hxxps://we[.]tl/t-VCeNt9Cn60

max time kernel
152s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://we.tl/t-VCeNt9Cn60

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 1 IoCs

Processes:

BluescreenSimulator.exe

pid process

1840 BluescreenSimulator.exe

pid	process
1840	BluescreenSimulator.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{9C241425-D0AC-11ED-9F77-FA48AF8140A7} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\BluescreenSimulator.exe:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\BluescreenSimulator.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe
Token: SeDebugPrivilege	4052	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

firefox.exeiexplore.exe

pid process

4052 firefox.exe
856 iexplore.exe
4052 firefox.exe
4052 firefox.exe
4052 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4052 firefox.exe
4052 firefox.exe
4052 firefox.exe

pid	process
4052	firefox.exe
856	iexplore.exe
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe

pid	process
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

iexplore.exefirefox.exeIEXPLORE.EXEBluescreenSimulator.exe

pid	process
856	iexplore.exe
856	iexplore.exe
4052	firefox.exe
4588	IEXPLORE.EXE
4588	IEXPLORE.EXE
4052	firefox.exe
4052	firefox.exe
4052	firefox.exe
1840	BluescreenSimulator.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exeiexplore.exefirefox.exe

description	pid	process	target process
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 4208 wrote to memory of 4052	4208	firefox.exe	firefox.exe
PID 856 wrote to memory of 4588	856	iexplore.exe	IEXPLORE.EXE
PID 856 wrote to memory of 4588	856	iexplore.exe	IEXPLORE.EXE
PID 856 wrote to memory of 4588	856	iexplore.exe	IEXPLORE.EXE
PID 4052 wrote to memory of 1152	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 1152	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe
PID 4052 wrote to memory of 4400	4052	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.0.2078223520\878289480" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b13db6e9-c9bc-4295-826c-382fc4fe1674} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 1952 1d3784e1158 gpu
3⤵
PID:1152

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.1.1583375110\416873479" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52d7b1bb-797b-42a3-a388-580f2a750ad1} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2332 1d36b570a58 socket
3⤵
PID:4400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.2.385394200\591264389" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3156 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00f4f605-d6fb-4f7e-924c-c77e0043ad43} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3196 1d37c179e58 tab
3⤵
PID:3472

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.3.840719861\1462820276" -childID 2 -isForBrowser -prefsHandle 3208 -prefMapHandle 2804 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdb37261-6e6b-45f0-8f08-e9cbb7978a61} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2880 1d379d42b58 tab
3⤵
PID:3800

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.4.1908922745\554387257" -childID 3 -isForBrowser -prefsHandle 2916 -prefMapHandle 3312 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3e2de26-3fba-4bcd-ae82-0e6921f02c94} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3164 1d379d40758 tab
3⤵
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.5.1893408937\741172057" -childID 4 -isForBrowser -prefsHandle 3736 -prefMapHandle 3740 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10ba104b-475f-49b4-99e4-41924f3860ca} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 3724 1d379d40d58 tab
3⤵
PID:2680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.6.2123948794\170172526" -childID 5 -isForBrowser -prefsHandle 4544 -prefMapHandle 4540 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61f71c30-a827-493e-ac92-be23675983db} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 4556 1d36b55b258 tab
3⤵
PID:5032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.7.1314129972\991966643" -childID 6 -isForBrowser -prefsHandle 5240 -prefMapHandle 5252 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58dd6deb-2ded-4384-9459-3116310e5c8c} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5264 1d37e7f4b58 tab
3⤵
PID:1080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.8.1523281518\1577238324" -childID 7 -isForBrowser -prefsHandle 2808 -prefMapHandle 3100 -prefsLen 26676 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f3aaeb1-dfa2-4cad-bfc1-805228e74e5c} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 5724 1d36b55e258 tab
3⤵
PID:4844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4052.9.1921524761\669297437" -childID 8 -isForBrowser -prefsHandle 5956 -prefMapHandle 5024 -prefsLen 27116 -prefMapSize 232675 -jsInitHandle 1448 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7443233b-817c-461e-be0b-c074d8a5aa5d} 4052 "\\.\pipe\gecko-crash-server-pipe.4052" 2948 1d379d41958 tab
3⤵
PID:2044

C:\Users\Admin\Downloads\BluescreenSimulator.exe
"C:\Users\Admin\Downloads\BluescreenSimulator.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://we.tl/t-VCeNt9Cn60
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:856

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:856 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:4588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp
Filesize
152KB

MD5
efee3a59524d4a90220a778910d701ce

SHA1
ef818606d08ac13c0b634eb7a1fa71c37b0eb426

SHA256
7b910f9207597ec42f4575919736ab6eaa1130990f2830dbc6a2cb156a98adbe

SHA512
020e583177ff2d34e5a33dc6bd7af7198f49dc6788a4f8c96f790d14264742565bb9358860def22ea767018f121e11990dc0056bc8a7cc61a98f499b09a95c5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
fcf80e578f82b4bf8d634422e5268cf5

SHA1
dc63ef9475be3f8e980f5a5bcfa4ecf31a955b8a

SHA256
645d83055c8739ea41754432df99a019e2691b2d80d8a4f445825eaf65de7ebd

SHA512
ce3b883aa22175bc08dffd4670bb7fd3637a3a8e858c9d26a7e62ec53d0f4b399a48d38d5979e130b883d9c0176a7e3db53d04eab0a89f0aae0b410a38c7d4d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
e02afb644409ce26bc61fbeacd1d3376

SHA1
c8133aa61fdcb2e6035641a1b8bfe54ad9e9e9d5

SHA256
fec41e1b3274106293ed493204a76312e133bcb139fffd903f0736305f498d3d

SHA512
f8f7bd570b7e0ba23abf407dfe5ac840d320f53fcd9fb63fbbb8c954b3e0c118134ce068382698cd1edfbdf1507a7866e0a8cf5934bf980f148cdc2bccdecce1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
7KB

MD5
f46184b1493ca31b0e38230643185feb

SHA1
dc0364ca7893a723f9bb2bf915dbf89a2a95af63

SHA256
839876a7f553d0fb306fd6617fb8e8fd8dcab2c557ff8324fd5d58aaa9d36ef4

SHA512
75b82519a971109ccb49d3a56fc5490837871b008256bf0aa1f6d49dbba8a73d7dce1db685745ea1fa6a5ea0c4d1e0de546c083a61dc1b9c8954b96b37a24a94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
7KB

MD5
2d0c4c489cd51f4d95622dca6660f5f9

SHA1
154fba109c7952faef483722dbf185910c8c7e12

SHA256
ddda443e33b9f37b3f358cb23418cc7273dfd59c2f35d5ab95127372f3f68881

SHA512
8a220bd49f0dc53ca8eebbe8e2fdb63c0531ed3744d09e68febbbe95c838542f5c310adc7f7992b5012069d83b09e8199676af5c6b7e09d3a10b25f8b3ed705e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
7KB

MD5
3ed6d7467d569e25ec141708001a8ad5

SHA1
e91282064082851650c67cd096a867d4310cc95d

SHA256
b1994dd8f583d9e7116e3bcfb778bad058129d69adbfeeae285add702f99323d

SHA512
d26cd577f390d4df19fb4f0489f6f8903a717b0dffec874ec84c5c811d1ca5771f28d32c58d5674574b6920613b9aa1b76f5072473e0fd74a76b84ec92de6741

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js
Filesize
6KB

MD5
3425d247ab92b56037dffee96a90f15f

SHA1
e7b4d1f5da45d31badffa17b5bf2f7830b1122d3

SHA256
3cec81913a9a277e92a40661d7af06a7469f364467348c614a68cf041d0af025

SHA512
008cd2753f32167e9ed5d48e181bf9b964a6b4eb84fdfe1d93a602b9cae2dd3b4999b09cd87beee7b74321bac3886b8981bf6578b1363a333cea2fd2cc0f5a03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js
Filesize
6KB

MD5
1984b45f201f1fd79d2154406648433b

SHA1
42f082dc6d4d43333688690bf4dfa7c7f8b618ab

SHA256
000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

SHA512
e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
e77f55c38149f15b5afddf41b88b2c33

SHA1
d56f2f46fb5ad9fba92eca1e5e76d43d887493a2

SHA256
5d6492197910315917efe25fd5fa3743e92ae5fe2f7433ae0315af0e45fd8cce

SHA512
4f9407f0e99cb395c43dc7e96f6b55c216fcc834dc0bf4dea621724b440ef609f75724d36f56f0329e1991c8eda1c7156b0430111381d94874c39d5683f32c7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
d7bb17a6d328a9d5f4e1c1257ef70bbd

SHA1
89107235cc9d43896b8444d57e9170d568783870

SHA256
535b00339d91136d4a1749d3819f5118dd49f17bc57568f61afe1ce9dec905e5

SHA512
c9d22a7d0020256a43d795e49a4dab5a54898e5fdb68cb7fe6ff95d8945a47c6f9960386b1e4d67d010d885f7ea1b7e8de71d4d13e08e08c7a24a8491cf633ca

Download Submit
C:\Users\Admin\Downloads\BluescreenSimulator.exe
Filesize
435KB

MD5
c729d1244f267a4a9ee8d565b9d3d973

SHA1
6a2990aef82674312751d68737f19309e0a06504

SHA256
31e1a16d982e4415d8161baf6817038b8dee191c996d5470338026b7f9fcce1f

SHA512
a935bfdf0c46a7e1bb2276731374227c4ff01e1fb9813e458d3b110a50c563fd4ab38628ec81044ab927b34e90f39309b29cac94528358b5662181436ee93146

Download Submit
C:\Users\Admin\Downloads\BluescreenSimulator.exe
Filesize
435KB

MD5
c729d1244f267a4a9ee8d565b9d3d973

SHA1
6a2990aef82674312751d68737f19309e0a06504

SHA256
31e1a16d982e4415d8161baf6817038b8dee191c996d5470338026b7f9fcce1f

SHA512
a935bfdf0c46a7e1bb2276731374227c4ff01e1fb9813e458d3b110a50c563fd4ab38628ec81044ab927b34e90f39309b29cac94528358b5662181436ee93146

Download Submit
C:\Users\Admin\Downloads\BluescreenSimulator.hTF8cNEY.exe.part
Filesize
31KB

MD5
6d937d747fa84ba6e877dbfa93739001

SHA1
2de93cb7c10b2ff102c106b44d44b9963644bbd5

SHA256
183ae5f77bf3b13ee0e082cd92d376b31c416a366b76808645b1b09c992bd062

SHA512
f2a39c7440478372a207c1d37a9f0c21bc213d7c188fca8c8354ad7d5696778406cebe80f4e47749d47c0ccf8600a47a98a05a63ee3d1fdc7084e6c2d8c04b41

Download Submit
memory/1840-789-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-843-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-790-0x0000024EC05A0000-0x0000024EC05A8000-memory.dmp

Filesize
32KB

Download
memory/1840-791-0x0000024EDBD70000-0x0000024EDBDA8000-memory.dmp

Filesize
224KB

Download
memory/1840-792-0x0000024EDBD30000-0x0000024EDBD3E000-memory.dmp

Filesize
56KB

Download
memory/1840-803-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-804-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-783-0x0000024ED8EB0000-0x0000024ED8F26000-memory.dmp

Filesize
472KB

Download
memory/1840-893-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-904-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-905-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-772-0x0000024EBE650000-0x0000024EBE6C2000-memory.dmp

Filesize
456KB

Download
memory/1840-949-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-1167-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download
memory/1840-1258-0x0000024EBEA10000-0x0000024EBEA20000-memory.dmp

Filesize
64KB

Download