Overview

overview

10

Static

static

1

ReleeseBoo...rs.exe

windows7-x64

10

ReleeseBoo...rs.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-01-2025 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ReleeseBoostrappers.exe

  • Size

    1.1MB

  • MD5

    1c8f61ebae1e301d9b521e2e4661ea71

  • SHA1

    e4419155b9e29c822bb82430222a466f8d18c979

  • SHA256

    04cb3fda38692e884e8782a79b4b431cc2f50a3a0a7bd4c368f35df4b536e6ac

  • SHA512

    c09777c8d426b3320c2cbe828b20dfe516773d28a8f24f8c1e58ad1bbcf838cbf3eaa6b0960a0ea2b939d1beb38c9a321681afe24cd49878c9cca9563c75bb50

  • SSDEEP

    24576:zFKaf+2MOlrq3F1rjhrRQirOO3GrR1YNgjUytyVXyoso+fvVBZM04k87:Zdm2Hl2VveRH0yoD+nZMn97

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: LoadsDriver 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 24 IoCs
  • Suspicious use of SendNotifyMessage 23 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\ReleeseBoostrappers.exe
    "C:\Users\Admin\AppData\Local\Temp\ReleeseBoostrappers.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2256
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c move Recognised Recognised.cmd & Recognised.cmd
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:3148
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:4384
      • C:\Windows\SysWOW64\findstr.exe
        findstr /I "opssvc wrsa"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4844
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1360
      • C:\Windows\SysWOW64\findstr.exe
        findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:436
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c md 484968
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2560
      • C:\Windows\SysWOW64\extrac32.exe
        extrac32 /Y /E Ratio
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3216
      • C:\Windows\SysWOW64\findstr.exe
        findstr /V "Forgot" Maui
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4812
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b 484968\Trackback.com + Face + Terrorists + Thehun + Closure + Roller + Reception + Nested + Wichita + Casino + Clicking 484968\Trackback.com
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3880
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b ..\Powerseller + ..\Pn + ..\Accreditation + ..\After + ..\Continent + ..\Risk m
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5068
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\484968\Trackback.com
        Trackback.com m
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:1632
      • C:\Windows\SysWOW64\choice.exe
        choice /d y /t 5
        3⤵
        • System Location Discovery: System Language Discovery
        PID:664
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4780
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:4708
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2848
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1908 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aa178a1-dfaa-4b5d-8650-d7d27bf73f64} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" gpu
          3⤵
            PID:5028
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65d8e2e5-f607-444e-b2f4-d84580a45659} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" socket
            3⤵
              PID:3384
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3016 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02fe657a-18f8-4731-8acc-343315a16aa9} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
              3⤵
                PID:3376
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4104 -childID 2 -isForBrowser -prefsHandle 2892 -prefMapHandle 2888 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59fe43dd-0d9f-499b-b47f-21cccf24c806} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
                3⤵
                  PID:3092
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4688 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4756 -prefMapHandle 4752 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09775cbe-0d9f-4c38-bf4e-6fb7e7300370} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" utility
                  3⤵
                  • Checks processor information in registry
                  PID:5404
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5048 -childID 3 -isForBrowser -prefsHandle 2960 -prefMapHandle 5036 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77c358a1-a12e-4a95-85ad-8c1599409f27} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
                  3⤵
                    PID:5740
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5184 -childID 4 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59490f50-2ee0-4aca-931f-9ab32f8bec9c} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
                    3⤵
                      PID:5752
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5376 -childID 5 -isForBrowser -prefsHandle 5384 -prefMapHandle 5388 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {622cd00b-a006-4d51-885f-c59fd0231e8b} 2848 "\\.\pipe\gecko-crash-server-pipe.2848" tab
                      3⤵
                        PID:5764

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\484968\Trackback.com
                    Filesize

                    854B

                    MD5

                    88a3b03e13c9c4f5f5d8bf523c571819

                    SHA1

                    160f7260f5d7b13f4159bfd66e1596bfd5f81ffa

                    SHA256

                    b9d5b1f216686bf0fe3103d6ff7e51232fda59c229c8642adb634a7e2f25d695

                    SHA512

                    0c648a181d18fb81922b7d1cc86978952a1c260ee2f39d10dc3f47bac4e07f54786685985bf37702fcb4ec7704807668330b5c26c96499be1399786e65e5582f

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\484968\Trackback.com
                    Filesize

                    925KB

                    MD5

                    62d09f076e6e0240548c2f837536a46a

                    SHA1

                    26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

                    SHA256

                    1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

                    SHA512

                    32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\484968\m
                    Filesize

                    456KB

                    MD5

                    1208de638bf5ec8549a3a09ba88f2404

                    SHA1

                    16cb4eee76e7527e21b5c4467c6e1907de96a6d4

                    SHA256

                    d077914235e2ffb0516f463c8d04363f8e18cdb9a1c4b100eff0eac04b509763

                    SHA512

                    b1c635700643b79348c07023159baf231ad537b48af7014200d8fc802fd17673b39ef167364097f94297aeb404541b9a288d429db546edb426821f60d217512a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Accreditation
                    Filesize

                    78KB

                    MD5

                    5c812305ef850825e0431d590c9f014a

                    SHA1

                    723edb8aa608ba648f3873fe703fad617afb8763

                    SHA256

                    2c0eb2ed785a99f0efe56396331ddd8ff86c1c7d6aa5b4bc65b5b028272e81ce

                    SHA512

                    6bdc92450d9793250e75e2a93544a98db3fe0b1ee73b58a51ab897fd9a2d5dbc10a2a88a758b7ae8049b6648edc23ceb5c0005deaaf406c6d438f9349b1f4541

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\After
                    Filesize

                    88KB

                    MD5

                    5bf24e597eb2cf2f9d542f5151142951

                    SHA1

                    239522e709f4d3e6e4f8452b783b3714b58587b9

                    SHA256

                    03bc9e33000bef75e35a1c0cc3e05a86062b63da7eda2586b0eb711030e9a5c0

                    SHA512

                    17b609d9ffada36820ccc40b6bbc0539ed0a7373d0028654d9fe09f36a62e278d0ef239a94d13c6eace2824f6e5a17aed9adf7617574b87ac5ab842fa11d1300

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Casino
                    Filesize

                    119KB

                    MD5

                    227bf9bbec8408a10b1a4a289ba77401

                    SHA1

                    86cf90b141a11ee7d27bea1807dc959aaae5f583

                    SHA256

                    a5277b8fa9b6f77ca6431d5c32f15f317c52f1efb7f88dd8521a585d902586b4

                    SHA512

                    a5c79ec530f449479cb138061f8b79a5d9d79d9d7bb854461059891c230a43a9c1843201cde47bf90e87fcb500ff31d98bfcedcc57079158848494f18a812c7a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Clicking
                    Filesize

                    58KB

                    MD5

                    76f557310c653be04b4f805e0c6397c1

                    SHA1

                    7e7fe5eef7b32f4455b6968c5e970eaf88da15d2

                    SHA256

                    c87c041619d47aed9b511042f2b4d6fba3862dfe6206818fa4570ad5a663aec1

                    SHA512

                    d9eb65aecf654d317566615c9176ab814c05ec5394aef942f8f13506833bb94ed669cfd8988f3821afd73b2b415d3ebe421f761bd50f98d5d4a7542b7b0d81f8

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Closure
                    Filesize

                    58KB

                    MD5

                    2077269e8ec2aaa990d23f0647dd4eed

                    SHA1

                    e2795853dba57687b71bf235165fb16eabd4723f

                    SHA256

                    3c5323eda19b2fafdd64a38ec9d9018cc8deb089fe9536398678777fbae8c8e4

                    SHA512

                    ad85ca9163a6a06e3a5199efc51890524f6ba1ee9054f1315b3629467784d10b66489332997b8688372363c0d57ac44c71a86e5aa0c5b651ad568badb49de49a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Continent
                    Filesize

                    66KB

                    MD5

                    5f746768bb2de3ced707b70288ac4733

                    SHA1

                    635afd41fbcd920a0f9437d0fa0b7ed3ba02ce8b

                    SHA256

                    2dd65c4135b9ff60a415cc6af53816177bf16a0a6f1866c738d5a9efa8a98f99

                    SHA512

                    c78c287126269ceb8f9bcd20e2b2f4c7e7a4b7964aa20b08c2b1e45ceb329f6e2dcf6ccbe92b5153745510d5ec1dcabbaf3d194ff96eadfb9d0ff81e312e3b18

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Face
                    Filesize

                    53KB

                    MD5

                    6f640def208d9e8360bda93298464fcf

                    SHA1

                    00b920245f01e6fb4c9cc11af17f074373fca79b

                    SHA256

                    f3393f291a3859b1eee2c7c3633bda2117feddd81540e0df92bf50cb04468c66

                    SHA512

                    aa712dfeb76e5b1c745059df65f46cdceda9a6c6ca1a2519c539d64bdc762bccda59f1cd58b5499e773d89520443b9364ba56b09f7a1d955b0b1e6e539aeddb6

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Maui
                    Filesize

                    860B

                    MD5

                    20514b7861da2bda60ab3e5457c55a25

                    SHA1

                    d088ba8f1d59357d491bd3c845314240a0dd1e4f

                    SHA256

                    a16dcc3dbeafbcadb2f63140ab693cdf23ce6e952a723e87af3de5d95e69cc87

                    SHA512

                    bc2fd3209fbf3af101614f7df8b9199efa16f10d498ae5226a148db2d7dac2ff04dd8c8880c35be020f1e4ce8e57098682502162b656a7ec55b8c17e81baccca

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Nested
                    Filesize

                    91KB

                    MD5

                    9d13f05b9a71d8dde2e77812714f89be

                    SHA1

                    cbf85b87fe308c764d7c8c0a4b0055e0b29d1e7c

                    SHA256

                    c2683a6e3197d6524b212d53a5df1244a06e40056f7b79ec0733496f96f8fc18

                    SHA512

                    2884e6653e971366993453318fe102231ff3180d77d00d05374d7a45c2863e4fa9fadad3949f59de9c8282ea086cd201e10f96a13c8a9941a7659726f6b75d81

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pn
                    Filesize

                    99KB

                    MD5

                    1f5464a2486392bafdc858cf0cd5a4d2

                    SHA1

                    817153c40b0cab258565a6e4e9704ec8a1a4e33f

                    SHA256

                    5a79d5e3b8cf1466872be8ae6097d7bc68c23ee0aeff1b05cfa6340e2f0ff9df

                    SHA512

                    c68c196ea077e56a83a994ed1c8d7b80307f73c908cd1da4af0bca8eaf051f5cce0e77d7c6b3a7ae6b2589f692c28019b6aac88bf2f68914c265a1bd02642322

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Powerseller
                    Filesize

                    63KB

                    MD5

                    085b6cac39e894bd415175322c5c70a7

                    SHA1

                    258db05f3be1d0bcdeaacefeb392f5a29ed99353

                    SHA256

                    cf04190c6b7609df58042c6b603eec15ff543a1c815a66bb0f09b7ec95e6effb

                    SHA512

                    400331e5ccb51bdea7b1e7af1c84af741f07464ab90094869ae51fea88db9461a80769fe6ddb789a0be423da9dc903e9bc979509c72e5490846dfaf265f7db21

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ratio
                    Filesize

                    477KB

                    MD5

                    d3c0d6cd4f80f6509ab2f8963488f3d0

                    SHA1

                    ee272122bc647d5bbd6e21cdb97245d5a1dd0763

                    SHA256

                    d5a172c7ae8f88117495c09d1bf3a469981ac5a540d082f9e39b0f39a1d5ca3a

                    SHA512

                    fb0afe20dc9b0b027cab3997b23772379c506afd5f7934e6108c59143611b187323808fb27d3f5d05377c6c3e49895440732841dcae39d2117eeaaef6b820e30

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reception
                    Filesize

                    118KB

                    MD5

                    21038b2994a294b39e33cc501c1a05ee

                    SHA1

                    50c1d712ed63fdbf187f1d9ac9addac3503a976f

                    SHA256

                    20ce780c417f346622d0476e9aae17c62324397a5fda7c5f8dbc8ed9c71fcc9b

                    SHA512

                    2ef16b3945541d0fa39fc1d3da4f6f3748207c4c68206c70838215d314f84e513d55cf890b410dc30d60fab25c8605dcb898c822c9711035afca028fdf4a5bef

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Recognised
                    Filesize

                    21KB

                    MD5

                    e1b69dc2271076449b7fe047ac482984

                    SHA1

                    bcab3c731619749fffca84fca4d88756f3452cb1

                    SHA256

                    d281f964e56db7bb27148db0fbff842b4e53f123beade2d0e036f82d3a3a854d

                    SHA512

                    373c6af2e0a8dd1bebf34c4f897f9613a7d2843b07555b4c29420f3ac839384cd04b581529fc8e0cd16807442ba1c5e601e2f79cb132f8c284b09b9c4a9c7bab

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Risk
                    Filesize

                    62KB

                    MD5

                    cd7527fa445dbec2e8b3bad47de16929

                    SHA1

                    3970dc1a068fa614ffa6dfff201132af7dc84751

                    SHA256

                    1344291908f61c5461fe78f93f4748360052ddcd3391692f2148fc570ea4a06f

                    SHA512

                    8692c6345b3bcefffa519a16b0e7f1615e22e102cd1f3ab913c394cbc56ad55b269bf918953992596f1026533fa458452d0d8759c3f2394ed029e379c5c710a5

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Roller
                    Filesize

                    141KB

                    MD5

                    fa81f3538e7caf8ad17d26969d8d87ad

                    SHA1

                    5b06ff33e4aea6c59dcb6ea034ac085aea25774f

                    SHA256

                    fbc991e234bf9c4b48514cdcd02c2646e65203d4fde35c22490806e869dace4f

                    SHA512

                    2ca23e42a13676ad4e87f12b8c8d195d729c86f327c5a5fff317fe78f9cb9b7ef5c8c1982f53e1111fb8b46230569fc4bb287ac94dc0437c99ae669b4932fd1e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Terrorists
                    Filesize

                    64KB

                    MD5

                    1798c08ab7269e5dc50d97fa0fe4c1ce

                    SHA1

                    bdddb294c0d6792ebf3f3b9e4f4db2c2b95b6208

                    SHA256

                    5d4c0d897ed74e744542a76b03d67c292e6c28da120655472a2639abeda68207

                    SHA512

                    02883fd39426160aecb8f0507e9ba8a8015f70476217cce3a536270a574255f621616b0c2995d45cd41b726295b01ac22e777146462469f8cde78b84d35264ce

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Thehun
                    Filesize

                    109KB

                    MD5

                    7ce7c4ea5d8e0b48d5400093db7d6310

                    SHA1

                    b9d27c9f6349a24e9a163ff8e52f5b937be21758

                    SHA256

                    bc9279f5bdefd7b37e686f3347ee467661b9f68ca2d220630620416869780ac4

                    SHA512

                    0484767d0c8cb58221fda088f4202278b169da812c41e25bed66b3dd3ab4427d3cf968db3e7f20b6895eb3d1e1ff7a8a1dd490added2b9cac0600d30bea6ab07

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wichita
                    Filesize

                    113KB

                    MD5

                    d77a611d6b2a51a697a734dc7b0fc795

                    SHA1

                    106d523c59f63d6ced9391ad9d48891b75f63643

                    SHA256

                    e79eccddd759fc7247b2dd2ec942e1ed52ed1ab9eadf897c172c7eae25bc5d8d

                    SHA512

                    4fe6dfb75d51eb0508019350465c88fe6f9d870a3817dc0614857ca45effe1efedf33a680bb9fb2e3675744bc3db14981052d630f1f551108a81dbf406d7d081

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qgf82dd5.default-release\activity-stream.discovery_stream.json.tmp
                    Filesize

                    19KB

                    MD5

                    53e74207a3048f0a96715f3032f3caaa

                    SHA1

                    7d1e8950dab7ec96c441d3a3aba722655f3ad549

                    SHA256

                    4a14c7560d3d89641ae61bda3d387810923e368f41b118fb03b2d666ec42ae9f

                    SHA512

                    005b1d3d89f28c37eea1d2479f96aa677e1ceb4b03bf5d725d1fa46ead0652b06b9f180507798c0e780633b493b14ba2f7759cdc97dd5a69f01ff1b75f538e1a

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    68a88199b6e5c2b4f3b3b9ff64c4c1d7

                    SHA1

                    859946e53fa05d32723c38f1ddc95af5fdd6a1ae

                    SHA256

                    fab210ac03d544254d4299571c69e2b4fd0494738a4012ec17de37594932f1b8

                    SHA512

                    7849ad96c2dd02befdb6e01343665b436bd997f017a36da270ac5dd6d3777c7afdef3c36a0a8ad5f400ae341e61f748c8bb5c087333014b6997962f2816dd6bf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    14KB

                    MD5

                    a511e800170205ab10979663665781de

                    SHA1

                    720505ff1000e97e7cb48e9136b2997d4e46fc85

                    SHA256

                    b1f1857862172c8f2cdb0236891aaf9e248a90e4acbe30f86b8af113c23c007b

                    SHA512

                    4e7c59cad16ce3a2ed367100f32942913a6405759cf85f7a9872290dcec506ea05cf4892a82916dd7bfffd1a1cb2c06c96e7f27e44f04260c9476d2f30c6cd0c

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    52ec0906ac884da77e08c58749ba48e6

                    SHA1

                    62a735090100ea8f0af6cf45249050e69eefdb03

                    SHA256

                    7d338845b49f5254db2fd80ca0e6551057b578e5c1830e23a0bea37531df0352

                    SHA512

                    004910fb442f4789b1312e3240b99da230676ae4593fcea01771655aa949731e4a178af4aca772b1ec4fcab6907d0157f4f41d3671fc970d37c664eddf25d202

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\064cc614-f74e-4665-a0e7-b7c7ca67ef38
                    Filesize

                    982B

                    MD5

                    a7135d1a38f88e965dd49a59a0f2de79

                    SHA1

                    4bcb9dd7a9601da5c18b508719529aef76a745ad

                    SHA256

                    ed311b17a0626d6064081c2177e1482a735cbe32c9cdb86ee6182a1c5703cfb5

                    SHA512

                    8f8899a253afe3bfc5796c931847be988b8454a6816d16cb9817c272b18b4ddd94cdb98f80959444afcd7e50cd03f2297b6e97127b24134ed378629cd0261698

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\48a82c09-a0bf-4ee7-a3ae-3929abff72e4
                    Filesize

                    671B

                    MD5

                    184d968b97b8ef2f66c2633b208d62dc

                    SHA1

                    cbb5645cdafed22eb2bb9ff9f9fe7670d603d539

                    SHA256

                    d2e495e431e3f14a648bb69bc942f854af824cd2b83bbb7af08d9eb0e5a79af6

                    SHA512

                    a9ed06753025410f35bf0f0a1b666a9cc0f8fc3a1eacb6d7dbdd316dff05c16bcc3caae1bf1e59f6eae6d113d9aa8da6e40453c9822eec69c048c91f5b45461e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\datareporting\glean\pending_pings\f0c38d1d-6a2e-474f-8dad-ac472eebf500
                    Filesize

                    24KB

                    MD5

                    b5f7c160539c5a1834e48dc7928823d0

                    SHA1

                    e9689b952ceefdcda8d90c364d155ee4d2a2767d

                    SHA256

                    2157561cc8c1550653fd5271b03995e682bc612eb55b10b9ab64cb31c6baa08b

                    SHA512

                    f90078a47a4f498008a2cf060cf0ae37b0c18dc8ef1095d191a1260ab3827197e87eb0c0a8c7c0da4b8a9ba8e8b2c1059bf9b9eef640d9b80284f373f0b5117b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    7ca027c282440c9ada8f6555cb0e1ff5

                    SHA1

                    90eb0f35596353b87e96eb1149ad00fc7c1efbe5

                    SHA256

                    5b029620d633ebb96c0eecf023030a4fcdd7c18f281f14a0a806f5712d50f816

                    SHA512

                    45ffbdae6bc591ccaee33144fccce6d541601d3f0af44525cc0a2e43e8f4a287555e9c0344951731e4d8cac510465a1be93adb34068a97656373501cd2ac1be6

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qgf82dd5.default-release\prefs-1.js
                    Filesize

                    11KB

                    MD5

                    f2ab8eb8429344383b0018d9104d25ae

                    SHA1

                    152546892848f90c9040428e168f119ca09701bb

                    SHA256

                    dbe30c8552bd01be57e8228f46baad6e6ff0e9eeed29f1a259ab97be3c97eae2

                    SHA512

                    33b179aa5c8d43fb9ae671773c1a440dfdd22d4d5f19351fc9ccad4349c857693e8987f33f8f1ee3485259e985525416ff7f6ce6fe0e70da845b8865139f0358

                    Download Submit

                  • memory/1632-71-0x00000000041E0000-0x0000000004237000-memory.dmp

                    Filesize

                    348KB

                    Download

                  • memory/1632-72-0x00000000041E0000-0x0000000004237000-memory.dmp

                    Filesize

                    348KB

                    Download

                  • memory/1632-70-0x00000000041E0000-0x0000000004237000-memory.dmp

                    Filesize

                    348KB

                    Download

                  • memory/1632-69-0x00000000041E0000-0x0000000004237000-memory.dmp

                    Filesize

                    348KB

                    Download

                  • memory/1632-68-0x00000000041E0000-0x0000000004237000-memory.dmp

                    Filesize

                    348KB

                    Download