Overview

overview

10

Static

static

1

FusionHacks.zip

windows10-ltsc 2021-x64

10

FusionHack....1.exe

windows10-ltsc 2021-x64

10

FusionHack...dk.jar

windows10-ltsc 2021-x64

1

FusionHack...4j.jar

windows10-ltsc 2021-x64

1

FusionHack...on.jar

windows10-ltsc 2021-x64

1

FusionHack...GA.jar

windows10-ltsc 2021-x64

1

FusionHack...18.jar

windows10-ltsc 2021-x64

1

FusionHack...er.jar

windows10-ltsc 2021-x64

1

FusionHack...na.jar

windows10-ltsc 2021-x64

7

FusionHack...rk.jar

windows10-ltsc 2021-x64

1

FusionHack...re.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...me.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...xt.jar

windows10-ltsc 2021-x64

1

FusionHack...up.jar

windows10-ltsc 2021-x64

1

FusionHack...il.jar

windows10-ltsc 2021-x64

1

FusionHack...va.jar

windows10-ltsc 2021-x64

1

FusionHack...e7.jar

windows10-ltsc 2021-x64

1

FusionHack...pi.jar

windows10-ltsc 2021-x64

1

FusionHack...le.jar

windows10-ltsc 2021-x64

1

FusionHack...bc.jar

windows10-ltsc 2021-x64

1

FusionHack...ip.jar

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    283s
  • max time network
    280s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    21-01-2025 20:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FusionHacks.zip

  • Size

    47.6MB

  • MD5

    7edfde6c0718e3de3aea6c4328112e2c

  • SHA1

    2a86b2337f51dcca7f6a7ad6b971a12207d1ac72

  • SHA256

    b225282af8e6d46594acdd8f59a356718ed3217032f1fcb1b5d01dd2c4cc7cda

  • SHA512

    51a0943c873ad81565ed2736775de29fcc15f34f18afc5d3840ddec53a7c7cf1e6f49b5aeed4bf0b9b0f8a7e91d5c678bf68e67cab3c2bdf0e7c10cd4c6aaab0

  • SSDEEP

    786432:dsUgpIMLOJsDl3G/LTjpOPRMND9AI8QofA2FmQIeoPi+EcllyX0ToEe06Fz:SUgp/LcWMLXpOZMX8QoTFmzeJcrze3l

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://supplyedtwoz.click/api

https://suggestyuoz.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Executes dropped EXE 4 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 32 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 46 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\FusionHacks.zip"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3712
    • C:\Users\Admin\AppData\Local\Temp\7zO08E5A578\FusionLoader v2.1.exe
      "C:\Users\Admin\AppData\Local\Temp\7zO08E5A578\FusionLoader v2.1.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2904
      • C:\Users\Admin\AppData\Local\Temp\7zO08E5A578\FusionLoader v2.1.exe
        "C:\Users\Admin\AppData\Local\Temp\7zO08E5A578\FusionLoader v2.1.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3284
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 828
        3⤵
        • Program crash
        PID:964
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2904 -ip 2904
    1⤵
      PID:3788
    • C:\Users\Admin\Desktop\FusionLoader v2.1.exe
      "C:\Users\Admin\Desktop\FusionLoader v2.1.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious use of SetThreadContext
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2140
      • C:\Users\Admin\Desktop\FusionLoader v2.1.exe
        "C:\Users\Admin\Desktop\FusionLoader v2.1.exe"
        2⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:2968
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 828
        2⤵
        • Program crash
        PID:2764
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 2140 -ip 2140
      1⤵
        PID:1592
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        1⤵
        • Suspicious use of WriteProcessMemory
        PID:816
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          2⤵
          • Checks processor information in registry
          • Modifies registry class
          • Suspicious behavior: GetForegroundWindowSpam
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:3200
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 26851 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ece446ee-c809-4476-b72f-af2fb0dfcfd2} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" gpu
            3⤵
              PID:2344
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 26729 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ec82666-baac-4672-b6da-045839da03e9} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" socket
              3⤵
                PID:4344
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2960 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d1aedd6-cf77-4a1b-bf45-9f1f55c09b03} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                3⤵
                  PID:4596
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3532 -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 32103 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66300f06-f8a2-4677-abe0-a390dc198faa} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                  3⤵
                    PID:4160
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 32103 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0641018-473d-48e9-a146-43a05293065c} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" utility
                    3⤵
                    • Checks processor information in registry
                    PID:1828
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5456 -prefMapHandle 5444 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {888ddc23-198c-46a8-a2c4-a45cc8cdefda} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                    3⤵
                      PID:5628
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5552 -prefMapHandle 5596 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e340b76-6b44-4c2d-95e6-4cdd7c659239} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                      3⤵
                        PID:5640
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 5 -isForBrowser -prefsHandle 5660 -prefMapHandle 5604 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f118c69-c094-457f-822a-567016416b10} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                        3⤵
                          PID:5664
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6328 -childID 6 -isForBrowser -prefsHandle 6344 -prefMapHandle 6340 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2962699-1616-479f-8492-91ce41f3334b} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                          3⤵
                            PID:5176
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7344 -childID 7 -isForBrowser -prefsHandle 7336 -prefMapHandle 7316 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fcbecdfe-b54c-4601-8954-9d81c4d401e3} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                            3⤵
                              PID:5156
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8196 -childID 8 -isForBrowser -prefsHandle 8172 -prefMapHandle 8168 -prefsLen 27114 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66f81eb6-26c2-4ec0-826c-8b1127ddf4bb} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                              3⤵
                                PID:5920
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1628 -childID 9 -isForBrowser -prefsHandle 5248 -prefMapHandle 2400 -prefsLen 27901 -prefMapSize 244628 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69df43aa-9569-4c8e-a0a2-3983f7184f83} 3200 "\\.\pipe\gecko-crash-server-pipe.3200" tab
                                3⤵
                                  PID:5256

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
                              Filesize

                              28KB

                              MD5

                              6c7484c01d2380dd5410e4242a5acca3

                              SHA1

                              88ecd66d2bab4311461e45357e138c9c11c9ef46

                              SHA256

                              b719d58afda5d1fc35aa247f153ce455b3efc77678382ead3723c711f9533bba

                              SHA512

                              6fcd8955eecc360b715de79de7a77cc69acb6564231a2a32e30fdebb75719063874a1ccbf2d1931a386bd528eb82e9bdd48b59eebeebe18ab24d47fa0ad12f60

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\cache2\entries\14821AA1E9D13D360D771FF9E1F00543A1FD657B
                              Filesize

                              55KB

                              MD5

                              82c7332fa25f5450b8c5d3dd68de0602

                              SHA1

                              2c22b980a32d23f2e922093fb74fe39a36a979e7

                              SHA256

                              031409f1a2aac309170d7ddc6505b9002b60827c4c62524e11cf9efadd01517d

                              SHA512

                              5007a76d0a14e7d8db30626e40de167b15b297103ed635f947e1a315201cccf733c6e560e7cded0b2154f8ac034b98ba16cb962a0f584e84b7b6625d3a49230d

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\cache2\entries\4E45CCE51F07581E2C71BE6B153FB92866EC3C69
                              Filesize

                              224KB

                              MD5

                              5fca2f864c62b049506bbbd3b8896d47

                              SHA1

                              f3ef28fc1c8ec2ec70b0ad6dfe69f9b32f5a6ef0

                              SHA256

                              700f8947956db0c929b0096d198e9c3abf8b9243cc0571326f517243acb2e605

                              SHA512

                              412ea92c9f43553c2d85643e5f39b36f711e8f2c0432844fda503e24f36adbceb88e861fdcfa255e320994aeedee0df2f0722e091e9a29653aa9f3ff93584bef

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7zO08E5A578\FusionLoader v2.1.exe
                              Filesize

                              389KB

                              MD5

                              a296f08e999926fc187c79a0ea7d7c14

                              SHA1

                              a5f2cc6207321f03d20f602b349bb0ae2f410bed

                              SHA256

                              421e096bf07259fc4978f027a8cf4c9e7b530df5c0f73dc9a20f41f1942560e3

                              SHA512

                              4c1966624f3b5c2dc9d7bc89f10171ebd869d37c62ef388b611364b5d6c466206257799c96b873ba6ded24bf7e6e070d865f09fedfdc3bdbb690b47f227f7eb0

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\FusionHacks\jre\Packaged\AccessibleHandler — копия.dll
                              Filesize

                              3.4MB

                              MD5

                              96b95a995d325fe15201f32db9fe6116

                              SHA1

                              cad60d85dd5810ad23199f756c89d78f71567799

                              SHA256

                              3f0f0e67e96f7720c3acedc9a822593b0751a9a96cc6444aece0372716ca4bed

                              SHA512

                              24b541b7e02780b06bd236dac19c30b55e589c1984d0ab226f14d66ad323f7429ed98f3c18d2875b1c8f682d8f16621d2bfe64b6e60e3a089f9616ca2d42936e

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\FusionHacks\jre\lib\images\cursors\win32_LinkNoDrop32x32.gif
                              Filesize

                              153B

                              MD5

                              1e9d8f133a442da6b0c74d49bc84a341

                              SHA1

                              259edc45b4569427e8319895a444f4295d54348f

                              SHA256

                              1a1d3079d49583837662b84e11d8c0870698511d9110e710eb8e7eb20df7ae3b

                              SHA512

                              63d6f70c8cab9735f0f857f5bf99e319f6ae98238dc7829dd706b7d6855c70be206e32e3e55df884402483cf8bebad00d139283af5c0b85dc1c5bf8f253acd37

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                              Filesize

                              479KB

                              MD5

                              09372174e83dbbf696ee732fd2e875bb

                              SHA1

                              ba360186ba650a769f9303f48b7200fb5eaccee1

                              SHA256

                              c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                              SHA512

                              b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                              Filesize

                              13.8MB

                              MD5

                              0a8747a2ac9ac08ae9508f36c6d75692

                              SHA1

                              b287a96fd6cc12433adb42193dfe06111c38eaf0

                              SHA256

                              32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                              SHA512

                              59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\AlternateServices.bin
                              Filesize

                              21KB

                              MD5

                              66526a3a1bc9445f99e5653cca3046d3

                              SHA1

                              98e08d64e078d875e336106c3904b7a0eb83463b

                              SHA256

                              5116c84c65d51d843b94b89d3d393125a8494a55e5ac3a1e0c4e8d0bf7fce229

                              SHA512

                              b87dfc61201927a1200d09779dc6880c6043910149c45c83fe3526e6471a0ed2f40cd6daf8d751269ca1bb3c0b28aa5b36d00bf029888edbb4f693b3068f3c27

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\AlternateServices.bin
                              Filesize

                              7KB

                              MD5

                              0dbe0cba6f60056debffc41940d451e5

                              SHA1

                              676602b9053eaa028f49e5855ca8a04368e896aa

                              SHA256

                              77bd60e2877958eabd03e061b812f57fdcdc45cd08157585ed747ae868b5e360

                              SHA512

                              db5ff2718729713beaae8f80da76d55e3aa4be155981241173712754932e51ea9b5cf9eb734f128f7992f22b3c0553190acc4032e824ddf1d55b5626de8f5f5c

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              5KB

                              MD5

                              47324f758279c6ba5f44f3a80d6486ca

                              SHA1

                              aa170241ab634290552bf58be964420bf7303c8f

                              SHA256

                              0cb07239d7a6267523750f5c9721c5f06326760a78913148ef96047f6f3c64b3

                              SHA512

                              e70d1afe12f30e4553adcb49c10101fa00b86ccc08a0ad936b29dc7ac677956adcce481bd9f62f106b99e079d72fb6e135c7029c7fc9a9794d2401c6fa75b9fa

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              7KB

                              MD5

                              6aa8fbdd67cf0a7713ed2f8d6879b398

                              SHA1

                              b899de044dac40c1fda776c1de8c21b9ecec2bd6

                              SHA256

                              dbbc0ba3e31ba1d6cb30bd9ce044eb0cd7f232ae7b49378a2441776003c3d016

                              SHA512

                              085d7d54249ff8a4036363683a11cfbeabd6931c7a31e11fb35139bde32084dc4bcb6933ba6050bf093d93eb7aab73120dfd16d85f20c29c239350b7bbbece3e

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\db\data.safe.tmp
                              Filesize

                              43KB

                              MD5

                              2582011b6e1b1420ad64fb7fd21dc8aa

                              SHA1

                              258580ab5837208681264deb19418fde49b81190

                              SHA256

                              bcb79b0ae550a9944f1cd0adeb5f3ec458a1121e47a29688e01365ca908f7ca8

                              SHA512

                              444c28bd38016d24253e63761b928415fd41a28bd61b1dcf621f59564c59fb5521424686b7f4b7a40e7bf264e6e7af9e3402c9f54790a69cc9dc84c70dd21f49

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\pending_pings\08d7c23b-e743-4164-974d-2ba50746f3dc
                              Filesize

                              1KB

                              MD5

                              741374cf8754b2d4484708a913fb85d4

                              SHA1

                              07c1964d47c57768a247718f01db516fe93e15b8

                              SHA256

                              23eb6087b62de5fba80bc21077d105d4d07aa1296c117039d474ddbddce40a5b

                              SHA512

                              c92c1331f03105274f7a0a285e9e61b017bb51f9ea95ad2763df9ee4cd0639e7cafb72df62acab42cc630d10ea49132b829c9a79c23d008cc7e96c9d7381302e

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\pending_pings\271b30da-6105-4f6a-b2ba-a2d90f51e93e
                              Filesize

                              671B

                              MD5

                              51e2886d068710ac3090eb70aaa5c012

                              SHA1

                              334cd0acae0bed623ebf8efe4b549e3007158f65

                              SHA256

                              30524e4280910250307cf0db2bcc84db53c31bff8577fe425ed0e8e515809673

                              SHA512

                              bf2cf271dc87692247f370c423ffa4b5b8c10d561b9cf934fef2395c14233692c2980d3c25fd14b643d8fb7564e986ead2f6d4d8381457de87705af4056c10d7

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\pending_pings\7914ea98-8576-4069-8901-c0c21b329d08
                              Filesize

                              982B

                              MD5

                              c271f3d17ecfa50db608ee079fe19d90

                              SHA1

                              36ae43e6e0f5a2570aa3f6e00bd3516c1b059402

                              SHA256

                              49d989e117b9fbb5d9400e0bc6dfb2196a71b3191365997938abb0a2b7be645c

                              SHA512

                              7338670452aca195c3a66d69e958446ce9037c85bf366b4389dd2942c55e600735ed8b9e9fc7fb7d6032d26b4df24daac630a239cdcba1f07af8241c9d48e86d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\pending_pings\a4a18403-1aff-467c-acc2-38234ddc2c18
                              Filesize

                              26KB

                              MD5

                              33ff10b33ee0038c90208b4281265d67

                              SHA1

                              2e9c5215addfe64d6b24bd19f2fad69d8ae7df92

                              SHA256

                              6dbf1932c24f9097a2d3c2396b9870a8441041597151d1b6c6f7344a09960fa4

                              SHA512

                              c70a7653960748f1974b0e456c0c834d6968438051d7e17f267bb9259342c4e9e0f625239453f6121a95b0dcd348ca92a0fac510a18b2d185d1ac1758496efc1

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\datareporting\glean\pending_pings\fd94e7da-1a1e-41ae-9feb-b64e344b18ba
                              Filesize

                              846B

                              MD5

                              290a205d33579a5b70882bb97a3eb3e2

                              SHA1

                              2694fc397e6efd59af87649998d2e07d25f86fa0

                              SHA256

                              2aac867af7764a2451abbd3f08438af9bcac3c9934043a4db73cccf9ed463a77

                              SHA512

                              5e88af1dc4d24c006af89f69fd510f7114f34729f70007ebb5fc7d5bda3da984eb8433b5b86d834ce792531e95b95d02209bb1fd04b07c811b041499d3670b93

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                              Filesize

                              1.1MB

                              MD5

                              842039753bf41fa5e11b3a1383061a87

                              SHA1

                              3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                              SHA256

                              d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                              SHA512

                              d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                              Filesize

                              116B

                              MD5

                              2a461e9eb87fd1955cea740a3444ee7a

                              SHA1

                              b10755914c713f5a4677494dbe8a686ed458c3c5

                              SHA256

                              4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                              SHA512

                              34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                              Filesize

                              372B

                              MD5

                              bf957ad58b55f64219ab3f793e374316

                              SHA1

                              a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                              SHA256

                              bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                              SHA512

                              79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                              Filesize

                              17.8MB

                              MD5

                              daf7ef3acccab478aaa7d6dc1c60f865

                              SHA1

                              f8246162b97ce4a945feced27b6ea114366ff2ad

                              SHA256

                              bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                              SHA512

                              5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\prefs-1.js
                              Filesize

                              10KB

                              MD5

                              bf45f5da23332e83be7612c5be5d604d

                              SHA1

                              5621364270b062f55d6aa95e39dfdb8e489355f4

                              SHA256

                              233edec0b75a1352161383f2476e9c2ae64277844821846fef1d0987bba9e222

                              SHA512

                              9c46a5cc2b9bd4c8cc86b051ec4bbef5570bf332d15e976ffd5c8ee7fed521cf528276e7ce5a10227fde5fe0e024bfda18547045c99d9169167cebc867ef7f39

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\prefs.js
                              Filesize

                              9KB

                              MD5

                              7ba734bff7665a79c8cb6c3c1bf6803d

                              SHA1

                              a716ec1c4b513df2aa49164a942cc7b25fc570a2

                              SHA256

                              0a43607b1d2861d94d4e2233191f88fed9622e78e23f810d18e39313bdfb8918

                              SHA512

                              e7a785ae1437125b531b3f80ae46fad954cf000d4bee45aaa8b53b7543e615c3ae43b1b7d1023b9b108e74a52da0e04e0c3b5709ef6f6e3b71bb2dd8c07d985f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\prefs.js
                              Filesize

                              9KB

                              MD5

                              de2e555cd49b52fec098c99ae9cc91b5

                              SHA1

                              4c4b75e36eb161d3f9186ed7e00029f5ffd3def1

                              SHA256

                              84f7ae92ce8804e5449d7cd89904c263c52e9c05b6149a13ef52ada95b5d4e06

                              SHA512

                              f5dc83c30f69da2f0118d60345c85ab24911d0d1d89885e0cbe40b1df403d21d7aad47746c9ea5d047e56eeaf52c0d0acdf0799b295f332fea6e05df0c00e23f

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              1KB

                              MD5

                              ebdcd6007c7791196c636e37a975f0ad

                              SHA1

                              7552a935a09b8dba8f1d5251166cf09b8f186e18

                              SHA256

                              0ff7eae104235c76c68926288b7118b8ffc62ff830f58ab165736cd8146892a6

                              SHA512

                              3c51b4353f474e1d38e4dcd4bb19ef0c25aa88b22eeacf003bfd74f27ccdae0adf50d2410cb9b89b283609d3aaecb71c60685f2a14112f4723ef448735815551

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              5KB

                              MD5

                              8aafb29e26f6a7f113cd57e46041ee9d

                              SHA1

                              cdd1d0b62dbfee73b45f71c3d84eb5e009f05438

                              SHA256

                              d7a7e7a9ef64994130eefa3fbb3db2c6c71d09e05239edf3e750b3b48eac7c57

                              SHA512

                              4382c1dc87370b93877fcd84757e95e4d8bc9fd013c7e1f021c529f318e33d3a83d59d8837b325ac155866690a18b9388484d57d7d943abe1dcd9a2ba4af7741

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              5KB

                              MD5

                              d7edb4526c68f2d03940f467bb6c00b3

                              SHA1

                              70a797cb03f2208de84ed02488b31fd7c47ce7c0

                              SHA256

                              1436b1c1eccab57f7dc43c9788d6febbb6d78c86fa480f70a7df107ec64bcec1

                              SHA512

                              ae2ca2e7bd8a5b164bf658f4937e30022e0828616dabf9f2b3865743090dce6ab14eab757b97f1ecd684bf3169d6984700673a19fd7f58bb707958c69dcb6f9d

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              7KB

                              MD5

                              101c3bdc92a03a964275e51cb0445231

                              SHA1

                              f9ef090feafe6aa284a97c4af1a5e127f27062fc

                              SHA256

                              9d2a168e67ee02dccb2a2012adc2c7af87f61f755d7c748773561973fdb1e4c6

                              SHA512

                              a6629107a4ac9bdcf0dded467d3c6d7e2f6dd0c7677896fdd0ffc72182c473316d6ad2aa434dc324cabcd5d1676f9e80226e17afbefe76474d16aa230bfa65cd

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              7KB

                              MD5

                              8c20c5bad24adfc61e8d03e52e0ccb48

                              SHA1

                              79c68fa5430632a61ff6a7054e26e049f168a0dc

                              SHA256

                              4c84abe2aca79e375362e71b990f645059bb9b269e2b5257f19f19083d84f0bc

                              SHA512

                              981c8ca09cfcc70ab1d87c4e0063634a6e14aa409443313abcf8d07d2de5f99c9b4c90fe7a1edf4d1a87d7e7559a53cb0cb47c31c027732b72e376a25e95485a

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              5KB

                              MD5

                              f0a34de048c3eb7c88b05929b3e2ad41

                              SHA1

                              44bfbd40d9effab1ffcf51e2186f55aac98d4b08

                              SHA256

                              c031ba0a041339935184f018ca039b9d16f1831eef403d44298fdcb8a4c39b4d

                              SHA512

                              94ef2b14e65c5d247466cc8d111647285b71d4f4ca5e50cb67964a882e6dddabfa47fd00af0b92aa885baebfa4197e7a476b93e32aafde9d9bd66e39e3227091

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              7KB

                              MD5

                              ffbe8c4e9d9fe129f886482ab3ca2dfa

                              SHA1

                              123bb1d3c9bab39671cfd5cf3195a3b99f0c667d

                              SHA256

                              3d62b5713ca6d8a2a9b1e4049627b3ba715be191b2da17a5246eba054f3f56b4

                              SHA512

                              cf67d0324a77b7768eedbce84e382810f7ab666a7ef5f7e30a1e243331af12d3e1e87336a3f3b9fd9ce203ca9477e33919126e23c9fb9f0404674fd4ee11f8e5

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              7KB

                              MD5

                              068014db456905b80dffcf46594053ff

                              SHA1

                              532344a24bbdc48b64e80224e5f9c9fc83ab8d11

                              SHA256

                              5f6b566251b9fd6860db5d554eb487bf92072e160053a6391d4b47f885623e29

                              SHA512

                              add9ce92d198366bf4e7b5f78b22513681d971dc260faf9db4ed9bf8bde4e017797bff64e9e8f70ad2b72ba02d8379a350f76728e22ddd972f34afa45b2203e6

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\sessionstore-backups\recovery.baklz4
                              Filesize

                              1KB

                              MD5

                              b3de287eb19c05867d15c6dc1ac60665

                              SHA1

                              024055fd132c388cd6a61b7b4c26ec284334f0c0

                              SHA256

                              be9ece3f1e756f463cffbac6fc83c9c1940d4da6c9f8fbfc9aa863a1e1da20a6

                              SHA512

                              5bd9254a5df46d2b58573ffe9aa17dc7a9ec36a27294dc1c286501766767396238ad978f26053422be767e0c09d284e3c6becd19bdf751a437d89ddd5991e3bb

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dg3cjlpy.default-release\storage\default\https+++www.virustotal.com\cache\morgue\184\{89e89186-a91e-49e5-abda-af92e26306b8}.final
                              Filesize

                              50KB

                              MD5

                              ad616a7f942cdf4d0f7a422305b5cc5b

                              SHA1

                              38cd3cb409b4e47b03b45ea0324d9e050bba28f6

                              SHA256

                              9d7bde6f0923554ef9653bd0f507faa87e25bf12b8e20eb5a67c78dac0dd2297

                              SHA512

                              9c39e071f9dd8ac07b9dccebfa47a6b652ed300c663d5a5a3451eeae69fb027fd285cd47df9542cbc092d365f3e327dc58f5678750b5d7de54dac3d3506e4751

                              Download Submit

                            • memory/2904-298-0x0000000005500000-0x0000000005AA6000-memory.dmp

                              Filesize

                              5.6MB

                              Download

                            • memory/2904-304-0x0000000074740000-0x0000000074EF1000-memory.dmp

                              Filesize

                              7.7MB

                              Download

                            • memory/2904-297-0x0000000000610000-0x0000000000676000-memory.dmp

                              Filesize

                              408KB

                              Download

                            • memory/2904-296-0x000000007474E000-0x000000007474F000-memory.dmp

                              Filesize

                              4KB

                              Download

                            • memory/3284-300-0x0000000000400000-0x000000000045A000-memory.dmp

                              Filesize

                              360KB

                              Download

                            • memory/3284-303-0x0000000000400000-0x000000000045A000-memory.dmp

                              Filesize

                              360KB

                              Download

                            • memory/3284-305-0x0000000000400000-0x000000000045A000-memory.dmp

                              Filesize

                              360KB

                              Download