183c1ce5ac789cdd12e75554804dc4a1f635eb5f7d239eccd987475afa82aaf6

Resubmissions

01/01/2023, 20:01

230101-yrzhhafg4s 7

Analysis

max time kernel
150s
max time network
152s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
01/01/2023, 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Lunar Client v2.15.1.exe
Size

754KB
MD5

ec7ffaaf4aa860d1d0b843b5de15ac59
SHA1

8fa9b0ab0790149cb563d4d27ec8954e9ddb969f
SHA256

183c1ce5ac789cdd12e75554804dc4a1f635eb5f7d239eccd987475afa82aaf6
SHA512

44950aec9adb9e144cbe72ac4c3b652a748193c652d4558a04b3b9c995888869085e8c5d23f8e8030862ab26c744eb482d5affe0747ccf20fb0a9f41f527b736
SSDEEP

12288:5Meeeeeeeeeeeeeeee7eeeeeeeeeeeeeezeeeeeeeeeeeeeeeeee7eeeeeeeeee2:57IF0HL8MaDu173pG1szLSvJwCU4h0/r

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

pid	Process
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3844063266-715245855-4050956231-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
2748	Lunar Client v2.15.1.exe
3884	powershell.exe
3884	powershell.exe
3884	powershell.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4372	firefox.exe
Token: SeDebugPrivilege	4372	firefox.exe
Token: SeDebugPrivilege	3884	powershell.exe
Token: SeDebugPrivilege	3632	firefox.exe
Token: SeDebugPrivilege	3632	firefox.exe

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
3632	firefox.exe
3632	firefox.exe
3632	firefox.exe
3632	firefox.exe
3632	firefox.exe

Suspicious use of SendNotifyMessage 9 IoCs

pid	Process
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
3632	firefox.exe
3632	firefox.exe
3632	firefox.exe
3632	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
4372	firefox.exe
3632	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 3876 wrote to memory of 4372	3876	firefox.exe	71
PID 4372 wrote to memory of 4452	4372	firefox.exe	74
PID 4372 wrote to memory of 4452	4372	firefox.exe	74
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 2872	4372	firefox.exe	75
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76
PID 4372 wrote to memory of 220	4372	firefox.exe	76

C:\Users\Admin\AppData\Local\Temp\Lunar Client v2.15.1.exe
"C:\Users\Admin\AppData\Local\Temp\Lunar Client v2.15.1.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3876
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.0.1135663051\1767006847" -parentBuildID 20200403170909 -prefsHandle 1512 -prefMapHandle 1496 -prefsLen 1 -prefMapSize 220115 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 1604 gpu
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.3.57605491\301472701" -childID 1 -isForBrowser -prefsHandle 2280 -prefMapHandle 2272 -prefsLen 156 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 2340 tab
    3⤵
    PID:2872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.13.1614374170\482715614" -childID 2 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 6938 -prefMapSize 220115 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 3392 tab
    3⤵
    PID:220

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:524
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3632.0.790818737\1388689211" -parentBuildID 20200403170909 -prefsHandle 1464 -prefMapHandle 1460 -prefsLen 1 -prefMapSize 220448 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3632 "\\.\pipe\gecko-crash-server-pipe.3632" 1544 gpu
    3⤵
    PID:2832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3632.3.48626952\595548304" -childID 1 -isForBrowser -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 397 -prefMapSize 220448 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3632 "\\.\pipe\gecko-crash-server-pipe.3632" 2428 tab
    3⤵
    PID:588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3632.13.537430684\304544863" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 6553 -prefMapSize 220448 -parentBuildID 20200403170909 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3632 "\\.\pipe\gecko-crash-server-pipe.3632" 3560 tab
    3⤵
    PID:4408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\3E8DAED6B1701921F58544F5A60350EA114A215D

Filesize
13KB

MD5
2391dea67099be0198812b4a6ca1b983

SHA1
92b1553f37a17675de564e6d92c348dadc3d5239

SHA256
ab6b1527b03ea70220c833094556d141bb446d4f2da2be0314dfc01a1d998bac

SHA512
2f41fd26bfa896ae6cf0b2371d6d3da3a3989a0235778af93c0f55c7b8af450f4f642718321f63da1b69cdad6cee31cdcf54fcaa331095a26cc017faa3237f73

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\4903E7ABE348ED39D98D1C844FB81A906D5ECA16

Filesize
9KB

MD5
7d35f9e46af3843b731008cae3fe0d5d

SHA1
43d53a3a4f38c382f4528b83f2bed2b83f07e5b3

SHA256
58013adaf4ecc227258a20e8051245e6ff13896f58985aee0ddfeea9690a81e7

SHA512
576f09b66cfc614cbace623b5c081145ae52bd162af28ff2904be6f3071b0eeb9f07d8cdceed1f28d5c27681f17cff4c963de4a531eab73687f7ff8953d7f78b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\6D4934FE31BFAF4563C9C133D9CEB4B986FB5CA0

Filesize
8KB

MD5
e7b97644a08c81cc2f105e07526e1de7

SHA1
60963eaa614937aecc4ffec482c3ac77ba25384b

SHA256
f4f56d809b902acbb4e071a75e2e3f3afabe4086c811cd1d96db2f08eca4ea55

SHA512
a71a3a1af5245e72bbf332d27449591d621034e229ce6bf04cf226d4d7540ac0975fc4028596af67a52cbc9bff8d0ac7a96a519a1bb1d2df67a1e1c0a0ef6d93

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\BED8997268544C4202FB6C0E8FE619E4D43EF60E

Filesize
9KB

MD5
c2c9e713782e0cf6690e014dd9df7442

SHA1
f1b59e285e0528d1f1672e2e0dada3407207e9a2

SHA256
57a05331c09d588bc2bdad0088e6b9d9d3890dfa5762b0b4aa069f17ee847fc4

SHA512
6ac3ef63e28292f95b8dc90fed64b6f2709e5af68fbcc633b62522a17a942e6b64160b38e294d05198cd16f132f886acf8c0f72e53335fa1cd9361b1c076106b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\cache2\entries\ED07F042F4253F704BFC7070ADB92A3EDC4588A0

Filesize
8KB

MD5
d54465cd0954b15ce196be81a7fdbbec

SHA1
4747b8a42731b6cd6713b219f50fdde589da393a

SHA256
66bc19b6e32e556e889c06fb170441c221d95370e4db7cd93d61ff2b7b5535a9

SHA512
165da914b86fbe6a612cae50b164caae0b9cb3b7d597d060f9360a234a1bae51c6c428554911d2cabb9eb20cfc7140ebeff0247453cce5bb8c943b213ed70d45

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\scriptCache-child.bin

Filesize
710KB

MD5
abc24374f5f2de85d61a56f94e5d6b44

SHA1
b8abb954ee5f65629a0fb250261efb3fc797f9e7

SHA256
49fd5e15aeb2e56cf2bc1a4e5172bc3f2493e9fd78f4dc6fa85fe2d70dfaab2b

SHA512
fd630de06ffb1a5e19a171d4b333a2fb1f8e7817780e10c0f0d12f3c7e02736b73a68799e70569512d6b1cea438b6a57bdc956927e49cb68bb900cc78c40583d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\scriptCache.bin

Filesize
6.7MB

MD5
2aae05bf198a488a0642e270c61f01bc

SHA1
60bcab0a428636cdbba90994969a98ad6b42c6b7

SHA256
afc271d0bfe66e8b29cd79351520e383a593da9a12136398aadeb8f965d13483

SHA512
9f71c498371731bea4382b00c641ab7d9c33d3433f4fdf7c840142f4319efb66b555407df6cae57207f1ba1d55b544f28e5644d19ece1ee65b0e549f9f1b306d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\startupCache.8.little

Filesize
1.6MB

MD5
0ab6e8a2c99a4ca23ba2a62fd5ab02d5

SHA1
5062871a43be8076777eb75d9caaa0939163ec71

SHA256
92e91bcf7d4b8763260403273279f379a86e5d2b735e09078cb5a2c3db93f00d

SHA512
602fc7c47bbfeed8e8c9309fdae4bf1de1958b11f44762d9bf9e64a78315d92fa63e3fce2747fea43b0bef2eb0554eddeb9fb8eac8abe64a95b92a3e983ec81c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\hret3y5j.default-release\startupCache\urlCache.bin

Filesize
1KB

MD5
53448ff0f2e62dfbf1e039024f97222a

SHA1
bc505757ccf3521f2e299333326957207e39e7c3

SHA256
4dccea4b0e53cbde64b3a793430f2b748a10c858149b1d8e8c0f5d457f22f0be

SHA512
f1aee6011a5988e7a15aa268bad96ba2e5079ab11fd2eb15335ee9ee79348206bb6b237905da231f3b40571ab9ec992d55c69cd5db5985efb1eebd8e10884eb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\HRET3Y~1.DEF\cert9.db

Filesize
224KB

MD5
9c25de1659a61bc11297c25203daeea5

SHA1
b12c217909a3f466d75ec8ecf36604ab2a092d65

SHA256
98c1d63612d453e21b192598a8f32dee3039cf4a7868d8a8c637f808cb4cab00

SHA512
503dbd14f57f0745c3bc3f52ed2fe5a7c3f068bda47718ee476e32d3a6fa1a2ac175ee0e749eaf509193bdb71f6255ea29287b58a3befcd4d5edd22e10a04978

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\SiteSecurityServiceState.txt

Filesize
1KB

MD5
48e7862941c54bd6d831019a314d23f8

SHA1
1f440ad39d24d623d365e4cd89868042e672891d

SHA256
1ad620773d493335c7360efa77cfbb924b49cd5d4c4f5397b5db0106467f724d

SHA512
2c42e35fd4cb0ce54e52526bd348d1d2976706ab0f606402c824d347204e2be21e024ff5cc6d44092bd1b8b7764611fb4085bfa9e5f902d23aeae671830230a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\addonStartup.json.lz4

Filesize
1KB

MD5
bc4bd0071af0574fe57b6756f0b26071

SHA1
dfc6af6b87b58391f67679a24c28495503f9e75d

SHA256
2f0cb964330decccb1375985d126d6cd2fec171e344cdd6e21026fa9459d8ad3

SHA512
9cd3f9140a3beca18114253556281c48e0a2401d8e7bb01b518a0615caf6a1f4a8cece627c00caaf9cb3f7cf3a57a224ec5233682b5b3f8e933619b85488551d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\cookies.sqlite

Filesize
512KB

MD5
168062f8d1530edd9480d82812449cff

SHA1
5b5e0462259e0d5c43315ed476e6135379184f32

SHA256
e1a0d8ca5cacf6d0dd9cdf038eb10c350a64b9c6483ca7bef57ffb76ea29f8c2

SHA512
20de8321190d01809b661bfc9ab10a7074ad08397e7e7f093433e4c7a78f63196bd9f74b2cb2637cf3af2cf8e359f42c8cdbcf2b045cda40728f79484ae41d6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\favicons.sqlite

Filesize
5.0MB

MD5
76758ca7508d3d86191a6a1f0e906f70

SHA1
13127cea839a11ce414705448d89ef8b01254f66

SHA256
1550c1c56d330baa41ee45f79d6f3f43e1e61fad6ace8a952697db131442407d

SHA512
e53a2e32930c872c32f05f6a6ebb2886ad9abf8d10ba8a8237ffa765a3a9d81be8025493271c8c80a2efb06ea40a1e65e526fa370776f3000256813c2701a295

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\permissions.sqlite

Filesize
96KB

MD5
5c7b8ba126d1f0b3541ccc025a09d9ae

SHA1
ba97aff69601c8110ccb85f2c8afc6932785e754

SHA256
2988ca8e65b85f6e425e2143dc5d138f8a3ae6d417bb9cdc4e68c0e9ccf40ff4

SHA512
7a52ac553224b7fc00db2a41e57ccdeea4d0eac7e0f0b4fec4607152c65299742902623412ad01c6f542cd9c975541eaf55795b751c58e8ac488e84fb7a89e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\places.sqlite

Filesize
5.0MB

MD5
52b8d786ceca1209ed0de7b556dd68ad

SHA1
50dbc5aca72f794e178c979efcbf65f66583db22

SHA256
b96fb84ae66611e12c3376122de92dde9df59be8509a64b8a968aa9cb7d91bde

SHA512
1053484e76986e415de7a2cde83a6e0ca28dd1d1cd64468a4c562d13b9906c5668488a7bac450993e054234044ee13afd63813b4f31aa5ecc7f12db63d857d99

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\prefs.js

Filesize
6KB

MD5
a53fa02c9f47dc2b24b76518020cba5d

SHA1
e0bb9e779ac9472caa59ec09c89facc9e67fd768

SHA256
c22f639f8cad290ea97f4e95d589e6ee3da684902467c593866bf51c622b731f

SHA512
3e9d6a956900e6e0c470b7249a9477faa9647c6d9b7e26b4603d9b27c6bff7e2f0793438d0d9559687432fa55390d5844ab03f43e3cd31bf9496ab64c1fed8a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\protections.sqlite

Filesize
64KB

MD5
4927580c1e810f002596f4f5a897c212

SHA1
25fa821d1d32302eb522b676016054fd2ab586ac

SHA256
2b6de8b3b9e58dfab96d738d108fcd9f8862a56d4489561bd5b25f2a1aa14916

SHA512
dded7816d5c11a23f3ba4fd11ece332b368fcd773f7f71c9ba57c03f31dd676f85433ff693d9721939f13fc430e04032008f6771fff2ec137703e95a95091537

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\search.json.mozlz4

Filesize
2KB

MD5
4253cfb00e140e78853062c5bfb38233

SHA1
eb43865bb0fedc6be7ebe1feb416e66f19fb9c7e

SHA256
d8e895d1c4021871b13669eab60d2e58d32d45281b0c4007366c16afa585c364

SHA512
e38a3ac6b21ea14c19c9288800e0b466a816e19576467b18512bbf3373ba24b9c77af40f16571542e0e810adb13c03981bc4895d7726f15b7e90fc73ea4c5ca1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
51e76210d866134095490cea00a6307c

SHA1
b609f97e0412297bb01f7022eed0191f0b5c880f

SHA256
dd421257a4add8c36586f5c0c1a615cdbf9b35b4f54464ca8a8bec7564124cb8

SHA512
996cfec511f4b9cdbccccebf37548d2e9045e46c9a5456bafaec8a87a72aae68c321dd4fedce1346dba95b89751f247291e1fe55c74df5b89ff0a03872fee1bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
72KB

MD5
e0e98b2e2e38afb80a899bbc45555e68

SHA1
2fc376800fe51f1fecd2099184cd75e1c403a434

SHA256
7c9cd127fa1c9e09383dee17d786c88ae959fb362b0cabe768283c8d027d1a92

SHA512
bfb5b709f2c73e674251b3b27333793665839c145b24513393a887b6a81c53841fd58cfdeaf85e4e7536293b0827907f551fba4055ede99117c44682ed2c2575

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
3.2MB

MD5
5f85d9b51534afaaabc1acf6bf8c22c7

SHA1
79c35252bc081d9c46785c89d748a2c9606daa17

SHA256
7bc8deced35368b61cac7dcdaea74973b1c0779a666ca7139fb651b21283c612

SHA512
01ae2ebcc9a3ccecb67017e57e9d2f386c5be2036df2ea29456da7cd9d60163158cfebba422de3c5e4a405a144d1626bf98db24cfff9f88d0aa2843dfc55e30d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\webappsstore.sqlite

Filesize
96KB

MD5
2d26e5780e00749030d6cef67c532356

SHA1
49d44424da69e48f107c8146006924f232c72819

SHA256
c7b00734d9ae8fbf989b943f173eadca51453508b7be41731ff275e73c276843

SHA512
667632a01d4a1c4f5af6d2cfad191250ed47eefbed605438331678d0fb921e2930bf3da7a0cd58455f2afe5529b6e1e4102980b7ca73e50b85684481ee39dc52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\hret3y5j.default-release\xulstore.json

Filesize
143B

MD5
0da9a367555a972ce7c30b946c5fd45b

SHA1
ec90d6fca3269847811fe8e138825999d477e0d9

SHA256
2ce9192a2f8cb0087bcb75e1b9a070eceaf004efd2744117774050f2a6eff5dc

SHA512
ce48e2eae49d811acc48d5f12b2cb33ba7ebf133c86690fa86359984031cd9856de4b49bfa83c9496f0df5719c6ef0b7bafd6c6a1d0840703c68713f696b4672

Download Submit
\Users\Admin\AppData\Local\Temp\nsk6ECD.tmp\INetC.dll

Filesize
238KB

MD5
38caa11a462b16538e0a3daeb2fc0eaf

SHA1
c22a190b83f4b6dc0d6a44b98eac1a89a78de55c

SHA256
ed04a4823f221e9197b8f3c3da1d6859ff5b176185bde2f1c923a442516c810a

SHA512
777135e05e908ac26bfce0a9c425b57f7132c1cdb0969bbb6ef625748c868860602bacc633c61cab36d0375b94b6bcfbd8bd8c7fa781495ef7332e362f8d44d1

Download Submit
\Users\Admin\AppData\Local\Temp\nsk6ECD.tmp\SpiderBanner.dll

Filesize
9KB

MD5
17309e33b596ba3a5693b4d3e85cf8d7

SHA1
7d361836cf53df42021c7f2b148aec9458818c01

SHA256
996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93

SHA512
1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298

Download Submit
\Users\Admin\AppData\Local\Temp\nsk6ECD.tmp\StdUtils.dll

Filesize
100KB

MD5
c6a6e03f77c313b267498515488c5740

SHA1
3d49fc2784b9450962ed6b82b46e9c3c957d7c15

SHA256
b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e

SHA512
9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803

Download Submit
\Users\Admin\AppData\Local\Temp\nsk6ECD.tmp\System.dll

Filesize
12KB

MD5
0d7ad4f45dc6f5aa87f606d0331c6901

SHA1
48df0911f0484cbe2a8cdd5362140b63c41ee457

SHA256
3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca

SHA512
c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9

Download Submit
\Users\Admin\AppData\Local\Temp\nsk6ECD.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
memory/2748-139-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-179-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-147-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-148-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-149-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-150-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-151-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-152-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-153-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-154-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-155-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-156-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-157-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-159-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-145-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-161-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-144-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-162-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-163-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-164-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-165-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-166-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-167-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-168-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-170-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-169-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-171-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-172-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-143-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-174-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-175-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-177-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-142-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-146-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-141-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-180-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-181-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-182-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-183-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-116-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-117-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-118-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-140-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-115-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-138-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-137-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-136-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-135-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-134-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-133-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-132-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-131-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-129-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-130-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-128-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-127-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-126-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-125-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-124-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-123-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-122-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-121-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-120-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/2748-119-0x0000000077100000-0x000000007728E000-memory.dmp

Filesize
1.6MB

Download
memory/3884-243-0x00000243C4CA0000-0x00000243C4D16000-memory.dmp

Filesize
472KB

Download
memory/3884-232-0x00000243C4750000-0x00000243C478C000-memory.dmp

Filesize
240KB

Download
memory/3884-213-0x00000243C45E0000-0x00000243C4602000-memory.dmp

Filesize
136KB

Download