Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/07/2024, 11:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    70e3205fa870180983fbd1eff1e2d9e59fab69a5909dbf2a2563874fd0bc55f5.exe

  • Size

    1.8MB

  • MD5

    3460d10c39f6481bfb9f2b5346db37c7

  • SHA1

    dfa467d7156df180a89dc1c156e83d4619a3b248

  • SHA256

    70e3205fa870180983fbd1eff1e2d9e59fab69a5909dbf2a2563874fd0bc55f5

  • SHA512

    48b15c87982858f009ac036032db50cb0e4e0cdff85416879e50cc119acd450c5f18413da0d5e3504728feddad0086034f97a04c7e2c61ba19fb4c41049d27b2

  • SSDEEP

    49152:b2gPo5sle7EA8YJdqwsu6jIKkirqrTBaeZWmiGGQWPw5:bDPeQHYJeD8br0Zy

Score
10/10
amadeystealc4dd39dhatediscoveryevasionspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes
  • install_dir

    ad40971b6b

  • install_file

    explorti.exe

  • strings_key

    a434973ad22def7137dbb5e059b7081e

  • url_paths

    /Hun4Ko/index.php

rc4.plain

Extracted

Family

stealc

Botnet

hate

C2

http://85.28.47.30

Attributes
  • url_path

    /920475a59bac849d.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 6 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 12 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 7 IoCs
  • Identifies Wine through registry keys 2 TTPs 6 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 2 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\70e3205fa870180983fbd1eff1e2d9e59fab69a5909dbf2a2563874fd0bc55f5.exe
    "C:\Users\Admin\AppData\Local\Temp\70e3205fa870180983fbd1eff1e2d9e59fab69a5909dbf2a2563874fd0bc55f5.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4896
    • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
      "C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:1400
      • C:\Users\Admin\AppData\Local\Temp\1000006001\b96fc79b5b.exe
        "C:\Users\Admin\AppData\Local\Temp\1000006001\b96fc79b5b.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:3932
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\KECFCGHIDH.exe"
          4⤵
            PID:3912
            • C:\Users\Admin\AppData\Local\Temp\KECFCGHIDH.exe
              "C:\Users\Admin\AppData\Local\Temp\KECFCGHIDH.exe"
              5⤵
              • Identifies VirtualBox via ACPI registry values (likely anti-VM)
              • Checks BIOS information in registry
              • Executes dropped EXE
              • Identifies Wine through registry keys
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious behavior: EnumeratesProcesses
              PID:2732
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\DAFBGHCAKK.exe"
            4⤵
            • Suspicious use of SetWindowsHookEx
            PID:3884
        • C:\Users\Admin\AppData\Local\Temp\1000011001\052042c3fc.exe
          "C:\Users\Admin\AppData\Local\Temp\1000011001\052042c3fc.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of WriteProcessMemory
          PID:4964
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:728
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
              5⤵
              • Checks processor information in registry
              • Modifies registry class
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:472
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7afe8559-fb57-4a37-968c-e0b96d3837a8} 472 "\\.\pipe\gecko-crash-server-pipe.472" gpu
                6⤵
                  PID:3684
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2360 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4ca3de1-0e97-404a-a7a1-672c47578f79} 472 "\\.\pipe\gecko-crash-server-pipe.472" socket
                  6⤵
                    PID:2640
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2744 -childID 1 -isForBrowser -prefsHandle 2924 -prefMapHandle 2956 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ad3655e-7aa8-41c4-a5bf-6c1be82ffe08} 472 "\\.\pipe\gecko-crash-server-pipe.472" tab
                    6⤵
                      PID:4204
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3652 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21c360df-1fee-4d1c-8c5c-54886ef144de} 472 "\\.\pipe\gecko-crash-server-pipe.472" tab
                      6⤵
                        PID:1772
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4504 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4700 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a09d2e04-85c2-4677-bcd5-c81c254f2767} 472 "\\.\pipe\gecko-crash-server-pipe.472" utility
                        6⤵
                        • Checks processor information in registry
                        PID:4644
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5424 -prefMapHandle 5324 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75f759c7-bdae-46be-ada8-7c7e28e9643e} 472 "\\.\pipe\gecko-crash-server-pipe.472" tab
                        6⤵
                          PID:5768
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5660 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7bd5d43-4777-414b-b15c-83fe4d2cbc42} 472 "\\.\pipe\gecko-crash-server-pipe.472" tab
                          6⤵
                            PID:5780
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5852 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5680 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {168e922d-4525-4e21-aadb-2cd8612e1a18} 472 "\\.\pipe\gecko-crash-server-pipe.472" tab
                            6⤵
                              PID:5792
                  • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    1⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:2852
                  • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    1⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:5956
                  • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    1⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4944

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\ProgramData\mozglue.dll
                          Filesize

                          593KB

                          MD5

                          c8fd9be83bc728cc04beffafc2907fe9

                          SHA1

                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                          SHA256

                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                          SHA512

                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                          Download Submit

                        • C:\ProgramData\nss3.dll
                          Filesize

                          2.0MB

                          MD5

                          1cc453cdf74f31e4d913ff9c10acdde2

                          SHA1

                          6e85eae544d6e965f15fa5c39700fa7202f3aafe

                          SHA256

                          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                          SHA512

                          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          18KB

                          MD5

                          4e6ce14366e861f4e838de57dd285339

                          SHA1

                          c69e49f51a1f4b12b5124c4cefdcfe42201b3d5a

                          SHA256

                          66b116af0cb1f88fbc5c3c5a73d8b59439699fb984c0fe24e3cb03647cc8c6e5

                          SHA512

                          031adf0140e36560b55202566d87b208767e838ba71c66321c3142a88a9abdb3c2f03b127435ce5d4611c7533d5184f00799a5dec6a773f4a7ed4c1c8add7539

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
                          Filesize

                          13KB

                          MD5

                          906f8f2b06314a32cd97f426a8caee3f

                          SHA1

                          4402c3be100d0c1b0cbe78216f69f229ef4178fd

                          SHA256

                          4681fe89677ba2914cc514a9f0234e1b188c3cff4d2a1b51f76b161797aee779

                          SHA512

                          b918b393836642a05345ab2439df95022e88d7a739d70a58599fa193d1eebb901a8afd773f98adddbf5d317fe1429ec1d4d7d78749b3d15533ab38c93f8a40cd

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\1000006001\b96fc79b5b.exe
                          Filesize

                          2.4MB

                          MD5

                          f320a471da179c2cdb8f920a58d5a49e

                          SHA1

                          c0587747ea1f01591f56df772436487759a56cb3

                          SHA256

                          f085c6c04bb96f24fdbf974025a25ca0baaf01093996d5b8be8f4b03045892c2

                          SHA512

                          392f7e1c70ef8445b85d08e554b220b25e228939ecaac90cb55f91a12b826b153cc0ffc0f1a1946a2cca878242080c62a6e64d86cba220deff0012cdd765886e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\1000011001\052042c3fc.exe
                          Filesize

                          1.2MB

                          MD5

                          e1d70bb9d5c6045dbd8e10f544a8ab70

                          SHA1

                          b5418d7f5311f78eb63531c4e21d7ac085399ed9

                          SHA256

                          10d5759fa3899001aa1fd20c4adec01792bbecb2046886a7cf75030c10f58dd6

                          SHA512

                          e2896acda59a226d855442877f994f39a288ec3708f6ae990c181d695e3bc809005454b1c832a4623284eaf83b80e3f352be336ea63ee6ab46d344fe10af0bea

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                          Filesize

                          1.8MB

                          MD5

                          3460d10c39f6481bfb9f2b5346db37c7

                          SHA1

                          dfa467d7156df180a89dc1c156e83d4619a3b248

                          SHA256

                          70e3205fa870180983fbd1eff1e2d9e59fab69a5909dbf2a2563874fd0bc55f5

                          SHA512

                          48b15c87982858f009ac036032db50cb0e4e0cdff85416879e50cc119acd450c5f18413da0d5e3504728feddad0086034f97a04c7e2c61ba19fb4c41049d27b2

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          479KB

                          MD5

                          09372174e83dbbf696ee732fd2e875bb

                          SHA1

                          ba360186ba650a769f9303f48b7200fb5eaccee1

                          SHA256

                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                          SHA512

                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          13.8MB

                          MD5

                          0a8747a2ac9ac08ae9508f36c6d75692

                          SHA1

                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                          SHA256

                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                          SHA512

                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin
                          Filesize

                          17KB

                          MD5

                          ca5931bfdb01020cccce3f12e63012fc

                          SHA1

                          53c88aa63c2015e3e9f9e058c7833525ea083d9c

                          SHA256

                          7220321f40aeb9d9c73a165b3b73ea87191b9a8301cce8f28273c55f37265879

                          SHA512

                          1f820543913ca1b4784c8c6c6b95be2dabc670d9865d89f34edb45c97407023d6623045fb02a65ceacbf0b958d5459ed32c4a0bccd57acb2bd6fc8218ca8f9f0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin
                          Filesize

                          8KB

                          MD5

                          8a5f694438d5fcf644741ecdefbbbfea

                          SHA1

                          95ceaa95bed12a2777257b3809be4198996f17b7

                          SHA256

                          9cb95d41006fa7181e1a509d0f2dc8b70ccd33e02c9ae1326de57bdc880f9e36

                          SHA512

                          4c3abc4cf186da36fc32ff5bbabda32b1237543ed03dd38abbe30c84df71b6260f256f3af9396c0f70be54135b97618fc018bb57363d805bb54efdf7cb3ccc75

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\AlternateServices.bin
                          Filesize

                          12KB

                          MD5

                          f0e060794a755c7eb925aed35ad18f4c

                          SHA1

                          80193a174ecb9795cf6f6a2cbb324eceef394fae

                          SHA256

                          94f18fa71d82f1018312d7fd91e01a2b225d5e91a387ae5136ad04faec53974b

                          SHA512

                          47967eb71c61ef67219e2c974ea8359f55637e0cc6d0e425e739a729a87e348512d56e87e6756885832f49ceb67823006fcec196e11be35f5ca7e78811e7ba6d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\cookies.sqlite-wal
                          Filesize

                          256KB

                          MD5

                          f4dd95a9e1423ac7e114d33b4efc7dfe

                          SHA1

                          432276279ff87f7ec0f3e8359e8d47061b279271

                          SHA256

                          90818cd6ff499bdebe4dbd2f24f49e88cb5b15b583002c15dfd66a7dd41a6694

                          SHA512

                          ba9d38f3ec4e0a58799d81969bcca750c8db19f8c2557022fdbec1c440eaccf41d387b2f2adcde4983ffa0bc3c500ca3d4a1bc03b74707843ed038c3ee06168c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          33KB

                          MD5

                          f5c7d6087c12a7844d63f2a63d121be3

                          SHA1

                          e3fa5643ceb5d5f44ae661964120954770b2f463

                          SHA256

                          8f0b23beb233daf8da11565a3834180d79211540cd5f7990e3fb1f4049b8896c

                          SHA512

                          744bd48a8bd165e147bc376f02b49216e8dff0812e3571cb2e1760945faa2e95a42dda36cce90c12be4156e83bd005ff3cc46a113a8fd3ce924119cbc226c086

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          6KB

                          MD5

                          f79996eb4faf4389585694d8bf2cb6c4

                          SHA1

                          a63f75c751ab9e3ddefa026fd7e7cb3c62f0bee6

                          SHA256

                          4840ccda42aec79f3bc17cd7bcc21387a8c889558b6fb7f50844ba178c892917

                          SHA512

                          6ecadd63103434498703d0b4b2fa647f682e9b8f4d18c96946777f4f404a766694710681973dc323c03bc0423714b10b0f4b43c761d264c26faaf41261fa3295

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          5KB

                          MD5

                          ccfd22e3d7ee030f4583b7e327917164

                          SHA1

                          cef8c68bbbba6430b9790d5f116d41316fe2b094

                          SHA256

                          42d22113ea8e487ecce1aa4f530372e2d92304c05f741b41074f059757b1035d

                          SHA512

                          39da98c47bf638c8ca5af730b814f1934757e01419b6600ae6d599cb040bc5c3ac2441950202e8bded3fae359526c5ed0a251c7106886ade899c7445aa7650bc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          16KB

                          MD5

                          fdbbe9985c8fc204c2d5afc8dd447fe2

                          SHA1

                          f94a457a6be946bdad880da7c4999320aea8477c

                          SHA256

                          0d23115b2afb97bffbee47586c562bced13872fa1dfdaeb72a98206f5640c8ef

                          SHA512

                          c90e7f18f97aa7694b5cc858fb562b217c73f87f51e202cccbc199eeede8935a93372a1c5c9694d3e8769b5e420e16f7b3757849e97e62a68a38cb94530f3652

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\0c1546e0-8d84-439a-8321-e3fea218c3ee
                          Filesize

                          671B

                          MD5

                          c8acf9d9ee5a4e3850a93f7bdb568286

                          SHA1

                          2e43f47115cb60e94d819f119f157874699ae97f

                          SHA256

                          28d232c09f65595b38821abc2b347c9d7181960121c1c7a11336ca71fabe6e68

                          SHA512

                          bde4b050dde33aa0a213649b48a987883cfea89fff8e4191c6c6c521328579ea9435e6f4303f44b7b9573f550daba50290b8ec7532f4cdc779479f7a4523e526

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\38e8c963-8613-4e6c-9749-ebedbd4ffdb8
                          Filesize

                          25KB

                          MD5

                          95fcc8b77e6a09f5d4b52398e3a1760c

                          SHA1

                          579bbf2e1750604d91bac11f0667288fce48918b

                          SHA256

                          18e337285a3d4ea5ce1a1985a20a7eedb321a6fc4b36d059349370c8b1baa041

                          SHA512

                          858c612bc6425356f2b5ec6ef2b2ff6c554adfa4b9aade23b01ba7dea7449e538bf5a0eca4c487c393c5a19c1806bae3eeacbcfbc4ede891e0226e91597c3ec8

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\datareporting\glean\pending_pings\c5e905f0-ed04-4c3f-98ca-61ac08a92b87
                          Filesize

                          982B

                          MD5

                          29d5cc998402d372b0c1d89c961903a4

                          SHA1

                          53e4c1d77dfebeb3ddb112db19008d8568aa3af7

                          SHA256

                          d158076920579da12d58e1e3473f4d0543374290eab6685ab340746717545e27

                          SHA512

                          4dac668fccb0341586791abfb4ff62650e7b56e5e44e8938482acb44477d8c03986b3205d7ef2f84f3f28adc2ae75669f85e3a1daa0e63b62ffdb4b48ac70199

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                          Filesize

                          1.1MB

                          MD5

                          842039753bf41fa5e11b3a1383061a87

                          SHA1

                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                          SHA256

                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                          SHA512

                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          2a461e9eb87fd1955cea740a3444ee7a

                          SHA1

                          b10755914c713f5a4677494dbe8a686ed458c3c5

                          SHA256

                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                          SHA512

                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                          Filesize

                          372B

                          MD5

                          bf957ad58b55f64219ab3f793e374316

                          SHA1

                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                          SHA256

                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                          SHA512

                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                          Filesize

                          17.8MB

                          MD5

                          daf7ef3acccab478aaa7d6dc1c60f865

                          SHA1

                          f8246162b97ce4a945feced27b6ea114366ff2ad

                          SHA256

                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                          SHA512

                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\places.sqlite-wal
                          Filesize

                          992KB

                          MD5

                          7c57c1f74d1d44637d861043e92528dd

                          SHA1

                          214a83cb18a2b550cfffb6240ab24443aa4173d5

                          SHA256

                          82fba1a4050998e3652f4dbd7b3dde00210e505ac1fcdbe7acad20f83f2dd566

                          SHA512

                          83d370287f2a19f3e11d2425652078f20d48e1652ea5ed080a220f8613fc5d7aa5abfd29640fc4f3bde27ef3cbfe8afe60b441bd9374048c54fac92c2d34925a

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js
                          Filesize

                          12KB

                          MD5

                          60224e332f6bf6aa2cb5f12dc59700bc

                          SHA1

                          b71577fa5217aaeda3f2fbb240e17475488b40a5

                          SHA256

                          5391ff3c00916d64b250f4d027a156056c1f99f77f91c354de97e1477fe0c29d

                          SHA512

                          bb5f2b71ff5ddeccbc245643bf1c3f4ae5750c7b4f49c98cfb2de7c12e7e6f3073de5cee3b0c89ed73416eb51b7c488efd599eec916764c6616153303a2fcf3c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs-1.js
                          Filesize

                          16KB

                          MD5

                          00d8f8c0afd4650a27470b644cddb868

                          SHA1

                          88f80638ed6e2942d5058b473bd713c3ec7195df

                          SHA256

                          e52da50a11b436264028ccaf93999c325bb703a87c13d50cecd8c6e3dd523a8b

                          SHA512

                          d694e69ff00969561aff2a055a8a00e0e562f8f6901a6619448ce67e54ceea2140a7d99ecf84095a61303a2eff58897ce07ab5a370f2be568202f3d741b9431f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js
                          Filesize

                          11KB

                          MD5

                          b315cf1d06b0d276a13dd0d12d2e6f30

                          SHA1

                          c3db91b1bdeb22a1415c4cfabf012b645d82eb2b

                          SHA256

                          449f23bf7eb6a0fb15a78e119cd809249e902b2b3069f498ae8de114b3a912ff

                          SHA512

                          9687a1ae60cdf502b14fd904ff68e82a6a3d6dacf01a7a426eb06acfd2a88551d5a161dc09beb764ce749420fe5fbcd694a5987142df3dd0e7a8e641643a3f41

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7qnbgwy0.default-release\prefs.js
                          Filesize

                          8KB

                          MD5

                          2093f6d954865b151d9f086c7f15b1bd

                          SHA1

                          fd775f99aab5b38d93be3e0264397821b5ae4d39

                          SHA256

                          3d4e0db544cb6d2147bab3754f45f696877f88b21e4161987be3bfb177b89a87

                          SHA512

                          0a4126510a3a872481362d006bf90990d1c7eb05e78153a2e65716fa0d7a340e54e98384cf6eca26bf34fedfc6404adf03c2958ed75c9b5d58b2b0a48e7b0136

                          Download Submit

                        • memory/1400-505-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2620-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-464-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2599-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-19-0x0000000000FF1000-0x000000000101F000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/1400-1090-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-18-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-496-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2271-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-506-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-511-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-20-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2615-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2609-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2611-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2614-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2613-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2630-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-2612-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1400-21-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/2732-495-0x0000000000FB0000-0x000000000146F000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/2732-489-0x0000000000FB0000-0x000000000146F000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/2852-59-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/2852-57-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3932-478-0x0000000000920000-0x000000000150F000-memory.dmp

                          Filesize

                          11.9MB

                          Download

                        • memory/3932-485-0x0000000000920000-0x000000000150F000-memory.dmp

                          Filesize

                          11.9MB

                          Download

                        • memory/3932-37-0x0000000000920000-0x000000000150F000-memory.dmp

                          Filesize

                          11.9MB

                          Download

                        • memory/3932-60-0x0000000061E00000-0x0000000061EF3000-memory.dmp

                          Filesize

                          972KB

                          Download

                        • memory/4896-5-0x0000000000390000-0x000000000084F000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/4896-0-0x0000000000390000-0x000000000084F000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/4896-17-0x0000000000390000-0x000000000084F000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/4896-3-0x0000000000390000-0x000000000084F000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/4896-2-0x0000000000391000-0x00000000003BF000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/4896-1-0x0000000077266000-0x0000000077268000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/4944-2617-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/4944-2619-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/5956-2608-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/5956-2601-0x0000000000FF0000-0x00000000014AF000-memory.dmp

                          Filesize

                          4.7MB

                          Download