Analysis

  • max time kernel
    248s
  • max time network
    279s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    06-07-2024 17:39

General

  • Target

    setup.exe

  • Size

    584KB

  • MD5

    d514bd9fff9f7ccb2180d3ac7ce0e32f

  • SHA1

    ab6c7a7f24e7c4f673a3ae67dff2d3507cd52eb0

  • SHA256

    3ca04ad50b4f41756bf91bce1162e408a7da7b6b5cca4331d3fcb51e8009fc6f

  • SHA512

    fe7c6e0eeae066cebafae70a26c1e83effb8ae60a626fed39717e04b7528e1353a6a8c8c8686fe616c21ea813e89462102e071dc25c2001b2747196997109cdf

  • SSDEEP

    12288:NZv/eN/Kg1YdGG1TFTzTXcN3CNIb88WsNMP5F1k:NZHeImItf7W3CNIb88WsNMhF

Score
10/10

Malware Config

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

  • RedLine payload 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 31 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 39 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1592
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:196
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3364
    • C:\Windows\system32\SearchIndexer.exe
      C:\Windows\system32\SearchIndexer.exe /Embedding
      1⤵
      • Drops file in Windows directory
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2768
      • C:\Windows\system32\SearchProtocolHost.exe
        "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
        2⤵
        • Drops file in System32 directory
        • Modifies data under HKEY_USERS
        PID:4852
      • C:\Windows\system32\SearchFilterHost.exe
        "C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
        2⤵
        • Modifies data under HKEY_USERS
        PID:3848
      • C:\Windows\system32\SearchFilterHost.exe
        "C:\Windows\system32\SearchFilterHost.exe" 0 684 688 696 8192 692
        2⤵
          PID:4356
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:64
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4456
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.0.54333381\860364394" -parentBuildID 20221007134813 -prefsHandle 1348 -prefMapHandle 1336 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84a3d17f-3f62-4d48-8299-a5e39a7fc157} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 1412 17923104858 gpu
            3⤵
              PID:1768
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.1.615283032\764605898" -parentBuildID 20221007134813 -prefsHandle 2552 -prefMapHandle 2548 -prefsLen 20926 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01f2f488-e88b-46cc-b88c-c333e49ca81f} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2564 17916e72558 socket
              3⤵
                PID:328
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.2.702987592\1908524043" -childID 1 -isForBrowser -prefsHandle 2880 -prefMapHandle 2876 -prefsLen 21029 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1664592-6360-40ee-ab15-64b46c1a6f7b} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 2856 17925ff5758 tab
                3⤵
                  PID:4188
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.3.1419169631\1323436497" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3472 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {343fd5d9-4ddf-4dae-bc71-442e0fbeff44} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 3496 17926e58e58 tab
                  3⤵
                    PID:2756
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.4.501326920\390299804" -childID 3 -isForBrowser -prefsHandle 4156 -prefMapHandle 4152 -prefsLen 26349 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63132fae-37d0-4916-a84a-786847e12b1d} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4168 17927cb6258 tab
                    3⤵
                      PID:4352
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.5.1917211897\1865538562" -childID 4 -isForBrowser -prefsHandle 4524 -prefMapHandle 4528 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7cee4ae-dc72-4c85-b3d2-e5d7fa83bfc3} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4844 1792852a258 tab
                      3⤵
                        PID:3240
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.6.1410779660\721861218" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4952 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0df1d012-26a9-4fde-8ac1-720e020232fe} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4944 1792852b458 tab
                        3⤵
                          PID:3192
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.7.945451999\312559577" -childID 6 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c50e0c66-cbf9-4042-9900-d86eb18a3f2b} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5124 1792852ba58 tab
                          3⤵
                            PID:5016
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.8.37912494\1350282710" -childID 7 -isForBrowser -prefsHandle 1892 -prefMapHandle 5464 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4f4faba-b9c4-4221-8e82-bd76a835b669} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5524 17922361358 tab
                            3⤵
                              PID:1908
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.9.1384098459\757091360" -childID 8 -isForBrowser -prefsHandle 9580 -prefMapHandle 9568 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73c3681f-cde6-48f2-a9dc-3a07f486b880} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9700 1792a05fb58 tab
                              3⤵
                                PID:4908
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.10.1522672919\1909330852" -childID 9 -isForBrowser -prefsHandle 9560 -prefMapHandle 9536 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {611bc405-c943-4ba5-9d69-779be4331dfd} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9420 1792a1c0b58 tab
                                3⤵
                                  PID:1340
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.11.221245229\1957846456" -childID 10 -isForBrowser -prefsHandle 9436 -prefMapHandle 9372 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {08f3a74c-3219-470c-b243-1ee5b0598650} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9504 1792a1c0858 tab
                                  3⤵
                                    PID:1872
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.12.1851451058\974169414" -childID 11 -isForBrowser -prefsHandle 9380 -prefMapHandle 9376 -prefsLen 26608 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d839e899-8dd2-44be-81f4-84b27aa78942} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 9392 1792a1e5058 tab
                                    3⤵
                                      PID:2920
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.13.676557344\1358710551" -childID 12 -isForBrowser -prefsHandle 9620 -prefMapHandle 1856 -prefsLen 26913 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73ab181e-e2cf-49e3-9e94-b4cd346cb235} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 5396 17922361f58 tab
                                      3⤵
                                        PID:5440
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.14.1986800447\450002996" -childID 13 -isForBrowser -prefsHandle 9780 -prefMapHandle 9180 -prefsLen 26913 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a402789a-e385-4665-867a-57bd960c9355} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 4544 17928c7b858 tab
                                        3⤵
                                          PID:5888
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4456.15.387560930\1856545510" -childID 14 -isForBrowser -prefsHandle 5316 -prefMapHandle 8396 -prefsLen 26913 -prefMapSize 233444 -jsInitHandle 1176 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33eaa7c2-eea1-4ab5-ab73-cd41b93aab60} 4456 "\\.\pipe\gecko-crash-server-pipe.4456" 8452 179295d6058 tab
                                          3⤵
                                            PID:4760
                                          • C:\Users\Admin\Downloads\setup.exe
                                            "C:\Users\Admin\Downloads\setup.exe"
                                            3⤵
                                              PID:2524

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb.jcp

                                          Filesize

                                          8KB

                                          MD5

                                          f62df3c6890148b7b91eaf4a2c158879

                                          SHA1

                                          38c58aef696230e5d53fab0a3ad3008c4f1a8e0d

                                          SHA256

                                          064285fbec6daac5c4d08331eb5581e633ffed3e63f90fd95c45a03dd53f699d

                                          SHA512

                                          f8788e1a9706cb4966e41d740f25acc095c0b81442969474a32a0e98769c57fda961d25ed63a792522335d651a501e6ad1f0799c76790c599922926aa4324556

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

                                          Filesize

                                          23KB

                                          MD5

                                          4bd1f2524ef26f167562a9dd83beeb98

                                          SHA1

                                          a9e4333107f6074b46978676a1a2a9ada13d2590

                                          SHA256

                                          fc2a3f8b1d5d0fd888dd2bf05b96568109e16fefa6fe46007508306abd45ff96

                                          SHA512

                                          83cca187cf539b487b45bb2c5e3f9e7dab0e057b882369378d3ef1fe530a9e786d55a55c9117c6153fd3c7f22287f8f022ff2ae3d36e8f5c0d80a31cf5a0d03d

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\C79080D6B96DE2577C1D688BA27AD43D8D789F0D

                                          Filesize

                                          18KB

                                          MD5

                                          809536a8ae3e1caa3c887d6a35ca740f

                                          SHA1

                                          b7801f10897ce605c84c3a0d6f0a6bb661604fe7

                                          SHA256

                                          03e0c3b3a33b08af5378e2cee2f449ebb032be237a55574a00f95654c05b7486

                                          SHA512

                                          626d4b0802b68db8c9cdfd57939b0b56d876ce8f90edb82806eb2e4104c3e8d53e82372f1dd2757bbb5370ff52408b18a3f93ec32e331543ebbefb8e94d4b290

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

                                          Filesize

                                          7KB

                                          MD5

                                          c460716b62456449360b23cf5663f275

                                          SHA1

                                          06573a83d88286153066bae7062cc9300e567d92

                                          SHA256

                                          0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

                                          SHA512

                                          476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

                                          Filesize

                                          2KB

                                          MD5

                                          826341e1f7318803e550b3abfb518e14

                                          SHA1

                                          444b719bfe3eb17206bdec8d31af1d2458671d78

                                          SHA256

                                          a3f3cc0c2ab90022495e758819411efebd0fc7c43d746e1c73b0ce18e2d363fa

                                          SHA512

                                          3a5984294ab9dccd0baf86d59566f49e0637e5f2cacba440cb6fd0d4e193d20ec7f71b1232b3a596928084d0c310a1a1f8855f36457f6f96c6010c17d0997064

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\4104454f-e104-4a14-894c-6cd04c8568e4

                                          Filesize

                                          746B

                                          MD5

                                          3a657057864b3f8cec59445e4cf61696

                                          SHA1

                                          773c77f6c73dcd6e69a72d93ca91620a85a95e6d

                                          SHA256

                                          471aa5419c9355c9f3eeb2c5cac0643c9ea7004ff985720a346b1b4e6e05863d

                                          SHA512

                                          0749fc96c650916d232b098fe1f18b3bd87c8b2f88798e27ffc86c25e73be07556c60a5f69e2f2e5ba031200c1ff0547c44fd3408b30f206551bbff312b312e9

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\de35faa2-4893-4531-9b71-25a5d325a330

                                          Filesize

                                          11KB

                                          MD5

                                          ce55d352e33db89cfcac3f53cf79ff59

                                          SHA1

                                          6946d1b88c5feb39afb98180611eb1e03b1a17d0

                                          SHA256

                                          f3ae51c939ed32dd407bf90a5c77d9b7d52986cd489513fc2e9a5737fca1dfb0

                                          SHA512

                                          c28f0a69af5ecf0ce75aa4166214433be53d0f3f6422d08458721fd3d27f66fec51f036cf2913adb7675c827f2748c8ab896e082d315fdf9740ca416f48c1f9d

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

                                          Filesize

                                          6KB

                                          MD5

                                          14af3819c879daa73187363b42d26926

                                          SHA1

                                          e71a7c0751eb9749057b47046b0dadab1d68f402

                                          SHA256

                                          0624967842d594857b7b0bc361998cd65ec88f3fb34cd0cbe8fd9bfd9e26030b

                                          SHA512

                                          ac9031aac2f200b3716eeddffeb10556398bdfa4d6078ab74a968ba08b2af80bb0139854848987cc107d9241c2df3eadae87b361a1460f0ff9408068209d64d6

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

                                          Filesize

                                          6KB

                                          MD5

                                          9472bbeb3c424a43086ca3003d16e581

                                          SHA1

                                          737eeb6933bddd769f8f932d466f5e5b0e3e85fd

                                          SHA256

                                          e9b554f61984d5ab201160ccf93274092581220338e81bc8fbc625cb2ac31588

                                          SHA512

                                          6ccf889a7b93052f789f633199897c90ce0044d5233b43f71db2fbf1c82f41a325993915f8ed3c55833abc4dbb133ce041e37fccdf0c7c58d9c4636b116805e9

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          5KB

                                          MD5

                                          47ca4f688012724d39fb1a0bd5d71420

                                          SHA1

                                          b4b32782669c947e44143ea77d0a0a9c5d0d2275

                                          SHA256

                                          d7cfa80efd2fed2a26193d25c550f4e8f93db47ac43363de8e22b463388e37fb

                                          SHA512

                                          52e025dc46048a582f13a121d8892759d078878dae99c5f273134e08ca2db38d0d31bc4164bb0e42a43a9291682e54d0808079da45bbf5bcbafe640bd681b01f

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          4KB

                                          MD5

                                          a18b5d3d295bc7e5bcb887add7ffc72b

                                          SHA1

                                          5508dd98152b2e14730c422f4ec3d516d34ec535

                                          SHA256

                                          a8cd270b2d027bd33e85d9e2c4828b2f2e477ea8c7053a81ca49d606b4295e47

                                          SHA512

                                          86d6400dc1dd35319b41d07c69703f32a2c0f8c1d23fe1e9c1b1204cf85aefab92b2fcf259a36bde1ca8e7a09339a3c008333306f876f4faeeeb6f934c8f2566

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          1KB

                                          MD5

                                          95c10f00c374ed8770787b786aee967d

                                          SHA1

                                          18724a816dbc666eadeadf55aa47347070f36732

                                          SHA256

                                          506468ad4c3538bfe444c2267c34fac0a45c4105a9173839a6c11ec2094c7513

                                          SHA512

                                          70d32d2f3b156daa2896a15c7998dd4d3b2354149b6285453eeb4b961367d0c80290ed6610148e72aaf6765430aed631129296c9f31b3417be22953f7726f25b

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          3KB

                                          MD5

                                          c3d9885ed7e90e510d5cab960284eae9

                                          SHA1

                                          1dfef380707968c793cfc5154916b26c45e81844

                                          SHA256

                                          aac6be0be1d719d3117d41abd363b02c74c93f9d2ddcf5314a224bec94db5c18

                                          SHA512

                                          738067926a8d11e2d3c29016eec3a1b27068b2e399f88a3acac9736fe34db11908e3bef9ac7bab2beb65aa81d22d92aab6571654473d49235ddf256b17b1f3b4

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          5KB

                                          MD5

                                          d85836a6df33fe65668710c04e567d2c

                                          SHA1

                                          1757ea2ed75fcf78862e9643645b201e1c611560

                                          SHA256

                                          4b307403357ce7d091781924d9bb97fe281552f1b8dea1604dc79f3465f81b1e

                                          SHA512

                                          ae0d576b9f7ad099e46476fc863970f3a0791fd6fa4d472ab36c29ae241fa96e44351e82a5bf41f6679aae4191b81ff00b8a759206668bea37713669d585935c

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

                                          Filesize

                                          2KB

                                          MD5

                                          d505d25f9bb9ae1d0a7d3953b438d4f8

                                          SHA1

                                          8f631e778ae489404159fbddcd0736172e18ad11

                                          SHA256

                                          4d9fbe4f476afbf98eb45e68af2365b67416d02076ffe124c8620845968c7bc6

                                          SHA512

                                          e04966025f6df5913b9b3d34bd8028004e1d52a30d2d96062c09d6cdf6cb76bba2a30a6b6dbaf6f00146829d9058148ce94d1c3906f952d4e02751360d63d262

                                        • C:\Users\Admin\Downloads\latest-x64.7z

                                          Filesize

                                          278KB

                                          MD5

                                          adc1be79065a9a8f212be9d7bcef2ef4

                                          SHA1

                                          ee24d1a31288e4d308634cb5af6251e32fba8c4f

                                          SHA256

                                          2ea41158b61647dc95aefa204acf601aa924e5a6227e1857bef5b2b59dc65668

                                          SHA512

                                          993644f25bc10fb9a04f9e6a6ab0958feeb888f7dba0a38f18fb3a324330bbd7998a320dd82dda6c6c0c8d7754c332cac2cdfa6ac74ec4c6ccaba9c25f77a528

                                        • C:\Users\Admin\Downloads\latest-x64.cElTbOxY.7z.part

                                          Filesize

                                          72KB

                                          MD5

                                          a761f967991aebe5144c77407ab7970e

                                          SHA1

                                          be809d819119e1aab35e5c543eba93ae0bfd05fa

                                          SHA256

                                          f5d4edeaf4630e630de34676c3d0119080ee9fbaceb6b35e4892b8d19bb5ec47

                                          SHA512

                                          f429521413ec66123583e7e75eaf88bf8447cbb661967b5eb55f6bbc9c515ac1cb73bb7ba0a66ddae1ab2bc44ded8ac2962fb134a98c66dedbde95a7634f5879

                                        • C:\Users\Admin\Downloads\setup.exe

                                          Filesize

                                          584KB

                                          MD5

                                          d514bd9fff9f7ccb2180d3ac7ce0e32f

                                          SHA1

                                          ab6c7a7f24e7c4f673a3ae67dff2d3507cd52eb0

                                          SHA256

                                          3ca04ad50b4f41756bf91bce1162e408a7da7b6b5cca4331d3fcb51e8009fc6f

                                          SHA512

                                          fe7c6e0eeae066cebafae70a26c1e83effb8ae60a626fed39717e04b7528e1353a6a8c8c8686fe616c21ea813e89462102e071dc25c2001b2747196997109cdf

                                        • C:\Users\Admin\Downloads\setup.n-werVR9.exe.part

                                          Filesize

                                          47KB

                                          MD5

                                          33283aba67f95c2610a1b3dca12064f7

                                          SHA1

                                          19b4771469e3b8b0d02e5cdff1e3984a0d67e495

                                          SHA256

                                          370943a107203d68454cdb1b7d9dd46430b7587a7e487aea8d43fb40adbbb771

                                          SHA512

                                          4cbdd69030aba5d77cbcfaff8f8073237603d7db6713877f87f0e0e68f8d59ed30b7e545a3f39a98d9aa6a39f8b78ef342e991f4e7f4b6322b66c6dc77962900

                                        • memory/1592-4-0x000000001E0C0000-0x000000001E1CA000-memory.dmp

                                          Filesize

                                          1.0MB

                                        • memory/1592-14-0x00007FFC5B560000-0x00007FFC5BF4C000-memory.dmp

                                          Filesize

                                          9.9MB

                                        • memory/1592-8-0x00007FFC5B560000-0x00007FFC5BF4C000-memory.dmp

                                          Filesize

                                          9.9MB

                                        • memory/1592-7-0x00007FFC5B563000-0x00007FFC5B564000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/1592-6-0x000000001DFB0000-0x000000001DFEE000-memory.dmp

                                          Filesize

                                          248KB

                                        • memory/1592-5-0x000000001BB50000-0x000000001BB62000-memory.dmp

                                          Filesize

                                          72KB

                                        • memory/1592-0-0x00007FFC5B563000-0x00007FFC5B564000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/1592-3-0x00007FFC5B560000-0x00007FFC5BF4C000-memory.dmp

                                          Filesize

                                          9.9MB

                                        • memory/1592-2-0x000000001B7E0000-0x000000001B86C000-memory.dmp

                                          Filesize

                                          560KB

                                        • memory/1592-1-0x0000000000A30000-0x0000000000AC8000-memory.dmp

                                          Filesize

                                          608KB

                                        • memory/2768-47-0x0000022C9D260000-0x0000022C9D268000-memory.dmp

                                          Filesize

                                          32KB

                                        • memory/2768-31-0x0000022C98DB0000-0x0000022C98DC0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/2768-15-0x0000022C98C00000-0x0000022C98C10000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-58-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-85-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-86-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-88-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-87-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-91-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-96-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-98-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-101-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-97-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-95-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-94-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-84-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-81-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-80-0x0000022AF9CA0000-0x0000022AF9CB0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-71-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-72-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-73-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-76-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-77-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-78-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-79-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-70-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-69-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-66-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-62-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-63-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-61-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-60-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-55-0x0000022AF9DD0000-0x0000022AF9DE0000-memory.dmp

                                          Filesize

                                          64KB

                                        • memory/3848-53-0x0000022AF9CA0000-0x0000022AF9CB0000-memory.dmp

                                          Filesize

                                          64KB