Overview

overview

10

Static

static

3

97c84e4a64...d2.exe

windows7-x64

10

97c84e4a64...d2.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-11-2024 01:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    97c84e4a64dc3963b1449a554864034af641fcb3fd781e668bed8a4290499fd2.exe

  • Size

    1.8MB

  • MD5

    94e2520fb2ad7d11fa21d869f8284d76

  • SHA1

    45169f35a44a07dbe216e8cf10a2710c4f5af136

  • SHA256

    97c84e4a64dc3963b1449a554864034af641fcb3fd781e668bed8a4290499fd2

  • SHA512

    e3f3f0ff13c8ecc047aec62ff9de747212be620e72bae593532e804102998c3958fb690f311bf64de7ddb4f212e38599d28ba7c6e67b93ea6048e2b56caf2eb1

  • SSDEEP

    49152:bvWFqWLcgZ4gMDDMdJvLLQrhuIBFo1Ogb8ElSk3:bo/cySMk9Fosg1lB3

Score
10/10
amadeylumma9c9aa5discoveryevasionpersistencestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 16 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Identifies Wine through registry keys 2 TTPs 8 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\97c84e4a64dc3963b1449a554864034af641fcb3fd781e668bed8a4290499fd2.exe
    "C:\Users\Admin\AppData\Local\Temp\97c84e4a64dc3963b1449a554864034af641fcb3fd781e668bed8a4290499fd2.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4496
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2020
      • C:\Users\Admin\AppData\Local\Temp\1006791001\6f4f4b7171.exe
        "C:\Users\Admin\AppData\Local\Temp\1006791001\6f4f4b7171.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:4796
      • C:\Users\Admin\AppData\Local\Temp\1006792001\963121fd9b.exe
        "C:\Users\Admin\AppData\Local\Temp\1006792001\963121fd9b.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:2220
      • C:\Users\Admin\AppData\Local\Temp\1006793001\8be93dd6b4.exe
        "C:\Users\Admin\AppData\Local\Temp\1006793001\8be93dd6b4.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4432
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4972
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1988
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:864
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4984
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:4764
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:368
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
            5⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4960
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cb22844-9f46-4b3c-a321-be540a44449d} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" gpu
              6⤵
                PID:928
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2436 -parentBuildID 20240401114208 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {013be6db-c07e-46d6-a92c-d5f5d581e042} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" socket
                6⤵
                  PID:1224
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3208 -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 3096 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31520a3c-c83e-4120-b84b-7d4e20fd4056} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
                  6⤵
                    PID:3580
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3732 -childID 2 -isForBrowser -prefsHandle 3728 -prefMapHandle 3724 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2063e640-839c-4ffb-8f41-1072b24d5fc1} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
                    6⤵
                      PID:1584
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4464 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4404 -prefMapHandle 4408 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaaeee30-7211-4787-a998-106d535f3a2f} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" utility
                      6⤵
                      • Checks processor information in registry
                      PID:5304
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5432 -childID 3 -isForBrowser -prefsHandle 5528 -prefMapHandle 5460 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fed4b6bd-3b63-403d-a6da-985a66c40611} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
                      6⤵
                        PID:2696
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 4 -isForBrowser -prefsHandle 5680 -prefMapHandle 5684 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {264edeb7-515c-4307-a000-65158683ba9b} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
                        6⤵
                          PID:4860
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5872 -childID 5 -isForBrowser -prefsHandle 5944 -prefMapHandle 5940 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b74f1fd-4725-4dd5-8bdd-d0bfdca492a3} 4960 "\\.\pipe\gecko-crash-server-pipe.4960" tab
                          6⤵
                            PID:2084
                    • C:\Users\Admin\AppData\Local\Temp\1006794001\cea97313bf.exe
                      "C:\Users\Admin\AppData\Local\Temp\1006794001\cea97313bf.exe"
                      3⤵
                      • Modifies Windows Defender Real-time Protection settings
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Windows security modification
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4076
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4376
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4584
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5076

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json
                  Filesize

                  22KB

                  MD5

                  cbf25c0975e74add8faf703807b4fffb

                  SHA1

                  6dd3c458dfa5fac920866f3efa9bb67ffbd85539

                  SHA256

                  8e15f318e309114c4aa12e81af2c4448ea62188c69c67fc94118ec19b7c75165

                  SHA512

                  c029602b8440d9d1c1e10e14d5430e8e66a3537c4b5a0342bb08633052b5f3e1b011fafcb9762d236d87c1c23ea12e5492a3506d7a6e3adde9ea335bbccdf723

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
                  Filesize

                  13KB

                  MD5

                  b17e67d6ef5a569d7609081fd9966a42

                  SHA1

                  a51b9b272812a18e07a1f0b7003fa0970c5a5056

                  SHA256

                  86441e9d083a21cd20ea0377d3773db60cf2a8c79be06fbdf5abe41cc13daad3

                  SHA512

                  d5e47b36faea9228fc41562efb13ca15c00ca77552081af74d9cc01de1e9df05df7d90fd4784df4381426b612270a2d20e8d6f8ec92311b30bc6da8e35ab1f7a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1006791001\6f4f4b7171.exe
                  Filesize

                  1.8MB

                  MD5

                  f99ff5e64815a0f5c12d7ac3c308dcad

                  SHA1

                  42b69c5c2e32df7181e790663ec59cb3cd3e5e3e

                  SHA256

                  cc667d24c723a4963225b68b04bb90c6436ccfecd456c8cc1d3eec80d3ff4d9d

                  SHA512

                  984ca41dff503250b2378e9346bfdf99c693c20c7ba9442fd78c0db9408f31aba9e4659da33ba94ba5fd987bbe4b8d1f801a930827a90265b839663fe45ee29c

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1006792001\963121fd9b.exe
                  Filesize

                  1.7MB

                  MD5

                  95ad97385b91f97050fca22fff1b6bab

                  SHA1

                  b0f4c4aec176668bac77216d2efe0cbb10d37d80

                  SHA256

                  7b68bb0343f8acf2af19c2fc63e6a355568fa71f1c7f3e9ff1f7bf79bf5d6549

                  SHA512

                  c568d9ed1f2f7912cb2b9858490e7caa89d6a05d6ad94e3d5bd65d0e9a7139b73bb63b25ede53d2581c63e07ab738c48f9c3d0cbcc6d4bb53f63f0bfb5c143fa

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1006793001\8be93dd6b4.exe
                  Filesize

                  900KB

                  MD5

                  51c4368c9fcb43fbd1d93f2c95ba919c

                  SHA1

                  0de7b1c6f766938cc1a29c9cc992df31f380cddb

                  SHA256

                  4ffe84b5b7895bbe8836fc734d6c45d5d927e90ba0a2a3919b5608cfa4c73cec

                  SHA512

                  7b02cf1ba377af7c2e9f782d28090e8204f955c8210fa7fdcdfcefee6e5b41beecb9abdc1e8a88edb8f3d55ed2a00c0e9eeae71a90389782fe76778257a7e6fc

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1006794001\cea97313bf.exe
                  Filesize

                  2.7MB

                  MD5

                  d7f9844997596607f37d9d3bf1a39571

                  SHA1

                  e2c08ed0a08f4b0fd1c661d850548f7604fea49b

                  SHA256

                  8a9cc77a61796a39c27d6318213c9bde4a3ea8229f3829091d60c4d4280bab49

                  SHA512

                  123a5d965a13ccbdb8bb1c9d1932932e1359c5b19aa7b3f9af4063fd42cc748bc3c3c0c1a3b837e721f5b012e7685f93d2640a719a5ea08e47f38f8d41d17d02

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  Filesize

                  1.8MB

                  MD5

                  94e2520fb2ad7d11fa21d869f8284d76

                  SHA1

                  45169f35a44a07dbe216e8cf10a2710c4f5af136

                  SHA256

                  97c84e4a64dc3963b1449a554864034af641fcb3fd781e668bed8a4290499fd2

                  SHA512

                  e3f3f0ff13c8ecc047aec62ff9de747212be620e72bae593532e804102998c3958fb690f311bf64de7ddb4f212e38599d28ba7c6e67b93ea6048e2b56caf2eb1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
                  Filesize

                  6KB

                  MD5

                  87c3bc80fc37dbc6a105497ffb966b12

                  SHA1

                  224d4393ba6def9fb2c7d18519fe19cf77423e13

                  SHA256

                  3de4de84ab7904508effe26ab7c1070b38131aac3982f21102e911b2d468c0fe

                  SHA512

                  da8624a4a20c27f17a9ac05e627641af32376d6de07a50194f1f37c0f7646c7d8a474a02be00276288b501d0550cc03477b91de61d81f3a91c8c5e3cc36b8073

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
                  Filesize

                  8KB

                  MD5

                  8acd4606b361b60beb38d4f962e07568

                  SHA1

                  f80596f2ab2cfe74476e6bbf969d6ef27850a8de

                  SHA256

                  9cd10fba9a37b7769ee9b66d0e3b91399c8bf5d5c605f9743e02d09c2cf18ae0

                  SHA512

                  358f97d15ab2f21e99a739f3d5ea6c8e644d2198e9e6a897fe9484513c07c25982a9a5e9b23f68770034cbce3f5b18371eb1b93c003e0967d6f9f21e4b7616fd

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  22KB

                  MD5

                  7866a20be7ab1eeddbe920ff0c63af32

                  SHA1

                  993b0e96dfceea33bf726096ccb1b52f2272a565

                  SHA256

                  303418b9609b4d1a9e264205c141c3d511cfa1a9054638ac6ca45a0907bc6382

                  SHA512

                  a3a4ae6f344d313cc963cbe42ff0751528645552fbd62925e057377afe21eef6f858ad6fb6da6c8fe328c0a8943501527e71cfc9088884317c302ef59bf943c3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  25KB

                  MD5

                  4b88a9fdd428d67f70d17eefc310d9ea

                  SHA1

                  3aff44abd8e39e0622c055b5dd072b2457449513

                  SHA256

                  b0a4f8e936d6028bb29a9cab38436be51a80e79b5358af5ac39e83b7c17b8958

                  SHA512

                  7a68fc275709ad4c2ce9afad47eacdea6afaa701e8c2a658166a9fdd1a4c749aa65bfec898b0435db80590efbecde48cf302f215e32161d9dd562eac1925971b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  22KB

                  MD5

                  e105616564e0955d0c83592176188aaa

                  SHA1

                  7262a97beadecb4b88989318101347fea455f308

                  SHA256

                  5ce02c27b598aa982e688519ca0dd201c66ffa5a13fc31dfc075d232e2a40124

                  SHA512

                  03a491cefc49459eab352ea3fc77ad8beaff8b6583a6f0be1fed35d967490a1adf844a013068020778da29666bb8abcd5c36ee4a8ee01a2dcc775e6bfbf7e221

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\32c7d86c-8034-4495-ad81-62d33abcebfc
                  Filesize

                  659B

                  MD5

                  9e1f5dd03b9867a2128c10ef4aa0ca63

                  SHA1

                  a002d1ce027f2b8bb2a40767d70265aea9c2b1af

                  SHA256

                  49b6713412b24b167a1fcee63aaeb8744ab4403095953d219c4cb91e1f22e41c

                  SHA512

                  4b69ec3721dc64e750e43b8c508d566887f991442ecb5bb152a9eccf07af834f1fe1782339ec9958291b512f8f68bb92c9eb860d1f22e020013efe49a8190ba5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\e108cefc-66bb-4ec3-aff2-df264db68663
                  Filesize

                  982B

                  MD5

                  39ef37162f5b23a68baeb77cbbbbb9bd

                  SHA1

                  7bf5a9dbc6a1ba32e6e9e2fe19b1af57d7bab7ed

                  SHA256

                  4de994268614a178f6b3733f93b780fd5b8b2100bf2225d48c1385f6409d1dce

                  SHA512

                  8afb3ecf3e00cdfce2bd0361421b9c6cd69363d00edf79ab6cb950e1664c4226251df73c91411053c54f48339c857c1290af827f926975aa471599986c549e7b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js
                  Filesize

                  12KB

                  MD5

                  677edcaea8570542d1e83a1b86466d87

                  SHA1

                  5551a4ec7c842b00957526708bb71ca51328c9e5

                  SHA256

                  49a437ddb98fa4aa3e8b3610782907bfa2e6d34cc15cfa8fa77477d86418fbd7

                  SHA512

                  b4b6b61ba03d77a3346eaac6c12f7d35582afdae390860bc0cb3914367283fa03b93f8d2c613a81a1b350f356b6f92572120b2fcc44f27a12aade6cc8daf135c

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js
                  Filesize

                  15KB

                  MD5

                  87e8f93e6940a01dafa0b598d3986c89

                  SHA1

                  0cca15eea9726b07c1442ff8f7fb96fcc83700d6

                  SHA256

                  5e4fb709112882b765db2cb26f855348b45f55be00fa2fc9648fc6a4f3d46a7f

                  SHA512

                  b698dc232ae6d93232daff2313cc5e0b6d7ec7bfff3354a1f67d00d4de1599850161f8d8ee3cc3a5ccc5002316a21b9c955968aa64c298e15598dc4dfcf32b77

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
                  Filesize

                  11KB

                  MD5

                  85d9d61355f9538088008e29c407434c

                  SHA1

                  fa7f64a0be82f00f67dcbef2efe3504716eaf9a3

                  SHA256

                  50d24d1cf55b4d50f175b819623f5502c088ddeb80547334431d5841329bde72

                  SHA512

                  1c848e11b824ce410f20bc6f1c07bb2259aef09e5e9ce176eed3f137f55c9994ebfa42896141b66dc0137d022bb3c2a20c38273deed9fa1c1832952232ed3ec1

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
                  Filesize

                  11KB

                  MD5

                  8ffc1b7791b4906e3ee2989020b281c5

                  SHA1

                  5ba6746b4a955047be25090005e00a6f7979adab

                  SHA256

                  8c3149aff0f31520850b70fb0b741d09f74e210168d8fbdd7f7265d534197870

                  SHA512

                  200dff64014cd085a1b269f84b3676afd203858b40b52f3aa8effa36a2eb327ea6ea0e67541417fe696e23374933912f5623cff7ccb0bc70e939bd185bf0b198

                  Download Submit

                • memory/2020-22-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-21-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3399-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3416-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3415-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-58-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-42-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3400-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3406-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-39-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3411-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-2196-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-431-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-20-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-19-0x0000000000E91000-0x0000000000EBF000-memory.dmp

                  Filesize

                  184KB

                  Download

                • memory/2020-607-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3412-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-470-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-17-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3413-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2020-3414-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/2220-59-0x0000000000A50000-0x00000000010D8000-memory.dmp

                  Filesize

                  6.5MB

                  Download

                • memory/2220-61-0x0000000000A50000-0x00000000010D8000-memory.dmp

                  Filesize

                  6.5MB

                  Download

                • memory/4076-315-0x0000000000CB0000-0x0000000000F62000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4076-314-0x0000000000CB0000-0x0000000000F62000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4076-459-0x0000000000CB0000-0x0000000000F62000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4076-469-0x0000000000CB0000-0x0000000000F62000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4076-107-0x0000000000CB0000-0x0000000000F62000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4376-451-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4376-452-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4496-0-0x0000000000430000-0x00000000008D7000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4496-5-0x0000000000430000-0x00000000008D7000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4496-1-0x0000000077CA4000-0x0000000077CA6000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/4496-2-0x0000000000431000-0x000000000045F000-memory.dmp

                  Filesize

                  184KB

                  Download

                • memory/4496-3-0x0000000000430000-0x00000000008D7000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4496-18-0x0000000000430000-0x00000000008D7000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4584-3408-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4584-3409-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download

                • memory/4796-41-0x0000000000BE0000-0x0000000001078000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/4796-38-0x0000000000BE0000-0x0000000001078000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/4796-40-0x0000000000BE0000-0x0000000001078000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/4796-62-0x0000000000BE0000-0x0000000001078000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/5076-3423-0x0000000000E90000-0x0000000001337000-memory.dmp

                  Filesize

                  4.7MB

                  Download