Analysis
-
max time kernel
1574s -
max time network
1571s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-03-2024 13:20
Behavioral task
behavioral1
Sample
Vanta Cheats [CRACKED]/Vanta.exe
Resource
win11-20240221-en
General
-
Target
Vanta Cheats [CRACKED]/Vanta.exe
-
Size
78KB
-
MD5
da5a7eb9e117cafa2d9137d1723a33dd
-
SHA1
e35b1f51e72ef5d2f8290ac7d0ec87cc15235899
-
SHA256
780815f7b1197e89dd796f625782af49026bc7691fd686eb25f3f9ab2002579a
-
SHA512
4686f8d49b4ca27c1ca4bccdfaad7c8369e475cdc1b59a9ac5af10dc5382d449c60daa993d9311dd2e70a3ee535449705665699691a3bd8bafd37ebd075fd7af
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+cPIC:5Zv5PDwbjNrmAE+QIC
Malware Config
Extracted
discordrat
-
discord_token
MTE5NzkyMTQ2MDE3NDQ2NzE1Mg.G10JF-.bNlt2_PKNFUbG2pRSlM23bcrdFtXhvMU_yl7hY
-
server_id
1052631250457866370
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-627134735-902745853-4257352768-1000_Classes\Local Settings firefox.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\Vanta-CRACKED-main.zip:Zone.Identifier firefox.exe -
Suspicious use of AdjustPrivilegeToken 10 IoCs
description pid Process Token: SeDebugPrivilege 3228 Vanta.exe Token: SeDebugPrivilege 484 firefox.exe Token: SeDebugPrivilege 484 firefox.exe Token: SeDebugPrivilege 484 firefox.exe Token: SeDebugPrivilege 1404 Vanta.exe Token: SeDebugPrivilege 484 firefox.exe Token: SeDebugPrivilege 484 firefox.exe Token: SeDebugPrivilege 484 firefox.exe Token: SeDebugPrivilege 484 firefox.exe Token: SeDebugPrivilege 484 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 484 firefox.exe 484 firefox.exe 484 firefox.exe 484 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 484 firefox.exe 484 firefox.exe 484 firefox.exe -
Suspicious use of SetWindowsHookEx 7 IoCs
pid Process 484 firefox.exe 484 firefox.exe 484 firefox.exe 484 firefox.exe 484 firefox.exe 484 firefox.exe 484 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 3988 wrote to memory of 484 3988 firefox.exe 87 PID 484 wrote to memory of 2720 484 firefox.exe 88 PID 484 wrote to memory of 2720 484 firefox.exe 88 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 4912 484 firefox.exe 89 PID 484 wrote to memory of 2688 484 firefox.exe 90 PID 484 wrote to memory of 2688 484 firefox.exe 90 PID 484 wrote to memory of 2688 484 firefox.exe 90 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\Vanta Cheats [CRACKED]\Vanta.exe"C:\Users\Admin\AppData\Local\Temp\Vanta Cheats [CRACKED]\Vanta.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3228
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3988 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:484 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.0.1344813560\1936722891" -parentBuildID 20221007134813 -prefsHandle 1760 -prefMapHandle 1752 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdd07293-5210-4236-bba7-187c01729540} 484 "\\.\pipe\gecko-crash-server-pipe.484" 1840 239c84cf258 gpu3⤵PID:2720
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.1.1691921396\60127785" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7356c690-0b36-406c-8369-623215de4d6b} 484 "\\.\pipe\gecko-crash-server-pipe.484" 2216 239bc372b58 socket3⤵PID:4912
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.2.419997792\1282954473" -childID 1 -isForBrowser -prefsHandle 2612 -prefMapHandle 2716 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feca62e6-7bbc-4b8c-9325-3bd06c82a468} 484 "\\.\pipe\gecko-crash-server-pipe.484" 3236 239cd719458 tab3⤵PID:2688
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.3.1013595318\1638116716" -childID 2 -isForBrowser -prefsHandle 3396 -prefMapHandle 3456 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cda2ff07-02ad-4884-b278-8b8d4201864d} 484 "\\.\pipe\gecko-crash-server-pipe.484" 3392 239bc361f58 tab3⤵PID:4820
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.4.5440027\1986016197" -childID 3 -isForBrowser -prefsHandle 4508 -prefMapHandle 4504 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb641de0-8751-4e2b-9a71-07c4daf78b1f} 484 "\\.\pipe\gecko-crash-server-pipe.484" 4520 239cf363158 tab3⤵PID:3472
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.5.840076428\1676323288" -childID 4 -isForBrowser -prefsHandle 4872 -prefMapHandle 4868 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {983ea296-7a64-4d8d-97f4-f333a0da9c0d} 484 "\\.\pipe\gecko-crash-server-pipe.484" 4884 239cf735858 tab3⤵PID:2924
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.6.1400244823\958652288" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fce7baa-0917-4b6d-8f33-3582cf15ea88} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5004 239cf736158 tab3⤵PID:1644
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.7.330271019\1278950823" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbc8f7b-af2d-47b4-ab15-65e5546d1a04} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5292 239cf737058 tab3⤵PID:2268
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.8.1943304578\1516685447" -parentBuildID 20221007134813 -prefsHandle 5856 -prefMapHandle 5804 -prefsLen 26283 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0917a519-8af2-4376-956e-0df755c9885b} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5864 239d1bbbd58 rdd3⤵PID:240
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="484.9.716653566\1267041001" -childID 7 -isForBrowser -prefsHandle 5864 -prefMapHandle 5888 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82184110-77c1-4779-867b-dbd3dea99ebb} 484 "\\.\pipe\gecko-crash-server-pipe.484" 5976 239ca7ad258 tab3⤵PID:3076
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3840
-
C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta CRACKED.zip\Vanta Cheats [CRACKED]\Vanta.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_Vanta CRACKED.zip\Vanta Cheats [CRACKED]\Vanta.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5d28be4a524e2d846c3edce97ca0db9c8
SHA132ea7cf190e761a4787d42e316d585b00329f3ce
SHA256f98c88d5ccc659d74076e369b63676fca3652e371f8071d7bd776a2d72dbfa73
SHA51207658017c2b63f35cf225aec4b4a5bde3fbe397b60383c0ff90cf5de566e0aca9bd6d437b573dbc158d51db4bbb3dbd5d4dc5326777ea94be8f0b9c0115dd8b1
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
5.2MB
MD5bf454d118ed20b7a1ca2001fb765c9a9
SHA10176a2ebd4c6fbe81a35da2118fb2e71b44999a9
SHA256f5ed3e0de585f71b440a15deac3c79963d00a8496b52c1aafd9c51281c076a67
SHA512830ee136d7d2ce7edda82bb991f2b18dc2904bcb77a4e3aa3936cfa8d3084768332cb1393f9cc0325f938d8660e223bd0eedce06dd36cdcf1c6ff98c604322da
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize12KB
MD53c0cfc86fa72f592d201418a7e516d30
SHA196a96c982fd298192756c0a67960132072ff57f2
SHA256135cd32d7f3200e4e3c3314b46c735386857610840ac359ab61f2e7829f751e9
SHA512cbf794754811feef366330eb162acaee240d7967d60288fb0c6e1ceaaee0329ce6946e17096adab922fba9aa5da2216e7dac3c6600684901950a02b84a62ee16
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\bookmarkbackups\bookmarks-2024-03-27_11_-n8sRi0ABVGUJp96U4MVYw==.jsonlz4
Filesize939B
MD55a470786d1b6aaa771c2096b20e85881
SHA107e53ff9344d75c93645a5e2202ae7313a3131dd
SHA2565defaa774860089003b434626b95a55acfea9595300457ee3eb75173dcfca541
SHA5126e420a4f9337939705f2348638900c99907b5a79980f4697aff7e71f419ba020d6d5441ba897194c44761ecd29dd8a63acfcb4d0f540454d9c970534076a495e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\broadcast-listeners.json
Filesize204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD59ee32cbed96034277ee4dfa032b416ae
SHA1fe67c3f5afe95cb7ee353ac667ec939780575765
SHA256899f45c93430e1780565e1bc2727354233136f1a759388a4c9f059e1821e50ac
SHA5120e4c03b6cfdf996d117e8a75507cfcddfb107b3e036a22a41f9f91925aa94edd9fd09dd4d4b74d3d466e0300d030c38a8f0038484260db65807a328782a1fa0e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\5dad725b-f436-4fa0-801d-c4250f2cb142
Filesize746B
MD526f1b1edfb898e317be07c26fc31d8a9
SHA1d744d1b07f9572957c96d5ff405728879497ce6b
SHA256f6569b445ac71b65e9ad2618edadd5eeeb040536a5a40c711df9f5f658729a51
SHA5125f02bcf65f321928987091d9b2a63a1c7386ea5739eaa3e429a6f45d4a70a4ba3aa90ae1bf164178d3c2c9d9072270b79277d047717dc00b9e50555962e90b65
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\datareporting\glean\pending_pings\72c162f9-978f-4ee1-8448-ae7e1d582580
Filesize12KB
MD5b925f8b7539d13c11e8740619d20b16b
SHA176a14e3dc5d3cb8f08ef72e2746aaecee12b70bc
SHA256e8b1ceae0f187b4a228cce5ba8a689c7031a4c80cac72469078c3b97154dd824
SHA512917e2c128c701c90eb3d20211821dfbe3695cfa4b81fd1f8d11f7ade0b99687865f404672cc70d40361ac3f87adff33c75225aaee18bc66df41541eff2db10e6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize4.6MB
MD525043767dbaa0eab20a4075620c7933d
SHA1a88c398c6fee23cb721b18a78ec6206500f78312
SHA2563eb0ed4bdd88f41967edf09dc6289e01854ef0370ae718eb3c79ad024c82f508
SHA512463150b3ad11853e8e97257a8e8a5c4e0e37fcb54b1a86e8b258741fc094959ba68d7e96dc6c24cfb922d5258ee31d9edf2949ac222071581f78489dca36ea55
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
7KB
MD59c8dcbb2bc411ebb1fbd39d4b77c10c9
SHA1f5a4302ae7d6ec20cdadeded5b84701ab241f595
SHA256b48fc3321ca87775545a162ad3248947027f1ddba8fbfce873bcb4b03d922463
SHA512d5236ebd57920376174e02c7e43b67afb0d9d44ac2aaeb9fabe7c887da40386a135a63dbfe86185988619c99e6ae10b835025bcfd2bb7395bbf7b9d75ae898ec
-
Filesize
6KB
MD5351354a233e3d5638f91344e19699e8b
SHA1bc8b82aaca2741b922c22d16f5ffa61fd5b5a4e8
SHA256ab69588f87c263f2500bfb241902a98ae244a24d5bbf8c531a8a739453de11d5
SHA512e7cf61fe0ec884f6b2b54354ac40c183ad23a30b0bbbeda2f73367f9dd967dada184c022ee996236db4505405c6023781540a47e4123abf00899a3dd47feb48c
-
Filesize
6KB
MD5ee24c1d98bb702f8e0b53a4316f6d4b4
SHA1bb8e6c31d0de0b3af6cbed6da554641c5c10bbe4
SHA256725979dfeb87d3e22a16cf4cec27dcd70e41c6bfb93d0de1e4ec7a76a1b741f0
SHA512bbb09d1838e0c0e313eee87f80ea291ea424d84ca09863521a073f9100c38874eb275c0cad79f6ded573bcd5d37dba4212b36fbccfde6a1247ca060c87be3f1d
-
Filesize
6KB
MD57fda67cb2cecf0acdac1d5954862c5a8
SHA14ef6977e567f5b56de566bf4b9ff5ef588c528cc
SHA256ce8bc44d5f0498d082524844ba6f176d05c184109491a7ee2c32c7f81ca8a556
SHA5122ca318870a3b4e077bfa39306bd063409c99bfdba5710490abdac9bb689d8fd2f9ccbc473349571c520de64e10c4d378cb9fb250b896259419f8781e6fc5c964
-
Filesize
7KB
MD584dd774b76167effcdd16ac33fc10c82
SHA1d9cc1ea5ac164db984108835ed7bd3cb3254f1d4
SHA256f4c9439567bd2e6cb17aa564cef131bc22f2aa687b691e8cd62c3eccc3cdce1e
SHA512364328e89e43ba33e9cf26f6fc9aef7f4151596977763ac4df1d1292ee3e44573bcaee7f26526ac6e30213f20dd00c77c7818f1e7b36a2d202f0db25c14b5a3b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5a8ad886d730239a827b5e355331f248a
SHA15392bf9be2937725396e65945bae76b065f188e8
SHA256a1abdcc314648f660c4ca9fd7018d4595582c878fabfd15f0113b6f354be2f79
SHA51233aad90d2d90285e787be272c8f47f4086eaf7b8a993124100ec0af4e927c02387e2696b6f54f5dbb32f3db1c7e0d0f184e34fc6ccd81aab9f72b9e2d1d1c756
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD53dc1cb44eb20adc8ca5c034307db73ef
SHA1313465784a18880d1a4e37c1fe7fa80114ab6f86
SHA25674be2d595e1f751b7c12bf72efaf9d8129d91a204ee53c43991838aa8899fa53
SHA512e497221ffb45217b0ce79636f3f32c2cd869f97acf88cc7ae8b7eb6d4889a3f858da6d5fc2d39fd9c377a72380ff325532fa0dd931aa90b26b658c314fcf5971
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5b2e12368e8f517861704724ee28cf2ff
SHA1f0a6eb1f837504336ec55766febfeb7f1ff5017e
SHA2560cb6c0dcb846c6e0f91af7576c4d10b9eba1067c5adff5cf9ddde46e53abf741
SHA51221d3315bce5643195429607a29ce3ae44ebef41ed6cd3b6bdfd865661917644975670a7aabc3d8b4224c44c45719d48bda8dafc9efe78ef62c1529dd95bfcbb5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5b0c7856be5cf3b5c5c5c565b68157240
SHA1174152d5744e035593edbb68c39a2c6ba4c03e23
SHA2568258bcaebb4f8f91e24c67eb2ea915067f101bae649371290de67589273f176f
SHA5127235cd7dbea830a99d54e3ef9804fc2058f0e5b4d0377c7852f38509a0d4bba7e8ec24159ec52121787c0d3f0ee73c6d59c97ccf568df225af479a09b8d10181
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5b0d78dcb948ee5be431263ed95386b42
SHA186a1eca3348dd6455a23833122aa36551c8596f2
SHA25648ea331a9e0b74f9907635e8493af8921b9fbca9581c35ad9f2ea1ab7e5386a8
SHA512e5a34f35671a3d765b4a5d33dbf267d9fea54c0d074cc3ee4b0a16fa622d9abcb38dcd6c9fb48c6a2e091815254736d4d404725ea41982fa082b3f8a4558e3a9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5fa3bbedb9bd845c908af1568d684af02
SHA11d0c43b854ea5268c1a907c6e61895a9dff86b8b
SHA256b0df6aa1dc71e384fb27c7a545e5a3d240e9c3f82a3d1fd47255240a19b3000a
SHA512ed10de8982456b73c2ce4d0656788834028d11c7cff77ac599362f989b21724eb12c467048405a5fcb42b5737b79e1f8d9e93b3cf4f84b2cf74b17221adfd7d6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\er0iywxg.default-release\targeting.snapshot.json
Filesize3KB
MD50b48c1fa894251f05a3bae48df685475
SHA11cfac22ef9368562cee47636c04aa9cf9c9d9852
SHA256c40f3060796c98f51864260589cf7f539fb716385b1e28b4cae04398b69c9a1e
SHA512c2da621d8dae3715717850d0918e4e9ef32c4a82f5fd3bd3fa7c6f080cf953084b76dde8c63a2cd9b013ab8adcd2d7649731682ee547a9b96e23c79606ef4332
-
Filesize
29KB
MD563bbf7f0c71396681ae29fba310134ba
SHA16dabd445852bb791e9f72724cbd6cca23ce5c8a3
SHA2561d461f91cf19f9360ec3649694f2a08299907757a9fc592043b717d51086a934
SHA512f430fc45899343ceab8f79ce3e47b70c23bfa55d054e429487a7e38230d9aa5e43e6b6efff9f767e6f403d4e9285e477e154a1c7febbdd703d401914bfef6630