Overview

overview

10

Static

static

1

exlaunch2.html

windows10-ltsc 2021-x64

10

Analysis

  • max time kernel
    99s
  • max time network
    103s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    02-01-2025 23:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    exlaunch2.html

  • Size

    69KB

  • MD5

    b4302098b433bcbe1ff0c827ee6c241c

  • SHA1

    6f5f6ca9798e0ded6360e967cbdf70327508bba6

  • SHA256

    91aee8007dbf9e763c1c0d52f7f07f9b831a4beb4a9f1b129fe48fcbf4f1200e

  • SHA512

    1b47a143385cae8cc268f74059d39a9b42dfb1981bd2daff9ed34332f4de67a6431a2b9e608ca019033ca028c7db186eff0e5e9656c6f6cfbe46edd68682d217

  • SSDEEP

    1536:O8zBPf8zBTdqjkbTM2Cx5SMEwEpXSM12EMAspEpnWFSQovq6fqPJ:bEqx5SMETXSMFMvEISQovGJ

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://hummskitnj.buzz/api

https://cashfuzysao.buzz/api

https://appliacnesot.buzz/api

https://screwamusresz.buzz/api

https://inherineau.buzz/api

https://scentniej.buzz/api

https://rebuildeso.buzz/api

https://prisonyfork.buzz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 2 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 11 IoCs
  • Suspicious use of FindShellTrayWindow 23 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\exlaunch2.html"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4660
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\exlaunch2.html
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3652
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1716 -prefsLen 23839 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {561bedb0-fd11-419f-819f-efc7780e89c4} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" gpu
        3⤵
          PID:1124
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2340 -prefsLen 24759 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {543c8f3e-0350-4d0f-8e0d-8921f8effdaf} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" socket
          3⤵
            PID:4996
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 24900 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cc9cad5-2222-48d2-897b-1d5dc8e44ffd} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
            3⤵
              PID:5068
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 3572 -prefMapHandle 3568 -prefsLen 29249 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9a9c496-9d13-4972-9e7a-933f1773ef23} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
              3⤵
                PID:4224
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2744 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 2756 -prefMapHandle 5100 -prefsLen 29249 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb8be760-76ef-45b2-8eff-a642019ecdd6} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" utility
                3⤵
                • Checks processor information in registry
                PID:4692
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5612 -childID 3 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b6e1281-7d96-46ef-b42d-62220a2b9bae} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
                3⤵
                  PID:4232
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3428 -childID 4 -isForBrowser -prefsHandle 3068 -prefMapHandle 3376 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d943f37-5cef-43c9-a010-eadd454f2e76} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
                  3⤵
                    PID:2928
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5900 -childID 5 -isForBrowser -prefsHandle 5980 -prefMapHandle 5912 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {970435d6-e3d9-40e4-aa30-da6456d754a4} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
                    3⤵
                      PID:1572
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6100 -childID 6 -isForBrowser -prefsHandle 6108 -prefMapHandle 5796 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca45ef59-f573-4344-aa88-bfe890c6a00b} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
                      3⤵
                        PID:4032
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2736 -childID 7 -isForBrowser -prefsHandle 3608 -prefMapHandle 6488 -prefsLen 27226 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddecc04b-f8ee-4858-9626-25eee996fb95} 3652 "\\.\pipe\gecko-crash-server-pipe.3652" tab
                        3⤵
                          PID:2896
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:4516
                      • C:\Program Files\7-Zip\7zG.exe
                        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap21532:78:7zEvent4168
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        PID:5456
                      • C:\Program Files\7-Zip\7zG.exe
                        "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap12377:78:7zEvent10221
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        PID:5764
                      • C:\Users\Admin\Desktop\Exsetup[nvme]_v2.4.6.exe
                        "C:\Users\Admin\Desktop\Exsetup[nvme]_v2.4.6.exe"
                        1⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:2132
                      • C:\Users\Admin\Desktop\Exsetup[nvme]_v2.4.6.exe
                        "C:\Users\Admin\Desktop\Exsetup[nvme]_v2.4.6.exe"
                        1⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        • Suspicious behavior: EnumeratesProcesses
                        PID:6068

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                        Filesize

                        479KB

                        MD5

                        09372174e83dbbf696ee732fd2e875bb

                        SHA1

                        ba360186ba650a769f9303f48b7200fb5eaccee1

                        SHA256

                        c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                        SHA512

                        b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                        Download Submit

                      • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                        Filesize

                        13.8MB

                        MD5

                        0a8747a2ac9ac08ae9508f36c6d75692

                        SHA1

                        b287a96fd6cc12433adb42193dfe06111c38eaf0

                        SHA256

                        32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                        SHA512

                        59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\AlternateServices.bin
                        Filesize

                        10KB

                        MD5

                        0be267f28ad00734b8e201cfab6f0fce

                        SHA1

                        25bf429b91eab6e626e9a05b8b7b7368bea7fe9d

                        SHA256

                        86ef519162ff3881a5548a9b6d3ffea1aa2b7d158e20a94bedf7baa81e229a91

                        SHA512

                        62fdf348e014aa10b144caacd086faf188b3b0c06be95bbb0661988a04f5216fc3e52fa2a4d9e286505f4d8c0c7a83bf9056051a7ad12642297e621c3bd03bab

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\AlternateServices.bin
                        Filesize

                        13KB

                        MD5

                        02296c5ebca901837dcaa677319179e1

                        SHA1

                        e3b9737c2e566971b1999caf71a9d32eadb5c8f1

                        SHA256

                        5171c46a6fd4bb7f5a2086662621c286e6100e646a9fcab4b8ca3a79f31d9256

                        SHA512

                        4f0a2e727f3eda4e7e882ab867e69304224a1d64da9980e5b11a435c2a2642b3050e09df19bc3456fc2092810c30b61a2e4b5f6f87f901c0b35182040e0bb877

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\AlternateServices.bin
                        Filesize

                        35KB

                        MD5

                        995186576a49bbe5f455a989d25bc01b

                        SHA1

                        4ee17cf091b16fa72a32fe297e8642931d53034e

                        SHA256

                        bfa7ab3dede9541890e0090ec5476daaa7e11165007ecda6ef52dc25e31c8e34

                        SHA512

                        d357cdbca9e7be15f6cedb9623793f2844b7e910471f8b823faba365d7f8bc0c8823de59f27c9bb62b50d14081cf627bfd1bca37bdd3337d54e1b6a42ec4b2cd

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        6KB

                        MD5

                        3935a377b28bd99aae158a89fa8ed73b

                        SHA1

                        46922dd84143e8a516aa7d2772f363b517e063b9

                        SHA256

                        28d0fc726c757bfb114c5bcf447946e40c6f44e843615ec9687fb418f6179815

                        SHA512

                        f87dea029f84fe673fd7fb7a8260d9887e452ff93dbd3988a52cb96c2abc2a888ed0b0680c83b010a2606e8aa7fda75507618c66a45340355655e4688e88b2f3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        5KB

                        MD5

                        357c54371c6c17011f739306c954adb2

                        SHA1

                        5e2b336d36faeeb9460641341515e8f75e810778

                        SHA256

                        cb738cccb8b578bef375bad3ab77d0e72c7cdaf8e55e03dc90f1a835acf596fa

                        SHA512

                        6097212f680fd06d537f6ff6671001a2a6d15ab7ba8e884ff05f200c143bc810ca6372f3064270fbafa6a3636e440deabd1cb36ebabfedfe54c14fbcaddbf301

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\datareporting\glean\db\data.safe.tmp
                        Filesize

                        6KB

                        MD5

                        37688b696584ce732ac09b0c89dd1c4b

                        SHA1

                        60d466e21162f49c4832cba4937e7002a9ca45a8

                        SHA256

                        7ed4406e730d5a6a5aafa9689c38a8d3272cc32aace0d0d6a624f4be89e1ebf4

                        SHA512

                        0041fbde89e69ea73df5de4e7ea2be5d8c86d5c8e65433ecf556ba2f711bdad040bb675cbf65fb4e77cf14696ae05442214094320bd362de646aa296e124a814

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\datareporting\glean\pending_pings\9130f376-70c3-495c-ac67-1c1ebf067ac7
                        Filesize

                        671B

                        MD5

                        b1db37847bfbf2e0c99aaff2b68fddde

                        SHA1

                        3c72d535055420aff52ffc2d0ba6594c3669440e

                        SHA256

                        0d1a161fc48c32c5704c883dfa481ecabffe92c57ef5d870eb207018dcb2808e

                        SHA512

                        f90b70aa608c462e15a2aa04d5ed6e4bf65f946ea4450ff98000709840edc33369841cffa58941b893fff380ed0e4ea7edec8cc256f27ac6acd73612f8fd6b78

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\datareporting\glean\pending_pings\a36101c9-72eb-4f17-afff-f7214f149daf
                        Filesize

                        982B

                        MD5

                        7a6526a38c0dfcd92dae42332a0fc95c

                        SHA1

                        dd3b871a0f9ad7c4803caffe90c8cb837cfec188

                        SHA256

                        698e7af47e0f4336777b5a2eb69e54b73e9fea8c0fd7734b2341b1cf707a18a3

                        SHA512

                        aeb42816a3d521901986c2d03a9d46f656757c1c69c2c0bd9ae75859d5836b557f97ba8da4871f0d52d6d0c4d17f6ddb625a7a5a5d7ca8cc7ad21b84254f1480

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\datareporting\glean\pending_pings\b7e227e8-41a6-4677-a830-338dd75fd26b
                        Filesize

                        26KB

                        MD5

                        6463af973f6a74c394e732811fbbc259

                        SHA1

                        6cc9ab4783940ec1860a1de22a539aaca2442aeb

                        SHA256

                        a26fba619d346e4e75516a55a1956165635532c1e32979e7b4671f04c2ccf725

                        SHA512

                        0f84309d158b377513611da74f5c0430a7cbb9b096dfe8ffa37b0620c571b32cbb8a1cfe7f86718756c8682c1d651bc381622d7d456526dfd8dfdf5ff4ec935e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                        Filesize

                        1.1MB

                        MD5

                        842039753bf41fa5e11b3a1383061a87

                        SHA1

                        3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                        SHA256

                        d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                        SHA512

                        d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                        Filesize

                        116B

                        MD5

                        2a461e9eb87fd1955cea740a3444ee7a

                        SHA1

                        b10755914c713f5a4677494dbe8a686ed458c3c5

                        SHA256

                        4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                        SHA512

                        34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                        Filesize

                        372B

                        MD5

                        bf957ad58b55f64219ab3f793e374316

                        SHA1

                        a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                        SHA256

                        bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                        SHA512

                        79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                        Filesize

                        17.8MB

                        MD5

                        daf7ef3acccab478aaa7d6dc1c60f865

                        SHA1

                        f8246162b97ce4a945feced27b6ea114366ff2ad

                        SHA256

                        bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                        SHA512

                        5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\prefs-1.js
                        Filesize

                        10KB

                        MD5

                        cc51c94a93319dc2295a56a2353d75d8

                        SHA1

                        385dca7c7d5be382fb56724e74d7a50994f8d2e4

                        SHA256

                        7b52f3cce91e3789523b85d80f07fdc41d30d3745dccd72a6095d827e1278479

                        SHA512

                        6d7c8bfe3132f5511a53f57ca3c06cc27ed254207818b3ded140a3b3ec19acae875021171fbbbb8585946e6f1f35e4bfda537067a4a67f12f2ffadaa35dbaf4a

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\prefs-1.js
                        Filesize

                        11KB

                        MD5

                        f4fa87055e0bbe5b6f76402edd7decfb

                        SHA1

                        b12ddb20d2e7692a177d89f3ea997ff8ee1d4e70

                        SHA256

                        ed1a8801ceeb5ecb516cf8730f35c4b24b41fa86d6721587137b1e6f1bd987f1

                        SHA512

                        b7865dc856ed2997be471951c7c7ddbc833b86a5e7300eb812c4d414a4ff009eddf66432a9ded84a0ac4ed42e51ed3c914a23f4e42e19853cf92be258754b478

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\prefs.js
                        Filesize

                        10KB

                        MD5

                        4ad938eef8a37a1df62448643e99808d

                        SHA1

                        fc43a3c34903d284aa0fe14a6c3d0832343865e4

                        SHA256

                        e0e3bf5ebfe79811eafd046caf9ee991fa5b583a5e1bf87e45f1756028a48f36

                        SHA512

                        659737f7d3b26051ceefc82fe73b129fd636d531b5f30153998b43846f35b4b6c5fb3bfcd7fb6b03657295d51460f79cb4c06104513a6d7cb7f722c5cd4d1a0b

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\prefs.js
                        Filesize

                        10KB

                        MD5

                        77f031ce8fffdaad4c9ba29fa2ad6deb

                        SHA1

                        6520ea14c8b14d5cfed28864427e9c100400a27b

                        SHA256

                        6359b9344b79cb9357278458f24ec1bbcf4945f51ac2791c6ef6674ee81cbf65

                        SHA512

                        a58f910348c8fb3258720ecf434252ff43d9e110dce0459eb9e57b0117e4d2e81a144ec2c0d6c71d08298ffed8fe2df5b1c8691b3d56bb5eaf786a4f82084692

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        4KB

                        MD5

                        a53760451db43f76712bb6a330e848da

                        SHA1

                        4097968f7cd6a2327e28eafa037a852b2e5a45f2

                        SHA256

                        e3fe6049aa180e702845e32f8b077ddcbd750bb1ba893b9daf8c4238a1f77d59

                        SHA512

                        8c217b58805f480737f4743e405f00b414917fbf6c5aea3ed3a4129cedd5570fea271e6adf0e321648778a4e0a5f2e8a4d1c10e308c74b3be5910c8c190b18a2

                        Download Submit

                      • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wedc8dlt.default-release\sessionstore-backups\recovery.baklz4
                        Filesize

                        4KB

                        MD5

                        57a90c410e0b3168dc97be1799b43f24

                        SHA1

                        d2b9238f6b102a81aa020d29973dee60476f3cc5

                        SHA256

                        0bb1f8a468f0814ccca40a220a7f5507b6e13af51ab8383403e5253775b1f300

                        SHA512

                        68691be363cf710e2aa3f2e05bf9b496db82614a3a21ff4701eb12310bfdf62ad236937f775fa7676864ffbd3bdcb5ca7cb8463c777016f03ccecbeef669fdd5

                        Download Submit

                      • C:\Users\Admin\Desktop\ExL4üncher.rar
                        Filesize

                        6.5MB

                        MD5

                        6d22bee4b739f886a8d46e9125c68a91

                        SHA1

                        45947e84ccb9e690afbf7af90cecf8246bb010b8

                        SHA256

                        87891d9e5065e4f359bccd9d3429cf35712c30f7317aed8d1e83a2f9330f127b

                        SHA512

                        c9d0b4993b152898a4d51846f2bea01a23855ec4b84c8ee1e11f360e5cde0259ac3a42173246f427b30f31ef941c74f6ffea32018ee83d4e907b711a0a71f6d5

                        Download Submit

                      • C:\Users\Admin\Downloads\ExLaunc#er.Ysav8z2a.zip.part
                        Filesize

                        6.5MB

                        MD5

                        ba8d557eef260049613d78de6277d779

                        SHA1

                        2b6e149bfbf9040d83752bd0037acaef2810533c

                        SHA256

                        53287fd4dcd013a3c8e10b81adfc37bae39c7c56377f169c0d816fa4e74ffcc7

                        SHA512

                        e00a74d1010396ccc40b8fa99c8d7b4432513e38bd5bae5fee5a661a4253b77be61e379f7106f98259455465573f2571a44c99fb0622a4fd8cee245c42b0c20d

                        Download Submit

                      • memory/2132-905-0x00000000023D0000-0x0000000002420000-memory.dmp

                        Filesize

                        320KB

                        Download

                      • memory/2132-909-0x0000000000400000-0x0000000000626000-memory.dmp

                        Filesize

                        2.1MB

                        Download

                      • memory/6068-923-0x0000000000400000-0x0000000000626000-memory.dmp

                        Filesize

                        2.1MB

                        Download