7c1652e0ad9e10c6a6e17a52da82c1438c5a59df243f9bf11bf0beebde276e31

Analysis

max time kernel
146s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
30/03/2025, 15:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_98e14428601655a3fb48ef0ccb6af10e.exe
Size

1.3MB
MD5

98e14428601655a3fb48ef0ccb6af10e
SHA1

feecd3292aca1e154e0520eda4998930b2df47ad
SHA256

7c1652e0ad9e10c6a6e17a52da82c1438c5a59df243f9bf11bf0beebde276e31
SHA512

d463051ac002288cc80585bfcd321397ff6cbd51e64206604bc60418490f7252caff265fa566aaf254236df3d240205705138a3221148da7c916cf2198d5aaa2
SSDEEP

24576:zgFvyVFyuvGRWI0Gnl3UVP3zY8HEwpzxz0DLacT06K:zQqVFyKa3eP3zVHEwpdz0DucT5K

Score

7^/10

adware defense_evasion discovery spyware stealer trojan upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x0007000000024308-791.dat	acprotect

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Control Panel\International\Geo\Nation	Setup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Control Panel\International\Geo\Nation	MyBabylonTB.exe

Executes dropped EXE 6 IoCs

pid	Process
5072	crp6F74.exe
4124	Setup.exe
1416	MyBabylonTB.exe
4420	BabylonToolbar4ie.exe
5176	BabylonToolbar4ffx.exe
5420	BabylonToolbarsrv.exe

Loads dropped DLL 64 IoCs

pid	Process
5132	rundll32.exe
4124	Setup.exe
2732	rundll32.exe
4124	Setup.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
4420	BabylonToolbar4ie.exe
4420	BabylonToolbar4ie.exe
4420	BabylonToolbar4ie.exe
5176	BabylonToolbar4ffx.exe
4420	BabylonToolbar4ie.exe
4420	BabylonToolbar4ie.exe
4420	BabylonToolbar4ie.exe
4420	BabylonToolbar4ie.exe
4420	BabylonToolbar4ie.exe
5176	BabylonToolbar4ffx.exe
5176	BabylonToolbar4ffx.exe
5176	BabylonToolbar4ffx.exe
5176	BabylonToolbar4ffx.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 3 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Setup.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Installs/modifies Browser Helper Object 2 TTPs 4 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ = "Babylon toolbar helper"	BabylonToolbar4ie.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\NoExplorer = "1"	BabylonToolbar4ie.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000024308-791.dat	upx

Drops file in Program Files directory 8 IoCs

description	ioc	Process
File created	C:\Program Files\Mozilla Firefox\extensions\[email protected]\defaults\preferences\babylon.js	Setup.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarEng.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\bh\BabylonToolbar.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarApp.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\escortShld.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe	BabylonToolbar4ie.exe
File created	C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\uninstall.exe	BabylonToolbar4ie.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BabylonToolbar4ffx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BabylonToolbarsrv.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MyBabylonTB.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BabylonToolbar4ie.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_98e14428601655a3fb48ef0ccb6af10e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	crp6F74.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral2/files/0x000c00000002409f-94.dat	nsis_installer_1
behavioral2/files/0x000c00000002409f-94.dat	nsis_installer_2
behavioral2/files/0x00070000000242a0-360.dat	nsis_installer_1
behavioral2/files/0x00070000000242a0-360.dat	nsis_installer_2

Modifies Internet Explorer settings 1 TTPs 14 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	Setup.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Toolbar\{98889811-442D-49dd-99D7-DC866BE87DBC} = "Babylon Toolbar"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}	BabylonToolbar4ie.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\Policy = "3"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppPath = "C:\\Program Files (x86)\\BabylonToolbar\\BabylonToolbar\\1.8.11.10"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\SOFTWARE\Microsoft\Internet Explorer\IECookies = "\|affilID=\|trkInfo=\|visitorID=\|URI="	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\DisplayName = "Search the web (Babylon)"	Setup.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPageShow = "1"	Setup.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Toolbar\	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\AppName = "BabylonToolbarsrv.exe"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\SOFTWARE\Microsoft\Internet Explorer\IECookies = "\|affilID=121631\|trkInfo=\|visitorID="	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\URL = "http://search.babylon.com/?q={searchTerms}&affID=121631&babsrc=SP_ss&mntrId=5ced0275000000000000c6cb468ae5ac"	Setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\SuggestionsURLFallback = "http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&market={language}"	Setup.exe

Modifies Internet Explorer start page 1 TTPs 1 IoCs

stealer

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-814918696-1585701690-3140955116-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://search.babylon.com/?affID=121631&babsrc=HP_ss&mntrId=5ced0275000000000000c6cb468ae5ac"	Setup.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\VersionIndependentProgID	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Babylon.dskBnd\CurVer	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\VersionIndependentProgID\ = "Babylon.dskBnd"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ = "IXmlCnfg"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ = "IGglRlz"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc.1\ = "escrtSrvc Object"	BabylonToolbarsrv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}	BabylonToolbarsrv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\escort.escortIEPane.1	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ProxyStubClsid32	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ProxyStubClsid32	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\TypeLib	BabylonToolbar4ie.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\data\trace = "0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\escorTlbr.DLL\AppID = "{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\InprocServer32\ThreadingModel = "apartment"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\1.0\0	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ = "IEHostWnd"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\data\smplGrp = "none"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\BabylonToolbar\\BabylonToolbar\\1.8.11.10"	BabylonToolbarsrv.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\escort.escortIEPane\CurVer\ = "escort.escortIEPane.1"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1\CLSID\ = "{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\TypeLib	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\dfltLng\dfltLng = "en"	BabylonToolbar4ie.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\instl\data\trace = "0"	BabylonToolbar4ffx.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\VersionIndependentProgID	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylnApp.appCore\CLSID\ = "{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\TypeLib	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ = "IEvntCntr"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\escortEng.DLL\AppID = "{B12E99ED-69BD-437C-86BE-C862B9E5444D}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\InprocServer32	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\esrv.BabylonESrvc\CurVer\ = "esrv.BabylonESrvc.1"	BabylonToolbarsrv.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\Programmable	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\TypeLib\ = "{6E8BF012-2C85-4834-B10A-1B31AF173D70}"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ProgID	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\TypeLib\Version = "1.0"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ = "esrv"	BabylonToolbarsrv.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\bbylnApp.appCore.1\ = "appCore Object"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\TypeLib\ = "{D7EE8177-D51E-4F89-92B6-83EA2EC40800}"	BabylonToolbar4ie.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ = "IappCore"	BabylonToolbar4ie.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}	BabylonToolbar4ie.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
1416	MyBabylonTB.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe
4124	Setup.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4124	Setup.exe
Token: SeTakeOwnershipPrivilege	4124	Setup.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 3740 wrote to memory of 5072	3740	JaffaCakes118_98e14428601655a3fb48ef0ccb6af10e.exe	94
PID 3740 wrote to memory of 5072	3740	JaffaCakes118_98e14428601655a3fb48ef0ccb6af10e.exe	94
PID 3740 wrote to memory of 5072	3740	JaffaCakes118_98e14428601655a3fb48ef0ccb6af10e.exe	94
PID 5072 wrote to memory of 4124	5072	crp6F74.exe	95
PID 5072 wrote to memory of 4124	5072	crp6F74.exe	95
PID 5072 wrote to memory of 4124	5072	crp6F74.exe	95
PID 4124 wrote to memory of 2732	4124	Setup.exe	108
PID 4124 wrote to memory of 2732	4124	Setup.exe	108
PID 4124 wrote to memory of 2732	4124	Setup.exe	108
PID 4124 wrote to memory of 1416	4124	Setup.exe	110
PID 4124 wrote to memory of 1416	4124	Setup.exe	110
PID 4124 wrote to memory of 1416	4124	Setup.exe	110
PID 1416 wrote to memory of 4420	1416	MyBabylonTB.exe	111
PID 1416 wrote to memory of 4420	1416	MyBabylonTB.exe	111
PID 1416 wrote to memory of 4420	1416	MyBabylonTB.exe	111
PID 1416 wrote to memory of 5176	1416	MyBabylonTB.exe	112
PID 1416 wrote to memory of 5176	1416	MyBabylonTB.exe	112
PID 1416 wrote to memory of 5176	1416	MyBabylonTB.exe	112
PID 4420 wrote to memory of 5420	4420	BabylonToolbar4ie.exe	113
PID 4420 wrote to memory of 5420	4420	BabylonToolbar4ie.exe	113
PID 4420 wrote to memory of 5420	4420	BabylonToolbar4ie.exe	113

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_98e14428601655a3fb48ef0ccb6af10e.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_98e14428601655a3fb48ef0ccb6af10e.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3740
- C:\Users\Admin\AppData\Local\Temp\crp6F74.exe
  /aflt=babsst /babTrack="affID=121631" /srcExt=ss /S /instlRef=sst /mds=7 /mhp=7 /mnt=7 /mtb=7
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:5072
- - C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\Setup.exe" -xprm="cat=delta" -expg=none /aflt=babsst /babTrack="affID=121631" /srcExt=ss /S /instlRef=sst /mds=7 /mhp=7 /mnt=7 /mtb=7
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies Internet Explorer settings
    - Modifies Internet Explorer start page
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4124
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\C976A7~1\IEHelper.dll,UpdateProtectedModeCookieCache URI|http://babylon.com
      4⤵
      Loads dropped DLL
      Checks whether UAC is enabled
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:5132
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\C976A7~1\IEHelper.dll,RunAccelerator
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\MyBabylonTB.exe
      C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\MyBabylonTB.exe /lng=en /babTrack="affID=121631" /instlRef=sst /aflt=babsst /srcExt=ss
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ie.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ie.exe" /lng=en /babTrack="affID=121631" /instlRef=sst /aflt=babsst /srcExt=ss
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Installs/modifies Browser Helper Object
        Drops file in Program Files directory
        System Location Discovery: System Language Discovery
        Modifies Internet Explorer settings
        Modifies registry class
        Suspicious use of WriteProcessMemory
        
        PID:4420
      - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe
        
        "C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarsrv.exe" /RegServer
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ffx.exe
        
        C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ffx.exe /lng=en /babTrack="affID=121631" /instlRef=sst /aflt=babsst /srcExt=ss
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5176
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\SysWOW64\rundll32.exe" C:\Users\Admin\AppData\Local\Temp\C976A7~1\IEHelper.dll,UpdateProtectedModeCookieCache trkInfo|http://babylon.com
      4⤵
      Checks whether UAC is enabled
      System Location Discovery: System Language Discovery
      Modifies Internet Explorer settings
      PID:3132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarApp.dll

Filesize
307KB

MD5
a3d75a31cf0dbe0f3a6d70ac3b06775f

SHA1
9810662290f2fe96bf0883ccc9e210fa7318d486

SHA256
49a42460f5ba5706919d8cd31c2fd77a698473830459375ecb007527d0ab5d09

SHA512
88aca7198e3e2c7e2fc5f0245d0b23c548cfcb4d143b46f1ab8c7ce3cc50f96670a67dafd4affc1a3b727f8be880383e7880c98d9ac3b475b3a15991e5a4ad8b

Download Submit
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarEng.dll

Filesize
566KB

MD5
3aa58b7922fe6ea9a1d596d271cb9060

SHA1
9326a20660e8039e9ad8bb4c384f2b00007201e2

SHA256
8bb023161e8163eba6ebfd1e76567ee5674d67c32c0fbf233e36791777476bff

SHA512
c3ac17d6425890b1c52949ace7848109b09a52139d4059b7d777992c22a7b1b8ca18f42d79e5b8a973e57a20652d4ab73a2e456b05843de5d37eea4c97b7394d

Download Submit
C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbarTlbr.dll

Filesize
312KB

MD5
da4797ec88cc756c55e04c1f335c01bf

SHA1
488dd0ca62ea5b0f3294c9c09e0e5b0123e2baa7

SHA256
04941cbdd74aaaac3ce9ae4a001eaaeccde37a1acd8bd026af0d68d2405a3b31

SHA512
5263d87563025034f98a25076048fb75de1c198ac4b32cb584e65e411cc79a58d6d6eeeaf3745cb05e8cce374809609a8c9f9bc14880358581dcacf3e6190fc6

Download Submit
C:\Users\Admin\AppData\Local\Babylon\Setup\Setup-tbdef.zpb

Filesize
1.4MB

MD5
85499627e8e83a35ba23cb860067b468

SHA1
758d2902f93e28b92c1f422b3d5e16d03835c3cb

SHA256
8b1b99fd1eb29d888fef74a3733d60e3c0b5af2405beea8fe2223fffae79f4d0

SHA512
bd2b00be1b78a37b6b8d6462c358045ddba18d46021c820dbc73c5f62309b0c08d5144d3a65666384a9ba646d6e942791b949b220969a27d307352db08dbc052

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\default\Preferences

Filesize
11KB

MD5
6b4a830aa00b7064a1bd0aca48c959f5

SHA1
995f804cf2b0663c2cd9eea88135300c95c195f1

SHA256
9618ffb8d7e277bb32ff0c78619a818ccb4a64dc6e5707808f9af67e2c66fbd8

SHA512
a7cd0a365741c2e4dc3bc0198a3dceb1f136c48f25919be369ad6d0a60d74f00986d1070f586930b51f7a5d3d84a1e2d74d12c1fde605be83436d435dd418624

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\BabylonToolbar4ie.exe

Filesize
1.2MB

MD5
5b34d794ec99c2b883d7c1affae96055

SHA1
54b894d8f473b3beb1037af57d4490fbbf623a66

SHA256
d8c7c0fdc6f24d58850b0838f27521d501e67d5c2eb712d9643c17a8e24112b6

SHA512
21eab533dddd3ae02d34ed695ae231202636407b50cf16df741bcdf617780ff51ff95d532b98dfb2d1430fd8c6a54b59265d873951bd960b0af2c68b1a1c9f45

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsb8736.tmp

Filesize
389B

MD5
09027aff907ea6d7dfe4e29994da1e8b

SHA1
21365ee067ecbe79693533f6043d9cc26f66e45e

SHA256
6e35b0687debbc60eecfa10edc2996ef3b517b9d1a33021bcb836ce755276440

SHA512
b3126b1af8b4e821c4eb34e628aa3b3ea3fb628470d5a45a162eb2b457b29f39189eb8d16ffde8f3b2db921c15b21670f817a0f5a1eda2a2020da4cafbc173dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsb878A.tmp

Filesize
785B

MD5
e0af3ae5985ad2803b7d397722c6dec7

SHA1
a6bbfe36fd87099c21b87f12170eb22edbf1e764

SHA256
bf61387f514ba262bb9bffef826654a7ec650ebeb39df945b42a7be158c3a83f

SHA512
b8c0a93dddb19b2e2e686bb3674a02ba83690080289d9d6a87243a7254723c4f22f2597e1b587fbb26ac45165d1eb3dfe545c0cf1d8ef702bd95aedc789bd93a

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsg87AB.tmp

Filesize
906B

MD5
136ea0b2eb2bab13fbe907d561cc3498

SHA1
abba58891f1e03548ab904b7e4cf6d9e91298be9

SHA256
22ea876672382401cb89d790978b104b07179d265162919206ba03e0850eb270

SHA512
9d5cd54145ab74ba0c545a8ec4e8dda9a1e14f3cd74d34c636f885e48188dca4ae6ee0bd219f6608b5369c2238c4a5b1d26b796c7bbbd70702275e1a5472a5eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsk8452.tmp

Filesize
639B

MD5
925acf12c13e6a2944a5c6cd04f419c3

SHA1
cb9b9f85e91661ede83713011dc25be89a3bca8b

SHA256
4799cd48a9d1cdbbff34ccbf20b0bcd094868b71fe6e969cc59736c0bc42e0b2

SHA512
968f0e77a5f32d8717341716fd30a267936a41bfb4b323150e4bf214cbbebbfe33f902257f41d68cd49e60156eca2106c862d144019bb194dcd2e2ddc93f76a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsk84F3.tmp

Filesize
975B

MD5
f50065c8621b29fb181af2a73b6a86e6

SHA1
9319d7786fe2c67886304b9f0e60d8bac35763f1

SHA256
d34ad414b42373a71b07b1d261428e3769c9ba0211ae2e8d7b9e4dbea7dcd1e4

SHA512
fdd74da30115b2002aaa83bf56522e4695df5f9620a9a8026453230da9879b07ecf7c7014191b27c4535434b33231e34be133aed12357ad2b7dd1e35ad4452f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsl8724.tmp

Filesize
169B

MD5
aa7146096c0845579768f90d28796aff

SHA1
141d990a6712ce0a851f30a42a981d584bf366fa

SHA256
90c1e96183cdf31b0008a36646233b2f474408c4be3ec889a3f8b28db901c551

SHA512
f41bdc67249f30f60f7200ccfa0f287ab688ef8b2dcf8d5f758744e8e51edb9b5ce2f186cbb09faf91cb52e82d95c0b70bad5c478768fefc55f82dab0f108386

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsq8514.tmp

Filesize
1KB

MD5
263c3184cca2d26aa2096680cff6801a

SHA1
9b2eb0ee1687ad06195432bc64948f1b19359617

SHA256
e07075a131501d3301e485328b5cefcde467075f4b199f08b9a3dd6323c54d8b

SHA512
f88980f40b4ed2609307809c39bc7ba85d673ec48832abc430537352cd2730ddef1377e29a206a47331de86a5ecc55b5eea665d57702d78d240bcfe1a623ca02

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsq8564.tmp

Filesize
1KB

MD5
6d586b4df1cb822e482e34edb241b437

SHA1
290c44d6a08a002840a5ee175ff15b5f681b1743

SHA256
a7471e6c9974db5362b508c82a6e300ef9f66973189cd8d2cc254c9053f558de

SHA512
a8c0f6e8db0e3f0ddc0eccef2c5def4435f827cdec5b241da67b47ddfcf973f5537be0a9a2316520e94ba62a628a39464bdce11c71358555720ea79a03aaa1f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsq8654.tmp

Filesize
1KB

MD5
7b3ccd3deaa09dfa3b07038efbbf9983

SHA1
465eb927fd7353c19fab829f92e1829a036ba8b4

SHA256
0eff519c89eb07dc29f3e623932710478f8f328293eecb2937020958deafe240

SHA512
bb54e11514e6eb8b853eccd9c5aad41ea69d52adb972691714cfc7b818c256cc287eb4b21716689438defdb5683b521d1b236ce2652f404988cdc09e329aaf0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsq8747.tmp

Filesize
537B

MD5
107ce08560cae8ac45b7c56b71be784d

SHA1
4c6f7f44fa399513c87feb7626f3ba05758daea4

SHA256
f0b9d3bf3e27b6d2aad8ceb3c86f42f2d68b388ff3811bfa84e0e4bde1cff4af

SHA512
7c6e8a0f9ca4eb2859ace442232a86f652d25f51f8b153c58215328697e09faf9d5ccf36cc24d9b36fb1b3c4d959b381ded6076acee753409138207a0ba9b5e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsr8890.tmp

Filesize
1KB

MD5
d0301e67e2e7378c93e0b3489aab3733

SHA1
5ed8ca1063bfe701353c51fa369a53248cf9e99f

SHA256
a65fa24b9ca249b89a03981f49a9b497d1af521b8bbf3e744b76a8dfbdc56d68

SHA512
c291e7dd8db4c1ea6540a38ff7c2be03c9c0ff4f1317e2e37ba5bda02834c8db2125d947b30814359d502d4b9d691c9151e2c2df280cdba73eb423e31fe7bb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsw880E.tmp

Filesize
1KB

MD5
14386022e1b6446d61da55a1cabefb8d

SHA1
35b00e2e4f8dd13421e34f880c0c161f3f8e18a4

SHA256
ec648278b8c7c9f1ccaa1b33cf9abaee1fb0f112682e9b976efdcf50fe8f80ae

SHA512
02a7c305a31a9eb9aac14af41cd2bf74c711cb029062ebda75e8cad0e71ca8dd7fbca18ebef7f8ff61d7581d65e68aeeb751e790ef09c5b4f6124177c11cda90

Download Submit
C:\Users\Admin\AppData\Local\Temp\BabylonToolbar\BabylonToolbar\1.8.11.10\nsw885F.tmp

Filesize
1KB

MD5
0264642b0c155baa3dfba1b08928af0c

SHA1
2d52f1100bbdb97f60a49664037ca3891bd82ec5

SHA256
bb2619d0a1a52d59d62e157b5a59085cf960789ee480e6499e859f1bd6e30b00

SHA512
a39467773a0d5af0aa2d7a028dd4bfb29d521faa33411784ee662bf8f22632ba00ee12be3cd3697f1018e3e6dacef0d521c89df40553a2fef92657574d558c9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\BUSolForMontiera.dll

Filesize
105KB

MD5
64bea1da4d76085d0a47ed21450401cf

SHA1
296d8b511c0f7b8b7d0791c522db553f9461ba35

SHA256
80924cda632e20e1ead804b67fe64ce87c2b6dacbe73b9a2ee1904d402b2ea9d

SHA512
f4644bcd3dff71648209caa2d7489b0cc87050271cbddf875439cb4eba3e3fa400acc29703cff231f6a1c6f2097697f2f4387ca265682d8e4185a1242dfeb2d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\BUSolForMontiera.inf

Filesize
199B

MD5
bc3e8cc74871863fc921511e2e6cc88a

SHA1
653cab5ba2107004f9525849ff5625d64b83e4c3

SHA256
c9e2a3953cc5ea87716f2a9a16078adb2f9c60318c6f1cfc877885126cc0dd17

SHA512
85f4130758ea38e4ae823e6fbae7448fa780bd295bd177afb4395ddd118c019d1533238e963e5277be453a1cd7681667c4ab06b10004ab8ed890d6e0b9e0529d

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\Babylon.dat

Filesize
12KB

MD5
825e5733974586a0a1229a53361ed13e

SHA1
9ec5b8944c6727fda6fdc3c18856884554cf6b31

SHA256
0a90b96eaf5d92d33b36f73b36b7f9ce3971e5f294da51ed04da3fb43dd71a96

SHA512
ff039e86873a1014b1f8577aec9b4230126b41cc204a6911cd372d224b8c07996d4bb2728a06482c5e98fb21f2d525395491f29d428cdd5796a26e372af5ad4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\MyBabylonTB.exe

Filesize
1.6MB

MD5
7c82cc9aca3eb71e463ff607cd607e3b

SHA1
5ffcc47376a89ec39fba8516694fb37c3b7d2bda

SHA256
9c1b8b8b3372737fe355bb6f4f96fc9b04bcdda5f3bfbe9617d22cbc35a400ea

SHA512
7ef9e92153607646f9eb9dec4fd087e9523df523d4f06eff994698d79ddc4e8e1f681fde13e1eb888e5a85457db558b10ffaf190c17bdc98688a59a90efc4670

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\Setup.exe

Filesize
1.8MB

MD5
74af846f2ad4aec60779623fc8bbcd83

SHA1
9f2fbfe260c9111f88e8edc6dfc068d08c1491c5

SHA256
f795ffc4c850a6a214aac740258c6560a72a5a5c1759bb9cd231df2e1a271edf

SHA512
157e612a02e0a6ca87f5d8b572950cc85c8980641bc1f973b20836c1e91d0df0a132a58191a99efdba0b5c4923bc412083b833a12a1ef3554ade745c07a2605f

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\SetupStrings.dat

Filesize
89KB

MD5
407846797c5ba247abeb5fa7c0c0ba05

SHA1
44386455eed8e74d75e95e9e81e96a19f0b27884

SHA256
0147b5b11b935310752666fcf1e6afc922b76ff03d01a0d1ee2babeac10ca1e3

SHA512
7399a9228f971698db7362aad28d3f9694c0bf453d4529e48bc7869af0960452cfe1a5f0a5754e7d567d81b5aa1e35be05a9e36ec745e5470d20fd44a61d20af

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\TBConfig.inf

Filesize
23B

MD5
e6d6dbe1e36a9ccc040369ab905e0d4a

SHA1
f7b40129e12f9f8ec3dae49d281ea1b8171642c5

SHA256
24d0d8de57d4bb9d88c6079d19b0efb51c18c8006ddb805fcc6cb7c302f94a12

SHA512
caa6c8ba543b92a49e41b736d560a3dd62651885f3c0c30ebb309e57bc77ec0dd1ccc20ebc6d4ff04d17083f112f3b6427356ff585ed40de6d08b51e6771dbea

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\bab033.tbinst.dat

Filesize
205B

MD5
90713ab7a74884cd36a5fb4cfcdece8a

SHA1
7bb56d08fd69a98e543b923bd0a9156f92a9c473

SHA256
bc40813f6d07dbc1a4d4c74363460d1ad6ee76275729de4c4f10ec40d8cc46eb

SHA512
639d68135fb54264f2e21081d6ca9ffe73a94035982f4a2d7133d6d402cdd3ef4a695eeb61ad173dc6d1b8167d1f5df2be61a972c96f07ac357ecec887a0d191

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\bab091.norecovericon.dat

Filesize
174B

MD5
4f6e1fdbef102cdbd379fdac550b9f48

SHA1
5da6ee5b88a4040c80e5269e0cd2b0880b20659c

SHA256
e58ea352c050e6353fb5b4fa32a97800298c1603489d3b47794509af6c89ec4c

SHA512
54efc9bde44f332932a97396e59eca5b6ea1ac72f929ccffa1bdab96dc3ae8d61e126adbd26d12d0bc83141cee03b24ad2bada411230c4708b7a9ae9c60aecbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\bab307.sp_pop0.dat

Filesize
178B

MD5
0b7be9c4b72c2c5166bfd61ca5ebbfed

SHA1
aea0aa4e8226c1b4efce92e909da773744baa6d4

SHA256
673bf972d308bc6108360575608cf72f393413f2d3993489b06da4a6efc749bd

SHA512
4dcd7ea01b05550acb00b71e7e9fdd52a04fe1cc574655030dcae94b87dad86bfb7973adf9185de03bcacb100fff758b1a2f928fcb951e2b31e320860a2226d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\bab327.ff_2.dat

Filesize
179B

MD5
acc576624b76c140ce6e78885d279efe

SHA1
f5816e66ab9da86bdff210f96399078c36a4af54

SHA256
78dc1600b62ca4aac2ce5c94f7b1973800349ac56804aba4b17c410e0fff4c17

SHA512
449cdfa0a93191ae9d109c689f09ed444ccf53a4b087a9e5005527561c1598233d05396d1b118db6fe6d6dc45c6dc9909238200f8fa8d4a4dbf903deca19201b

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\nsu830B.tmp

Filesize
59B

MD5
f6abf26891434f5c1da533557c20b125

SHA1
183844392b249b47a9d141dfa411e929607fa3ab

SHA256
18f3c4fb52e43871fcc2b2263c8c15ac2f0b0bee6a82c16076a56c2646eee8bd

SHA512
2014574467a054d8163d264a9cb0f8ed85b0ec9957995295eed5abad4ab3fd47c1d4a7632b03f5d531797c7f3b539c0b64cedd1d4a76c88fa09966787b0a307e

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A745-BAB0-7891-8422-3B165E090078\sqlite3.dll

Filesize
508KB

MD5
0f66e8e2340569fb17e774dac2010e31

SHA1
406bb6854e7384ff77c0b847bf2f24f3315874a3

SHA256
de818c832308b82c2fabd5d3d4339c489e6f4e9d32bb8152c0dcd8359392695f

SHA512
39275df6e210836286e62a95ace7f66c7d2736a07b80f9b7e9bd2a716a6d074c79deae54e2d21505b74bac63df0328d6780a2129cdfda93aec1f75b523da9e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\C976A7~1\IEHelper.dll

Filesize
6KB

MD5
9cb62aa0c5c554f2557d29d1601c8347

SHA1
f2fb5115b7d03e90f6e9d4b1f6e882385aa00f5f

SHA256
a65ba80d23494077575f505c20c9f9516aa21b9bded2b7032b6d5e7bc1737fa5

SHA512
0a325a02c323d52c9f374bc22e5182f5f49f485a689b6ca561196222ff18127f84ea7a48ac438277b9dcd1237c983f03eab54606eacbb1f79aadb0a0f84f0cea

Download Submit
C:\Users\Admin\AppData\Local\Temp\crp6F74.exe

Filesize
754KB

MD5
5ac98c84160a9400db448d153c959bb6

SHA1
829d808c091045f45c513a6e4ab17055a52a9320

SHA256
e4f1009192f163aacafc3ac23f3fbce358122040a5dbf99b86c9f4cac9809ecc

SHA512
36f4e7f4c0f2bd647d23714b08d322ff8383e52ede16f5719f09e710e133669586af0ae7c3af2ab98a066724b2f1dffc114437d7d8820e98614b86470ade2376

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\InetLoad.dll

Filesize
18KB

MD5
994669c5737b25c26642c94180e92fa2

SHA1
d8a1836914a446b0e06881ce1be8631554adafde

SHA256
bf01a1f272e0daf82df3407690b646e0ff6b2c562e36e47cf177eda71ccb6f6c

SHA512
d0ab7ca7f890ef9e59015c33e6b400a0a4d1ce0d24599537e09e845f4b953e3ecd44bf3e3cbe584f57c2948743e689ed67d2d40e6caf923bd630886e89c38563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\Processes.dll

Filesize
56KB

MD5
cc0bd4f5a79107633084471dbd4af796

SHA1
09dfcf182b1493161dec8044a5234c35ee24c43a

SHA256
3b5388e13dab53d53e08791f492ed7d3094a0cee51e9841af83ce02534e0621c

SHA512
67ba90ec04366e07d0922ffb4dbbb4f12f90b6785b87700adaae29327db9ec2a03d750b229f858db0594f439499d6346fbf1ebc17c77162bf8da027515219ee3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\Time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\chrmPref.dll

Filesize
208KB

MD5
241d60c30189b740c9086e34ff259e66

SHA1
7be0132de11c34018b6326d1de20fe9f20dea790

SHA256
8b3d8f239f11b53bc28f645546696441446e9a593be59cbf604fcc28a7e6d474

SHA512
ad342cea73ba3f7e7afc57828abc7320c0c5e39e20f5b06637c565a2b4579f05d81540e02b094776abbb17b021712a0f28e5f62637d8cea04b832e79252dd5fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\mt.dll

Filesize
7KB

MD5
4fae8b7d6c73ca9e5fc4fe8d96c14583

SHA1
10865e388f36174297ec4ecdafd6265b331bfdcd

SHA256
069db1a83371dcd2dd28a51def6cef190edcac6bbf35b81b7ee3c52105db210f

SHA512
73a5547c6d83227a08e2427f2e5eb6abf429d4b5b7e146fcd59b9fb8c9cc6eb9ff61347a3d46f83d0c7adbaff15e94e70bf40660c217f48e9a46a6e310aaf6b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsp829A.tmp\nsisos.dll

Filesize
5KB

MD5
69806691d649ef1c8703fd9e29231d44

SHA1
e2193fcf5b4863605eec2a5eb17bf84c7ac00166

SHA256
ba79ab7f63f02ed5d5d46b82b11d97dac5b7ef7e9b9a4df926b43ceac18483b6

SHA512
5e5e0319e701d15134a01cb6472c624e271e99891058aef4dfe779c29c73899771a5b6f8b1cd61b543a3b3defeaecaa080c9cc4e76e84038ca08e12084f128eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsu83A3.tmp\md5dll.dll

Filesize
6KB

MD5
0745ff646f5af1f1cdd784c06f40fce9

SHA1
bf7eba06020d7154ce4e35f696bec6e6c966287f

SHA256
fbed2f1160469f42ce97c33ad558201b2b43e3020257f9b2259e3ce295317a70

SHA512
8d31627c719e788b5d0f5f34d4cb175989eaa35aa3335c98f2ba7902c8ae01b23de3ccb9c6eb95945f0b08ef74d456f9f22ca7539df303e1df3f6a7e67b358da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
596B

MD5
d68372170e6d747e40cb0faefb8f8f98

SHA1
f50ad1c56af300f1911ad4fdaca5e41aafc12b46

SHA256
2a8870f7ce50e84178ae8a224099741083dfff83a0e82b4bbf1d4c0817c3f460

SHA512
3ec5d1aa4d4c888dfc27a665c68c0c29320746847cd2818fe1108098b6c5d1879cff21755c3a4b43ce6bd2163eb15ae436268b543f2cb3868882492800c9c0f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
725B

MD5
45510e60adec63d111cad1b0cbf83065

SHA1
302ab2219c34fd115205bddcada400e657d81167

SHA256
58998d8a35d1db762d7b2043176c50b915f1d4bdd6b9391a6090a5957be63a89

SHA512
e39b427aff4435472adae22e43da81ef42b424a2ad1d8c02df70d7fe4d6cbb0d08f9ef186b9c31253c28d92b3f93d1c7fc2012a22a1bae7b6c3e255fad595891

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
963B

MD5
a784d5479ee8c93cebe4bbd749929685

SHA1
ee5fc8c52d1499e98959fbfa3de766aed2a7b39c

SHA256
476b4fa5370d9792fe5ada59dc741178e707f18e79d5ccbac538dfc359a681b4

SHA512
b6381c8c2ae392bd6ff22ad70678cd96369b84ace851bb128ae9c8e407c6b5bf1b981c389fdf5c401dfab4f14466ee9564af3dd525399f580b8cc5683db62610

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
1KB

MD5
ddc091ed49abd77febbbf6d47b829985

SHA1
db9139ba05de1ad139e2f534cfbc9478b75c33a2

SHA256
68ce3da0ad6baefaa28e0051205272400ccf1b32e52641d3e30c2da30fcd6c3e

SHA512
04cd3f555aa84303e1bd822445817100d9cd5f3447d97ca3086c71d3a619c63f7a0a37e44fccfbf95697dec3c3e6379b177fb25f42a943e768f15809170ad997

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
1KB

MD5
590b83a8d5dc1d85a493490e3e99d9fd

SHA1
fb5912084951970d799d4fb145ded3dcc745ca83

SHA256
f3100e29de9325e74144e1bd727c1c520cb68986916449f3ba57374c49b16254

SHA512
c7057ecae2106f7409b5febc3f63b2cd3a2edb157c9c2f4db50777f98ca10e9d90c136f48ae803fdae44fb2946dea4ef23b314b520b60331666bc2a78991fc70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
1KB

MD5
b92ff6f027cfd8d0a614cb29a93947a8

SHA1
7595f4ea83a77ace25b83b64104eb43ba0c7e4ff

SHA256
e4dd846e5e74b75a6b5720e18f050114d46ef96546e85bedf3ba9c73c76b982a

SHA512
e96e8593463a75e104cf1dc5d24f66c9b03670704768f77e9425cb0c32133f3c4ab17ff355fa57a2c116d8f0a1e6ace943e4b05d77678e280abab45d8cd795cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
1KB

MD5
a1b5bc276e9ba4d8b25f66f655ae7cdd

SHA1
f5101d1e1bec13149f226183bcf44339fbe11b8d

SHA256
3c1af7faf78c177f4b8ea88ff020b07ba4d7347a285ceef29ee99a0a230d2b32

SHA512
2093c59c2b29a6e7a029b774bcb0cd56a6c62cae2d032afdad602a11a3878ebd4bea725c617e956aa0f2b64763bdc4f9a448ea56ce43b272a51ce5deba8141b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0o5pj305.default-release\user.js

Filesize
1KB

MD5
d6ea58ee48a5c659c30924f3572a3afa

SHA1
8ea2c55bb70c1acbc9076bdf1d7d633a4075d00b

SHA256
74e4bef63254948ce3968cd56b20ce61107c05a097d8040322caafea4923d75e

SHA512
21c30bd92594214fd7de59dfeafdd3bc4ce899e66395e1787de3c849744ee33c6806046ab8a0d3c945ab308d38243ded569a0534e5e92cf9929b4ab69789d791

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
1KB

MD5
67ddea7192c44136e5435f479cce7238

SHA1
a4bc865008c64f67594d5f62e71006e4eb9eb3cb

SHA256
337f5447a61f07f980a8d89824a07fe4e2ea313042b6f6d59c6e1d92e261c60d

SHA512
9f94f0aa1d228c818d169051fb00d125453a06ac6419b59e5bae1866982516ac1a14796ba484de53bc19aa9678c6e6181668e0fd90c197f7139be1bc3c7b4907

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
1KB

MD5
570c7a0fd5cba5e11e83071f353b3863

SHA1
d416048d6fa0a9696785480464adb27adf8d868c

SHA256
48fb3b85ab9837c949281363da43401c47182e36e333e5f312415f82dbdf0db1

SHA512
379eca4ebd730d45831610c7cd3a22d6ce3ba90ee43eecbfba7fd246c178004386796528c4674c1aa60d4b4c9008636306e2793ea4c6a16167ebd1d8fd67ae2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
1KB

MD5
f478cd3a6afc9319853e1be5cffcfc23

SHA1
85d32922f11d673e8bf21ad01c371e0ef824f66f

SHA256
bfd953333fca01a94745ec052fc96ff1bcba53988ce228b336d7bfadcd5a1389

SHA512
a42db2f0bf33b89064fc2b15bf12efdd50496031760bb3efd9f950a13d6cfda536eea53f228514130384b9d1007e3c02d0e401c9a7a873cb5975decf1a414a53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
419B

MD5
e36113def65e7fcbdd2459e926b9a828

SHA1
d61134f5732a66e25626265a7eb90ae3174c8a24

SHA256
cbc88630294bae69c2de0d376d24c1f9af627f9a748b35569db9fcee4e653100

SHA512
0e337c33bccc42f636059c197806a895b38603537e85a3caf651ba1ff24b1755f9840516aa64f4dcd1a96453824a7ef114eea7690daa592c2d7a415a502880f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
787B

MD5
b567c2fd91079e8e9ebc42ee68a471d2

SHA1
8a497388fc7940cd74221da5afc889d076e203b5

SHA256
cc894ca609415779f7d9c77a72ebc50801f67f706106c3df3666fcc257d0b175

SHA512
ec407d75a4335cc5de7a13f7558da32c6479e0e2c86e9448945827670e5a77d09c1597e47f25a5e47646e51cecc8dbb6779df460e7ff1f02ac92982d2b0e99ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
846B

MD5
72206c4ed04f26e1b2bbf7b298c07abd

SHA1
735710364f43cd7b7d17d980ee13dfc20377297d

SHA256
309e0251d270438a4b236e4eefb0110cdc7b72c3520558ddc6262bbd895f4818

SHA512
8f5eda4109320a63125501a346e5deeb4b6097376b232a672130cb1c5d1c63af2c29d105440a3a55174d9bc12ddfd3796e4d40088def49d34b64f6cab052a381

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
1KB

MD5
c783ada6da5d20e659833737b0ecfef9

SHA1
279ce38dbb4316a32337520fbc21069bf06744e3

SHA256
710b03332ef142169c1ff945d8e3aa5c1320db3588bccc2bc5d69e037c2390ac

SHA512
306448766505e1eb2caabca8f651272439df39d6f1693ac883d086b04d6d65431dd491e4637770338b7b1d87d4d5ae03bc8df2617cd782b525a6bcae25bd4624

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
1KB

MD5
1345988019d19940656efcba33b0b58b

SHA1
8fcafafaed3a75bf0ec39810e9967600217487f7

SHA256
57ec9ab5da816d7244349420e05e53fcf565af2ca8f0782ede9905006bcf3ae6

SHA512
f21950ec262a10a0e81e35cf0a7246a01a5dfa6b3ccc7aa4308290684e707d8835c9cdbf7372db0908065fcb484332e3555d1ca266e175ff1ec0735778a33269

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3xi90jh.Admin\user.js

Filesize
1KB

MD5
34705c217de6530255b78b862489a42e

SHA1
efa7786a841885148ef3ca81032d2c9feb4e61e0

SHA256
48a28e45af2ad6f77b656ac40962d13c1fde3efdfc2425800f66732933702ae1

SHA512
dfd85be4f1e1755c05f268d430bb51b898f020a5fc5d3e4cc6b60ff42ab53f2d0b8324afc8e302e8e077c358620af89a2d2c109b1903140bb646017b3a12a9d0

Download Submit
memory/1416-4603-0x0000000002F40000-0x0000000002F52000-memory.dmp

Filesize
72KB

Download
memory/4124-64-0x0000000060900000-0x0000000060970000-memory.dmp

Filesize
448KB

Download
memory/4124-42-0x0000000060900000-0x0000000060970000-memory.dmp

Filesize
448KB

Download
memory/4420-805-0x00000000021A0000-0x00000000021A9000-memory.dmp

Filesize
36KB

Download
memory/4420-803-0x00000000021A0000-0x00000000021A9000-memory.dmp

Filesize
36KB

Download