Overview

overview

10

Static

static

3

2fc98bbed2...4b.exe

windows7-x64

10

2fc98bbed2...4b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-11-2024 09:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2fc98bbed2bef63788285a4a3fb8c2ca0046f3700c0fe503760c0e82b5d0134b.exe

  • Size

    1.8MB

  • MD5

    caf63ff775fc6f33c880fe7babf8342e

  • SHA1

    4b9f9a313a3a15788220e5c997488a5cd6c8ca59

  • SHA256

    2fc98bbed2bef63788285a4a3fb8c2ca0046f3700c0fe503760c0e82b5d0134b

  • SHA512

    509e0ad65c96611703cef2dd5c75544d5c6368c85eec47e48c9f1d8640c33e8c1d66646593a72dfbf9cd732a46817999166cc8106ecb5835b629d775d2f346f1

  • SSDEEP

    24576:SVJGJflDvwO1wKg3wZgXbSo0DQxpE3ZnQebDT6Ef8WjJOjdccs8xRfVG+7v3Zuqa:M93QObSmxpCQe1frUdcJ8jV38qB

Score
10/10
amadeylumma9c9aa5discoveryevasionpersistencestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.42

Botnet

9c9aa5

C2

http://185.215.113.43

Attributes
  • install_dir

    abc3bc1985

  • install_file

    skotes.exe

  • strings_key

    8a35cf2ea38c2817dba29a4b5b25dcf0

  • url_paths

    /Zu7JuNko/index.php

rc4.plain

Extracted

Family

lumma

C2

https://processhol.sbs/api

https://p10tgrace.sbs/api

https://peepburry828.sbs/api

https://3xp3cts1aim.sbs/api

https://p3ar11fter.sbs/api

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Amadey family
    amadey
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 16 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 8 IoCs
  • Identifies Wine through registry keys 2 TTPs 8 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Kills process with taskkill 5 IoCs
    evasion
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 33 IoCs
  • Suspicious use of SendNotifyMessage 31 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\2fc98bbed2bef63788285a4a3fb8c2ca0046f3700c0fe503760c0e82b5d0134b.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc98bbed2bef63788285a4a3fb8c2ca0046f3700c0fe503760c0e82b5d0134b.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1844
    • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
      "C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Users\Admin\AppData\Local\Temp\1007122001\6adae09328.exe
        "C:\Users\Admin\AppData\Local\Temp\1007122001\6adae09328.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:216
      • C:\Users\Admin\AppData\Local\Temp\1007123001\08ff061e61.exe
        "C:\Users\Admin\AppData\Local\Temp\1007123001\08ff061e61.exe"
        3⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Executes dropped EXE
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        PID:412
      • C:\Users\Admin\AppData\Local\Temp\1007124001\205344a358.exe
        "C:\Users\Admin\AppData\Local\Temp\1007124001\205344a358.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:3816
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM firefox.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:228
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM chrome.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3808
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM msedge.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:3436
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM opera.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:2544
        • C:\Windows\SysWOW64\taskkill.exe
          taskkill /F /IM brave.exe /T
          4⤵
          • System Location Discovery: System Language Discovery
          • Kills process with taskkill
          • Suspicious use of AdjustPrivilegeToken
          PID:1056
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2092
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
            5⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3512
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1952 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8caf762c-1b39-4601-b53b-e10400adfeb3} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" gpu
              6⤵
                PID:1732
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2468 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f86753a3-8343-4a69-a237-19a4488f21f9} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" socket
                6⤵
                  PID:4788
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3088 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3252 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {375c2bec-4f3a-4fec-800c-b331d1347811} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" tab
                  6⤵
                    PID:2088
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3912 -childID 2 -isForBrowser -prefsHandle 1232 -prefMapHandle 2780 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7791559a-ae67-4114-9761-1f70de4597a8} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" tab
                    6⤵
                      PID:4380
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4884 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4876 -prefMapHandle 4872 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d9db8eb-3e07-4add-9596-8d250765dcf7} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" utility
                      6⤵
                      • Checks processor information in registry
                      PID:5504
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 3 -isForBrowser -prefsHandle 5440 -prefMapHandle 5436 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b73d722f-d571-4f44-ac26-69a848b5ac32} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" tab
                      6⤵
                        PID:3020
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5592 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b87c42e3-78d6-4194-a624-bfc238825f97} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" tab
                        6⤵
                          PID:1372
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 5 -isForBrowser -prefsHandle 5816 -prefMapHandle 5824 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {044e3bc3-67f5-43e6-8087-e7044903a3c5} 3512 "\\.\pipe\gecko-crash-server-pipe.3512" tab
                          6⤵
                            PID:2836
                    • C:\Users\Admin\AppData\Local\Temp\1007125001\6cc1317719.exe
                      "C:\Users\Admin\AppData\Local\Temp\1007125001\6cc1317719.exe"
                      3⤵
                      • Modifies Windows Defender Real-time Protection settings
                      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                      • Checks BIOS information in registry
                      • Executes dropped EXE
                      • Identifies Wine through registry keys
                      • Windows security modification
                      • Suspicious use of NtSetInformationThreadHideFromDebugger
                      • System Location Discovery: System Language Discovery
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:4940
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:2584
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5756
                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  1⤵
                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                  • Checks BIOS information in registry
                  • Executes dropped EXE
                  • Identifies Wine through registry keys
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4832

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\activity-stream.discovery_stream.json.tmp
                  Filesize

                  19KB

                  MD5

                  2e1972f091991e1b3a66cf0fb80f51c3

                  SHA1

                  5757b7d4ad3acf0de0bb4d5e1d9acf66db1876da

                  SHA256

                  f5903aa8e179d583ba4bbab73275f47ea90a1d9a1cc41af984d8e1fb76d49341

                  SHA512

                  e2ea76475d771a7fba7d9b794a165ba4a9a76a778b05fdcbd0e3574545739d3d165d40346a2e461e9eeb90625fddf0532e9315aeb132144e9138bb2960110214

                  Download Submit

                • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\85mw8mk9.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878
                  Filesize

                  13KB

                  MD5

                  fed7b7653aff5772698e09ec18ba2f7e

                  SHA1

                  fb89a1b41456532a3d40a7ad8cff37a91af4ce84

                  SHA256

                  42f7e801beb5570df1afeacea827d2a7eda5d1d6017dcbbaa4d79347cee01409

                  SHA512

                  ae0186979a842798d20386bfb4a7d2b106a294bd6d7a027ec4c33fea6cb4991544f45ff7746d4cd8c8ed3509a9fa7ea73fc8afc4d93fd6e3ac088f9c086bcf02

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1007122001\6adae09328.exe
                  Filesize

                  1.7MB

                  MD5

                  2fe2ab5b511de6ef48e3eba0378f3e12

                  SHA1

                  c350d71c99c8c079714e71c219c706c6716a22aa

                  SHA256

                  ab2e92bf1d70567a32aef956b7d64cbe4d49dadf779fc6d455674fab35509b14

                  SHA512

                  4beb110952f7f3d6f351149448344f0e5918694bfa3fa958e08690999e16f270abd32100e2d844c5a13564e4c8fd664d17882979e6ca567111983ef62ee4768e

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1007123001\08ff061e61.exe
                  Filesize

                  1.7MB

                  MD5

                  13a85c121414fb45d5693a9ab8910086

                  SHA1

                  040b4aa8746c65929784f80116bb13c7f125ddb2

                  SHA256

                  de0db7603189d02c7051013fe43244a3e86fbd2a884a733a64fed84836912e0c

                  SHA512

                  9c9d7a5e6cf4d76a79870b62a37984783c0ec174b7f2e4557154cd0632d6e2ee7943d9ecc6149eb09277ee1dff4d8eb2692ce60934d69eae97f80451344dc5d6

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1007124001\205344a358.exe
                  Filesize

                  900KB

                  MD5

                  5ce51bebf5df5616c0afad430b705cda

                  SHA1

                  97b05e3b842ea60a341e600c12110092a27240cc

                  SHA256

                  65177fb5a41a621039697bb1c2559cfb544bead0f3a91722008f425fbe89e261

                  SHA512

                  c141267589f896649c97dae327c98e2abfc5de85c06917a00062acc7bb4e42da94085ea1f6b70f6c8dba4ef1725ae9bf0b64747792f80c824d99eef1f23e7ee8

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\1007125001\6cc1317719.exe
                  Filesize

                  2.6MB

                  MD5

                  bea1589178b4eda7c5b15d47b076f6bd

                  SHA1

                  81a654fe6ca77c26d0c87d9f8fe1786c4ee4582d

                  SHA256

                  336b2204ee1f34c545ac54145a9db9f548ee478708fe1bc22c679fb037063068

                  SHA512

                  d8ed0c2b19b94aeb4aed0d2e7525cb3eb8289b9da0d4df8c1b24340060976233af90861fca9ecf259c7cbe40775d1f8fa6ff814bdc542abd9381497ee60d9d98

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\abc3bc1985\skotes.exe
                  Filesize

                  1.8MB

                  MD5

                  caf63ff775fc6f33c880fe7babf8342e

                  SHA1

                  4b9f9a313a3a15788220e5c997488a5cd6c8ca59

                  SHA256

                  2fc98bbed2bef63788285a4a3fb8c2ca0046f3700c0fe503760c0e82b5d0134b

                  SHA512

                  509e0ad65c96611703cef2dd5c75544d5c6368c85eec47e48c9f1d8640c33e8c1d66646593a72dfbf9cd732a46817999166cc8106ecb5835b629d775d2f346f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                  Filesize

                  479KB

                  MD5

                  09372174e83dbbf696ee732fd2e875bb

                  SHA1

                  ba360186ba650a769f9303f48b7200fb5eaccee1

                  SHA256

                  c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                  SHA512

                  b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                  Filesize

                  13.8MB

                  MD5

                  0a8747a2ac9ac08ae9508f36c6d75692

                  SHA1

                  b287a96fd6cc12433adb42193dfe06111c38eaf0

                  SHA256

                  32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                  SHA512

                  59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
                  Filesize

                  18KB

                  MD5

                  6a9b40cbcac2067a024b0c9c84fbb98f

                  SHA1

                  485c1fa562bb362e87c4864ec9302733c7c0ee1c

                  SHA256

                  3b3761388616750096907a4177fd865ac50f88456e3b21cb90d7cdba33fdfb5d

                  SHA512

                  fed4d34ecb8678dc09a4b6ec174019ff55cf83cf18a29d2d3a7bccfde21cfa3a5d95b0c1442317b70978ce105cc2b8cecf3ac74ff0814b30986eef6c7af50d66

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\AlternateServices.bin
                  Filesize

                  8KB

                  MD5

                  fbb6b057036d35af53ab4b32d2547bf5

                  SHA1

                  cab688c18cdccf2a08baec4718f8ac2d9a9a6136

                  SHA256

                  c5502f37b5cf02a2ddbb26b1e65a73fb83d1796f57baaa4a601f73a4ed535bc4

                  SHA512

                  c25423fc66b97ebbab02467e41d24bcd169efc8e7c022d8fe44291fbcca576ea6913ff727b34bb7a0e7ff1bd5e00384d010ce667bb5be2431feb8e9766cb48e5

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  5KB

                  MD5

                  4913d2a06fbf7b951d484725bd066476

                  SHA1

                  11ff95f1e5a7c70b4b686b5a8cf07dbfeedae554

                  SHA256

                  0e076a57310f78be3df83ff306b822b10db51012cfc9ef26031dd7d6f3cdc8b4

                  SHA512

                  c7e52a2b72e2fa714526e8b3d998c686833686f8c7c8a5dda5cc1899906ce63d9d3162c7fa72ea63864b59824bc7b1a84d2fb0f3cb755da4801c63e98ad6c1b2

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  15KB

                  MD5

                  b24105281312bfcef69ab2861d1e2ef4

                  SHA1

                  08d1578de1901f62be3607f4fec2f61aa1ae1a50

                  SHA256

                  b52333681b68a2525a9a069f2e12ef2d3ff403edf7f9259de83cee5f8ab26676

                  SHA512

                  af3ebc0b47bb9d8d57273b6c6bc810adbfd57d325330589a628dbb41dd40c81c427d7d048d7346a170e7aa6e54db4b1adc6a589fddef39a26fd05c65ef126a60

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  6KB

                  MD5

                  e1269be1a07ca97bb91baa8ce27d8f7d

                  SHA1

                  a8159b26c0df6f58dfe9e7bf761e3cc09bc88f23

                  SHA256

                  daac866afdf2d03ee60a8afa2a48a3cb4aeba3977d9482c0a96612927a9b41a1

                  SHA512

                  e7db7fae2d799805bce8c9fc38a274411cbb30045c5ec834ba95aba6e97010f5840e779a1a06a4505f1c683614b773b06e0423bc03a6dafa8fd5979a1cd92b29

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\db\data.safe.tmp
                  Filesize

                  15KB

                  MD5

                  f22c0172530b066624acb39a47ee0f45

                  SHA1

                  cb02c7464961eab08599d09d60aa42f121d3eb0c

                  SHA256

                  5f77baf6d59eabbe7ff80a03f5e1b441851c075b7fb825201a6149f1b366ff67

                  SHA512

                  e2e091a84c4996094bf1246ce8bd669c7806dfed23ef666bb4fbc871b23713940e0f9d0171a02e0a547b2cfc18df5c3e65a835b81483652783f212bff0b08036

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\2a188a68-7716-4e1a-96b3-abf03fc818ff
                  Filesize

                  982B

                  MD5

                  8360eda6465899efded67280786abdcf

                  SHA1

                  216ee911f10b267574646882f29d369905004db4

                  SHA256

                  853f480fc04ea9e5bb67e0cc3883dce189977c49209e92cf5336692376e77d9b

                  SHA512

                  35540ff6435174fc77cd2ae70216058e44c24000342c4020b456f2433e8969edf317f504e158b679727697a92c1cdd2294133c1245a0feedf80def24d1494623

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\76ec3a0f-c138-4a1d-8542-2af03a5eb01a
                  Filesize

                  671B

                  MD5

                  e9fb6e2e5e708e6ba0803f45fc61fffc

                  SHA1

                  9feba982c48ac9613aeea8ea2031352def6c53a0

                  SHA256

                  e22a04fc62d974852204d26bd867c467d0f4580b8aad2ddb5c6e8c5e6c7586ae

                  SHA512

                  a8f1b592942b4157cacbf9def40643cfc5d88a4375523602179cfcd9329202f3d44ecc594f6987735ab40f723165adcbb51be838d1de51f43fb356282594de5b

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\datareporting\glean\pending_pings\f8001c4a-e6a9-4281-9aff-5c00e47cd113
                  Filesize

                  26KB

                  MD5

                  a4a619f8d512f643e694c26547e18c2d

                  SHA1

                  7d5713144472df65805d228e57ea5385c9592e51

                  SHA256

                  f15317c2ebe8f29905fdaf1832d282c45120d5450ec0f228187c1c8b6adb387a

                  SHA512

                  aa49f352c408ea47a53b624e2ddb21cd6b469993cae192de7a41460114125e22b8579028ae4e0dc737749e585f125483a4f67d27ff08a223f97d49535a9a6a77

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                  Filesize

                  1.1MB

                  MD5

                  842039753bf41fa5e11b3a1383061a87

                  SHA1

                  3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                  SHA256

                  d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                  SHA512

                  d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                  Filesize

                  116B

                  MD5

                  2a461e9eb87fd1955cea740a3444ee7a

                  SHA1

                  b10755914c713f5a4677494dbe8a686ed458c3c5

                  SHA256

                  4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                  SHA512

                  34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                  Filesize

                  372B

                  MD5

                  bf957ad58b55f64219ab3f793e374316

                  SHA1

                  a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                  SHA256

                  bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                  SHA512

                  79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                  Filesize

                  17.8MB

                  MD5

                  daf7ef3acccab478aaa7d6dc1c60f865

                  SHA1

                  f8246162b97ce4a945feced27b6ea114366ff2ad

                  SHA256

                  bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                  SHA512

                  5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js
                  Filesize

                  11KB

                  MD5

                  8379e29e1092e3c7bc5c61635640de94

                  SHA1

                  be3ea7a37a3e86891b739c1b774af73e5861e296

                  SHA256

                  9474047a50f07cb3d0e3a96ce00366f3ec1042f90acaa6ef74c218e3c997d749

                  SHA512

                  e188991fbe58924a4315b013de1c3057905263a33d2ec3967d19ed89a1b4c099b29abd19e1f66cd76130e6d634ed2fb06528d5984958775a20f89a4ef054de13

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js
                  Filesize

                  12KB

                  MD5

                  e67f0617b9472f462d84da63100caf2c

                  SHA1

                  b7f1fb8a627b3d7cea96de7121caeb361f857727

                  SHA256

                  37a43f6e2febdf83b25838bad2f7fe537fbe76f55773e90b88e6f03abb871f78

                  SHA512

                  fdc83645d1b7e942deac89d06b2aa778f0b3fd7c3ae4cf8a32208a29b06ddb4c15a045a6e31c4d70847025f99bd06573f6c3c1f8eee2669c48c38e8e4cd47389

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs-1.js
                  Filesize

                  15KB

                  MD5

                  043278c2c38c1c91cfe946959529e65e

                  SHA1

                  c7763b20427ce17ae1f09a0615a89a3289545f55

                  SHA256

                  d7c44a0477004b92b32fd01f6d987f7b64f68001029dc5a481680b049c854f9c

                  SHA512

                  d9dac350e0c4212b7356f7a9bd7f15ce8e28b6a8cde8ad9544af0c88115ab9b699cdad1d43af0a51123001f11e45aa206368da074b30794e149eb4336795e067

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\prefs.js
                  Filesize

                  10KB

                  MD5

                  0d1c4be4da72f7f04d2a074948e72cd4

                  SHA1

                  de6a68a539ee8a120da3b396fe36c5ecca9a90d7

                  SHA256

                  25f12e6220946486fa445aca87955a1ebbdc5aa20cb7d5c14ff6fcf862c1bad3

                  SHA512

                  270321152bda7dded10288815888f5921414c4fdae4b1bc61d766248e6fb9566ff4c2f700218745fe082f7e1e38974381c71aaa2c6650f34b771b4c85cc14c50

                  Download Submit

                • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\85mw8mk9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                  Filesize

                  1.5MB

                  MD5

                  cd5952c121282fbd6fbab254f458d3b3

                  SHA1

                  6f8dfbe3fd5b1c2cf5749e9d2129ba0ac00a7b22

                  SHA256

                  83f9f954afe8f7d6645696790762900c3da3326e8d3657601929c112c0f21eac

                  SHA512

                  2d5767ff2915be6e6f475f7aefefef479f3f9c49170d86c23401bc9ef2929789630b3b471f7068fd620adb83c19652d494b40f5607c697c0dee4ffa484270590

                  Download Submit

                • memory/216-39-0x00000000004E0000-0x000000000096E000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/216-38-0x00000000004E0000-0x000000000096E000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/216-63-0x00000000004E0000-0x000000000096E000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/216-37-0x00000000004E0000-0x000000000096E000-memory.dmp

                  Filesize

                  4.6MB

                  Download

                • memory/412-61-0x0000000000CA0000-0x0000000001328000-memory.dmp

                  Filesize

                  6.5MB

                  Download

                • memory/412-57-0x0000000000CA0000-0x0000000001328000-memory.dmp

                  Filesize

                  6.5MB

                  Download

                • memory/1844-3-0x0000000000D00000-0x00000000011D4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/1844-2-0x0000000000D01000-0x0000000000D2F000-memory.dmp

                  Filesize

                  184KB

                  Download

                • memory/1844-5-0x0000000000D00000-0x00000000011D4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/1844-18-0x0000000000D00000-0x00000000011D4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/1844-0-0x0000000000D00000-0x00000000011D4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/1844-1-0x00000000777E4000-0x00000000777E6000-memory.dmp

                  Filesize

                  8KB

                  Download

                • memory/2584-85-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2584-83-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-19-0x0000000000611000-0x000000000063F000-memory.dmp

                  Filesize

                  184KB

                  Download

                • memory/2696-59-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2908-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-492-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2904-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2903-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-21-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-20-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-40-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-591-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2902-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-17-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-420-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-56-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-58-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2901-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-1394-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2556-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2888-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2900-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-2896-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/2696-60-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/4832-2906-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/4832-2907-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download

                • memory/4940-494-0x00000000009E0000-0x0000000000C8C000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4940-463-0x00000000009E0000-0x0000000000C8C000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4940-474-0x00000000009E0000-0x0000000000C8C000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4940-473-0x00000000009E0000-0x0000000000C8C000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/4940-497-0x00000000009E0000-0x0000000000C8C000-memory.dmp

                  Filesize

                  2.7MB

                  Download

                • memory/5756-2890-0x0000000000610000-0x0000000000AE4000-memory.dmp

                  Filesize

                  4.8MB

                  Download