Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

URLScan

urlscan

1

https://download2.ai...

windows11-21h2-x64

Analysis

  • max time kernel
    267s
  • max time network
    269s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/01/2025, 09:14

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    https://download2.aida64.com/aida64extreme750.zip

Score
7/10
credential_accessdiscoverystealerupx

Malware Config

Signatures

  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Enumerates connected drives 3 TTPs 21 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file 23 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Windows directory 6 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 17 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 23 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 29 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 59 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 54 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://download2.aida64.com/aida64extreme750.zip"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://download2.aida64.com/aida64extreme750.zip
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3376
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1496 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {111e76ed-06eb-4b0b-afc0-e76ba51b6dee} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" gpu
        3⤵
          PID:2412
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4534877c-fa32-4576-a8f5-5002f361dc15} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" socket
          3⤵
            PID:3132
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3272 -childID 1 -isForBrowser -prefsHandle 3264 -prefMapHandle 3168 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ffd6c8b-9eb8-4dd9-85b4-95728ce8ed37} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
            3⤵
              PID:2624
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3912 -childID 2 -isForBrowser -prefsHandle 3916 -prefMapHandle 3924 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1ff7206-eac3-47c7-a6ec-fe33b4326767} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
              3⤵
                PID:1888
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4224 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 5032 -prefMapHandle 5028 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f419345-31cb-4557-ae37-2c93a8a223a1} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" utility
                3⤵
                • Checks processor information in registry
                PID:4756
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5792 -childID 3 -isForBrowser -prefsHandle 5784 -prefMapHandle 5780 -prefsLen 27218 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ab25913-3b18-4ced-a8ae-f2a0733fb79e} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
                3⤵
                  PID:4256
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5812 -childID 4 -isForBrowser -prefsHandle 5804 -prefMapHandle 5800 -prefsLen 27218 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7f96806-ffbc-47ac-a922-e5c5765bd1d8} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
                  3⤵
                    PID:4528
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6040 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5812 -prefsLen 27218 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2131c32f-5a34-4eec-9282-1471da25f7f0} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
                    3⤵
                      PID:1448
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6152 -childID 6 -isForBrowser -prefsHandle 6124 -prefMapHandle 6128 -prefsLen 32602 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1ea21cb-7dd7-47d4-b750-3863cfac7799} 3376 "\\.\pipe\gecko-crash-server-pipe.3376" tab
                      3⤵
                        PID:3036
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:4460
                    • C:\Users\Admin\Downloads\aida64extreme750\aida64.exe
                      "C:\Users\Admin\Downloads\aida64extreme750\aida64.exe"
                      1⤵
                      • Enumerates connected drives
                      • Drops file in Windows directory
                      • System Location Discovery: System Language Discovery
                      • Checks SCSI registry key(s)
                      • Checks processor information in registry
                      • Enumerates system info in registry
                      • NTFS ADS
                      • Suspicious behavior: GetForegroundWindowSpam
                      • Suspicious use of AdjustPrivilegeToken
                      • Suspicious use of FindShellTrayWindow
                      • Suspicious use of SendNotifyMessage
                      PID:2080
                      • C:\Windows\System32\ie4uinit.exe
                        "C:\Windows\System32\ie4uinit.exe" -ClearIconCache
                        2⤵
                          PID:1172
                        • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                          aida_bench64.dll FinalWireBenchmarks_SST
                          2⤵
                            PID:4608
                          • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                            aida_bench64.dll FinalWireBenchmarks_SST
                            2⤵
                              PID:1588
                            • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                              aida_bench64.dll FinalWireBenchmarks_SST
                              2⤵
                                PID:1020
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1892
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:964
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2964
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_NGMemLat
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4820
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4620
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1900
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4172
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_NGMemLat
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2564
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2976
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4924
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_MTMBW
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:4068
                              • C:\Users\Admin\Downloads\aida64extreme750\aida_bench64.dll
                                aida_bench64.dll FinalWireBenchmarks_NGMemLat
                                2⤵
                                • Suspicious use of AdjustPrivilegeToken
                                PID:1332
                            • C:\Windows\system32\taskmgr.exe
                              "C:\Windows\system32\taskmgr.exe" /0
                              1⤵
                              • Checks SCSI registry key(s)
                              • Checks processor information in registry
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of FindShellTrayWindow
                              • Suspicious use of SendNotifyMessage
                              PID:4548
                            • C:\Windows\system32\LogonUI.exe
                              "LogonUI.exe" /flags:0x4 /state0:0xa39d0055 /state1:0x41c64e6d
                              1⤵
                              • Modifies data under HKEY_USERS
                              • Suspicious use of SetWindowsHookEx
                              PID:1776

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                              Filesize

                              14KB

                              MD5

                              f8fe93124ea91cc09727a707b36ae210

                              SHA1

                              599963fc3a8925135cb9462993326002c0f8b635

                              SHA256

                              e2c2919dc867cd4ac774a79e36e2e724f78886f9ea4dfcf481b08eaeefff04d4

                              SHA512

                              6d51686fb74e0fa4047a01f86a531bd12b4a827f0a5282cc4b1f04b85a0ee08cba0a129e2fed155b708de2a8583ad624637f3ce2f07c75343a25737c965eb868

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json
                              Filesize

                              22KB

                              MD5

                              266fa5fbae2ecec153785628e5c690f9

                              SHA1

                              d162afaf7af86ef4278f3e5d6968e40bcdfaedc3

                              SHA256

                              1e53425d75cbe7d0ad623e4000dface3dafb00244bc364535477af8c0e17c779

                              SHA512

                              14eff85bfef12022819b9cf7f77373dd5cdf939f082e4e61e246d855c75845dc2fde9e486c6353ca6e75738c9cc38d12d4df5b01d02cafab9e26cfbd150756e7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
                              Filesize

                              15KB

                              MD5

                              96c542dec016d9ec1ecc4dddfcbaac66

                              SHA1

                              6199f7648bb744efa58acf7b96fee85d938389e4

                              SHA256

                              7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

                              SHA512

                              cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                              Filesize

                              479KB

                              MD5

                              09372174e83dbbf696ee732fd2e875bb

                              SHA1

                              ba360186ba650a769f9303f48b7200fb5eaccee1

                              SHA256

                              c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                              SHA512

                              b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                              Filesize

                              13.8MB

                              MD5

                              0a8747a2ac9ac08ae9508f36c6d75692

                              SHA1

                              b287a96fd6cc12433adb42193dfe06111c38eaf0

                              SHA256

                              32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                              SHA512

                              59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                              Filesize

                              7KB

                              MD5

                              e844b67c2df2c95d082d745d620f54df

                              SHA1

                              33c06915ef954e04db6029bd8c588bb660914ef2

                              SHA256

                              72fe5671c5b4448a6b9d9e4787ed9f59a9bd2daca39feb6a5bf64a9925ecb8bb

                              SHA512

                              b8ab1e8ffd9dd700c3982a59c67e071d5e4ff3dfe7ae6604216a064835a56f04b965c35ad0e033634891b4a9cdf5ab5af8d558569b60a4a59e4390f253a4e5cd

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
                              Filesize

                              7KB

                              MD5

                              9841db629dfe61816032d3cf7d2e3556

                              SHA1

                              c86f32b3a4667a77e947fc56120ce3e51a33fe93

                              SHA256

                              6e836a6e43325522b30cf3e9b88fb50074d3e705e04e79b7facb0f2813e4e115

                              SHA512

                              4bad5e8fe44f73228000d395fa1bf2b5915ff21ce698711883649c00defd51e24745761b82d87dd82062d00f525f440642ff215c0035391346c6efffc90b8f93

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin
                              Filesize

                              8KB

                              MD5

                              a71ef8c7027aec037a65f35409b3aa94

                              SHA1

                              046e575d417aa8bdb320c42cc9c466a4d0ddcaf2

                              SHA256

                              492df0c0e54afb560ecdddaaf2cf0863c74fd2e7379f385d8b2e3627e3453ba4

                              SHA512

                              78721fffca75d150bf16e4459fa82603cf230ab1d262b7dc76f1b9dbd533ddbe5d0e721f3359707e01b661873e168547450cc58a6094a94c0b361e1f3224d9b7

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              5KB

                              MD5

                              7c2c387b1cd6cd2a069827fb3f95d8df

                              SHA1

                              109810992ecfd362bc85541d2cd6a6bcf2267c2a

                              SHA256

                              0f3a9a4077884fec37add644814efec0abc1517913af1f115e1e912c0f218fa2

                              SHA512

                              c792d57bdf38ec0ca1cfaeb4db62c0f2be6e19aa2cb5cf944c7f4d34f678550c16aa504d216eca9864c4971d29727bc0f9cecb8721d0a6c861b687a0bd01c73f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              7KB

                              MD5

                              23a7135a79278cc169c347691d7ab69d

                              SHA1

                              88ea91bbf1d6d6892f8166069603f6b33e36a0cb

                              SHA256

                              389ab3f8280301219ec94650652b0b515b332a4038cbcd98958cd8a01570dbdf

                              SHA512

                              0478ec8190aec89e6ed05c2b0deaf8f7f60f3aa3cbc5f5ccdb4a4b8bcf6dc729351d59163ae127bae988ead823adb061ee907a14105056783d14655fed271781

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              5KB

                              MD5

                              c9a39e88fc8c3b1e1247c6c4c2c2195e

                              SHA1

                              7160f748e2ac9306975663f48de93f1a2d3aff17

                              SHA256

                              b92f0b688cd042cc32f873ac5dbb347308f941efcb662f31968014c83230356f

                              SHA512

                              ac812d9a8a68d377b9a9beef67fcb7d3aab76c50f5feb56d087449af439560dfdf1edcc9cb32e102fc13f1f32628221c6cf5b9a8cb2ea249c7264590098bb7c0

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\2c22ab9e-62c3-44be-9d06-b065d7c550ca
                              Filesize

                              982B

                              MD5

                              09181dbc786c7d78a2c6688609464202

                              SHA1

                              8a8e6ebf8fe3b3d7b5fb43c9c42f6258ca854a05

                              SHA256

                              d72b465b889dbab979b6094b09715ef24613350cac7f2f027ff531e6a9330099

                              SHA512

                              efb9b31a8fc5755725018184884444ceea8af29300caf662a777c36a4eee21b4205abccf3402bc9a13ff722dd152aa95cfff6c97de448c4ff97a9730cd1c92dc

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\2ed89e97-5605-4e5e-b7da-3950fd83b16f
                              Filesize

                              26KB

                              MD5

                              666c48d9f6827ccb7e19e1e16d97c6b6

                              SHA1

                              519b78df0e6962e173679e751745cce9ba2b8e88

                              SHA256

                              132b0a7e9a9efbdd57b357b09e7181debfdfc9926b89b66ea99ecfa78024fa3b

                              SHA512

                              0187b3eee19c2bdd29e094f4a97ac98b57a8991ea548949f907a70c713d29e93b5e5920a2318335ebfec2ee1946e332dd3d8d23e81a65d65259f462e44611ba4

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\fc223c4d-f106-4e95-908d-b155445aa436
                              Filesize

                              671B

                              MD5

                              97cf5a00575869fcd71e0b04958f6f85

                              SHA1

                              babcaa0d5d86705596f67eaf6cd00b7160a119d9

                              SHA256

                              73c076a431db3a9c390d37007ce77055069bcf7849d1a5cdb1c52ef964a977c7

                              SHA512

                              f8c7ec443a46cfb2dcd81615fedcade09886fdb666a781540d88f1183a2e837198ce0488936da31de3e03cf183440667ad6694e99a03a091ff0587b9aa6ab42a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                              Filesize

                              1.1MB

                              MD5

                              842039753bf41fa5e11b3a1383061a87

                              SHA1

                              3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                              SHA256

                              d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                              SHA512

                              d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                              Filesize

                              116B

                              MD5

                              2a461e9eb87fd1955cea740a3444ee7a

                              SHA1

                              b10755914c713f5a4677494dbe8a686ed458c3c5

                              SHA256

                              4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                              SHA512

                              34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                              Filesize

                              372B

                              MD5

                              bf957ad58b55f64219ab3f793e374316

                              SHA1

                              a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                              SHA256

                              bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                              SHA512

                              79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                              Filesize

                              17.8MB

                              MD5

                              daf7ef3acccab478aaa7d6dc1c60f865

                              SHA1

                              f8246162b97ce4a945feced27b6ea114366ff2ad

                              SHA256

                              bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                              SHA512

                              5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js
                              Filesize

                              11KB

                              MD5

                              2328e676a07c0ebfec9f9654055831b2

                              SHA1

                              2b3aa905d589c2988e245fec08ebc7d202060792

                              SHA256

                              ae061152b062ea6ef732bbf06b6fe8bfb1245713cad18b5856e0c80ba3adff50

                              SHA512

                              797432c71e50efe0c26055ba5e269b671094380614d403c9099ed542eec187304abee68bc59154f312a1ee9f18261d2271c1a0a251cfe65e7e64d63f9ef58e60

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js
                              Filesize

                              9KB

                              MD5

                              c2d0bd5220399ec580088fbb92743520

                              SHA1

                              c3febf4a2599fafb48ee6e19f5e64d7b3d0919eb

                              SHA256

                              4a24e4007bc684f72cdb7a87dd31c21994f0bc6ece082094e37a9287eb5ce5e6

                              SHA512

                              f4c97e75c0dfcd37cc1a3d8668e1da6141e028a156cd7691d07af46f5bc5cee695fc0d457e01fd67aa04e1d74d7bcff43e510f103734712f8af6c84468b02ce3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js
                              Filesize

                              10KB

                              MD5

                              e94bce2ee1dd17b27cb136b205d8e5f5

                              SHA1

                              051719dec513a3257f889e73e1c62c477f274360

                              SHA256

                              a8f8b886420695d29a82d691c8fbce2a98442ddea3a178209f4ed3db88776171

                              SHA512

                              01dc3c1badca62ac6a0970970d0df96b18758477df37f396e55d384e0f08799a804ce231bd75027521c334a401175f5c1ee4dacb057b9ab48d706314da94ee8a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionCheckpoints.json.tmp
                              Filesize

                              259B

                              MD5

                              700fe59d2eb10b8cd28525fcc46bc0cc

                              SHA1

                              339badf0e1eba5332bff317d7cf8a41d5860390d

                              SHA256

                              4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

                              SHA512

                              3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              1KB

                              MD5

                              d141d866990bf3108daef2715b8d6642

                              SHA1

                              5bf6dbcfd8dc01d4936c8d3fbdeb0e61a25ee74b

                              SHA256

                              3dc98fb32948306926223dc3fe74f1410b7c59dc51e70abb6c5d6883a20b9a8c

                              SHA512

                              adfe3a366db962d1119abf0e638f63774bffb8b98d635f37c0208460f2cd5f1191544df24c468ed13e9949de5ee256f8b537955a075d5cc91cc885f14c8de3ea

                              Download Submit

                            • memory/2080-490-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-523-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-468-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-474-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-480-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-456-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-502-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-508-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-513-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-514-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-517-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-519-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-520-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-453-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-524-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-527-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-454-0x00000000061D0000-0x00000000061D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2080-463-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-601-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-438-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-528-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-439-0x00000000061D0000-0x00000000061D1000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/2080-555-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-554-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/2080-452-0x0000000000400000-0x0000000004FA4000-memory.dmp

                              Filesize

                              75.6MB

                              Download

                            • memory/4548-530-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-537-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-536-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-538-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-539-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-540-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-541-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-542-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-531-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/4548-532-0x0000022574050000-0x0000022574051000-memory.dmp

                              Filesize

                              4KB

                              Download