Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

extracted_payload.exe

windows10-2004-x64

10

extracted_payload.exe

windows10-ltsc 2021-x64

10

extracted_payload.exe

windows11-21h2-x64

10

Resubmissions

05/02/2025, 00:08

250205-afas1a1khq 10

05/02/2025, 00:03

250205-acac3ayqet 10

Analysis

  • max time kernel
    978s
  • max time network
    915s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2025, 00:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    extracted_payload.exe

  • Size

    5.8MB

  • MD5

    410e19496641d191d18eec16c6addd87

  • SHA1

    e007c3b22e3aade86364cc8e960062194c0c2883

  • SHA256

    6f8f3587f197afafce54790a5f61cc59790352f48e9ed2b7b282414f92be321c

  • SHA512

    32e8b7216df74fb36cbbb0bcb6bd6c7b89e82b725a4c777e5bd62e2084e67c66324acfc3ee0638814625ef2b87500680385a136e2f676581ba30d678063879ff

  • SSDEEP

    98304:qVzA+NolR3oceUQ1spbvuKSUJ17LrbH4q8y1iYVk1OUkh54oZdxkOHYSM:6PNO3K1spbmxcrbH4a1iYVk1O15DUC

Score
10/10
quasarseroxenv15.0 | fifa23discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.0

Botnet

v15.0 | Fifa23

C2

private123.duckdns.org:8808

dofucks.com:8808
Mutex

c398e98c-136e-4007-ab40-e179829f338c

Attributes
  • encryption_key

    C84CB6134701741C5122A14FACDB67C8CFA9C0AB

  • install_name

    .exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    $sxr-seroxen

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 1 IoCs
  • Seroxen family
    seroxen
  • Seroxen, Ser0xen

    Seroxen or SeroXen aka Ser0Xen is a trojan fist disovered in late 2022.

    trojanseroxen
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
    ransomware
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 11 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:608
      • C:\Windows\System32\dllhost.exe
        C:\Windows\System32\dllhost.exe /Processid:{fb2b2ad3-1ee0-421d-98d9-a3a0cbc16107}
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4004
    • C:\Users\Admin\AppData\Local\Temp\extracted_payload.exe
      "C:\Users\Admin\AppData\Local\Temp\extracted_payload.exe"
      1⤵
      • Suspicious use of NtCreateUserProcessOtherParentProcess
      • Suspicious use of SetThreadContext
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3184
      • C:\Windows\SYSTEM32\cmd.exe
        "cmd.exe" /C cd C:\Windows\ & $sxr-seroxen.bat
        2⤵
          PID:340
      • C:\Windows\System32\rundll32.exe
        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
        1⤵
          PID:5012
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\iv.txt
          1⤵
          • Opens file in notepad (likely ransom note)
          PID:732
        • C:\Windows\system32\NOTEPAD.EXE
          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\key.txt
          1⤵
          • Opens file in notepad (likely ransom note)
          PID:2948
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe"
          1⤵
          • Suspicious use of WriteProcessMemory
          PID:3620
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe"
            2⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:3156
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 27190 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cbca5a4d-7d72-4de1-b9b0-725b26c9953b} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" gpu
              3⤵
                PID:4508
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 27068 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d119707-2c70-4638-8a1e-3e46b84d6fd5} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" socket
                3⤵
                  PID:4992
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3152 -childID 1 -isForBrowser -prefsHandle 1312 -prefMapHandle 3032 -prefsLen 27209 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab686298-1564-4bea-bcb5-4d89d8dfad5d} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                  3⤵
                    PID:376
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3724 -childID 2 -isForBrowser -prefsHandle 3680 -prefMapHandle 3608 -prefsLen 32442 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e844844a-f9d7-40f8-9bba-02db3e5eebc6} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                    3⤵
                      PID:4912
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4708 -prefMapHandle 4644 -prefsLen 32442 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {901dcf7b-de1b-43f9-8fd9-96b9f537654d} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" utility
                      3⤵
                      • Checks processor information in registry
                      PID:3520
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 5272 -prefMapHandle 5280 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc791040-cb0b-4ab9-abc4-153e76055163} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                      3⤵
                        PID:3676
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5512 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b35400ba-3016-4544-9280-260d850ba897} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                        3⤵
                          PID:4660
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5668 -childID 5 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {296c1855-f66a-4f69-9de0-9c18180fac1d} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                          3⤵
                            PID:3004
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6124 -childID 6 -isForBrowser -prefsHandle 5992 -prefMapHandle 6100 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {474949f4-d752-497a-b416-acc910455251} 3156 "\\.\pipe\gecko-crash-server-pipe.3156" tab
                            3⤵
                              PID:2036

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3jxltzi2.default-release\activity-stream.discovery_stream.json
                          Filesize

                          28KB

                          MD5

                          db3974ed44ad961054405fb5f8411d8b

                          SHA1

                          263dd702cd0eacd4de4c0f617a758241c209ec11

                          SHA256

                          f7c62e5bf1e7d31277ea55cb80683e2cae9f5bfc32fae6430dff6cd182922ae7

                          SHA512

                          1163334aa203e46ff07b231d58600c7c4106a4f64d4147dd44ae6b8670add20af65f06bfbed9f6a765bd816aa9492ae27ac83457be20a4785c114714552f2f3e

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3jxltzi2.default-release\activity-stream.discovery_stream.json.tmp
                          Filesize

                          21KB

                          MD5

                          3a5c61876c35891f0dafae12e654ebe3

                          SHA1

                          082f40e632c84e709e564213d6f20fd1c72b1f3d

                          SHA256

                          e02f571bc4b2491eddb0a0e2bd04f947710f891b3c3a127e358dfa9a51b4ae68

                          SHA512

                          8f78f3b5c2c3fe31f19a24ceecf807c38c1f9f7c62c4c5b028abff8c7d901a826a8a6e99cc160f2a21c825b79af14d46ae0254d5c4724d4bd8eac5c9a23b7a82

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3jxltzi2.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
                          Filesize

                          13KB

                          MD5

                          aa7140f236863a17e68a5be52b5f0e18

                          SHA1

                          4cdda2390ede46004e0133eb6e0145591a5259d8

                          SHA256

                          2591862c628ac7c1d58ec585b6f27f90de86eb386e309a2999a610c73ff85bd7

                          SHA512

                          1c67e7419bfd95896401215aed0a888cbb04b5d67f44d1d0f674b53ca8fa844411bff3f6a6b3012a078773f7bf9777fbf2e94bc2fb9acf09450841f4769f9b7d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3jxltzi2.default-release\jumpListCache\tvUe5bX0W3+uGOHND+ZrPCK2Ln_lbUDYSits2q0yC+Y=.ico
                          Filesize

                          472B

                          MD5

                          5253e01a0c1007226a73081c283db0d4

                          SHA1

                          e3172da89ac4f125681373aecf71497dac518cc9

                          SHA256

                          67050ae618368f39f6556fe1c956a555662e3aa1b4138f8ef6b04f9e621883c9

                          SHA512

                          e70c7fcd2bd1af1ee695e13a66c52705acefd9628c08acc1f8fda363af89433a3c45e61604d190b5263f5ddd2550239f0b98a95bb5905efb7fc89c5165d99765

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\iv.txt
                          Filesize

                          24B

                          MD5

                          e06c2da1739df03712096fbb78b1bed5

                          SHA1

                          2dc45be4ae3b47e264141b02b8bf9b45d53d9590

                          SHA256

                          743cfc8a6f274067cb1a19a508e5f578cf3c6a6c8d57c908610b26d4af93313e

                          SHA512

                          670837bf8afa5d56c8b955f684f62898af4aa3869b1ca86a738db6f5a3d454b79dd15df10340e796e481a883b304d01c99d83c93992fd37bf688168f8c86e0a9

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\key.txt
                          Filesize

                          44B

                          MD5

                          d517f9b6e102c7cca582ef522f2c9b67

                          SHA1

                          7113043b1a9805837545b1b7454f147005dc665c

                          SHA256

                          2ea4ee184c909d5c2df4e4b2865b853ef8ec8c9f023972073cb8cfb66a35a72f

                          SHA512

                          898fec6cf9f8804c5c37da77f82917640555339bc1242473006f30c5a3e06b1c0a72527b06c6803be553160235004bac5b7d9a84993af5f30f89bd9fd1dbe5a8

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          479KB

                          MD5

                          09372174e83dbbf696ee732fd2e875bb

                          SHA1

                          ba360186ba650a769f9303f48b7200fb5eaccee1

                          SHA256

                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                          SHA512

                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          13.8MB

                          MD5

                          0a8747a2ac9ac08ae9508f36c6d75692

                          SHA1

                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                          SHA256

                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                          SHA512

                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\B6W6N5XX51JZY2JG6S49.temp
                          Filesize

                          15KB

                          MD5

                          4aa89accb87aca375ee6e99e41690c90

                          SHA1

                          76dc2887bfd82f6107bb64aca0f9fb1dbc01678d

                          SHA256

                          1d384e94074c54484af05ed851bfda9c6e6aff5c1c6319c974de3f379c8ccb47

                          SHA512

                          e602285454652d6c62616a6f4b1e1aea9acf59745bb395e1cb6308fd4c0498c0b7038b487960b449f9f7b689182506777cf4ec024b9f7914d6744fb09dc5f369

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\AlternateServices.bin
                          Filesize

                          8KB

                          MD5

                          6da0583157a703433aaada2ae774c86a

                          SHA1

                          35c89f1b2b4d132de4a15877456d0920dc840e6a

                          SHA256

                          bfcaa753f192c718faa161f785c0e613a4c407a91ac98a6f5c67d6fc816f5b40

                          SHA512

                          42ad57ba4f5746d3820cd3d338a636ef66267b21a2ab8386e936f6190b496dcc3a2702baf91ca169fb76d0a8cb4875f91b9abe202a02ea11419c1d3527076274

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\bookmarkbackups\bookmarks-2025-02-05_11_28qNm6imR08xJoVGRo4WkQ==.jsonlz4
                          Filesize

                          1001B

                          MD5

                          62758c7cbe706263a3595f86d4990ce1

                          SHA1

                          1b4ab02ffc97cb1fbcac94dce3ffa2a619365523

                          SHA256

                          1607cc522e0fce8ecf9c4f65ed2edbeea9195fa0fca6a204a183c5edb193bf28

                          SHA512

                          0efaf8e5e4eafbec92442a6816f1ef903e1ed30392aa6f344cfa897a4dbffacd8233ef8c89112a89389c8ab3d07767e6fe5ecb1fc74330d2c0b8f8ce6dc97ac0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          22KB

                          MD5

                          1632bbe03c2bfd222ea493e305e9f462

                          SHA1

                          bd90c805e8f9230051df2258d81c6ffd4f8b4bb6

                          SHA256

                          bcbe854b5c718b07b7bc51001e86f26b8c70a1ad5733edf4ef4e8920c87c6980

                          SHA512

                          fe4d5705ee39d763217742332c66b9492935e361da1508eeb4275ccd6fa2a11a0a7c11cdda7df82e4c4c3a3122d33d4e189efceae1133e29fa9caa6a5836eef5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          38KB

                          MD5

                          f481c78e15e685e2202db9705bae3041

                          SHA1

                          4e5fbfcd26642f6f3a919d54e8c223b7ba9840ea

                          SHA256

                          50f900ee67b6d0473aeb7bd1c9da3b560039b25685ee5f46db2225d0ae4fb14f

                          SHA512

                          058c666ed76e43f94fe5938c7aa26f0ae03115a8f0c895f0ef2cbe78c84bdaecdfe336415d4e002590c5c90bd42901a6b2f1c64a5fda35e8a3e798ac741368aa

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          38KB

                          MD5

                          3adb6a89224f8c2830c08813c821db84

                          SHA1

                          6de43088e597c72cd5e84d69f2ad66a27b1909c5

                          SHA256

                          429022095f46392705ddf8736fb4c06fe9ad0cffda4702495e985f20058e8bd5

                          SHA512

                          eb51896885bae03fe6cb9d3dbe4557f66af4abfe1aa379e003607a77af788d6e6b4d277a02fbfbd134fa812613933d0cb3019b46986553e481349c26c3fb15d9

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          22KB

                          MD5

                          4e1f7a2206d9d90e7cd9d5d706cfcf52

                          SHA1

                          698c7bc299e56976bcba23f719c772d221f424c6

                          SHA256

                          7891431433db765b71c3cb68f024e49987a1e45b0ae6a794020c71009006ae44

                          SHA512

                          fc02a18e8aa4339027b46a4c6c04e741361ea802dd69148ba3ffdc0e3b3cfe0c10c5a52f601c2d7cd3b897c37d97c5cef2d3dd1247b86b194aa81eb824d50ff5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\datareporting\glean\pending_pings\01bb364e-c668-45b5-88fe-d48635164756
                          Filesize

                          659B

                          MD5

                          7962b9f1f67935d8cd192e5bd769c7c7

                          SHA1

                          419345c61fddc2f304fd51d83d87a41812356694

                          SHA256

                          4ef07b813fbb40ab88f8db87a490c59cbbb289319b114d6ca702a31b931d3796

                          SHA512

                          f9181a4467e4cac28911b654fc381779a1f39dc969ba120948ee672829ed77dc2751a5e45e32e879cfd405922680aaf395ef685aac790f4ff2e092341595789b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\datareporting\glean\pending_pings\508cff9a-8913-4ece-8ecc-adf930a5f9ea
                          Filesize

                          982B

                          MD5

                          43f01852085edefc67306601434d465b

                          SHA1

                          8191c631038713b83589f8c3cd53055735678d87

                          SHA256

                          3dc786cf768fb8d3b5bdb39ba922312d145e3815cfa35b16ec073aa9c0ac562e

                          SHA512

                          69b7b8c5fca1daf5a34e60f229be1fa60ccb16da75ee44bd64d5e6ec25a3d1851ab300bedd01f5825f46b897c8123cd5f89a8915508e47b398443248cc22ebe4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                          Filesize

                          1.1MB

                          MD5

                          842039753bf41fa5e11b3a1383061a87

                          SHA1

                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                          SHA256

                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                          SHA512

                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          2a461e9eb87fd1955cea740a3444ee7a

                          SHA1

                          b10755914c713f5a4677494dbe8a686ed458c3c5

                          SHA256

                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                          SHA512

                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                          Filesize

                          372B

                          MD5

                          bf957ad58b55f64219ab3f793e374316

                          SHA1

                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                          SHA256

                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                          SHA512

                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                          Filesize

                          17.8MB

                          MD5

                          daf7ef3acccab478aaa7d6dc1c60f865

                          SHA1

                          f8246162b97ce4a945feced27b6ea114366ff2ad

                          SHA256

                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                          SHA512

                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\prefs-1.js
                          Filesize

                          11KB

                          MD5

                          b9273b69f1eadeac414911488fde2287

                          SHA1

                          341fc7a5cde47d455258636e85c52ad2d6d5cb5d

                          SHA256

                          9cc16ca61afe91f1d466d052e4f3dba065dfa89df50b5481722ffbee45244ef0

                          SHA512

                          243d22361bbef51af18b6286a07167f04080302385d633442f5ee3ca91fea0a838932df1b133c6726a9ed1654a7298dc2735ed805641d5ca33bd2bd07732487e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\prefs-1.js
                          Filesize

                          10KB

                          MD5

                          54395bed7ffd1b2e16fb27cd2d499cac

                          SHA1

                          9b3f0b269616f35b85bc0e46742ff51e22ba34ff

                          SHA256

                          e675e101f566a69538c5eab30299a213e0c741f3bdfea741402f956fbee80ea0

                          SHA512

                          990d431aedf7efb17bd4113163b8b3ea5a18902dee71cc80e1a816b98d55ac0bc717fdfae883864c5832525ef1548b2852faf28cba8a01de15f5c8a4b5d4461c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\prefs.js
                          Filesize

                          9KB

                          MD5

                          b7457220a59f12521ca1ad37a7535c79

                          SHA1

                          89c2e44756d663c806a2a4f00a2b52c40d7bcedc

                          SHA256

                          3b975f4b870185fd5391fc24af78edae3e18927d77516d21026c2c6e2e0e3067

                          SHA512

                          f49d4c2cbddd2e2518a09431e351b2113979e82c358c65694354de0f4ee27239dacbb0ae4a0162fa66c474e57a8496512275b6b8db0b99b1ffc526e2939a2c24

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          3f830b40f7e381feabdca593add97db9

                          SHA1

                          6bdeb7d324c7f29cbfc5046f51463e7d811383f9

                          SHA256

                          e7985b91698d518a4e21b90dacd915947c19cce3061837318e9c1557ef6f1716

                          SHA512

                          77e23b079889471b1e696f812e281c7cb251617359bd145e5409c1f7d05c1f50f910bc21b1f5ee484376460e4a6a0bb0128ed7364422fcbb620a373b6ebf319f

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          c54501e2378006ac1411ea803484eca7

                          SHA1

                          442230b363b6734dc3312153512b745b1d4b458b

                          SHA256

                          2d183b9dd0a012424160a0fb40c1923fc642b18cf3bda8064a8321e42932bf0a

                          SHA512

                          61db54a435b40407e9ad0ede9f3e7c31b52a660fb29a588c123f402842cd7c3383f2b3f40a7454c57aa5557d0d6b17fe1e79b6be8fe78a0a8dcb584acb045b16

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          f8855550b855620f94e9b08f7af99996

                          SHA1

                          d7b7e6093edf25ac3bf8b8da392fca5c9f8ad304

                          SHA256

                          6160c1a92cec55712d3ce1d0ee9f0de6e7156191013fae4d724356c1c17fd2b4

                          SHA512

                          0c40c98d5ea1bc67c35139e6a6c96be0fff46012a784ec68f4161de2bc4c6fe018a2dc1ba858c57f6c64c9bff7c8272a85c5dc7ff6a150c8835487d5cfe80ab4

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          3c4a0ae48440a84e30e976094db0d71c

                          SHA1

                          8b3683379c13a633f3f125b43881d1d9b1419de3

                          SHA256

                          fb4b1d0dcea739265253efc7d95ff257830b283bea919433c6bb392db6cb0089

                          SHA512

                          767000846828fbf6f138b009d2956adf2796298867ca2dc1d4c0175be8f9ccc8586bc45cec8bcdb41082f360e3f5a3ab8b62507c9e922cab61231eede22667c5

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          fb4812aa35d6eb6c89d52925d7ed15f0

                          SHA1

                          5a8b58765746f9b16c37c4e53c48726ed9e9573a

                          SHA256

                          ddd41bb24514f1fdc81e3147f9e4100cec9ff2252d3629e2538625f72878aab6

                          SHA512

                          117d8f331ce061aa07b9d8fdf49572cbffc5e9762969414dbd533e237003a813861591db55f63b26b27ff162a7e3ad3a4301cb9ec8e4870269258d2cfca43ce0

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          e597248e2ffb3e319b8ad3ee4210675b

                          SHA1

                          725ba2153128381a6323a914d34ea9cd5f2d1d38

                          SHA256

                          0bbfa1d15c4c897f344ec01451db8b3beda977ddaea6105166c67be9cc48bf73

                          SHA512

                          a82003f54b222493d5376b53bd71a58d351dd9bfc167c2488eaa12d18733491bf7769be1ceb887833cee51fd8598de7d59a5ec9671ef1398094604e0bbe1305c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\sessionstore-backups\recovery.baklz4
                          Filesize

                          2KB

                          MD5

                          bf7dc96c143271b0c16edd2d2285bd5c

                          SHA1

                          9c90690d0c555f53f501c2e00aa7096a67811d46

                          SHA256

                          3e24c6ea36fb71514ae2dc40e5d22e03367c2a0cd62f3f27ec5d2837d8dd317b

                          SHA512

                          550b703472eb0bec2eefec5d868b37d585588d9f30d09db3ed85ab7b0e46aad97dc2955ea438797b4eba5edad62b91899dab2f25ed780e70d46b39f2176c227b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3jxltzi2.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
                          Filesize

                          656KB

                          MD5

                          47d5158ac694bc95665604a3bfeb4311

                          SHA1

                          edfa89ea2427c438e3e66b004327a068d4381e54

                          SHA256

                          1f0fb553a833bfc88d5468c4176feee40bc4d5be77053324465d0a5609f85a75

                          SHA512

                          6de47c3bda6b985ca62dfdb15759fd51b4e0bf3198e06da352f0e2f6ba3b91a6a0a8e10af5fe9aa41e81e14f86823beb767bbd144c14412788f5fc5ffec93d72

                          Download Submit

                        • C:\Windows\$sxr-seroxen.bat
                          Filesize

                          5.8MB

                          MD5

                          410e19496641d191d18eec16c6addd87

                          SHA1

                          e007c3b22e3aade86364cc8e960062194c0c2883

                          SHA256

                          6f8f3587f197afafce54790a5f61cc59790352f48e9ed2b7b282414f92be321c

                          SHA512

                          32e8b7216df74fb36cbbb0bcb6bd6c7b89e82b725a4c777e5bd62e2084e67c66324acfc3ee0638814625ef2b87500680385a136e2f676581ba30d678063879ff

                          Download Submit

                        • memory/3184-20-0x00007FFB919F0000-0x00007FFB91AAE000-memory.dmp

                          Filesize

                          760KB

                          Download

                        • memory/3184-0-0x00007FFB74203000-0x00007FFB74205000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/3184-19-0x00007FFB92870000-0x00007FFB92A65000-memory.dmp

                          Filesize

                          2.0MB

                          Download

                        • memory/3184-18-0x000000001C960000-0x000000001CA86000-memory.dmp

                          Filesize

                          1.1MB

                          Download

                        • memory/3184-17-0x000000001BC90000-0x000000001C658000-memory.dmp

                          Filesize

                          9.8MB

                          Download

                        • memory/3184-16-0x00007FFB74200000-0x00007FFB74CC1000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/3184-1-0x0000000000760000-0x0000000000D30000-memory.dmp

                          Filesize

                          5.8MB

                          Download

                        • memory/3184-27-0x00007FFB74200000-0x00007FFB74CC1000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4004-24-0x0000000140000000-0x000000014018B000-memory.dmp

                          Filesize

                          1.5MB

                          Download

                        • memory/4004-29-0x0000000140000000-0x000000014018B000-memory.dmp

                          Filesize

                          1.5MB

                          Download

                        • memory/4004-26-0x0000000140000000-0x000000014018B000-memory.dmp

                          Filesize

                          1.5MB

                          Download

                        • memory/4004-23-0x0000000140000000-0x000000014018B000-memory.dmp

                          Filesize

                          1.5MB

                          Download

                        • memory/4004-21-0x0000000140000000-0x000000014018B000-memory.dmp

                          Filesize

                          1.5MB

                          Download