Analysis
-
max time kernel
1524s -
max time network
1587s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
10/04/2024, 19:16
Static task
static1
Behavioral task
behavioral1
Sample
MBSetup.exe
Resource
win10-20240404-en
General
-
Target
MBSetup.exe
-
Size
2.5MB
-
MD5
b6d8b7e6f74196f62caba2ca77a7ae91
-
SHA1
6ac9c99f084b5772440e2f135b8d5365f7f45314
-
SHA256
74b0bf9c17091ab1c6c61af0aefbc599f1ecc0fff6dee0144a3dfd5cd1f5e18f
-
SHA512
ad58bc7b626a13606e3f44df7188b2420e0f31ecb55632eac4b6a05dc1574f1ec1b0ef6b52e11832713c6f8f91c807fe3a815699d0748284993ecc54f2823044
-
SSDEEP
49152:/5wZat2ranBQjvaq/Gtl8StQyfvE0Z3R0nxiIq2ddBzOnX:/5wZauUBQjvL0SKtQRq2cnX
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\drivers\mbamtestfile.dat MBSetup.exe -
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion MBSetup.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate MBSetup.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 1 IoCs
description ioc Process File created C:\Program Files (x86)\mbamtestfile.dat MBSetup.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4788 MBSetup.exe 4788 MBSetup.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 3360 firefox.exe Token: SeDebugPrivilege 3360 firefox.exe Token: SeDebugPrivilege 3360 firefox.exe Token: SeDebugPrivilege 3360 firefox.exe Token: SeDebugPrivilege 3360 firefox.exe Token: SeDebugPrivilege 3360 firefox.exe -
Suspicious use of FindShellTrayWindow 5 IoCs
pid Process 4788 MBSetup.exe 3360 firefox.exe 3360 firefox.exe 3360 firefox.exe 3360 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 3360 firefox.exe 3360 firefox.exe 3360 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3360 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3540 wrote to memory of 3360 3540 firefox.exe 74 PID 3360 wrote to memory of 3012 3360 firefox.exe 75 PID 3360 wrote to memory of 3012 3360 firefox.exe 75 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 3252 3360 firefox.exe 76 PID 3360 wrote to memory of 1380 3360 firefox.exe 77 PID 3360 wrote to memory of 1380 3360 firefox.exe 77 PID 3360 wrote to memory of 1380 3360 firefox.exe 77 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"C:\Users\Admin\AppData\Local\Temp\MBSetup.exe"1⤵
- Drops file in Drivers directory
- Checks BIOS information in registry
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4788
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3540 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3360 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.0.1199631431\311463652" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c133697-7274-4bea-b9b0-3d8e3595d16f} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 1796 209b24d9958 gpu3⤵PID:3012
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.1.715959697\1721751552" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {75eeeb0d-40ff-4a71-924b-6a2d7b3ed81a} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 2152 209a7472558 socket3⤵PID:3252
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.2.1245744743\1818344023" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3004 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {643d8381-d07d-4d3f-897d-e9691996a9de} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 2780 209b245f058 tab3⤵PID:1380
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.3.552857092\1101177578" -childID 2 -isForBrowser -prefsHandle 3516 -prefMapHandle 3512 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {18cd31f4-624b-4a07-9911-29be22206e12} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 3444 209a742d858 tab3⤵PID:3536
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.4.162301372\686543595" -childID 3 -isForBrowser -prefsHandle 3884 -prefMapHandle 3524 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {72627712-32b6-4c2c-8575-5cbfa4078661} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 3892 209b7b18b58 tab3⤵PID:3388
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.5.1053495656\1630273479" -childID 4 -isForBrowser -prefsHandle 4880 -prefMapHandle 4892 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9cf3fd83-f946-4e7f-b498-a0d54b0d8fbb} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 4920 209b85c2e58 tab3⤵PID:3396
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.6.1956506675\1957555489" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4900 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {697abd7b-13f1-4602-97f6-ba0b867843ec} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 4944 209b8b4a458 tab3⤵PID:4212
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3360.7.1395309235\2135693558" -childID 6 -isForBrowser -prefsHandle 4944 -prefMapHandle 5248 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2099b48-db04-4705-bcae-bf1c9ca1dd30} 3360 "\\.\pipe\gecko-crash-server-pipe.3360" 5156 209b8b49258 tab3⤵PID:3060
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
9KB
MD5d01b54159ba6643419c8cd605ce8a7d4
SHA1f6aa277f90a795928559e5b4192840b09cfe899d
SHA2567634278154016d28c4c011fc8b12fdf74f5580874e77a02df395b5ff75648d08
SHA512d2c67e8bbac585dc92b522a321e88094c9a4eebab7766a789e9a5b6685ccc83a719f137776d85593345703b555c346cf80c7da570e3bf16c3f428969efbc4698
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\979581C3E304E73A28C04371AD0D7425356D6BDF
Filesize13KB
MD53d2017f929ff41fa0517a895ffdfbbc6
SHA11873c817430bc04fc896799052306c8f5d91a388
SHA256964d3bade1edda46c462010a12e93c0c227d60a56bc23b6f00dd12af6768ef7a
SHA512aadb6af847c81c87329fb6c05d86b6d752087bffc9c2d0504d01dc0dfaf91452f641d1bb112349efd2c4393e4921ee7f8012f684a05a4e79009d3ac724301845
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize13KB
MD5f6165601a0e6a678cf1807a0efd9027c
SHA11edd5d5008469249cb299abb417f63bfa9fef7e8
SHA2569c1e7d335ac100c8bbeff341caf2525982c3b7fc87d113bfeedab45d7f5cab64
SHA512df879b434c02ba792697c7110c0e20d3c9a7b6c6ba1df3e57ab1b0f3dc2bbe6e229cd340cb34e9b2e35645753106d571692bd6ed7b3fe7987a69b6b97fe4734a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD5329f99b9e9aa477d6f540a1330b4a6f8
SHA10ec24550e7ac85c87f0760e46cda3825cf12b1eb
SHA2565ab69bd05cc4a06a12c0e80c104e57c1b35db65d038068295d57eae5ba72705f
SHA512b6fc74ba37fb74be18042979e3277c53aecb085dd38b939f0c2b87a572233e98c1f5e3ef8997832cebb351fb63280b73472f5e118f0afe6ea18366fc43033245
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\bookmarkbackups\bookmarks-2024-04-10_11_fHex2gcaYrcM3bB6rAfVHg==.jsonlz4
Filesize941B
MD506d87d126355fd690e457ce18b4778f7
SHA13de1658c09f3729a9ef1e86d20a4379192b125b3
SHA256d7f1acf55995a0c37cee175af46bd974fa2bb09f2905e9001aeaf604166b7294
SHA51278ea844adc923e9d7383c4c2c2566aa99097542d69ad04655398dae6ae4e7b9b63037c5c5a7776e939f6337f216e5e906fac5f3faef5bdad8302b117ee653eb5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\broadcast-listeners.json
Filesize216B
MD500c3e3efda1ee565df083ef12fd866ec
SHA1e260e7dc9fb717f6512dbb7d87c1ca32f21246df
SHA25679593892142cebe2dcf4c559a34d05a9773387d0daf5b4d786d97c8ef27a6ea1
SHA512b1faab06ddb61ad54736c681efa6f3a9f5cb0ac92f03355d03bd18a4a3897968ba472a058379268f68dcc889f6d7233d4984c4db2d4c1f670b7863fbc7544fd1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD586c8b040427843ae9c601351c1345822
SHA11f0630ae00aba64df59a5a4ded04f2ce15b4dc33
SHA2562bfeb6c46bc68d69e624e9a67393e83c53805bde5fc9527ed080a0cd91017360
SHA512c7d4bf9e5f8ad6160ed36de5b4ba47054cb5c483a209cf3ade3daf7236a357422f5650bb48d65e9c1c2622c2f023b0ded4bdf6f7543ba4a8cefbea70ceac13b2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\4db73c5f-928c-4293-b502-cb1faf22e421
Filesize746B
MD51af2ac1a5ee6f9a257ca986992449588
SHA164d94e5afdb0f261951dcbd1f5cf87dc6c5da50a
SHA2566b9690fbecf0d93bdef9b83abf43c068857c03ddeb711f6a8ed8a59f0509b60e
SHA5126d69b0670d6f7b0e0bc899b6a1d2a573ed5d728b5e2cb3fa3bb1113105672e7186a2148f98d7aabc3c6ebc43bd3fc0e1b2cd8e684f69aaa7e7ea795cdf98e8e3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\6119f649-596d-4bce-b320-7bc7044fc3d2
Filesize10KB
MD5095c204b1ff63639309aefe28ec9e03a
SHA1cfe389b0413e2a2fb622ac6757f9c5d7245e5b12
SHA2565a453332e1a758744c5cb9d9a68a507d400dbdd03229ebe9265b2602ce5055ca
SHA5126d5b19d3b7a7b4859081e33e6a12e75612f41d3e58c7e6cb10bb734390ddabfbafba3447b215f373645709b1555bdd85056476768e221fddbe4747e1d1ce0833
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\extensions.json.tmp
Filesize34KB
MD55ebd0622338bda931843fbee29c374d8
SHA104e73b6e8cdc0f56e5faa396ec1db543621f0d8b
SHA25697a2a6dac05273711c0717e0cb8d04763691ac175c675760b5db81d332c31289
SHA512213155fd8a53bc7b5c40940cf4f3cb400cdde4218893b4d31a8f8262ad8621af2fb738014402333c1c220b6692683c3f47e7dc56a13290adcbdd32c62f29cd52
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
9KB
MD5458639b6cc1d221796352fc21a1cfc36
SHA1630e8c607514930ae2b4768f9666cf8336d13ce4
SHA25657d3271a56740fcd21c43ec586af2aaa0d340803c3b03a417eb636149f0dfd91
SHA512e40e16c5e7e25bc3ba1689f6bd4fa284673a60bcfdfe726e5ed47b8875ecc5677c10ebfb6e83fb9a8fc4016841d21be28286a474723c0fcce82a0a031f723dcd
-
Filesize
7KB
MD5fd55f36f176d743ab7013b8da521cb65
SHA1d0cacc9fe5f8a448fbec36fca43cf95ea02a106c
SHA2568009e6114618aee7bc604bc3e67b14d667682d8ae224d7d137a3072d3ff0cc69
SHA512e2753c966feb1612efa0375b435ad266fac56240ff7cb4badac6a5b8c8d0ef8ed3f88e76825772bb088f4c606fe0db0ae73e9505260ab910be0d0eb677369828
-
Filesize
9KB
MD5aebd7732944d2a0c1080d7d3bb300c73
SHA1be85e1890cf9d43a198b662953e609ad2c738258
SHA256b66a5573202b73e22497a6b52ddb59d1b67b1685d9d821e78b13f485c1cd017c
SHA512d5601a45996124c39af7ad632f350f991158f433c5766a5965b991341fa929e3a921cb97ebb237281039f40bfbd98ab4a708c4150dfc18d8e9fa8463f7dd23c5
-
Filesize
9KB
MD52c34857944757a75709e583c992dd46a
SHA12c6102419cdcd7550aabd6605736c41ecd77f59b
SHA256ea04f500a3cb40d151221fd3f6dbce6d65dff00011d57ae7f52d8360badac88f
SHA512607bc623b69d7441604bb94b0c9362d746d885fbabe993b2c562602a4f22da2d168890b56d50c845518f0da9c696a092949d675fb65570b73d60e0df0c93b09c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD585bf17aaec32ae68a980f8c06a49e377
SHA11856ba65e41d35e248197ca50e7843a49699a6be
SHA25604fc19e65e8ba0ecd2c6585ac9db07f7897aaa8e65d516545f1ae071c36a3cfb
SHA5128464f76f78d1bb93b0cbfa05e83f6ae7f4b169353d0d2871bd2d618d928c2c55a29d6b52b0b7beed4ee9189b35d3d31ec236aa5e2e4c8300b91442ece939037a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize7.8MB
MD5f8c53769265a36f3c243a9d34934c2e8
SHA188bb74bc8e5d59353b52d6f7756f5738d782c811
SHA2566c0d9d85f02e4e9dca918b62644e6b10789827086215f24853b60be677b9b63e
SHA5120e597419a20f5a65198bc4aa89b68f78dcfaf6c9812b2b006d83633ce168cf01266920a6a47fd59cbb15578e2688507dcc51968c28786ab7483f2d6619316d4e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\targeting.snapshot.json
Filesize3KB
MD5f80303eb90d836b29d173f4af0d3d06f
SHA16d6a336e1f2e2ea0f196f74b736d0c550572f467
SHA25664ff06ec310eb9681324d03fbd39df9fe1114d5a0cdbc7428f8e36f228604640
SHA5121d4a7ab4c310dc342813ea7e074e2dc3fb6b3666c57d4c3127aeca620469b7755d343fc08d905ad6f5f722223618b19df25c9b34869cb0c0e42f46f8adcd7be4