lumma | 47f23c360d20717d0629bb37b01caf1bb3a473bdf43f2b967427da6b6f37c633

Analysis

max time kernel
1060s
max time network
1120s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
01-07-2024 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Despicable Me 4 1080p Clean.2024.1080p HDTS x264/Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
Size

756.9MB
MD5

519a32325de2c011fa72361538ee0982
SHA1

a1abef13be88eee89823f1b55ef253834a7f5df5
SHA256

c485650d9d58fb7ea6447e143e2e243a743353df05a2dd9c4f7348c0250239ff
SHA512

8fd3dfdd0e09c95c152091e6ef3da5bf030902bdd302aec6fce927b82b9c864667e5107f291127b3b7d85e9693df496a36ebda8eba37e3906e49572549518632
SSDEEP

1572864:NsctqFeWSmx3m00cfFjVg1HTM7U0aCtIsctqFeWSmx3m00cfFjVg1HTM7U0aCtf:NsqI3v0cfJrRaCOsqI3v0cfJrRaC1

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://exporttearryliveedko.shop/api

https://harmfullyelobardek.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
Executes dropped EXE 1 IoCs

Processes:

all.exe

pid process

208 all.exe
Drops file in Windows directory 2 IoCs

Processes:

taskmgr.exe

description ioc process

File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe
File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe

pid	process
208	all.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scrtaskmgr.exeDespicable Me 4 1080p Clean.2024.1080p HDTS x264.scrDespicable Me 4 1080p Clean.2024.1080p HDTS x264.scr

pid	process
4124	Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
4124	Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
1920	Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
1920	Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
900	Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
900	Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

taskmgr.exe7zFM.exe7zFM.exe

pid process

4396 taskmgr.exe
1088 7zFM.exe
3180 7zFM.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

taskmgr.exe7zFM.exe7zG.exe7zFM.exe7zG.exefirefox.exe

description	pid	process
Token: SeDebugPrivilege	4396	taskmgr.exe
Token: SeSystemProfilePrivilege	4396	taskmgr.exe
Token: SeCreateGlobalPrivilege	4396	taskmgr.exe
Token: SeRestorePrivilege	1088	7zFM.exe
Token: 35	1088	7zFM.exe
Token: SeRestorePrivilege	4368	7zG.exe
Token: 35	4368	7zG.exe
Token: SeSecurityPrivilege	4368	7zG.exe
Token: SeSecurityPrivilege	4368	7zG.exe
Token: SeRestorePrivilege	3180	7zFM.exe
Token: 35	3180	7zFM.exe
Token: SeSecurityPrivilege	3180	7zFM.exe
Token: SeRestorePrivilege	256	7zG.exe
Token: 35	256	7zG.exe
Token: SeSecurityPrivilege	256	7zG.exe
Token: SeSecurityPrivilege	256	7zG.exe
Token: SeDebugPrivilege	1384	firefox.exe
Token: SeDebugPrivilege	1384	firefox.exe
Token: SeDebugPrivilege	1384	firefox.exe
Token: SeDebugPrivilege	1384	firefox.exe
Token: SeDebugPrivilege	1384	firefox.exe
Token: SeDebugPrivilege	1384	firefox.exe
Token: SeDebugPrivilege	1384	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

taskmgr.exe

pid	process
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

taskmgr.exe

pid	process
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe
4396	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1384 firefox.exe

pid	process
1384	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 4652 wrote to memory of 1384	4652	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4028	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4028	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4692	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4808	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4808	1384	firefox.exe	firefox.exe
PID 1384 wrote to memory of 4808	1384	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
"C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr" /S
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4124

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
"C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr" /S
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:1920

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4396

C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr
"C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr" /S
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:900

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:1088

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap12921:274:7zEvent21976 -ad -saa -- "C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4368

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\Despicable Me 4 1080p Clean.2024.1080p HDTS x264.scr" -t#
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:3180

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:408

C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\all.exe
"C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\all.exe"
1⤵
- Executes dropped EXE
PID:208

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" a -i#7zMap13065:188:7zEvent25546 -t7z -sae -- "C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\all.7z"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4652

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1384

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.0.871832050\918653709" -parentBuildID 20221007134813 -prefsHandle 1696 -prefMapHandle 1688 -prefsLen 20767 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8b12dd9-222d-4f20-b4f6-c59016911cb7} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 1776 22a4fcd8e58 gpu
3⤵
PID:4028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.1.1251606412\847009061" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20848 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd8f435-2be1-4416-bb2d-0b23b641b180} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 2132 22a4fc04458 socket
3⤵
PID:4692

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.2.1296154727\448544002" -childID 1 -isForBrowser -prefsHandle 2716 -prefMapHandle 2864 -prefsLen 20951 -prefMapSize 233414 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {079c136d-35f5-4f35-93f1-3ff04740658a} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 2836 22a53cb5258 tab
3⤵
PID:4808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.3.444679000\154698664" -childID 2 -isForBrowser -prefsHandle 3508 -prefMapHandle 3504 -prefsLen 26136 -prefMapSize 233414 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09d5c18-4896-4563-a179-8a78b052fcd3} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 3516 22a54f06e58 tab
3⤵
PID:1920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.4.957443568\1340074222" -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 26271 -prefMapSize 233414 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f4029d3-fc19-4524-8feb-c00968d9ea4f} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 4084 22a5560c858 tab
3⤵
PID:700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.5.1931461673\845421754" -childID 4 -isForBrowser -prefsHandle 4964 -prefMapHandle 4836 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe07e0a7-a9a5-492d-aaea-b3cf5140211b} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 4972 22a5637bc58 tab
3⤵
PID:408

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.6.1867851571\17347577" -childID 5 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1d9c241-59f9-48c7-9af2-7512ab38e08c} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 4988 22a5637bf58 tab
3⤵
PID:4200

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.7.3122013\108435116" -childID 6 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 26274 -prefMapSize 233414 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {16ffbb9f-a2c4-4cdd-ac8e-8bca8659333b} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 5308 22a5637b958 tab
3⤵
PID:2196

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1384.8.1741357159\253892248" -childID 7 -isForBrowser -prefsHandle 5524 -prefMapHandle 4988 -prefsLen 26608 -prefMapSize 233414 -jsInitHandle 1208 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db2292f-259d-4cf8-8810-80bde9738015} 1384 "\\.\pipe\gecko-crash-server-pipe.1384" 5608 22a44c60858 tab
3⤵
PID:688

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Explorer\iconcache_idx.db
Filesize
28KB

MD5
6a0189060c7066fe9272b1f21b338ed0

SHA1
537e10e9366ebb8b07043cca6f0e97f27ff02b4f

SHA256
d956d4cd72aaea1ded7e321f200a43f2c21a798e95e4364345fd78ab7bf62ac9

SHA512
78e7f77d1deadf584130cd6f18a91ae79e1d623e2cbac0ade17d2aabac3463d7ecfdce2eb4983f995bff92de6e525c2e6b0a6c684a28a38d2af022e11a9ed570

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp
Filesize
32KB

MD5
4b340d70e60cfbb7e0ce49feca93de68

SHA1
50d00764ce1be92492dfdbe3f8ad41af3d408682

SHA256
b193757f02674cda1b4a0d5b45714d7c61095555799cdac265a5f3ed4e948400

SHA512
5638806401180b07cab3bf020803c8eeaceab781a0408d20a4adc5ada7ac4708ebfbb4603bb957c9ee27c975b5079713fbd0f1e4a055275f72dbe6a901495579

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
46f35dbd57756fdd500632c7c67a7d8d

SHA1
9f55a4a6af7c626eebd71a0a451df817a5b5cfcf

SHA256
8cd0a4793d8490b35933ed9f46011aac6770e85e2668243299f187eb76c50b37

SHA512
020236a5a814cb045e729126ad2a3ca9714dd640a271dad2ffe543f5ba951b8a2f6da9c0e7b08c3a4ab53fc7a0c01afb96c46fecc0b08303ff0445448c472c6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\entries\999E1F3D71BA81BEAE546F4E2D3634A51282E69F
Filesize
8.1MB

MD5
841d16105881290298a95cf66f0e25d3

SHA1
3b2c9030e4b0492ff097ed406ab0f0739adafc97

SHA256
0e269d158d02f73a3e3923c3a2d2df363e892586b4d66388370ec740a0600160

SHA512
5ce4a61dd53b63dd396fb91afe6718bb96cddd2d15177379edf0e2630f9cd86f6db761d15baf8ba154e48df26b4f8b6b032c14b170dec73e2f6aac2ebff0cc7f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\01
Filesize
22.3MB

MD5
5d0fb403d4ba73756d43d8d62020c895

SHA1
520a50c6a2839222501248b2f5630ccf6b06f041

SHA256
de08b7823a4c4a963e8b4666acb5054694e78fd6d8e972e651ac843517e92b57

SHA512
51074dc08df7ce214f209eb8fc478dcaf2085cc5389cba7645f78a1597a37c1de1b6164538942803b76ee84f15ab79ba995ecfea7b0a7b99d2888777d6f83600

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\02.gz
Filesize
77KB

MD5
00d1864f28996b00774b9e4c860e74d3

SHA1
893adbb64f21deef15831623607e45a014e8c8cf

SHA256
4855cdab08cf33eb258deb228c21d317d2ad39d37f25aeb81b13c23ea518e420

SHA512
aa5bad5b447015906a19f9fca4bed6a6531b9bf09a28730ad6527c0bfec84585827a24f60987076f6aa876d4b2c1136b2dc1ad6f6a8aec945b4440637926007c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\03
Filesize
76KB

MD5
0a8f1fdeac5fe4bd91d4f1f1da9c3c5b

SHA1
adb63b616a59ffae5f1d3e74d9824516583c7580

SHA256
bce5a0670cd126f976b45c151775778fcb74540df076f2a88b4ace82a5648070

SHA512
d1c16d27c828f8051188f8f750b49419ecd43577f88177ae27cb2262e4077c56d2e5d5d0c9c2e6dff16b33b0b89eb536d406301b77ae3e46f2593f1b3700c525

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\04.gz
Filesize
23KB

MD5
6cbddfc56b7ccede11de86c3badecdb9

SHA1
a3c1eca140d7f5069cd457f4f26116ab50304c13

SHA256
b1f13fe5e60cd42c681d7fa369ebdf79a3c8a94b28fd9fb91accf4bee3276168

SHA512
19b4db4f34c13787075e753dd615f48e7a9770dfed053f3d712c07cc021f0105b998db39d5cec14e87651eee59d16df9698aec8a0927922fc2eee29f030aa986

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\05
Filesize
10B

MD5
b2acf05f840f5a72b71194c8ab6cb215

SHA1
87970b0c62963ba90e3071796596920f0f59e57f

SHA256
196a9354935b303b517aad43693d8b4c3fd79592f5d05e56031bb7c03e346a68

SHA512
cc2fc89f4332b06a065302a69b2c161ec074e58d0a56049fafc93fb45b0af98a0511a70ac5ba46e1997aab238f610ae3024c1365a407f299663f8c54fa1c6c17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\06.gz
Filesize
21KB

MD5
f52207ec0604498d764578e2cb089345

SHA1
ffce5466a10a07825d9766ed66de8f58e3f64160

SHA256
8c6b08981a742e3c08801bd23cdbf4a4c3516fd3759ed3ba8b496a7f22308666

SHA512
d4e3f267fb055a8c654271bdeb0d79c37eacbcb4d4c6a818cc5274cbf44982d115c36debfe9614d2a689fd7a749533e284e6d0541ebf71049afa986b38384c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\07
Filesize
146KB

MD5
198887c5fe5b62f0828061fd5a791568

SHA1
2f1c0a7adf40c2af8810c4b04d1d2a0ddb03353a

SHA256
2ea11627e840f7edc794a15a4cfecf5a897f97d029228d1051471d6d04661c96

SHA512
a008bea1e6f88177f4afacaee550275984232fa9c2fe4400c56f099c51f591e9c6709dd2891ec7a10afbd15599d33b429ca38ef1fe4d39eb60ee966ccb7a4650

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\08.gz
Filesize
32KB

MD5
18f39448c2b5e4c126415cb1fe211ecd

SHA1
3fc7ea121358ce42ee5be3b82226548a9e3edeb8

SHA256
283793a83c500290ff8ca7ec302cf5e7c6c418120500f93d154dfe1ef8c2214b

SHA512
512148e6e696b5b0f507c6403535953c8ed14ebf50357e44e82de255fcd0f58a39734c430d646761f10f0d8252cb95ff09c088d629aaad74e27ed0722eaccec5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\09
Filesize
51KB

MD5
3b81f5b2cde280fe3d34b8b95b4f93db

SHA1
afd4a1d8eecd08fd5a5a034635c7c95105f91ed7

SHA256
db6d14f102095c809fc8733f9f6eaecb2640ff73a794c80ab2414a344c74a787

SHA512
cb68ff07fb7da956026d7bde9df704f669df64552cbcca9c8f61ed45943894ea418c20720948a47612f08165f2a77b366bcd0dc93d2572d28a7a77dd825666d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\10.gz
Filesize
2KB

MD5
9af060dce3724db3844d1378e91616d5

SHA1
b0c0b5327b42ec6c065915838405fd9ef339e89f

SHA256
b0523ffc692031e93bc8a12db83545a9fcef82bb6093d3e73cfd8713da066167

SHA512
69a5914179a8a2fa7958ab5a0a23fbaef59a23c5a840be91d4997c8a3365a2300b0ad5193f253e0ed01046fa68a83d2d895d3be355f809dc60a5f0515e49cb48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\11
Filesize
41KB

MD5
1c5cf2edd495f92a5db3fb481d539c28

SHA1
0d82b950fed85cb9453163cfbda1e4108fa78d19

SHA256
7849070e04c6179f65fb8f454852391a3a7245a8c1d341e790af2dfc2f72f1f9

SHA512
4f9395b328ca08e4ffc25336ed33c2df54f7cff1a55da57aa70e5d5f169ff03a0bbb1235ff71ec9ab90fd35cbf32509a90fefd0bd9c6b7d46c51100e6bd9051d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\12.gz
Filesize
44KB

MD5
84f888d8d086d87bb6a75dce159e4eb2

SHA1
3a06166bc22190d6d4f58d69b5324a71a0c476cd

SHA256
c1a6dd045d5beab2b93206ac7ee3578f4b7b4d970fd4756ca70561360f8ca490

SHA512
14d9969e150747fdb2d345d5838871637c63433119619ab2522a4ab89a7bb7097d1ce56c02696172116810c4d66bc71c88b7e087e487cb71739281324554f11f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\13
Filesize
6B

MD5
d38f767abc014344d85e146d5be7cda7

SHA1
af84bea066117efefafe0f1277a4ff673866569c

SHA256
09d1d3ba23f5dcae9795a726bdd9e233a4c217c6508f64192289b55f486cd524

SHA512
cc6d5a96f3e197545a43d5c8dc9f8bbd2d5f6559b9d943964d5456d0b3ebe9d1924c93eb8dc8fe977b268874af1bc109ec42062ca69b601c4119e5c1c7b29565

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\14.gz
Filesize
44KB

MD5
58c20ad5ea63fb5646bc60e1bfaa4e86

SHA1
a2a06390eb0036b58c9e1003b1a57ce025d4b2dd

SHA256
6c97e489f133193f3bdc4ae23e2b0aafbfc4642bcbe0e60b858561fb180ed9c2

SHA512
5f5337d392c0025e3764d9b3e0387bde6a1bb197b2b4590b1443ea067d069c70519b53472853f77f166aef9c793eec91718ebf96788bcb56615d998d5c3b77d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\15
Filesize
7B

MD5
6a991ccecf1155e8334a5f226af686be

SHA1
c003f65a0b18097c90f667590af9603e4a0bdf26

SHA256
cfca747ba665990abeead71748e81d67218772561152a52b3b227818f4819006

SHA512
6c58ad537b6fb1a09ed82fe6fea57b729e4bf26458d02109898debf1b79d7784a05dfca4e15326fd83ad637dc86b2ddcbe8d58d964c95571ecd0cd1a962657fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\16.gz
Filesize
42KB

MD5
bfd0531e6e4d46c5d0fce845c750d5a1

SHA1
a78c3de8ba6ab7b509945a7d5e3a678400fecd90

SHA256
5d66fad2d4863ffeb117687a28384578096515b7e37de2388e693d72df17b014

SHA512
1b204eca0453c8600691b03a3f9717ce09870976d210e540940ff16289222f6e9f002402edb88fe6d0abfe507071f64990851505a8b7ba33ab43a5d13a049bdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\17
Filesize
10B

MD5
fd551d7a3cbf75ced4aeff48877bd229

SHA1
6be813a020f380d2bbb93b4139960876b240cd29

SHA256
cf81e0f74d7c9b8d5ad06d53e522e426e0f89f5a1791c2d2b25569012f2a1ead

SHA512
8b1f0b2c85858b164549f566f5e93b1cade49efec44676853c16f4baa445ca4391290617d076254c59aa7319912598520232072a5f2370c4af651d7a69c31446

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\18.gz
Filesize
386B

MD5
52023412ddf0de20de5edfa7517f9590

SHA1
0a15a22003f84c19e486f76ab707d357a55708b7

SHA256
49fece1ed6f70a6d3c46a8d6896d131c8341e0b9b99041a474f327fef202c590

SHA512
37445144306c8381e4dce7c8a0966fbeb9cc764bf62e0ca5d4c9ea6abf8209c4b99eefd055c09ab2ab0cff9f2e69cf6ef479b94d764ff46af760153e2e559c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Despicable Me 4 1080p Clean.2024.1080p HDTS x264\1\19
Filesize
42.5MB

MD5
0c9444c26a87dda08e84569fa823732c

SHA1
d5ffa3377686e8ccbcb332b0288fd7fc1433f53c

SHA256
b2752ea90e6ba2ad27cf0ca0ac54ad1be2f4dfd0ff079288f30e410a953c461c

SHA512
977ffb07e54570fb3a8dd24debe34a28069050c0acfebb01ee401207a6a01f78e59ec201f99fe5d38653cb88c1b430bd975709a3dfed3f41a9a9952e1ee15dcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
fc61262010aaa7f042cd694e1835e3c1

SHA1
3e9e4adaf2d7b1435cc275283e0e6796cf604d37

SHA256
9a3c66ede3e75054c6afca04ab89ade5bac6dd366fbac8486480e84951d5518b

SHA512
0621274024f896b371e6eee7da3ef590c09bd41545f849305972711e5a9b27a4b65a1b06135a949b8bed161af883a4b46f880380c800afa15c7da0acf19f5ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-07-01_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4
Filesize
953B

MD5
14e152530b0003973263fd54064ea363

SHA1
98a18c46e4980317a1f795bb0f364f02b7524f06

SHA256
98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199

SHA512
21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json
Filesize
216B

MD5
ef8d2796e6b55171f85969c669a9581e

SHA1
83f691f17e9782d46be311d51d5a31383cfc8f24

SHA256
6aeecda409d79e7052b916e07696a082b5eb183189761577ce9e77d4151e7a2c

SHA512
be1ca9eaa2b2e8400316c63b74dcd05204def176f5e323e8459fa57e507dbe27a09fdf621738c0d83718894a2257a5e32a5187c5ec710190bb438e5a9744bb41

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
fb2d275ab451b48fa5b75ad68999b286

SHA1
43177b44cd10776728f61751518ef388ab93091b

SHA256
521e63d2d0ef650248f352f479a37e1bc9348e8c7f035d76ed2bedec90eddcfb

SHA512
0c08ca989ec37169a0fc81451adaea85294ac03eda28ef070ad76ffc4b37f34b886a891787c3b4e95eda40d864283484be4bf3fc8f3cda9851530b039d9c1bd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\05f79203-2324-43de-bae4-21729e0890b7
Filesize
746B

MD5
9b0aee0d969b070edb96774899f68919

SHA1
b269218d750cbc279fcff3f60883aa4be030dd76

SHA256
a067f598ac07ed7651ea68d21e269ed0564c480c90ca1b26c70768dc2f3b2b0a

SHA512
6c7e50d716a997cb3568e31f4105f7c70fb21c67a696ab3d5c050efa37d893a41424acaef37e699e74619ab8ee931c0a7828909e0ad00fb9c8c1822f6f369290

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\f499675c-2a59-49d6-9e4f-167e679e6776
Filesize
10KB

MD5
4491b32f00044538f203122fceb6c228

SHA1
164f721d83f25b2428d70c044d301e183b7f60cb

SHA256
d2d1b08bc716dcbd28fa3570f18c1a95b4af2e524d75201ebdc1e92daf80edc2

SHA512
b377b68539c6afd1972b8cccb4649bb415c3025d8989d57c8a274687f5d88db4f79589541ff6aa062a180e44bfc8b19398e4f7f69bbff75a300f14991b6ec24c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
Filesize
10KB

MD5
a0eefbf3a5422ad96dd19383580a32fa

SHA1
bea84c1d2bee795fbab3f9301c1039e2b24e9a4c

SHA256
deccdb863344a01c4d7d126b470cda8cad09faff46bfba7138de6c3258a0bb5c

SHA512
8844fcd8c6b00f00289a91c0258b5c7d2275dedc534d1eac9945c8317a8366cad36f665be6592f99147d395d417d2ba702a08a2727511eb8a7dac3e3882b9bf0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
Filesize
10KB

MD5
3e4e5fe43ec67c590026b57329003cda

SHA1
c12d277c495e25538d465ac8b7ce1a8900d7d87c

SHA256
c724373f8c80405d1102e51c12437b07f742e9f6c446cf98f8eeb8d11561ba18

SHA512
af4b4f97f47ceda0a6c3ba0c3b357dd5423e05fd939e696d61d34290282de827058ff63e4bc7bf8d164cd7edbc842fe09b2984cfcd8eb80498f1a4225e9210ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js
Filesize
6KB

MD5
521db07bcfad0867012679354f738db0

SHA1
5048449c68e56a2b21bd9de6075ab2258fe01f26

SHA256
ff08576c550c38cc40076e900c123ba736621bbf2321532f30a75729a1d00038

SHA512
a6a34af4f71ea350be693653fdf0847e56de0cfa3ae6521dc5bd86e600a01d3e9e4814bfeb15f8abc5c7a8adcc2acdd1e380a8bed79aa82463b275fb377c15b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
Filesize
6KB

MD5
37dc19005f0f60571d956d927bef92da

SHA1
36463363d915af7a76a2bdd893bacb9c6511d06d

SHA256
47a4dab4126fc5ba97ff9af4f349729115a4aa12bba2680bdeec2225689c00a9

SHA512
2ed117333bc59bf02bc6c9a4d28489f810f44d22283225f31ac2cbd87a47f15cb114c2710cf39af87131a7d2e349788c16430d37c54986292366c57892e30f3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
Filesize
7KB

MD5
e11228718bc1019c39ba06c1f07af071

SHA1
7b66e6834ff95034c298294fdb57a678a694496e

SHA256
68f023dd960e8feed7fddf27b167c60643c91fc2071a02d3e005e3f4f723c10b

SHA512
a6395708b75c9cbf8853a98e799a07d3b6dbb59abadbb29ba914790e34570b9435da80474554a1bf72f22c1a0a8ed11615a8174ce5b3eb4d848b718080939bf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs.js
Filesize
6KB

MD5
e978c10787a2c52ef1fcd4752304f7af

SHA1
83ca8baad6b16d02cc2eb51708e77b8a5122bb8f

SHA256
fd0b2f2bd9536fc7a39643d5fcb3d9701110f1739d3a7fe4ab0d2c41b504bb81

SHA512
03eaf880474e11a633805e4f367abbd21b165bda2a5e1272ee1d62738215c1b16642edb03c5f6b9636b8c1c0f45667434c4b45d7a074fd3c9f6d9123af73d380

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
24c07f92ca48a9f7975f535d9c82722a

SHA1
64fedddc9e31cc37694b668b2cf72dbc367e03b1

SHA256
33a52bfad0e628622ad82f0990a0d6988fbadb73e14afbb4a165492520b5b392

SHA512
3e61c30d53e7b0d43c0262c151d0bc95693e211dc7212f6ba9d9be3099267ab32b1b592f8ac42520aac777de75fd177d26eb99ef1238f7300700569e87c022c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
aecbc1f0bb3ddaa8c276fd365383745f

SHA1
ff12423e4de77be6fc4d0df4c63b1d1edbdc0158

SHA256
e76508e5edb8fa485f2b00905f2a260fb3403b7c73e43381f27ad71f4f762bc0

SHA512
66213a508c20507161882444a6ade43d25387fba93b6a65300d07f6e620cd90768b951b6c98b41d0beb4a6508c31376ec3082b36b560431ac470bbee6dc96793

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
7.8MB

MD5
daaed58c32633c8cdfd680bbb8cfda49

SHA1
774579a1ccbcc2e12e79fc6d4180270f9144db73

SHA256
86183b459506440df65c925a0d3cb3a0c01a8250407d3ed05f9341fe5512b0ba

SHA512
2c9fe8d2761cec1f183918a8f40e1ab4666393d63ce7aada07360c39a19b1e48ece5d5a291044ee216a7da9562003212821ddddfba95c1a83ec7025630d48229

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json
Filesize
4KB

MD5
a85ded5c91b1c1807c2e241e0e77a5e3

SHA1
807e24d5b573c6b285bf6b3fbf224ec92eaa62e9

SHA256
dcd399a9c42297ab4f80ab72ec4675737148b89553a3a9002e33a6404c53c479

SHA512
aea6149b7100c7f497a3bc00cdfb05eda6e72fb4d97fedbdcdd43893cfb907abff15ad7c21e5104eb5b29882d17c188d255b224f960c968279a64f7e364b74d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\xulstore.json
Filesize
141B

MD5
46f4a723795a4df904574934b36dff35

SHA1
5e58adab46e6420bbd619acca18489d3bca00d70

SHA256
e7a1405eaced7f7e8cf8b21e3b0d2068ec1677d881b5494d086b74631f72ca7e

SHA512
08b5c9edc20c8ebc90b7a6e09d540af62f2d83056e1d5be4190a5762d3f364862257b740d53eec82163be16f7288e6d41fdbfe1b3148a2411fdfc39ac2da2833

Download Submit
memory/208-106-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/208-110-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/900-21-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/900-26-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/1920-8-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/1920-20-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4124-5-0x00000000023B0000-0x0000000002403000-memory.dmp

Filesize
332KB

Download
memory/4124-2-0x00000000023B0000-0x0000000002403000-memory.dmp

Filesize
332KB

Download
memory/4124-7-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4124-4-0x00000000023B0000-0x0000000002403000-memory.dmp

Filesize
332KB

Download
memory/4124-0-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/4124-1-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download