Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

http45.151...xe.txt

windows10-1703-x64

4

Resubmissions

24/08/2024, 19:10

240824-xvmgnsvarc 10

24/08/2024, 18:56

240824-xlh3wstfpb 4

23/08/2024, 11:21

240823-nf4mza1bqc 4

23/08/2024, 11:13

240823-nbkz3azhrc 10

23/08/2024, 11:10

240823-m9qsjashrq 4

22/08/2024, 07:12

240822-h1kgyaxfpj 1

22/08/2024, 07:06

240822-hxesaaxenm 10

22/08/2024, 07:00

240822-hs54nsxdln 10

22/08/2024, 06:36

240822-hc93patara 8

22/08/2024, 06:32

240822-ha293awfnl 1

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-1703_x64
  • resource
    win10-20240611-en
  • resource tags

    arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
  • submitted
    23/08/2024, 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http45.151.62.96setup.exe.txt

  • Size

    29B

  • MD5

    688fe12c2f39d3d739a04e6c89b1b22f

  • SHA1

    e2ea25ad47861e77b912026839666d3a99f5c90b

  • SHA256

    35e4cca77e38bd9beaf4a33c97a6f2464ca5ff63bbcf59831bd829b4683fda3c

  • SHA512

    f56694118d4adee2e0c65fb28c3ef86bc5db032656e2306e02e0f5b19706e260f0505ee97f5068d07ae5149a410a15eccd3ebc758d216a5549d7dc0de52834ac

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 5 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: MapViewOfSection 5 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\http45.151.62.96setup.exe.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1588
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4632
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3820
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.0.205351018\1506982923" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbd82830-33fb-4ecc-8e89-03707abc4755} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 1796 273ce1cfc58 gpu
        3⤵
          PID:4412
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.1.753704637\895684785" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f19d704-7c3f-4938-b9dd-ad516f02230c} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 2152 273bbc71358 socket
          3⤵
            PID:2368
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.2.1558844091\1806070393" -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3200 -prefsLen 20951 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e26ab79-2361-4980-b978-3c64e7fa7659} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 3216 273d22f3c58 tab
            3⤵
              PID:1480
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.3.465493425\578879464" -childID 2 -isForBrowser -prefsHandle 1004 -prefMapHandle 984 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de3afce6-f047-4b82-b18e-3de262490272} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 1020 273bbc62b58 tab
              3⤵
                PID:836
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.4.1542021556\803206503" -childID 3 -isForBrowser -prefsHandle 4620 -prefMapHandle 4616 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4b97ec0-ead0-4d2a-afbd-77f8a3b13cde} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 4624 273d3fafc58 tab
                3⤵
                  PID:2680
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.5.574639821\1698058206" -childID 4 -isForBrowser -prefsHandle 4992 -prefMapHandle 4988 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1066704-be0e-4555-af00-a503d39d9c85} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 4936 273d4768b58 tab
                  3⤵
                    PID:5116
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.6.322389049\285224561" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {611f50b5-6989-473d-abb2-bd7641aa471d} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 5016 273d4767658 tab
                    3⤵
                      PID:2352
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3820.7.2125692692\937755133" -childID 6 -isForBrowser -prefsHandle 5320 -prefMapHandle 5324 -prefsLen 26195 -prefMapSize 233414 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fabe1313-c584-4dd3-89b0-cde40b2d8aa8} 3820 "\\.\pipe\gecko-crash-server-pipe.3820" 5312 273d4767c58 tab
                      3⤵
                        PID:2300
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:352
                  • C:\Windows\system32\browser_broker.exe
                    C:\Windows\system32\browser_broker.exe -Embedding
                    1⤵
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • NTFS ADS
                    PID:812
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious behavior: MapViewOfSection
                    • Suspicious use of SetWindowsHookEx
                    PID:2180
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies Internet Explorer settings
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    • Suspicious use of SetWindowsHookEx
                    PID:4640
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    PID:5168
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    PID:5588
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Drops file in Windows directory
                    • Modifies registry class
                    PID:5672
                  • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                    "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious use of AdjustPrivilegeToken
                    PID:6076
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:6652
                    • C:\Windows\System32\NOTEPAD.EXE
                      "C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Downloads\sasa.bat
                      1⤵
                      • Opens file in notepad (likely ransom note)
                      PID:6972

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\ZVQ9VIUB\edgecompatviewlist[1].xml
                      Filesize

                      74KB

                      MD5

                      d4fc49dc14f63895d997fa4940f24378

                      SHA1

                      3efb1437a7c5e46034147cbbc8db017c69d02c31

                      SHA256

                      853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                      SHA512

                      cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
                      Filesize

                      40KB

                      MD5

                      9aea316c1b32fad97bc2a3a44e170324

                      SHA1

                      a0d02947ac0fc05e10108508f6f16dd4d61a56d7

                      SHA256

                      6af71bc6d947c65225d5313859528aca60909c76fdbc569dda66f43da231c465

                      SHA512

                      a9c9868c5223cfad7d7a50262762a30855a7a592c4c24b5f13c2ad466ac1051b263d6f8236264d7c0af1e12d9c52bf04f01f89f8b5df67121457c03379c384ff

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AR71TPWG\favicon[1].svg
                      Filesize

                      1KB

                      MD5

                      73f25ae8dcc07b881abff4df6a8a2910

                      SHA1

                      cbe1ecd153cdb69879d896f1a6bea787b2be603b

                      SHA256

                      b44325257d9d25a3009f97d54d698a1ed6171ec6771ed87448e8fee752f5fe9b

                      SHA512

                      f8489cf9deca83a6c314dc26e25a55de613e24b06b677eaa25648c25bb1222f3baae904e034b31a99e73c7de84d1eab8e19d796bfa826af9cd58dcba5e2a97fe

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\AR71TPWG\suggestions[1].en-US
                      Filesize

                      17KB

                      MD5

                      5a34cb996293fde2cb7a4ac89587393a

                      SHA1

                      3c96c993500690d1a77873cd62bc639b3a10653f

                      SHA256

                      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                      SHA512

                      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\PKU09HFV\android-icon-192x192[1].png
                      Filesize

                      10KB

                      MD5

                      6f8794c494348dc51f0a8ad1ac097920

                      SHA1

                      8f2e865b954eb33f972d9435428d0b6efd72d44a

                      SHA256

                      8ac4b49a270c08994d79529e594d213de516246c569abcc87ca5b5a15a526ed3

                      SHA512

                      7918f1ae65c6e3d15660580caa8bb43bc8770e5369f03d99f5a717dba45b990e9a7d0667fce0fc8f6bd59bd543584b9b92cc86137e652893c0d701ce32c0ce46

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5EPZSTN4\BFT4ZU8B.htm
                      Filesize

                      1KB

                      MD5

                      eb94232b52be156f3487b1bed0b363c7

                      SHA1

                      3e57511c1165a87f36f9e56535a4771586cd55de

                      SHA256

                      8585d329157e3d2678dcdf0e5ce44e5c807c6e1de19c2d7049b14b0cfdc07423

                      SHA512

                      0cb7a667e42efcca74427b25ea0460f236673dac5efae85823c98a32edac98eb4d234d2192ee9530663c46cac9a3a82d4962366e087a2085c9862e0090fb780d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\P6TGMW3L\text[1].gif
                      Filesize

                      229B

                      MD5

                      840e8b62bc6fd841c93d3af73bda9c40

                      SHA1

                      08ee70b4f29d27c84b7ab55c96b71c640a1e8163

                      SHA256

                      661d43fb30151a050da3b5cef49a2c7d0b01eeafdf1f4a001873406658b0f776

                      SHA512

                      6735b3ff8b6f8f174297449267f5f2480d0d5fa715fb8c412c18c1b51000c7f84e14594b97db260f20b81e785cb1ca718b52de7281dff711cb8803d802238ceb

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\V7KBQQ2F\unknown[1].gif
                      Filesize

                      245B

                      MD5

                      088e8e238b79e9ea2b4371abb91b1fea

                      SHA1

                      dc1cdfa814046ea64609c438e1777f55ff3aa86c

                      SHA256

                      15f5fd53009f61c653aa23d91334f9d7fa2fbd325eab859b68d77a45bb6a78b8

                      SHA512

                      3fd0722505117d869f0dda1f61644c30582e2a5e449452c8037c6c9360b4a4b1f11a8b5b9439a72be1a717ffdff7ee30c512d26740f6d0048cbe3ced4553e042

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y0282F7D\binary[1].gif
                      Filesize

                      246B

                      MD5

                      96bd4beed88ff93356586485c13e5d89

                      SHA1

                      399c2bc3d5ec4fdb4c7a597afdf19eeb64cbdf2d

                      SHA256

                      8a31e7855292e0a8c66c67ff92ea660743006d47de9f012193cbd123a17ba79d

                      SHA512

                      069a292c7e5d2e8d76964e901f4922ae8948151c235436cf8abc67e84011f983cd052142381b8d3c7a417f42b06797a6a226da48155d5905e7d92c9847b346cd

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y0282F7D\blank[1].gif
                      Filesize

                      148B

                      MD5

                      19517fb39a31be6b8d7ccf53ad84908f

                      SHA1

                      ebbcfdc6acc99f7aac3bf7fe72bc55f07f03f7e9

                      SHA256

                      3cb0e54babf019703fe671a32fcc3947aab9079ec2871cf0f9639245cc12d878

                      SHA512

                      be752ff4c7aa3ab46fdbd93555a17e422e7c8b8661f40f899f51ec9393b510dcb2e66436a4f2c78a42af77dd95e01a3438c88cfaa3e0b02694c1912d5294ee16

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\Y0282F7D\sasa[1].bat
                      Filesize

                      7KB

                      MD5

                      90c3dfd74d6ab4b7b98777930ab44a23

                      SHA1

                      7f536fa9c3972c4416e8620335e39f9e93092103

                      SHA256

                      6308f3eef2d45148c4544a0c31d5bb73f28dac4b6fcb854e003e2caa0c39d26f

                      SHA512

                      aab364913c7f3972a136d2cf9241e46adf275bf74cdaedd0697746b4d0244a517a832154ead9849c36d2cc710c80e2754cff1d2b5c845041f0b5e0d6fd115a92

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
                      Filesize

                      2KB

                      MD5

                      254a753b08e356078ffa2c8b634d3085

                      SHA1

                      eaf02f7d999c22e02136575f370094bf378f1e60

                      SHA256

                      58812717410f365391fe472696649ac1b02734ea4c8e1822c11bca76318c3fb8

                      SHA512

                      2a6ab8a1dc8a5bb107e4587d6cc10c4184d9ceb0fdeb19d5907c6de20aa1087d2b57e6d239faa026d5718dcaa9298ea210d7c2187d880ae6858f7787834e0eab

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\be91c66b-1862-4eca-af11-6a9a2689c668
                      Filesize

                      10KB

                      MD5

                      9c5e5bdb368ba4c5533592533a0ac082

                      SHA1

                      ba779536540e1cd224830a627e6fe71333f6d98b

                      SHA256

                      6d31574d8d3cdfb6b946873038381c3eabb70ea12878b01a8f7fe3019ff71453

                      SHA512

                      0a1e7ed42ced2dbf2236b4065527eb7fd0988c8dd1d3c938f7dbc711e125b3f77289b8f9acee2d62bddc0af3400b8d274af545f597557145cc4fee7c0efba2a6

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\cfcc99a3-77cc-4fef-8fc1-d219f37f0ad7
                      Filesize

                      746B

                      MD5

                      4d88443d968fcf30f9d41577af0a777c

                      SHA1

                      a6fd5c8f7577504a91968aa4a835302e673dd642

                      SHA256

                      3a14bfa02a5f96a65dcdf069f44689e1ad5f4a44ea8c8b444edd13d01697db65

                      SHA512

                      fdee756b1cbefd196f765a529d3ab083d712a760f4ac56740d257eb003cee790edeba2d1b7bfce4c7bc12cd5bae7ce80cbd52409c07e737ce76906aab8a7ffc8

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
                      Filesize

                      6KB

                      MD5

                      c55bfcc5070a49f0cc19804d7d660905

                      SHA1

                      62c02347a80b647e7e07a6bacdc58fe9d1a91489

                      SHA256

                      61b003eefbed934687f01a337ce327a487bffa617f566805239afa6a4ba5ca47

                      SHA512

                      989363947113c597e6eacbf5826b7b3b71ca120b5862b8f32ec3549ec26efd41f841cf7349dd1bbc4b530029721731870cf9d8b43a934eed1ab7cd393bf90f46

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
                      Filesize

                      6KB

                      MD5

                      4dbdedd3f89c97514a463891880b55df

                      SHA1

                      e2c5da447ae907beecc83f5e149a1c9fb5e4b329

                      SHA256

                      dfdbe1e1b9d0fddb953d1817952eec627b0a414a3442801ec0a95a721ac0fa47

                      SHA512

                      d03432a517ee0d71e5847162d1c500406b2866c4beb57e3a4fbb9f0d90199b00588efeae2e92a83c7841d241eb0f12f64df0709a1c1087608ab61c235e17362e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      fc37fa84e4c056afe6cc2bcff16406ef

                      SHA1

                      0271209957eb22d9ddce4bc5ec38905188b20d1d

                      SHA256

                      e703b8f34688c88853785a814b18e82e7f7c637aebcb3509a2acad328f0f0b8b

                      SHA512

                      3ee241facde7c16bad5d0dfba78d0ccd62f7760b3cd1ca2681dd47d2181aef1dad7cb95815e919875f3c5409a4c3a61a3a20f789aa50bf99347cd64e13c5b287

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
                      Filesize

                      1KB

                      MD5

                      612ebb41064c920d99f456e39440b0c3

                      SHA1

                      01cb09858ab2b6ca455ddf83461636d915fe7275

                      SHA256

                      0d7c6b42a247518b9a23aedfe5b0641a955f3e87dfcb47b43bc15984b6eff9a3

                      SHA512

                      dc4a61975c7eacdb81e9482ebc8d41cc143fa83f41dc3e44f56aac97df240123acb5b4f1bdfd443576d0c33a26642798cc6f75964bd81dea7102a227909487f8

                      Download Submit

                    • memory/352-226-0x000002A978500000-0x000002A978502000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/352-413-0x000002A901400000-0x000002A901401000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/352-207-0x000002A979420000-0x000002A979430000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/352-191-0x000002A979320000-0x000002A979330000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/352-414-0x000002A901410000-0x000002A901411000-memory.dmp

                      Filesize

                      4KB

                      Download

                    • memory/4640-235-0x000001A831740000-0x000001A831840000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/5168-258-0x000001D96D8F0000-0x000001D96D8F2000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5168-247-0x000001D95CE50000-0x000001D95CE52000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5168-250-0x000001D95CE80000-0x000001D95CE82000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5168-252-0x000001D95CED0000-0x000001D95CED2000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5168-254-0x000001D95CEF0000-0x000001D95CEF2000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5168-260-0x000001D96D910000-0x000001D96D912000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5168-256-0x000001D96D830000-0x000001D96D832000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5672-351-0x0000018FF58C0000-0x0000018FF59C0000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/5672-408-0x0000018FF60E0000-0x0000018FF61E0000-memory.dmp

                      Filesize

                      1024KB

                      Download

                    • memory/5672-383-0x0000018FF5840000-0x0000018FF5860000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/5672-355-0x0000018FF5560000-0x0000018FF5580000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/5672-320-0x0000018FF0AF0000-0x0000018FF0AF2000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5672-324-0x0000018FF1AA0000-0x0000018FF1AA2000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5672-459-0x0000018FF7C40000-0x0000018FF7C60000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/5672-571-0x0000018FF1200000-0x0000018FF1210000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/5672-326-0x0000018FF1AC0000-0x0000018FF1AC2000-memory.dmp

                      Filesize

                      8KB

                      Download

                    • memory/5672-323-0x0000018FF2300000-0x0000018FF2400000-memory.dmp

                      Filesize

                      1024KB

                      Download