Analysis

  • max time kernel
    299s
  • max time network
    303s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-fr
  • resource tags

    arch:x64arch:x86image:win10-20240404-frlocale:fr-fros:windows10-1703-x64systemwindows
  • submitted
    20-04-2024 17:21

General

  • Target

    Auora.exe

  • Size

    231KB

  • MD5

    a96e98be73b7840e10e039d7b3b2a72a

  • SHA1

    bde4c46b9a32ba14aafe652ebe14cb03ba2692a8

  • SHA256

    886a78f6d4a3bb1667c7d8ba553487a9d42fc38188253d3604cfe5c0743b636b

  • SHA512

    c4855010f4b9bf3c0d3f2b78447380d0f85ed440355ed0ed39f10727b44d555f1a7b9ae3a6d241f313d85fa8f052692c20149ecb5b4f6b841291a3f12651ced7

  • SSDEEP

    6144:xloZM+rIkd8g+EtXHkv/iD4yr5ClW8e1mzi:DoZtL+EP8VCv

Score
10/10

Malware Config

Signatures

  • Detect Umbral payload 1 IoCs
  • Umbral

    Umbral stealer is an opensource moduler stealer written in C#.

  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 13 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 13 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\Auora.exe
    "C:\Users\Admin\AppData\Local\Temp\Auora.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3808
    • C:\Windows\System32\Wbem\wmic.exe
      "wmic.exe" csproduct get uuid
      2⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:916
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:484
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3924
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.0.1798644776\425096444" -parentBuildID 20221007134813 -prefsHandle 1724 -prefMapHandle 1712 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec127454-1608-48be-9e3d-29424bb8f45a} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 1668 18eb7c09058 gpu
        3⤵
          PID:4580
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.1.1014102146\868706895" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f7c1594-da07-44f2-81ec-1302a268a59a} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2152 18eb66fbc58 socket
          3⤵
          • Checks processor information in registry
          PID:3344
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.2.210349594\895147626" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1a568c7-0a06-425d-a8f6-01d6f77676f0} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 2872 18ebaa9c958 tab
          3⤵
            PID:4332
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.3.1735592390\1469672163" -childID 2 -isForBrowser -prefsHandle 3408 -prefMapHandle 3392 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7cbfc21d-ba12-46bd-bc94-8d7c3b1520e5} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 3448 18ebaf11558 tab
            3⤵
              PID:4324
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.4.673595299\160569524" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4108 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c537f83-671f-48f8-83df-0e5abb5083e0} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 4120 18ebbcbac58 tab
              3⤵
                PID:324
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.5.1103788450\940194433" -childID 4 -isForBrowser -prefsHandle 4764 -prefMapHandle 4812 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8edf7532-fe18-4578-ade3-ec83fef31db3} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 4912 18ebbcb9758 tab
                3⤵
                  PID:4904
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.6.1922801099\2058043009" -childID 5 -isForBrowser -prefsHandle 4916 -prefMapHandle 4904 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7e76ff0-962a-4c23-a5f1-c73eb1ff657c} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 4936 18ebcdce158 tab
                  3⤵
                    PID:4488
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3924.7.1261513494\2028359530" -childID 6 -isForBrowser -prefsHandle 5048 -prefMapHandle 4936 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c3f49ef-8394-4ec3-aa0d-b6c614e02769} 3924 "\\.\pipe\gecko-crash-server-pipe.3924" 5156 18ebcdcf358 tab
                    3⤵
                      PID:3928
                • C:\Windows\System32\rundll32.exe
                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                  1⤵
                    PID:4612
                  • C:\Windows\System32\SystemSettingsBroker.exe
                    C:\Windows\System32\SystemSettingsBroker.exe -Embedding
                    1⤵
                      PID:3944
                    • \??\c:\windows\system32\svchost.exe
                      c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
                      1⤵
                        PID:1104
                      • \??\c:\windows\system32\svchost.exe
                        c:\windows\system32\svchost.exe -k localservice -s SstpSvc
                        1⤵
                          PID:3796
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs -s DsmSvc
                          1⤵
                          • Checks SCSI registry key(s)
                          • Modifies data under HKEY_USERS
                          PID:3876
                        • \??\c:\windows\system32\svchost.exe
                          c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
                          1⤵
                          • Drops file in Windows directory
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4348
                        • \??\c:\windows\system32\svchost.exe
                          c:\windows\system32\svchost.exe -k netsvcs -s RasMan
                          1⤵
                            PID:4564
                          • C:\Windows\system32\SystemSettingsAdminFlows.exe
                            "C:\Windows\system32\SystemSettingsAdminFlows.exe" LanguagePackInstaller
                            1⤵
                              PID:4548
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe"
                              1⤵
                                PID:2264
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe"
                                  2⤵
                                  • Checks processor information in registry
                                  • Modifies registry class
                                  • Suspicious use of AdjustPrivilegeToken
                                  • Suspicious use of FindShellTrayWindow
                                  • Suspicious use of SendNotifyMessage
                                  • Suspicious use of SetWindowsHookEx
                                  PID:4064
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.0.867712453\1317427077" -parentBuildID 20221007134813 -prefsHandle 1588 -prefMapHandle 1580 -prefsLen 21012 -prefMapSize 233527 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b579143-6529-4f05-b15a-f36d07c4e66b} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 1684 24123cfb058 gpu
                                    3⤵
                                      PID:4732
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.1.2147144493\19589516" -parentBuildID 20221007134813 -prefsHandle 1992 -prefMapHandle 1980 -prefsLen 21057 -prefMapSize 233527 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {580196aa-bf81-49f5-a24d-ac880d66bf97} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 2004 24118cd8b58 socket
                                      3⤵
                                        PID:2928
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.2.1953592117\554721822" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2844 -prefsLen 21518 -prefMapSize 233527 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb73c2e0-698c-44c1-b3a4-33ecb81d46b8} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 2636 241275d9b58 tab
                                        3⤵
                                          PID:4892
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.3.1207865520\818033059" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 26696 -prefMapSize 233527 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {763ca03d-7dc0-491e-b8a0-576f35a2e267} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 3576 24118c62b58 tab
                                          3⤵
                                            PID:4180
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.4.1837121076\1068093690" -childID 3 -isForBrowser -prefsHandle 3756 -prefMapHandle 3628 -prefsLen 26696 -prefMapSize 233527 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba2def09-b1bb-423c-9c1d-5bf272f11297} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 3768 241288e7358 tab
                                            3⤵
                                              PID:4696
                                            • C:\Program Files\Mozilla Firefox\firefox.exe
                                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.5.1939360807\501407754" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4912 -prefsLen 26755 -prefMapSize 233527 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {45a3a77c-65a5-43ae-826c-29d6cfe8af34} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 4900 24128882158 tab
                                              3⤵
                                                PID:4564
                                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.6.2034699872\1332338341" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26755 -prefMapSize 233527 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {858704b0-8af7-4a1c-8c86-643f76ee948a} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 5060 2412a214658 tab
                                                3⤵
                                                  PID:1576
                                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4064.7.66445876\1467843342" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26755 -prefMapSize 233527 -jsInitHandle 1280 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0f6e04d-e061-4305-8241-8dfaee375a96} 4064 "\\.\pipe\gecko-crash-server-pipe.4064" 5244 2412b11a258 tab
                                                  3⤵
                                                    PID:992

                                              Network

                                              MITRE ATT&CK Enterprise v15

                                              Replay Monitor

                                              Loading Replay Monitor...

                                              Downloads

                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

                                                Filesize

                                                9KB

                                                MD5

                                                cc49af0a15d27289df30d55ee29171f2

                                                SHA1

                                                139aee20a58450f87d1479b5f28ca704636c80a8

                                                SHA256

                                                0796e7e60777fb1895b6a99f391264de43eee286db048abfaf72acbd7ab18b72

                                                SHA512

                                                5bd135f22b6ec9c69f5444c09c130e45e1f6984d6d4814adf3b73dad7db68eb2468d22af31e0b185dce131a818805ee4569ce06f5ceb740442d5fbeafdeeb1e2

                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

                                                Filesize

                                                9KB

                                                MD5

                                                b4a02ae14fb4cb9391859c7c162f7282

                                                SHA1

                                                cd7e79e45a4d09903ad0a71575f94d2914de9acb

                                                SHA256

                                                065dfb19e0f50d4937662e80dc2d3f05795c43f98941a61d9d5f3b9596590efe

                                                SHA512

                                                e1f0197d02e64019789ee61644a6ff0af7560d8efc902c11a94cfa9cae615ef1f88b83068dd218c72976999b0b81041ddaa85563043c32ecbbc6432642943e31

                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

                                                Filesize

                                                13KB

                                                MD5

                                                91ed2424bf3311f9a6f8108d2d0ae15a

                                                SHA1

                                                f9e5dcdea8f44b866fc887b21c03a4de08075c9f

                                                SHA256

                                                31ad3a2c2efb29b0e9a5c7175d00e364be73ede48737d983fe1f12e55c790bc6

                                                SHA512

                                                5a715810751965f50c6367d40e56fadb77d8233d6f3267135f7b60aca4f83148615c9509919789015dfdc870b5ea802baa86399c6045d8f526321efdbecd56ba

                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

                                                Filesize

                                                13KB

                                                MD5

                                                23f64ef91d9b1fb58c66f916567d2280

                                                SHA1

                                                892cd513fd05b5e5db19ba6e77411c533cfc3539

                                                SHA256

                                                42ed041497cbfb40f111e4366bbeafeb35e4d8efd93f202d2f1f596e9ce848c4

                                                SHA512

                                                f523f442c2b6206c5fbe8250d9e367ba5996807c8376f8898e56ea0016e2064df1c1d6fb23f1a5ff428ea09d38f5c357e1b79bb574064fc08282c477cf0ee999

                                              • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\startupCache\urlCache.bin

                                                Filesize

                                                2KB

                                                MD5

                                                098f635d6d8d9b6eb167a2a3a832fc99

                                                SHA1

                                                12163efae3f650ab3d75b70c98887b5118dfbf62

                                                SHA256

                                                b501582c8cb4a5f568df38be335c9b3d46f975562bd2785511861a2fd6445d48

                                                SHA512

                                                5dbbc21a7a5f4fa14c67975e564dcfe19d5bad1475e0979a688576b8285ee2b7785747e7d19284bb33dae3ff1fe2fa46c71fba6bf0d4c66680f24aa0e89f98fc

                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                                Filesize

                                                442KB

                                                MD5

                                                85430baed3398695717b0263807cf97c

                                                SHA1

                                                fffbee923cea216f50fce5d54219a188a5100f41

                                                SHA256

                                                a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                                SHA512

                                                06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                              • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                                Filesize

                                                8.0MB

                                                MD5

                                                a01c5ecd6108350ae23d2cddf0e77c17

                                                SHA1

                                                c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                                SHA256

                                                345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                                SHA512

                                                b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt

                                                Filesize

                                                324B

                                                MD5

                                                d1dff950ac503480f840cfb34a20d3f4

                                                SHA1

                                                f8e5e02270d2f90360212c3f93dd4184e6bbcf6d

                                                SHA256

                                                e30cfdcf43e5604e9d286455b37d43b11b366a44335205004f9ee24447b69c1b

                                                SHA512

                                                8558be9b993b406cd0be21563c0ca883fcb17b266fb124af379fa41cadae554d1c14f9c65f7ca00af33704899e63ae4fcde1b3301a3aab220ac2204522e865a9

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\crashes\store.json.mozlz4

                                                Filesize

                                                66B

                                                MD5

                                                a6338865eb252d0ef8fcf11fa9af3f0d

                                                SHA1

                                                cecdd4c4dcae10c2ffc8eb938121b6231de48cd3

                                                SHA256

                                                078648c042b9b08483ce246b7f01371072541a2e90d1beb0c8009a6118cbd965

                                                SHA512

                                                d950227ac83f4e8246d73f9f35c19e88ce65d0ca5f1ef8ccbb02ed6efc66b1b7e683e2ba0200279d7ca4b49831fd8c3ceb0584265b10accff2611ec1ca8c0c6c

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

                                                Filesize

                                                11KB

                                                MD5

                                                717b66f5d5b462247f84727595cc9244

                                                SHA1

                                                ae9697982e5c91896668212a8b0354928b1c2d94

                                                SHA256

                                                628a7aced00e901e25ca18fcdf5ebcf2c3fc972500d814266f289b90c104968a

                                                SHA512

                                                c31e1c3f3774f461844727463dd52651725fc26f14c1e7f021d21b0b27ad41c5d53aa28297565d97f237b60c73e0219a0c3b8b8c95a795b58c13f02addb243f5

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

                                                Filesize

                                                2KB

                                                MD5

                                                3e04fb267b019c206673b04d8d94703e

                                                SHA1

                                                bdd57c6e8bf46f523dc3d6f1e2f8a663260a0d3c

                                                SHA256

                                                39b11e47723fc003ff45e7f3e9ae9f8e89305698dfa324bcbfc940363997df83

                                                SHA512

                                                a96351f200568d4d496149191d73d9edbe20920c1772d4b5588e83f1b8c0bf4e897a3c393dde4b9368c07b2e27fc40b721050605a4fbd632ef5e1e958eb2ce01

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\12e19e4d-bc40-459f-85c4-8d8760711a0e

                                                Filesize

                                                657B

                                                MD5

                                                31ff8cecabe2de130ee6612ca51ddda0

                                                SHA1

                                                97f7addca873201f8f3cad3f7f56e4a1bd491414

                                                SHA256

                                                f7bf7b8763257caadbac2700a82df3133f7f9d9286043c6d4381471ef8143256

                                                SHA512

                                                b87d65d0d83e3199e272226f112a8f18ce82c63f49a9c2f2d5fe83d4d45a85105922f86b823e65887ecabe9e53ac8f47107be336d8df49a06001e9851d21a3ca

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\31f7e5f6-51d9-4b26-907a-d2785fe1158e

                                                Filesize

                                                10KB

                                                MD5

                                                108ff5a86ab4239eb00aef97d5e77868

                                                SHA1

                                                f370d6f0ca1d48a2bfa418486e2db12c93caf7cb

                                                SHA256

                                                129cf83b1f387f5d30274237efce9da4df21b6834a8805c1955824259530a3ee

                                                SHA512

                                                716e3a38d9fe7a34d6cc617b6d4a80266cfa0463f548ac5415a80c11312ecffe866010c4b88da96fd828a28a51ce5afac8d2e4078312953ed76af6c5165e1b86

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\dcb049f1-d868-4850-8bba-56311f217020

                                                Filesize

                                                746B

                                                MD5

                                                6d5eb88e48dc9f9333bee3a0e6041762

                                                SHA1

                                                846c844d7a47a45f73e3f12a11ab8c7f66d127bd

                                                SHA256

                                                2ece9dd11f3e5149ce951a57f8a56e99e9969755a4ad1b0915a3e8d4fd631861

                                                SHA512

                                                016b9c3d7ef879705431e72bc9fbbcc1ed59baabd72d905b144a14c8603f437d2bee64cc34d38d90e7030b77235a5bbbbbd801368138f841c91e7bf05067083a

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                                                Filesize

                                                997KB

                                                MD5

                                                fe3355639648c417e8307c6d051e3e37

                                                SHA1

                                                f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                                SHA256

                                                1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                                SHA512

                                                8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                                                Filesize

                                                116B

                                                MD5

                                                3d33cdc0b3d281e67dd52e14435dd04f

                                                SHA1

                                                4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                                SHA256

                                                f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                                SHA512

                                                a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                                                Filesize

                                                479B

                                                MD5

                                                49ddb419d96dceb9069018535fb2e2fc

                                                SHA1

                                                62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                                SHA256

                                                2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                                SHA512

                                                48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                                                Filesize

                                                372B

                                                MD5

                                                8be33af717bb1b67fbd61c3f4b807e9e

                                                SHA1

                                                7cf17656d174d951957ff36810e874a134dd49e0

                                                SHA256

                                                e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                                SHA512

                                                6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                                                Filesize

                                                11.8MB

                                                MD5

                                                33bf7b0439480effb9fb212efce87b13

                                                SHA1

                                                cee50f2745edc6dc291887b6075ca64d716f495a

                                                SHA256

                                                8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                                SHA512

                                                d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                                                Filesize

                                                1KB

                                                MD5

                                                688bed3676d2104e7f17ae1cd2c59404

                                                SHA1

                                                952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                                SHA256

                                                33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                                SHA512

                                                7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                                                Filesize

                                                1KB

                                                MD5

                                                937326fead5fd401f6cca9118bd9ade9

                                                SHA1

                                                4526a57d4ae14ed29b37632c72aef3c408189d91

                                                SHA256

                                                68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                                SHA512

                                                b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                                                Filesize

                                                7KB

                                                MD5

                                                050311136f74f3b48fcc43728f07a579

                                                SHA1

                                                3be400b18c1156d21f9650af6c7eee6a34836583

                                                SHA256

                                                8891c3d1fb23851d2f4c17d9a496061b9488f2aedfcbba8fa2f9a2f9bf58b03e

                                                SHA512

                                                09d5601d60c60316b416af611b4ec29d85a2c44dc8ac2d49c903d17d80aadafc9182235f970153b0f0fed7ae6e56fa2792f2d1bedc80dd48817e0b39160d395e

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                                                Filesize

                                                6KB

                                                MD5

                                                7f0598dc2005b79ca91db3696fbc692c

                                                SHA1

                                                7ce3536db341a42fb969e49b948f78e813ee2ade

                                                SHA256

                                                4cb7f84e645d2e3b6b024eec6ddef2df8c8f158cbf2768e3cdeae51356978cf8

                                                SHA512

                                                b422a73952451423e8251bf3fcef49708fa4b0f03832573258681a4037e0091c1f0078a8bdd43d5a13d7551519b632db4b7e16db8f821622646595747ba2a1f3

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                                                Filesize

                                                6KB

                                                MD5

                                                448bc176e58cc44df7860fe9a69ced17

                                                SHA1

                                                8c7c9c9b9722a3c84963532ec7e5b0f3b9bd6542

                                                SHA256

                                                7d026459b6c82ad2a73491076869d65e5fa507994642a74bbb46fb65e8d541ec

                                                SHA512

                                                2d565235a4cf626e3dc9d6dcfea8da1c03d4d9dac3c0f35282b1a3f1a1bf5e708326c2d80a5730238d6369a696f040484d3a89f0e9c6dfab0c9eb3d2d1539de2

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                                                Filesize

                                                6KB

                                                MD5

                                                f538d528cd927b7f0b43c263c32f9096

                                                SHA1

                                                76a28d4b2c26a152618ef69d905092bdd2ad21af

                                                SHA256

                                                efd61cfb55c9f48e7ba1790decf38270dcd1ee95bdb8e28ccf532b14e1815afc

                                                SHA512

                                                ac8373e83364398390222c888a775d4b2c5ba3e1e306f9260a30e6f63e682bbac7b708e0bf2af3537e9944a9a41924451bb84a8115034f765387e11720c7e367

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

                                                Filesize

                                                6KB

                                                MD5

                                                fff8d9d924f3385a3e31e371c4e095c6

                                                SHA1

                                                4c98dd32813532f344d7d233e1cdb73e97440fe4

                                                SHA256

                                                a993331d2d24528283ea459008ab4846c7367e6ddd20a933914ebafbd67ffa33

                                                SHA512

                                                e52a3f4f06ecdf7451a9b0139f24df19320b9b14cb71ef9e17b3b662f1b9d55c9730024693ea2510e12c99b3587af34078a08e13bde57cf92adec795005f2436

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                                                Filesize

                                                6KB

                                                MD5

                                                b8bcc55ecaca73b30e4ee7537b666902

                                                SHA1

                                                3ee1809966d2df4281e669f9372ea541ffff94c0

                                                SHA256

                                                723452b67341fd777b744e7be7d75e199983b857bd5f3d84c576ff08bb269292

                                                SHA512

                                                d2b6fa8f0b0294da65f57d5d5311d22add7bf92afa2baddea85f6d953c0cd2f28f6ba6f38022fca5e8fc0fcbf9607fa4bac4ad3fc17247f5f12e8230d4de77b8

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                                                Filesize

                                                6KB

                                                MD5

                                                ec9952a457679feb9a197d9ec9a95324

                                                SHA1

                                                1a92df52a2ce0dfc55854f238d3ac30268cdec0b

                                                SHA256

                                                5aa21e7fd476c1c3eb57921693ec5eedcd5327cd7c6cc781bc84707eb585343f

                                                SHA512

                                                0c03bb7579d80cda3b914c216d790885f4ec801228395c4151918bdb2f2a39f12102e9a9a5d996ee35b347b3923bd46ef5fbcfaff361eca1aa90e4284984b31d

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

                                                Filesize

                                                6KB

                                                MD5

                                                cb9f27ccdb52bcb56f37fbb9c5adae07

                                                SHA1

                                                9f623f7597752566ffdc9ec9ffb0b60c58a2aa97

                                                SHA256

                                                b360ad8691b3fa6ab7ce014042dfdfb92e3011674c69d7517935d54db63a5bc9

                                                SHA512

                                                d2e8136a156dea6a87b86e90c4a5038631892eba9b3a4cd0ee5ffd3cb78609fd464ca110f16c88959867d16d7dde6989756c971aca52f002818470cfb4669ee2

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\protections.sqlite

                                                Filesize

                                                64KB

                                                MD5

                                                49397db0486dc59d607907a086f40c9b

                                                SHA1

                                                08742ce9db9569062def08e99eea8470702feb7d

                                                SHA256

                                                890033ea279f13478e655150a823a5f84176d2f8f2ec3724dc61dfec775707c4

                                                SHA512

                                                fc8dad1ae2215cd96c41bb3e683670bb9138467677da46c19d1e58972775842a995b70123c22ea1efb659d043f5116d0c9dca422035a6646b35f81033c9f5f53

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

                                                Filesize

                                                288B

                                                MD5

                                                948a7403e323297c6bb8a5c791b42866

                                                SHA1

                                                88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

                                                SHA256

                                                2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

                                                SHA512

                                                17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

                                                Filesize

                                                53B

                                                MD5

                                                ea8b62857dfdbd3d0be7d7e4a954ec9a

                                                SHA1

                                                b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

                                                SHA256

                                                792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

                                                SHA512

                                                076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json.tmp

                                                Filesize

                                                90B

                                                MD5

                                                c4ab2ee59ca41b6d6a6ea911f35bdc00

                                                SHA1

                                                5942cd6505fc8a9daba403b082067e1cdefdfbc4

                                                SHA256

                                                00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

                                                SHA512

                                                71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                                Filesize

                                                1KB

                                                MD5

                                                b316370802fa0209aac6f72367ba7f70

                                                SHA1

                                                e15d57817d2daaa5e32d29ca5642491f13331f0d

                                                SHA256

                                                c28351736006ac302ceabdda94f5a9eb40bff7752caa2d691b33a3a51d71fed2

                                                SHA512

                                                fdb26c80357a67aa01828cd1c3fb18d543577b4b99a2ebf4c26c1559e7f8bcbeabcd62eae1beb2744e84a2c988c387868b03a406fc42e25e0230edbf6b5b415c

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

                                                Filesize

                                                1KB

                                                MD5

                                                cff097ba29c62a031f289799f93db517

                                                SHA1

                                                5d21fd9c751bdb659774c370491bac1341d45692

                                                SHA256

                                                d5fd8d3a265b98169aedf8a486f2c156883349678c8da0808653fe01c3020de7

                                                SHA512

                                                0917abde9bad0ed5579babaa52682839968b2b1d776662bb505e57932ba8c3e363f6133597c294560913d88b0fd90735186cf1be88e93cf4375fed614c9adede

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

                                                Filesize

                                                892B

                                                MD5

                                                6c565ec596f92de75df3f7ceecc121d0

                                                SHA1

                                                27736b2f19500813dc5470839fd8d4e688fbe08e

                                                SHA256

                                                6431e7aea9fd5399b4df0791ae13a2b221c6d4be2070240120ba259d127102d0

                                                SHA512

                                                daeb62c5c7458ab794a809606ed62fc9401f09e9d905017f94ef63ea9d82583a20b513860dca7ab976a78754a037a9efb6fc730986c3af13f4fd4c0af3ec17a2

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

                                                Filesize

                                                48KB

                                                MD5

                                                a1b018b995a794a2ff173bce8f66a01c

                                                SHA1

                                                f40b62b1547cc2c098d6d81b808dab5c55e81c51

                                                SHA256

                                                24e057dba85d77f5cad4c95091a9e675e85703460678a0daeed97c205aea2d35

                                                SHA512

                                                d85732c19718b59986e3417a174bb86f94f640ed3e3c23940e2d29482c1a2c970d59354fb8372ea94fb938767c1ad00836ae0a143ff16230c813dc184c88d3b7

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                Filesize

                                                184KB

                                                MD5

                                                f5e3b1c35b1609da6de4ef2655e53a5c

                                                SHA1

                                                b448f910edf75883b0a0cd91c97de2fc85275f49

                                                SHA256

                                                3a98227effb3b87b626aac5fd26231872fdbcc3536058698a3755e9ae7a2ece1

                                                SHA512

                                                99251865f1d6dfbd186a06f7f3567557535fee14d3cd141d12f579f88f59f256113c51e864694671309d7a932a96727fcf509e6e773fe03ae36883285be1b3c9

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

                                                Filesize

                                                7.7MB

                                                MD5

                                                d118efb8b0504ee97842add97e665a82

                                                SHA1

                                                1f69c7f866472b958e4a82a911004af1e47ce31a

                                                SHA256

                                                9786e76e4aec34388f4ecadf560e5711b1af054c291c961da51d2f979acd9ce7

                                                SHA512

                                                e9a9094671eae15dd4f86c9a98a960b9ade4936ae09eee0c5fbc15c7b5a8c0e685e11cb528150045aff748cad6dea115524612482274e7e17f687895467d63a4

                                              • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json

                                                Filesize

                                                217B

                                                MD5

                                                58e240288763218d12bf235d34e5aee2

                                                SHA1

                                                89135494b57f590011c09668dec3b90d2c5ee9ae

                                                SHA256

                                                615f80e71dfde24711e7fefc1b7959f7592c5e5cf9ad0f3aecb4235b93187176

                                                SHA512

                                                caed2638902987aead199e73cffb90881bf245bbb616cb38c46b281d4aaaa54dc20a54e9bfe17a8d6e68847394c113fb7606e94b64f44ab0b52bf7846f26e936

                                              • C:\Windows\INF\netrasa.PNF

                                                Filesize

                                                22KB

                                                MD5

                                                80648b43d233468718d717d10187b68d

                                                SHA1

                                                a1736e8f0e408ce705722ce097d1adb24ebffc45

                                                SHA256

                                                8ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380

                                                SHA512

                                                eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9

                                              • C:\Windows\INF\netsstpa.PNF

                                                Filesize

                                                6KB

                                                MD5

                                                01e21456e8000bab92907eec3b3aeea9

                                                SHA1

                                                39b34fe438352f7b095e24c89968fca48b8ce11c

                                                SHA256

                                                35ad0403fdef3fce3ef5cd311c72fef2a95a317297a53c02735cda4bd6e0c74f

                                                SHA512

                                                9d5153450e8fe3f51f20472bae4a2ab2fed43fad61a89b04a70325559f6ffed935dd72212671cc6cfc0288458d359bc71567f0d9af8e5770d696adc5bdadd7ec

                                              • memory/3808-6-0x00007FFF30FB0000-0x00007FFF3199C000-memory.dmp

                                                Filesize

                                                9.9MB

                                              • memory/3808-4-0x0000022B79E00000-0x0000022B79F02000-memory.dmp

                                                Filesize

                                                1.0MB

                                              • memory/3808-3-0x0000022B612F0000-0x0000022B61332000-memory.dmp

                                                Filesize

                                                264KB

                                              • memory/3808-2-0x0000022B5F920000-0x0000022B5F930000-memory.dmp

                                                Filesize

                                                64KB

                                              • memory/3808-1-0x00007FFF30FB0000-0x00007FFF3199C000-memory.dmp

                                                Filesize

                                                9.9MB

                                              • memory/3808-0-0x0000022B5F560000-0x0000022B5F5A0000-memory.dmp

                                                Filesize

                                                256KB