Overview

overview

10

Static

static

3

6fb7e5fa42...3d.exe

windows7-x64

10

6fb7e5fa42...3d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    144s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-11-2024 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6fb7e5fa427f097ab1afda5d53a4ee8df777b48cfae38bfdf9cfee27095ff13d.exe

  • Size

    3.0MB

  • MD5

    2174acf9c60b405c237a7dfe41739ac3

  • SHA1

    b15b5ff9bc81f1e72d8f89ac5b1985133a958fcf

  • SHA256

    6fb7e5fa427f097ab1afda5d53a4ee8df777b48cfae38bfdf9cfee27095ff13d

  • SHA512

    4e8719c242bb771ecf772aa69133efe62ce3a06ef62102fd19bee42ddd3aa6db34c78519034a1ac9eb15be0d604356c331f8006bd87ce8951984d7d660cab366

  • SSDEEP

    49152:QyxWoZZr1+9n1BxOVRz0VTok/i4ZMuzA0SJkCysiXO9/C:9h+9n1XOVReT7/i4vkysi

Score
10/10
amadeylummastealc9c9aa5talediscoveryevasionpersistencestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

stealc

Botnet

tale

C2

http://185.215.113.206

Attributes
  • url_path

    /6c4adf523b719729.php

Extracted

Family

lumma

C2

https://founpiuer.store/api

https://navygenerayk.store/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Stealc family
    stealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 16 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Identifies Wine through registry keys 2 TTPs 8 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 32 IoCs
  • Suspicious use of SendNotifyMessage 30 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fb7e5fa427f097ab1afda5d53a4ee8df777b48cfae38bfdf9cfee27095ff13d.exe
    "C:\Users\Admin\AppData\Local\Temp\6fb7e5fa427f097ab1afda5d53a4ee8df777b48cfae38bfdf9cfee27095ff13d.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:2764
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:4528
      • C:\Users\Admin\AppData\Local\Temp\1003847001\32004c76f7.exe
        "C:\Users\Admin\AppData\Local\Temp\1003847001\32004c76f7.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:1820
      • C:\Users\Admin\AppData\Local\Temp\1003848001\59c793a827.exe
        "C:\Users\Admin\AppData\Local\Temp\1003848001\59c793a827.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:3000
      • C:\Users\Admin\AppData\Local\Temp\1003849001\293846925f.exe
        "C:\Users\Admin\AppData\Local\Temp\1003849001\293846925f.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4680
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3980
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1496
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1580
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3484
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3584
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:4408
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
            5⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:1528
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {564a19c5-5178-498d-83ee-c2ec65470b53} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" gpu
              6⤵
                PID:4752
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c3ca142-329f-4ed6-8938-c5c2c6669938} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" socket
                6⤵
                  PID:1036
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2776 -childID 1 -isForBrowser -prefsHandle 3236 -prefMapHandle 2772 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00eaf11d-5450-4b96-ba4e-f9ece5076ac3} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" tab
                  6⤵
                    PID:2220
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3932 -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3924 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3dfdf7a-7a73-47f9-af95-535555a97223} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" tab
                    6⤵
                      PID:4488
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4656 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4648 -prefMapHandle 4644 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aea7a1b6-81fe-4b66-994f-758a11dccc55} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" utility
                      6⤵
                      • Checks processor information in registry
                      PID:1488
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4796 -childID 3 -isForBrowser -prefsHandle 5556 -prefMapHandle 5480 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36da3d4e-a044-4da2-a530-211905f4b909} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" tab
                      6⤵
                        PID:5136
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5572 -childID 4 -isForBrowser -prefsHandle 5708 -prefMapHandle 5712 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7253033b-cb51-4b16-85bb-bac73d3f7c68} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" tab
                        6⤵
                          PID:5152
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5932 -childID 5 -isForBrowser -prefsHandle 5852 -prefMapHandle 5856 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d820387-693c-482d-83a5-d9653e8b8c79} 1528 "\\.\pipe\gecko-crash-server-pipe.1528" tab
                          6⤵
                            PID:5164
                    • C:\Users\Admin\AppData\Local\Temp\1003850001\27d2b8049a.exe
                      "C:\Users\Admin\AppData\Local\Temp\1003850001\27d2b8049a.exe"
                      3⤵
                      • Modifies Windows Defender Real-time Protection settings
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Windows security modification
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:244
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5404
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:1972
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5740

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json
                  Filesize

                  18KB

                  MD5

                  068f65fd21be9c8f331f4af72657b258

                  SHA1

                  1a1cf3d2c9765987c4bb767b476a41341cc6125d

                  SHA256

                  7a7b7c24e884325f112daf050762a2669bbb65646c6714b16fd5f90f7cb84b29

                  SHA512

                  d2818689a3bb577e8598d9080e9e0cb55707315241aa92299c3ffd0ec23619b8313f423f2030a76fe39b1fd8367267f124378d8bd25e71887ab5722bf4522cb9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\D500AD994A7515157BB2A6ADD5B18B754E4D2F99
                  Filesize

                  13KB

                  MD5

                  d9dff1ab056b1e2cda2b9a9f6d78bb9c

                  SHA1

                  9cd935938b72a5a904ccf01859f7a7dea255eaa2

                  SHA256

                  9763a2037c4b2f2cd99c667f9cb52a6426ae329347f006557dbdda2d8aecf2f0

                  SHA512

                  3aa57ce87d38c0a8e221146577375d0ef411872643ee48cf51eb85ece8cb5b3d9078cbb785a64b980a3cae90e8e56ffca77e4556f84d76f8339a6eb259923513

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1003847001\32004c76f7.exe
                  Filesize

                  2.8MB

                  MD5

                  f6cb46eeac599e54145db7a23b42e37b

                  SHA1

                  c3f17c94ff984a16f004fe189453bb440e820871

                  SHA256

                  452826189c7f784bb806478d6b711eb78d7e1e2a778dce6e3344b81f1a90bf90

                  SHA512

                  ca21a6d56c478dad206474a9e58da1c1dad41ac1012f57d68a19fc1c7e872da5815660bf8aa61cafe17378efe30212f621e7237c2d2b454d0654dd2ae231c56a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1003848001\59c793a827.exe
                  Filesize

                  2.1MB

                  MD5

                  aa473419a0e86c945a4133671f8ad079

                  SHA1

                  d822d7b7a15d9f92cfd69411442f813943883680

                  SHA256

                  d2ef46d8d3180fae721ff93b49f9ac75e44817f17dcd23ceeebbcbff2d6fa1fd

                  SHA512

                  db24d8961bc02421b6891d58b07a49ec9cddf6cc50662c2d3515b0d27c91080fb8aaba9cff56662547c50ed54b4a76ce0f6ff76265b2c2bd027dc6117e91e893

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1003849001\293846925f.exe
                  Filesize

                  898KB

                  MD5

                  84400353b12797cfdc7e58ea699aafce

                  SHA1

                  886632628e0008e312bd8dec55ab4a16a11fa362

                  SHA256

                  7dce969c4e2d4243318cee6c0b114da727ce8910fd46e834cd4de44706d4c3bb

                  SHA512

                  7d1e28b434ad6ace1482430a449b1e2185c0e2c71daea305f521b551245b43a93baac19c3474fb82073117841655460e469404ac13d93352987452b14f4a584b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1003850001\27d2b8049a.exe
                  Filesize

                  2.7MB

                  MD5

                  079964b03747dfffe361be2f0de3cfde

                  SHA1

                  6354b5a9cf36750484eceba6ed783b6f60a0e812

                  SHA256

                  f586665dd507457221fb4f9f83ec00afb0637d5422509dc965605c1ba900bd24

                  SHA512

                  6ba54ff140e05a159d41ab7348549b25e4e5cd0d149817593241f980a9a574dad831252adde967d0a1ab7305a20a96cfff953fa2d4d38eab3ba511abbca771d2

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  Filesize

                  3.0MB

                  MD5

                  2174acf9c60b405c237a7dfe41739ac3

                  SHA1

                  b15b5ff9bc81f1e72d8f89ac5b1985133a958fcf

                  SHA256

                  6fb7e5fa427f097ab1afda5d53a4ee8df777b48cfae38bfdf9cfee27095ff13d

                  SHA512

                  4e8719c242bb771ecf772aa69133efe62ce3a06ef62102fd19bee42ddd3aa6db34c78519034a1ac9eb15be0d604356c331f8006bd87ce8951984d7d660cab366

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin
                  Filesize

                  11KB

                  MD5

                  afddaa4b771b326fc0ecda4739cf1f21

                  SHA1

                  29f01c6d9fe11b2a4e06824c1cac80f821ff637d

                  SHA256

                  23c6f445d04590c0ebd641b51256fd2d387a941877704a4553e1088d0db4bed8

                  SHA512

                  34480710427eeb823e85ef52ef7e67861dcedc8d8b658f8728ec1df1446a5c3d455073a439583a5a845e9f54dc17e11d0ab9fc935dfd2f4171719d20e1d23ea4

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  15KB

                  MD5

                  8493a6b5f51e6a5e170697e6e5a68348

                  SHA1

                  bce8e269597afe70cf5bf72cb6c5816408d7cc04

                  SHA256

                  55af46defbc92c15ecbd8616ba2ffb1985ad1ce02dc7f2c2e0df9a347f26cce0

                  SHA512

                  464dcf6aa2031708d000989ec6538126eecedea6a8219d8d3a1d48a215a79751c261f267d656026f65df73c74d7e59d3a3e7f629a05ff5c7bdd09f926001cf8a

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  15KB

                  MD5

                  df18acbd1adcecf637fca77fab39504a

                  SHA1

                  b78cb2e5a75a28d237743b9dedb4a3398a30c308

                  SHA256

                  ac3e21d2851e4fd7a5a4ff786785fb2c613f95a19d55c607d24a988b68e2af75

                  SHA512

                  8f6404f6e73f2fbf3eb554fa219c3375a6de0437c769db335199f0c7744b71224e5b6f34be4717f79bd75bd8e80acf612b643f51d4df6a3309bb147ca104a937

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  c46b83aa2b48983f90e0e1648ace20d2

                  SHA1

                  6c453ee6486ad464769172fff86ef67254199216

                  SHA256

                  b38d0fec96e8a538f0469fe8e7ce24cc40aea5dfa416ced8441a3411fac99bd2

                  SHA512

                  90d7a710f9661b92cdf626ca1629df39260b3de6c14cbc3706808522608747967c659661e2ab8df26788601eab564204da171815d146084a918bf293651f87ae

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\87dec8c9-a86a-42fd-a811-e8939955084a
                  Filesize

                  671B

                  MD5

                  369cc601ad90a9b03fee13741b97bb43

                  SHA1

                  77832123cb103532b4703084a05ff36547d6d0d7

                  SHA256

                  c655464032a16a71e81378e1286240594a2308b8ef8e2adb99c7d033fe03816a

                  SHA512

                  77be7d530070f6cfa812a645a3fc92023d9b4a3a6e3e2c4e7542709fe7ec47ba992706c833246c624f87da3ee4a5d8b98818058b8d06d531b85606f122105016

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\8d63155b-270f-46af-9f27-64a37e3a54bf
                  Filesize

                  25KB

                  MD5

                  8a2b40f7d4635ff1c4d710b56be3ba1b

                  SHA1

                  4e1d9fe3babbe751b013676a1b06d313f075fbec

                  SHA256

                  60a8a54f669fbb6aa110e0927fadad6fd7e23794fe74d3f63c656c5d38e24694

                  SHA512

                  f4429a212a280f3516cd21b305cef936988cf27fffd6dff2a32be6653e73b8c1055d2d365f8335df995803d052e848b3f458b73261200b52d6fa8b332f32910f

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\a2075cf2-7b4b-4044-a0cb-74a10f9fcce6
                  Filesize

                  982B

                  MD5

                  3197c6cefd3fcfa8a91f3a0d19c1c861

                  SHA1

                  2d476322fa14831d279c118ccf697f172e97ed0d

                  SHA256

                  3964c779c7f57f793085edd1c864074fc090a743b5f460b0e1cec6c56fcab5f9

                  SHA512

                  3aac73dbee731626f1f65db2cee9a7bf2a5dca1f5f33d65bfd1a20fb96fe6f12675a1da355a8fbb4e61d862ffa068ef8e9467b4a68133bbd7bd742f173139b51

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
                  Filesize

                  12KB

                  MD5

                  6d869f1cef6e4e506f30f17dc94cb267

                  SHA1

                  a09ef0ad3f431b46b8a9e353fe885a46f07c9548

                  SHA256

                  db0edd989a0b3d68e4106ca58a4146e9abae1647215a1ffddec05f86d5d14aac

                  SHA512

                  6c7211cb75de64371bdd3e7ab3f261f3c3cffa7b1d9762dc629686420a2a1fbf290ba400a7a80e8d7e493236906c9b4774731931ba7c72615702891f2f0a559e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js
                  Filesize

                  15KB

                  MD5

                  7617c1cc7c46b47256e6ec2deeb368d9

                  SHA1

                  ebf4deede16068ada4c6bc74dab321e3eaf02ede

                  SHA256

                  d7d1fb97b6e7b170f875cc625dd94e864f2e74cde8e93ffdcb6496f21a203c63

                  SHA512

                  4318635384936d12aaf334bbeaf7b850b065d88d9c2ceab909839292df35db86235f676dc17613e41dbac35f6811f7af7f3121497f78fe02ec4554ca13a9cc58

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  29b12d6bf691fe2e5cbdd172039b12f6

                  SHA1

                  e4dd8699dc9dd5399f02475875f536885ca9ab7b

                  SHA256

                  8feebf1f8f29472fe236f0cdb62ba26522a4cc51b1cd5b25f40017660fafeaf3

                  SHA512

                  c707c3b2e5cf41642e7fe63cced545f81f0e4e8777e5ed3fa51b423840be80725edc3c71aa0e114a5be5427b27a64f3ac1ee2f2c3f07b2485d61419d74101adf

                  Download Submit

                • memory/244-398-0x0000000000960000-0x0000000000C12000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/244-394-0x0000000000960000-0x0000000000C12000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/244-324-0x0000000000960000-0x0000000000C12000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/244-476-0x0000000000960000-0x0000000000C12000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/244-466-0x0000000000960000-0x0000000000C12000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/1820-38-0x0000000000F90000-0x0000000001299000-memory.dmp

                  Filesize

                  3.0MB

                  Download

                • memory/1820-43-0x0000000000F90000-0x0000000001299000-memory.dmp

                  Filesize

                  3.0MB

                  Download

                • memory/1820-40-0x0000000000F91000-0x0000000000FB9000-memory.dmp

                  Filesize

                  160KB

                  Download

                • memory/1820-41-0x0000000000F90000-0x0000000001299000-memory.dmp

                  Filesize

                  3.0MB

                  Download

                • memory/1972-3105-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/2764-0-0x0000000000D60000-0x0000000001070000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/2764-2-0x0000000000D61000-0x0000000000DC9000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/2764-3-0x0000000000D60000-0x0000000001070000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/2764-4-0x0000000000D60000-0x0000000001070000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/2764-18-0x0000000000D61000-0x0000000000DC9000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/2764-1-0x0000000077C64000-0x0000000077C66000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2764-17-0x0000000000D60000-0x0000000001070000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/3000-61-0x0000000000890000-0x0000000000FCC000-memory.dmp

                  Filesize

                  7.2MB

                  Download

                • memory/3000-60-0x0000000000890000-0x0000000000FCC000-memory.dmp

                  Filesize

                  7.2MB

                  Download

                • memory/4528-20-0x0000000000E21000-0x0000000000E89000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/4528-3107-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-22-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-19-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-477-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-580-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3117-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3111-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-447-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-39-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-42-0x0000000000E21000-0x0000000000E89000-memory.dmp

                  Filesize

                  416KB

                  Download

                • memory/4528-2020-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3096-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3097-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3103-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-58-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-21-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3108-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3109-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/4528-3110-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/5404-453-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/5404-454-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download

                • memory/5740-3119-0x0000000000E20000-0x0000000001130000-memory.dmp

                  Filesize

                  3.1MB

                  Download