hxxps://github[.]com/Lucifer-St3aler/Blazer-St3aler/raw/refs/heads/main/Blazer%20Stealer/Blazer-St3aler[.]rar

Analysis

max time kernel
38s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Lucifer-St3aler/Blazer-St3aler/raw/refs/heads/main/Blazer%20Stealer/Blazer-St3aler.rar

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3880	Blazer-St3aler.exe

Loads dropped DLL 3 IoCs

pid	Process
3880	Blazer-St3aler.exe
3880	Blazer-St3aler.exe
3880	Blazer-St3aler.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
45	raw.githubusercontent.com
47	raw.githubusercontent.com
39	raw.githubusercontent.com
44	raw.githubusercontent.com

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Blazer-St3aler.rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 32 IoCs

pid	Process
3880	Blazer-St3aler.exe
3880	Blazer-St3aler.exe
3880	Blazer-St3aler.exe
3880	Blazer-St3aler.exe
3880	Blazer-St3aler.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2324	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe
Token: SeRestorePrivilege	4416	7zG.exe
Token: 35	4416	7zG.exe
Token: SeSecurityPrivilege	4416	7zG.exe
Token: SeSecurityPrivilege	4416	7zG.exe
Token: SeDebugPrivilege	2324	taskmgr.exe
Token: SeSystemProfilePrivilege	2324	taskmgr.exe
Token: SeCreateGlobalPrivilege	2324	taskmgr.exe
Token: 33	2324	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2324	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
4416	7zG.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe

Suspicious use of SendNotifyMessage 62 IoCs

pid	Process
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe
2324	taskmgr.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 4852 wrote to memory of 456	4852	firefox.exe	82
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 4028	456	firefox.exe	83
PID 456 wrote to memory of 2184	456	firefox.exe	84
PID 456 wrote to memory of 2184	456	firefox.exe	84
PID 456 wrote to memory of 2184	456	firefox.exe	84
PID 456 wrote to memory of 2184	456	firefox.exe	84
PID 456 wrote to memory of 2184	456	firefox.exe	84
PID 456 wrote to memory of 2184	456	firefox.exe	84
PID 456 wrote to memory of 2184	456	firefox.exe	84
PID 456 wrote to memory of 2184	456	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Lucifer-St3aler/Blazer-St3aler/raw/refs/heads/main/Blazer%20Stealer/Blazer-St3aler.rar"
1⤵
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Lucifer-St3aler/Blazer-St3aler/raw/refs/heads/main/Blazer%20Stealer/Blazer-St3aler.rar
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3034e585-af95-470f-87b5-0fc6f253995d} 456 "\\.\pipe\gecko-crash-server-pipe.456" gpu
    3⤵
    PID:4028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2396 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12335be9-d5d8-42cb-802d-40fd248a7607} 456 "\\.\pipe\gecko-crash-server-pipe.456" socket
    3⤵
    PID:2184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2796 -childID 1 -isForBrowser -prefsHandle 2792 -prefMapHandle 3132 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {653875c1-0265-4e16-a39d-80fadf4dd6f3} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 3684 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e33fab7-cbc2-40f8-ac93-1090ee04dc35} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:3288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4540 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4468 -prefMapHandle 2740 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c93d635c-d171-4628-8d65-2e21713e3647} 456 "\\.\pipe\gecko-crash-server-pipe.456" utility
    3⤵
    - Checks processor information in registry
    PID:716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4564 -childID 3 -isForBrowser -prefsHandle 5208 -prefMapHandle 5204 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab36340c-a44a-4822-9638-0d6cb597caba} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:4780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 4 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79a58ccd-22a7-491f-9379-ebef314bc005} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:4720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 5 -isForBrowser -prefsHandle 5552 -prefMapHandle 5560 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1288 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae791b4c-0627-4f44-9927-024672d7942f} 456 "\\.\pipe\gecko-crash-server-pipe.456" tab
    3⤵
    PID:3792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2384

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap24430:90:7zEvent17218
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4416

C:\Users\Admin\Downloads\Blazer-St3aler.exe
"C:\Users\Admin\Downloads\Blazer-St3aler.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /d /s /c "chcp"
  2⤵
  PID:3228
- - C:\Windows\system32\chcp.com
    chcp
    3⤵
    PID:3960

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json

Filesize
32KB

MD5
fe45009918a3e6a4afbb55ae12463fea

SHA1
f4c9a21902e50664c8cfa30e1460fb537ad5674b

SHA256
49f2148c1278372372a3dab151269379ee86b692cf47c7c687a953da932027e4

SHA512
d8baf983c218af6a83050d1d0c253769230eac0e5a39ab8d96d14390f87dd56637e07fa1ece9e0cbc8a2d422b76cd90fb292e9539e339080d3d09bc228686bdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\0724856960d5d02ff24df37c0fe9d74608bb3fc35b449fd40b946b03c898aaa1\node-hide-console-window\build\Release\node-hide-console-window.node

Filesize
95KB

MD5
fa8c880b90f8ec63193321a3ec9137d2

SHA1
b31845be776b81b832b01ae81ce3f3c09b4eca1b

SHA256
0724856960d5d02ff24df37c0fe9d74608bb3fc35b449fd40b946b03c898aaa1

SHA512
bc60417fc851e6d864e170cbcf40c8ed13427e02359f710ad6ca58864b3e155bf35d76eb3c3b762c734b10ec9cd315b22a382f7fa1887033e1562a79fce605b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\152ddddf0ebc8fd9fdd0143778b6765e49678532a2b1e33e66adc235fa88b7a7\sqlite3\lib\binding\napi-v6-win32-unknown-x64\node_sqlite3.node

Filesize
1.6MB

MD5
d5d477af6910a4856d5457b8e667f84b

SHA1
80e99d5b15c1c65ffa7e44c52c14056691ee3295

SHA256
152ddddf0ebc8fd9fdd0143778b6765e49678532a2b1e33e66adc235fa88b7a7

SHA512
435bc0f5b6af33549e59b5c50c43bd62ef5faf6acad85ad9d79f5ee80c82fed86f45391f20a35c0114d92aa80cc8c68aef0420501f4d5f5e2eed701c830013f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\pkg\c0c289f0a467075f610107a6f2a76c536809ddd0818458b89a20c8384b539028\win-dpapi\build\Release\node-dpapi.node

Filesize
141KB

MD5
9ef1f724eb50fc72b9c41b88f0f2dcf8

SHA1
402bd4f652ba6c83803e7e1dea75e420092e1b18

SHA256
c0c289f0a467075f610107a6f2a76c536809ddd0818458b89a20c8384b539028

SHA512
f897e6b19e47c4e294e8c1e593c4acffaca9be7a7bc51f2db81671cb24dd8a7cee5aa94c03b00288e6570fa0b111f3682d84f6e6541923ca06741a87dc1d78f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
8KB

MD5
03beb46761f42af89663acd2556bfaa9

SHA1
7937c35e8f7f15b5f4836e7dc4d9e03af132cc76

SHA256
41595a5d9a9e09b1e034b909009df60c8f0244667ff882fc9562b63f82b3a923

SHA512
9097703e4babe90f03e7dca5ca534e03e032417a583efa640af465e3107d515fabefd5738c44b40d98638e09570e508026d22fa6d11456c29ada9412f2c9f67c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4e234783b81b81ea639ed67073ea1535

SHA1
8c99a3fa1944b735193ef3a3e94fd5dcfae94e05

SHA256
4d01e60b140a074e480343dea05f374ef75e9a3024ddbc50ceb3612b152d98df

SHA512
5b4a2cf024a8a409264e1f32721d6d69408866138f936ec5ec16801a0991f905f249d97b7f2a2e47085a956e89c84de779b973e21f3594c1290186c76fb10cbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
5b28a04c6f4d52725856ec155408b5eb

SHA1
e52e21e06207af75f6633a65eb70b58837665eb2

SHA256
0de99fe8b13a263d0e013334f3a4446990fc1910f20a3a8f83bd3b45aa8b4f04

SHA512
e82731e52c9cbdce86c8a09a31bc3e09dd6f6b50179ef3544d5a698473ab0183646c2bbc40d53a506c10f73b10929c4bc2fb07123fd5debb4e42874046d8dd97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\3a29d477-a07d-4079-b326-eaebf5a44c61

Filesize
25KB

MD5
0b1b9743e6630e86bc0ba0d2987536a7

SHA1
e6efea25e8f0b3c74c04b33fe38084ff91e1fcf6

SHA256
880468e12441a75bbd04be7ac1be8021fca47fbf6e50fb003597516056a20315

SHA512
66a09cde019e78925521aa63ed3c67c73dfc96068cc0bc6aafa8e86ab876c6cc1b0b632342c1f53c546e1095d3ca4e60f3da20ce04da59dbbd97460609eaad0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\7ae4482b-8ded-4753-a603-a71975131209

Filesize
671B

MD5
161b5e1f0b6f671ba231cef0255052ac

SHA1
73559d9fc04c5aa042ea14026f69fd27917d8087

SHA256
9c91829041992dd8b953db97501e75282e1097f0b73ebebc2466c25c39a88659

SHA512
6fd6680a6855fa555b00fc13c61c98537e659b6d85bf117499b0d9bbd52434888525ccc3f6e7ce12da5e40f15dcd4b53d7c86fa2c38ab5b8acf7106087341cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\ef5e8b91-dff9-436b-9165-b3aede0a95e0

Filesize
982B

MD5
19de0738c0c85346802e40672f0dc328

SHA1
90c0fe2b2970839740f8e30180c85ae29a061590

SHA256
7693647f7797f3242b8cb32e09a83a55c2eb41c5db3510123fc539ac1e6b80ba

SHA512
fad5ebed95eb0ddbf6338638dce794b846f960210735d8252eecfb357f47a7c9dc4f4c5db5e509e696fb9e9e01869caf9d62b82ec2c252160c65857421347d14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
1be6066c9b4ec723735d8735cfe0b60f

SHA1
29567ce11f6918fb0eb8d8ab63279ae36705f59f

SHA256
0e6e21fd0be385849167f998713bdc34c0721ecb1dde67fa6361814f4884a4ec

SHA512
df601808e58cd8fbb1eba295ab101674233d2f25d88cfdaa76619ab859e9b1aca4fda3f05f4cd5a5f866b451e74a9a3204fa0fd2b137f4f9aa05811151cc1007

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
b19a910719a937f8442b546ded124c9c

SHA1
d4ae0bb82c60e0b693603e7520425ad43d3e333f

SHA256
bb4e7e3ed0c2028d1177837d870691aad729e8f4a6b926e4e14520feb23b2648

SHA512
e69612b431dbd2056f05619861472b200730a9171327291008d0f5431d91e5d448c3eedbbd3f386640699ca47529f37f36b24f2716a4345baa8736bad1715080

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
8fcb158536f323de7f52efdb184d76a9

SHA1
8bcc1bd5153f94c268fc270e78398c84702d0d59

SHA256
62b39794f526666b1bd30ede3a0cb5b78847e1cccf6a4bec2cdf047b312f4be0

SHA512
3aa72e1ca2bb5d6867f750a0d8834779cd99e304a4bea2aeffaae22e62c93ed120d63e3c5cd825db11e9a4f6548e88785696d25e6bbcf5aba650ac0b678755c5

Download Submit
C:\Users\Admin\Downloads\Blazer-St3aler.iVmikVix.rar.part

Filesize
20.7MB

MD5
65fa362704b4639f43548b9b13a1e2a7

SHA1
d75b9d436fdd50d64884f66f372cb8405ce14039

SHA256
31568bd1e63c3884d8e3f9758c8259c356a7296e0228acaab9c521a2c908b86e

SHA512
57ccdbbfa7db70a8ff25b3d505efadd73eda1c930d9fa3929021e19cec89b107dbca9719d7e72229602a455dd9ca94403dd7909cd450ef4fa35a992034050049

Download Submit
memory/2324-705-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-704-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-706-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-707-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-708-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-709-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-710-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-700-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-699-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download
memory/2324-698-0x000001DFB2280000-0x000001DFB2281000-memory.dmp

Filesize
4KB

Download