA89-6250-11EF-98CC-762C928CCA03} = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039570b57fe416e4dbccca910bc3eabbd000000000200000000001066000000010000200000008150885f24d3d7d6b8ea3193e03e16373e06025ec081353d0aeba10f68e8c2a8000000000e8000000002000020000000e93b687d77ce0103b3c6c44e0b07b72c8b33a25e683d6f32425675f0be709c39200000008e4c0e63eb1029022eeb2c2f83b46514823158fb18b8682217160ea7a52bb37240000000065da4ec62679baac773347584cd56a177832620dc8ef18cf8464ab333b0ed4dda23c685c7c94ba15bd64db15695ec7cfca3b9bb94a93a4268c984ea62eb3f15	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.mediafire.com\ = "769"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb0100000039570b57fe416e4dbccca910bc3eabbd000000000200000000001066000000010000200000003eb1aacc9b978ca4975e4c94cb6dc67f881dd1d5f1f2d75248042d250fb2865d000000000e8000000002000020000000a1f33890590f2ee3b18c7236c8c5a23da6a8024e5899b2aaa6433115cfe9107e200000000a0927d1285e1390643be9e575ae2c4deacc14ad2bf5b2bb5ea187a1d37fff35400000009796b580df327f927eaf6035d715bdd1e96ed8a6efd80f17f9afa52f1871f3785061f327ebf032c80d2d6bcd0873a2446d264d304452f5bdd397fbd118627b2a	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "21"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "56"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\app.mediafire.com\ = "124"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\mediafire.com\Total = "51"	IEXPLORE.EXE

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2280	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2264	firefox.exe
Token: SeDebugPrivilege	2264	firefox.exe
Token: SeDebugPrivilege	2264	firefox.exe
Token: SeDebugPrivilege	2264	firefox.exe
Token: SeDebugPrivilege	2264	firefox.exe
Token: SeDebugPrivilege	2264	firefox.exe
Token: SeDebugPrivilege	2264	firefox.exe

Suspicious use of FindShellTrayWindow 24 IoCs

pid	Process
632	iexplore.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe
2264	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
632	iexplore.exe
632	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
632	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
632	iexplore.exe
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2280	IEXPLORE.EXE
2264	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 3956	4472	Setup RealStrat 6 v6.1.0.7549.exe	84
PID 4472 wrote to memory of 3956	4472	Setup RealStrat 6 v6.1.0.7549.exe	84
PID 4472 wrote to memory of 3956	4472	Setup RealStrat 6 v6.1.0.7549.exe	84
PID 632 wrote to memory of 2280	632	iexplore.exe	103
PID 632 wrote to memory of 2280	632	iexplore.exe	103
PID 632 wrote to memory of 2280	632	iexplore.exe	103
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 3964 wrote to memory of 2264	3964	firefox.exe	118
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 1088	2264	firefox.exe	119
PID 2264 wrote to memory of 3660	2264	firefox.exe	120
PID 2264 wrote to memory of 3660	2264	firefox.exe	120

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Setup RealStrat 6 v6.1.0.7549.exe
"C:\Users\Admin\AppData\Local\Temp\Setup RealStrat 6 v6.1.0.7549.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Users\Admin\AppData\Local\Temp\is-UU5TU.tmp\Setup RealStrat 6 v6.1.0.7549.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-UU5TU.tmp\Setup RealStrat 6 v6.1.0.7549.tmp" /SL5="$70248,121344,0,C:\Users\Admin\AppData\Local\Temp\Setup RealStrat 6 v6.1.0.7549.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3956

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1920

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Downloads\MeasurePush.xht
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:632
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:632 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2280

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce483e33-5e04-4a1b-8254-76175e2961cb} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" gpu
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2360 -parentBuildID 20240401114208 -prefsHandle 2340 -prefMapHandle 2328 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8a1af9e2-f5cf-4a1e-9b9c-118aa9c78b2c} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" socket
    3⤵
    PID:3660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3236 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3252 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b8d224b-22b7-481f-a035-8789d01aaf9b} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" tab
    3⤵
    PID:416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2500 -childID 2 -isForBrowser -prefsHandle 1232 -prefMapHandle 4148 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6d023d5-7190-428d-bfde-41bf0d71746e} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" tab
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01460c9e-17bf-48ec-84d3-171ce612e9af} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" utility
    3⤵
    - Checks processor information in registry
    PID:2940
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5392 -childID 3 -isForBrowser -prefsHandle 5344 -prefMapHandle 5368 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd63add4-f61e-4c07-a212-58b1b60e0311} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" tab
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 4 -isForBrowser -prefsHandle 5592 -prefMapHandle 5588 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc66019b-eec9-42a3-a548-95e2568a683f} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5744 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfca80fb-2268-4715-9be1-51bf4a1cf537} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" tab
    3⤵
    PID:5592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6252 -childID 6 -isForBrowser -prefsHandle 6240 -prefMapHandle 6272 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d082bdd-6919-4b38-a0d1-62705e5bde92} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" tab
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6300 -childID 7 -isForBrowser -prefsHandle 6548 -prefMapHandle 6516 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1284 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e7eea32-6d22-4c4f-a715-29cf821f7540} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" tab
    3⤵
    PID:2480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6680 -parentBuildID 20240401114208 -prefsHandle 6688 -prefMapHandle 6684 -prefsLen 29357 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4297be8-603d-4139-a440-16cd604c22a3} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" rdd
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2652 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6668 -prefMapHandle 6672 -prefsLen 29357 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f82215a4-8c02-4771-914d-f0cfd01bfdf4} 2264 "\\.\pipe\gecko-crash-server-pipe.2264" utility
    3⤵
    - Checks processor information in registry
    PID:5396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
e0bb119b734bd28ccbf31009397367f5

SHA1
54b097cc98bfe23500e25603d088a6b3eee7c97a

SHA256
05dc8c8c93f13fcc388a93f5cf37bc6b3ce00112b91204a8349f6e5c739f3036

SHA512
37648d6d957b5ae64cc5a459d144ca693b63a83885b19221c153b0aba0bd7aff392ca75b375bd2d7a7f8be02de0bba804e50f3afd95e73a4357089cc32aba147

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
471B

MD5
24b058af4bd10c66639c4ac8385458c0

SHA1
8d4b1fa2785b07494de16118fe62aaea8f1f1d67

SHA256
817683ab90d951702ea5c73d73350968b7c4a0da7f27def05bc7cb617b8122f3

SHA512
d7ca705e882ace4d480fef27ef055e1a83cc4c40bea786a6d328616b3883d0cb2f9334a0bafa1d7cdc56df5b194dae63d16d16917eae14774c7ecf95eebec975

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
025ad11c2a302780f6af7cbaa45b1a1c

SHA1
b8542cf5b4186b9a60d90deefa2ac87aed919128

SHA256
128ab4910e3e46292e0a6bcd8e0ef984ca812b2af461b0316cc335c2c2543dd8

SHA512
4557e31cffc7ba2f6bd145b8d3506b2169815f189d94ed17a728bbdfe46b84d32eb6653becfb638bba4da25e3723fcb8e5b7cf99daadc953796542f52231d593

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_0FB9553B978E7F00C6B2309507DEB64A

Filesize
412B

MD5
74af93a204218b37458d232769825971

SHA1
199151ffb89127268eee8f968b4364f2055598fe

SHA256
4e8aa92c39918ac2709cc023b57400bb96a763041c13fed3da9bc46635ba7667

SHA512
526ea7e3748c2d230f0451822359cda2618535c3be4a1f75fcf3962f4c2342197b8e063e6e8945647994b2e211b41ec6cb976f50b46928497e58024cdfb631b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9AICRC9Z\www.mediafire[1].xml

Filesize
246B

MD5
cc46d060c814a2a5c0ee16bec5ac3b0e

SHA1
411c2defd24722795b7293f2b4cad8f37590bb7e

SHA256
58ee7c77a3e58d168955c82d2b169ace80913f9ff0a7a610a6a4022d14ed1048

SHA512
3408be45992e7780b5d29a05ad5a6c731c33d18cbbdd52cda5b5043833d23337f69ed0b7be5dd717caf08f40a1a31c09cf4e68ef3ed73796f3c80c495b1b0ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9AICRC9Z\www.mediafire[1].xml

Filesize
422B

MD5
e3126353f79a0bfc1d8326a0c6f6961f

SHA1
646454e59c1e38e1d36908123153775c426f0f2e

SHA256
c60bc75718c5133821460ac97386803a8117bb4e5e8a4881eab43ab64db2f8ad

SHA512
fc78ecaf51f0a8456754c21b60cf51f653ca1b5e26787cb30aebfed9ef334d8dd76222aba88825a8b26134ff24d8d04e3aed8fbc06171e40f07fd5e62f8ac824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DG5JM457\www.google[1].xml

Filesize
400B

MD5
012fa2e3bd61976e9d5b424d63e5f633

SHA1
b8c92e0dc18b012b01b52311bc88586a06b11fd8

SHA256
e4ed0bf420044a2bbdd4518561ba1235d269e077f3114d98e3da5e68420ebd5e

SHA512
472262b8d11f3f5f25cf6e773ea21b89f294ec0812eb65e019ca65dbb79cc17cbb3b5de795c79ea886f49b2da659c4537eb28256a774c3bbb91b5c2cbc384b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DG5JM457\www.google[1].xml

Filesize
95B

MD5
c8abda69e2d7d956e0292d4434cfc8e5

SHA1
31fb913623f21cfa38e2fce9dcedad4afa5f4d06

SHA256
f8c10487886885fbc6423292fcf64da1f65fd1097c56aac09f4d938b31f078ff

SHA512
9ec488e7a62abf0f1bbdca250a1e29c9a61d6375dc1f7ce9244681291a60100d6ff7ff8d2a6150cc1bfb89a16af8c44a169172186caf5dd7c186aa545541f44c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\DG5JM457\www.google[1].xml

Filesize
234B

MD5
77f6a61b5667309bb93aaf1d4f224de4

SHA1
5a7c9ac0311f59666e7c5f154a29887929879451

SHA256
37b6a18f2298eefcaf1a14969b73e71c3f23fef91f362445e79484e1f77604e4

SHA512
a5b1507fb364aab39790983d7d78a69408558c2610e1fbb71bc7d211028d40a16a645405a83437a932851bede1b868368d9c268b43fa6c6506f715af4735f492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\TV530FYY\app.mediafire[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verB5AF.tmp

Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zcn1cz4\imagestore.dat

Filesize
13KB

MD5
3e3924389790db24d741549bace28df8

SHA1
2763096e9d09ac3618b483adda091f8affb7d0de

SHA256
f1c3be73c2c7009560081e48232f757823e7d7e3a843f34b566040804b0fdc37

SHA512
82ac090ba00b1899905893527d64b2d62d5f2adfe838eb9e43f6df121bc6ea574781cfaaaa09d123774bdba5076dfcb9a2849da9500088c16306024279a73ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zcn1cz4\imagestore.dat

Filesize
19KB

MD5
af05e2b3123b5f678e6748547ad4539f

SHA1
9c997bed352a8e4f1a1873681420e7d4f398f836

SHA256
0a7dcf3a9b248b6ca0794af77dc9b3cd84fdadae27092f0dcb500ca820b325e6

SHA512
00d337005fe21153a12b41940b5300895c0ac0a48521ba496ac5bdf9ba483844ef31980a417c66fd28f8df354376f5f60caeb6f4b3850c227d8a52a31be76ecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zcn1cz4\imagestore.dat

Filesize
20KB

MD5
82598842143db067587423c29de8c915

SHA1
b6cabe5ea98e943932283c2ae594d0a39e903b82

SHA256
20ea9ec8e39f4da724ba95250f1db93c884fa2e977f38f4090ed3761e747c16c

SHA512
07cbcbb9fad440429fb48649659ff88da3d5a4d446ddce670b6bfe65d8d02a2e39d1213cf24015802c4c32717c251aa9f123483de3588dcadc021be0aa5e4e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\zcn1cz4\imagestore.dat

Filesize
8KB

MD5
e6da19175b57c704b7ee574e7ec86078

SHA1
e8aedff0ed658fd09afc538bd73c5ddb5972f750

SHA256
3703548e064b4540ef3a3b999bf50d10c9e75a5fdce4dd45c10434489dbb4790

SHA512
d3b760866d4ad3dbce068b23d97f2303b893ed44f3197adb3673595a96810704ca310d9ffcc27a993db27f5a9b86aee90d25dde5dd367d3cedc1fe37f94b48b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\favicon-32x32[1].png

Filesize
1KB

MD5
4d11f6dfc78c96c5ebd5f2afd55e8405

SHA1
318b6fa6a986c70b34b16068fdac6cfd3891603d

SHA256
49f327cd35c21077299628c47dd3f7bc107871fb0770b04dff1c87257bf6cc6d

SHA512
6ffa22df682f907339ff9f94017cf673fe7398d433e4054733eeb82c3c3eead93806cb52c87ee5eb2916957e816c85ae92d162b14161dc34fd2b4b66e7033fa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\qAwKCukvdd_pTkhLC0u1BmOGAT0.gz[1].css

Filesize
51KB

MD5
ce74c30aeb8ff5c54f651d0508113b49

SHA1
5036dfb993f65e30aec04327f7977196ccb2522d

SHA256
0635e1d16eafe7fb50598cb0259ac89ce0e7c8886a4d3df158956fd51282ebb2

SHA512
4f93daf16a090861b119c042980e8629ed9fd3739e725cdec6fa34a3da836d9bc9883b05278118b2d80c105ac6e7f765001de429cfdd3080dfd4ccb15511e300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\qsml[1].xml

Filesize
518B

MD5
c84f44d3cadcf264b2c10477ae2cec16

SHA1
814b55af4bdb3ef4b6762bcf64d6d4fac0ff3f29

SHA256
587b3ae68c70ae2e9ba8d580ddd74224a7df243816eb1e55c6934ce196328e90

SHA512
2928ffe1d14b29b71e13eb9871680932e1a77ae0b70a833e04623e16a04cc93760220a5dcbaa877af1677d2e6f35b78d7ab4077871274dbabe6f92f23ac51c49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\qsml[2].xml

Filesize
250B

MD5
544e911fb3ddd116a9a56102609d188a

SHA1
a535072b41b6c655d91e128fc51443b9236701e6

SHA256
760ff8dd267182321a9ca74215f92d1ca4248a293e855643f0aa171337a2f0eb

SHA512
c024b15447706d075dea505a9298a0718ded25e300b7ee38fe6dc7daf34582ec45e8c69f617571e2d8659cad465ecd46c3e6801b0a279a8080a6a3e9a0ad0fc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\6809OHQ0\vcd15cbe7772f49c399c6a5babf22c1241717689176015[1].js

Filesize
19KB

MD5
ec18af6d41f6f278b6aed3bdabffa7bc

SHA1
62c9e2cab76b888829f3c5335e91c320b22329ae

SHA256
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

SHA512
669b0e9a545057acbdd3b4c8d1d2811eaf4c776f679da1083e591ff38ae7684467abacef5af3d4aabd9fb7c335692dbca0def63ddac2cd28d8e14e95680c3511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\analytics[1].js

Filesize
51KB

MD5
575b5480531da4d14e7453e2016fe0bc

SHA1
e5c5f3134fe29e60b591c87ea85951f0aea36ee1

SHA256
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

SHA512
174e48f4fb2a7e7a0be1e16564f9ed2d0bbcc8b4af18cb89ad49cf42b1c3894c8f8e29ce673bc5d9bc8552f88d1d47294ee0e216402566a3f446f04aca24857a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\nnfN9XN4owTKlThX5pDaq7gGn4aHOxObs8rjmGa9shM[1].js

Filesize
24KB

MD5
7c3da91fe055410246c4972c84cf646b

SHA1
465e012a7064916e7d5f7bfd8412fcb936308e7f

SHA256
9e77cdf57378a304ca953857e690daabb8069f86873b139bb3cae39866bdb213

SHA512
2220ddae5321fe1a5c1264d9d14d046105063aa0e7767c47e1442481aa4698bc070dc04f06b16d81aedb3394e65f332037fe521b41730da211225ba199423af2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\qsml[1].xml

Filesize
474B

MD5
6fbfaf9a0486c420ad364e899ddaf9bc

SHA1
acfadeecde7f8264587d533ea52d0e42ac7c28c0

SHA256
2dfa5a765bf21c2aa0b55e590add073c652b95fab57e044b609723f99934c358

SHA512
aac38c526393c23e6c735b893a6089d3c7bc6ad02ca5eb65df90b1ccb6cebad3490984c1fe05cc83f5e861c3ef3efd7fa502ef46584086a6ff796a3ef9a0ad86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\qsml[2].xml

Filesize
527B

MD5
532aa9c8c58fedc0352bcdfe3fb5ab0d

SHA1
d0aacd937221603e0faf8dfb72a3baf44bf4ba4f

SHA256
1a040d77b9921dbd3f8c1d1206e4af095e86b8f922955e772aedde98078ce087

SHA512
6e186e88b6734a8c0f265ce45e55ab636913fde3a95bca24694541edc2a9ee94c122b36ff4d405c69c9eb1d5251eb181d982d64ddb820c7bcb979b74dc663169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\recaptcha__en[1].js

Filesize
537KB

MD5
70306d36ce9dbcbd8e5d1c9913a5210f

SHA1
04949ad636f8cd09bf91059bc4aaf1973c92a15f

SHA256
1425b3dc4e809e5488aae10e2eb2511f652c6a9c3845c98c3fe69f07fe0c9e2b

SHA512
a7f00ba83fee80e7f2006c9e1f0121e2e515f4956182924e67c95a8c5522f30735f7bf4a6f7dcf3cbd29a685e967b1c4ddfd72d7f1f4cefbe55326becdacb275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\8M42AOWL\styles__ltr[1].css

Filesize
55KB

MD5
4adccf70587477c74e2fcd636e4ec895

SHA1
af63034901c98e2d93faa7737f9c8f52e302d88b

SHA256
0e04cd9eec042868e190cbdabf2f8f0c7172dcc54ab87eb616eca14258307b4d

SHA512
d3f071c0a0aa7f2d3b8e584c67d4a1adf1a9a99595cffc204bf43b99f5b19c4b98cec8b31e65a46c01509fc7af8787bd7839299a683d028e388fdc4ded678cb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\qsml[1].xml

Filesize
503B

MD5
fcfb3a6f6d7598da4bb607aea6cea5c9

SHA1
f756a2c68d3ae0a343e71dcdf63638c4a3fd3bd5

SHA256
b534f4b1304d093e965d0bae4ca9c752896e4b4c961f1c3e5510a05a4cae3e7c

SHA512
b3bb649fa6c94dd535c478fdf84d32f7bfbecdab56f923280e0f45f0b50efa1c097df49a5ce3d3530743a1c5706a384e0b26ca7f760b07ffe7401598093a7426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\qsml[2].xml

Filesize
251B

MD5
0db4c7bfdc3aeba17febff8552ec556b

SHA1
cd4a58126fec4dff3f6cafa10f91639c899a3a02

SHA256
2daba252780ebcfafe6a90429a3eba729e6baca1206db99cfd73b8b4801e1696

SHA512
f27740daab168f28193528168ab1d2d7df348e988955c01754f946f722a7e0a13d1f6e8869b3c06f7834f5c9dc62b133af2d5d126c7b95ecc0ea906d76cea73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\NUB8HZ4Z\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKVWVXN7\favicon[1].ico

Filesize
10KB

MD5
a301c91c118c9e041739ad0c85dfe8c5

SHA1
039962373b35960ef2bb5fbbe3856c0859306bf7

SHA256
cdc78cc8b2994712a041a2a4cb02f488afbab00981771bdd3a8036c2dddf540f

SHA512
3a5a2801e0556c96574d8ab5782fc5eab0be2af7003162da819ac99e0737c8876c0db7b42bb7c149c4f4d9cfe61d2878ff1945017708f5f7254071f342a6880a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKVWVXN7\qsml[1].xml

Filesize
490B

MD5
85cfda326db60b1834561103900262b9

SHA1
d1099451cf0b4bcec5371f19db135f0a84af62fd

SHA256
34ad3c888d19c4f3fa45fb3064c827e1dfd2e1cb60577667f5ad54e2158a45c5

SHA512
52838b2a84a25e5ec77f61be078fc5049c03640f796153e3c795f63283afb321add5c2ed4e5ce7f1dc1b252384441d92db296b5d8a22a596b0ce6092be793f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKVWVXN7\qsml[2].xml

Filesize
539B

MD5
73303bb82f322d39ca39a1e69dc5a55c

SHA1
1889763a11ff83a82ff74ff29e59d3300a6b02d0

SHA256
d580a1534c7e5a01e60f1c90e1e337c244f1a1a55fac4b6feabb433cc6efe52a

SHA512
a8b075c128f8d8fd1b5f911c0539078e2eaf7059709fb3a2adb6c2e8d7eada294c4ae936f20d996285e40433dc1bd90ca5030cc8ade6bc885e8d989cede9ba82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VKVWVXN7\qsml[3].xml

Filesize
516B

MD5
973601e29a35af52d7e080500d442365

SHA1
41ed2c55fbd4d7b747173a9fc0a7494b50052b6c

SHA256
f9d886a5cae8468607d4f7ca266dddaacf8802e998640c613501c675e36eaef6

SHA512
86aaedbfc215e57c41f3d56f5a024202e3ca9e41f26809d1e31ededf69aec0ae9bea6f0675c9ce4e77e4b0ef39e7dc3ae22117a9ca69380b295df69171a2979e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
44KB

MD5
88e214d31f7133984b13b8ba179f4021

SHA1
54dfb501f87a2a7d0a67e9bc66462335b2adeb61

SHA256
2da1371e88259afa9415ec74d5037d7f5e1f39a23112f1b1b2ce422bcedfcb11

SHA512
8eadebf8e71e89168f46c3d8582a437405fc956caa21f6aeb40c7c692c0983f7d51db704961d745db394073418b11c12acad09130f084403a7916b2af357f4d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\cache2\entries\044A605957E557F520B517332CF3401A82D8763B

Filesize
221KB

MD5
ab41e0aa93c77487f937eaef7aa8936f

SHA1
5311205d3a99bba5a33e3e18c3ac4f36d36ba2ae

SHA256
2625ba62b7bebed5ceef64f939217b79e4f5690b43cfc50536025fa3f1f1df32

SHA512
d38e128b053ec9ad8979d6413952ccb68f42741049ed048fe59935ce03bceeadd94196c8e5d3763a836d7e95732561a84ed7f6a9ffaa34e1110a7ffe48bcdb51

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-UU5TU.tmp\Setup RealStrat 6 v6.1.0.7549.tmp

Filesize
1.1MB

MD5
34acc2bdb45a9c436181426828c4cb49

SHA1
5adaa1ac822e6128b8d4b59a54d19901880452ae

SHA256
9c81817acd4982632d8c7f1df3898fca1477577738184265d735f49fc5480f07

SHA512
134ff4022571efd46f7a62e99b857ebe834e9916c786345908010f9e1fb90be226b740ddee16ae9290fe45c86be7238c4555e422abe66a461d11545e19734beb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFA6A0556F3E0FFE6E.TMP

Filesize
16KB

MD5
e88fdccf66778346aa04246079ad5a1c

SHA1
f9adf8a0103004ac8daec55b49ad7c1be209b2cf

SHA256
cadf668130c81cbea271efc3cfa4cb568380bca2955de234e0e0fec203f2fc41

SHA512
40c87c634d05a3f7278ca8977b7d830701a8dcd80868ca1e3f4ac5885745a193d16a03e150d1599e37fc1dc8d3a15d8438d47310ae95ac64341a7879c6dab0f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\88TF7ZMV47U9NEGQQ0J6.temp

Filesize
11KB

MD5
d0a171fbb7796ffdebe0f3d88909d7df

SHA1
b8b75875d8d7e0002dd759eebc14248c699a382b

SHA256
1d3609400e49da49b1ed74817f481c0d3a73bbbd369f21877aa4975bc18ba919

SHA512
68f08117eabd121bf9fd36b2b73c2c48e73ec7b06d1fea7114c2cdd008372aa76e19152b41df0e9c0fa0f9a825c3b36ff937d03eda888ac58b41818175f128f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
f04204188f44d00b74120708e2d0daec

SHA1
ca7676e4d11e897ffa75675729295944081ee39c

SHA256
a34fc0772c76990b87384597349374d406031942fc7b3838166bf9fbb2f521c9

SHA512
e4da44a4df8f8efd873b72ace4e5e92b0ef2fa76d9c34b96efdddec29c4e6d48f401d11016969a2d8274ceb471f10dac30c445386220a5d99b99354123686813

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
23KB

MD5
b0838ac5d060c50744ae521e01cbb092

SHA1
82044d5e7e6b4a33c64147bf3702e317853e0d7a

SHA256
d106e98469fd8c5c3b2862597812dddd3b2c721e47ac2db2ab023eded2efe126

SHA512
de3e9766f3c796b5788b040ecc611ba4a321880b4890c540e3e642977f4b76393aaf316df6b7ae7105d297d5e43c977780a9b954f40b1ed8859992549f40258b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
27KB

MD5
015b27f9584f4e432f4c0e776b7cf1b9

SHA1
0dae1ca834a28d6ca6221c73ef3107d7daf5d81d

SHA256
b3385a84657825b533594d6a7e59ae8648605b80c5037ecc292b06a35eec03cb

SHA512
4e73fba9e417e953987db67707a28f2b136ae5bfa4dc21b2d9cd1bdff7df7ec3f1aab31c7594a911458f977cb9026b73ca2b4e741cbb40e8d6656cd8a71ddb78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\bookmarkbackups\bookmarks-2024-08-24_11_ipkVOmAVKYJEoAlLFdzI+Q==.jsonlz4

Filesize
1017B

MD5
29f34fac9b0487c56be1a75b601cf1c7

SHA1
529b3f5ca67e7b46c319232b5d0c822c9804ee21

SHA256
4431c1aa4e338efde3a7081f8fd99ab6d3fe1df636a2888d5c83f4bc550e90d1

SHA512
e065fe45c17ca8495eff4489eaca305538808d1688ee45532dd03d81bc3f14d894f2a69fa8e881093e9dc8268cabf76196bf05796bbd5b619cf7d5853c694afe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b97c737a69aa5b1ba08729601e62c158

SHA1
68e45895a1d6bf1595310843dd269379788370e3

SHA256
0a401872d9dbf0d2510da5f77c7277f0cf0cc2c2a4bd5ebc17bb24abd1d4fe08

SHA512
bde33cfb2fa75101f7a478d8beab457f2b7feec70da42f4ce4531c3b6db8f9b0fc2a351a169e5fef3cfa8c5814c7b8510dd406beeb6f070b7c7fe8a41c7fda3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
73KB

MD5
95b09393f4c14f3386be55e67154bf8a

SHA1
25f05264f711e270e897f36e10c0e7d9371fd531

SHA256
1d86ce80b5c304f34aa9b80996154b924ad1f603c9af77c1285bc215c945112e

SHA512
0ddf1be57e1968d49704d02c071103e692ec34f7bd0b40ecb7d7f2eba48d475cf8b78c8fb81d9045bc6499c3317a42b562fa9c1fbaf9c9c76f665c19d51a4f88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
73KB

MD5
369f93315158962ff7c76c32d3aa5d0f

SHA1
9019386fb089ebe7444e77df8f82c7be013d066b

SHA256
7cf4e4aad717e195b81b6ef8fea9fdb857136a6bb96e99824a50bcf9d9ce3c56

SHA512
573d132adf6e4cc638e4d6e93ed89db27c0e71a99a16b3bdcdaecb8fc06ceb6e8d866d8e20c1508f95aaa2c633a9b1ec53341bad921d9dd25788bd09cfa514f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\0250a64b-942f-4517-ae35-de8c177392e1

Filesize
25KB

MD5
75fd9f4b3872bb7d4ca0851be6844eb3

SHA1
fe3874ea6e3e43365d098d802fa291b40a70177b

SHA256
cfacb2c45008af2493d74dd96f619043a2c6c9886faa15ca84743a3aedccdc7f

SHA512
44113c8ddd5d679384d0cb90d7c4e144b836ebf0be6814c44efdc29e7e90d7179457caf67ec67c2ecb9ba2370ca16cc23421cc03fcad41355ccf910cbdd39359

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\c92baa77-5b4a-4af0-ba88-f5487c8eb067

Filesize
982B

MD5
e69e443d714f135904bdf46ce80e8d5c

SHA1
0b37024da2d154747107a02b659b04ebd211c0c3

SHA256
786d69311f25177ff57389d4c1faa35044c0977a39f9f8cd08b829c07c8649c8

SHA512
5367e796f2a64d8e78bc9b00e96675e03f4ec1c74600ecede67c3b8c639739f7225c19282010eb735872c9a34b22ec9acbc9ed565702a4c1fd4d9d8debd874d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\d5dc424f-6931-4dab-bace-e2cafb071825

Filesize
671B

MD5
ca90d61a55914573fdbf17f0f04a85d2

SHA1
de8b8d9a9079c7223fa5ec2688294e36bbbfd5c2

SHA256
5ccc0c48cb16b57ee4a8e0b0f4c387e5c0f3529417a7267162bcb0c7811e2565

SHA512
1654b55641340c3c02e1f59ed420b54a17e2b7df7de07133a3b9972117d2e0dc898b386af205097362120b9d75f794a47fc4dfd3e6496ac9593cc0ed7047c28c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
13KB

MD5
39f4fc8067b7e59bea2c2c3167ba6a72

SHA1
cf219c806117edcb6561a1b54c5a408b4ffd0620

SHA256
6ec95979b5b60afc2f171b5102d25875d671d744f4167fd044caaa79b504a178

SHA512
919f037d846122df02cf1cd41664c518611c98dfcb3ce7fdf005ccebb2921ef9d208653e8789b0cac3ad9d2cff3bd85a7c913269b8f268a3434ac0eaacb4f5df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
f2501883cb33cb7f6f9e92d4b8bd5dcf

SHA1
976329157b22ba9f6318a6bf92eb454ee2b75d5d

SHA256
158407c1c49ffd50d830dd9228f96015c7971c406147b6f1ddaa77fe06ef7d85

SHA512
23f5db4b4b5c9e631cdce867890405fdd190f95ca49e880fb1615b9361d30ca225ad7bfbc822fff5566a8b73726e49db9d638ce7a807fde1de7bfae82d90af8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
46c9e74b22ca39ff693f09b4d160db42

SHA1
15d5f9148e7a882cd12efafeaf7aa39c53f1e794

SHA256
9fc47bf1f01b5c7a5c3351943a9f7e37859c2f15106ef2fb5cea793dbe959f37

SHA512
a134e6163af1144ba022d825fa82f1f6764d2e486c70100150674ced1d15db1dda1af1dd43e2d71577a6f814ade493b4ee1e548ead75ca2a0c258f8b931771e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
35cabf81dd3545568819a34f81ea299d

SHA1
a6a6b85fc692babf17d3e93f4476b32066c6c5e2

SHA256
ecba6dbd96b8cbd4ce58b2e778105249cd7fc26fcbdaf102eabac7dcf6ac2d13

SHA512
e353621937dbb94e73b6cc375ef2f9aeea4c231fdb8d8c893e68a81c24cb7f9646303b2e45d3c6d6ee446ee0d1e4b8f7233c7d209475f3a71bcf2c62d17b9d92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
c3f60fd6c6403f9e932f1678e577dcbd

SHA1
e64eefe440bd01c7b81a35b88ede19f20f6e1800

SHA256
8397b0736ccbeeb8bd1c8d6668c76468100641e2e4fb35b8aa63a1ad7fa6344a

SHA512
958aab2908b0845dfb4fc8c0cfca2705d1e86899514213327bb5e98ae53f61d821c83288e3be49a54c09198939cf183d8bc697d519c89c77222344798540222a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
6b355b202669d92c443870b9ddb4eda3

SHA1
a87a2abeeac0bcabdeba64e6476cef866a3d2c44

SHA256
05ce12443f8fc7a1c35450900891458db303cb11065968e5f5f47ed977d138cf

SHA512
7b995e742b82d324b0dde88cce435126741f06c81c82eed412be3a4f88f3c9a9fcf408ceb28fd2c35589c0cbae2578eec085eba4fe0f435f6c0e62a924e1abfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
25453ba87a1997bf51e95b0f404e3760

SHA1
4a030d7de6086917abe921180f3365ff1a290973

SHA256
631f1d5e073c481f4cab717d143a831cf954931f85467b3ca955cb8ff8af4858

SHA512
4acae02737f736ffbc370f47e8b3ca02ca4149df413f2fab4cb673e0f66ba5962a10f1d8b6f6b5f82c4134d271163b479ee030eb6db4d1cf5ffacbc61306031f

Download Submit
memory/3956-6-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/3956-9-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4472-2-0x0000000000401000-0x0000000000412000-memory.dmp

Filesize
68KB

Download
memory/4472-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4472-11-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download