Analysis
-
max time kernel
1587s -
max time network
1588s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
08/05/2024, 23:25
Behavioral task
behavioral1
Sample
spoofer.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
spoofer.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
creal.pyc
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
creal.pyc
Resource
win10v2004-20240508-en
General
-
Target
creal.pyc
-
Size
64KB
-
MD5
d8cd9403e6a921255a8445ff764c5462
-
SHA1
ffb521167871584ede34ad1d58d4c271fe7d2efc
-
SHA256
1bb6a413a556047809939bffaacb98796d1f94645d7341d8afe4bb0262e3f0bc
-
SHA512
81c714a00e5d89aec7da216181b25ca7d71e606792e8aa18af837c083c070d40f42843ef2ede8a214a26840be60c90b292770a1c56f3fdbc6276d2d7217a467f
-
SSDEEP
1536:7Tr7e+0Ql9pObo8BHWftXASFW08VgeOR2es:7TLYbo8B2VXASNMgeORk
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe -
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings firefox.exe -
Opens file in notepad (likely ransom note) 1 IoCs
pid Process 2876 NOTEPAD.EXE -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 664 OpenWith.exe -
Suspicious use of AdjustPrivilegeToken 7 IoCs
description pid Process Token: SeDebugPrivilege 2452 firefox.exe Token: SeDebugPrivilege 2452 firefox.exe Token: SeDebugPrivilege 2452 firefox.exe Token: SeDebugPrivilege 2452 firefox.exe Token: SeDebugPrivilege 2452 firefox.exe Token: SeDebugPrivilege 2452 firefox.exe Token: SeDebugPrivilege 2452 firefox.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
pid Process 2876 NOTEPAD.EXE 2876 NOTEPAD.EXE 2452 firefox.exe 2452 firefox.exe 2452 firefox.exe 2452 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2452 firefox.exe 2452 firefox.exe 2452 firefox.exe -
Suspicious use of SetWindowsHookEx 24 IoCs
pid Process 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 664 OpenWith.exe 2452 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 664 wrote to memory of 2876 664 OpenWith.exe 76 PID 664 wrote to memory of 2876 664 OpenWith.exe 76 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 1908 wrote to memory of 2452 1908 firefox.exe 79 PID 2452 wrote to memory of 3068 2452 firefox.exe 80 PID 2452 wrote to memory of 3068 2452 firefox.exe 80 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4436 2452 firefox.exe 81 PID 2452 wrote to memory of 4552 2452 firefox.exe 82 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\creal.pyc1⤵
- Modifies registry class
PID:1396
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:664 -
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\creal.pyc2⤵
- Opens file in notepad (likely ransom note)
- Suspicious use of FindShellTrayWindow
PID:2876
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1908 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.0.751240975\1230411590" -parentBuildID 20221007134813 -prefsHandle 1728 -prefMapHandle 1704 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39252f6c-c64c-4ff4-9d88-2e6e1690cce4} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 1808 1f8ed8d6458 gpu3⤵PID:3068
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.1.1186058279\192701327" -parentBuildID 20221007134813 -prefsHandle 2144 -prefMapHandle 2140 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe53b68-90e4-4477-aaa4-df2be0b70615} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 2164 1f8e286f858 socket3⤵PID:4436
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.2.900666094\1089503142" -childID 1 -isForBrowser -prefsHandle 2780 -prefMapHandle 2728 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e03c1f56-211e-4ccb-bfa4-b7f8a610a726} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 2764 1f8f1b9ae58 tab3⤵PID:4552
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.3.442009705\1961984103" -childID 2 -isForBrowser -prefsHandle 3476 -prefMapHandle 3472 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52ed5744-947c-4e83-bad2-678c049cf179} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 3420 1f8f0312858 tab3⤵PID:4612
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.4.1859437249\1909045402" -childID 3 -isForBrowser -prefsHandle 3816 -prefMapHandle 3804 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5d4ad4b1-f9c5-402b-a044-711026ebf1d8} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 3772 1f8f3603e58 tab3⤵PID:4424
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.5.337523763\1329904339" -childID 4 -isForBrowser -prefsHandle 4920 -prefMapHandle 4916 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {568d916e-68b0-4464-8294-29fb39287ade} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 4928 1f8f3c96d58 tab3⤵PID:3248
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.6.422342891\884273405" -childID 5 -isForBrowser -prefsHandle 4740 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c56b9b2-7170-45c4-b71e-e9a1e3299823} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 5080 1f8f3ef0e58 tab3⤵PID:388
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2452.7.229722214\244243234" -childID 6 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a790e00a-291f-4c65-98b8-08ebec3bf8c2} 2452 "\\.\pipe\gecko-crash-server-pipe.2452" 5212 1f8f3eee458 tab3⤵PID:508
-
-
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵PID:3612
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD56959480783ae269f1e804134cc058bdd
SHA137a799b8546e3f97ea904f4f86ba8602a1dd6be6
SHA256cf2a0f7223d405b08683df8f83f916b2e3ae4fe4328cc247473173798373a538
SHA512ee604e48cb110990a6c9e1edaeb616d199bd23d612d7df67d236f3bba1f54e105358b94907202dd057b3c331e4e5a9dc9278847f001fb7a45d4c5dc5def28453
-
Filesize
11KB
MD5c4a768972e7bae26efaf59f9fc92378a
SHA172249cdc1c8909a79eb2cb63004ed892689ebb31
SHA256c9dcb0ea94db1ebef1c4deaeb70916603cd20984bc1b75aa2580d0c573062824
SHA5120cd98f0db438ae652aadc78d60d199ef5a45aa580073241f02a583b88e8ec5e061ca52ca0b4e161a72f3da96520bed352b769593d5f1177aa9f1979db6a29e27
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
Filesize13KB
MD5e88c76d267f4b32267c31b9915d07d93
SHA1c5204ecb599148b6edcde7dc4ec5c17c3419ed05
SHA256ec4c78420d1e3bbd9b05c0625914dd41ea8d91a8974437c371e8319436dafe9f
SHA512e1a7624525a9005b1e84c8ef8c7fc1bab7995208b2a366de192ff0360a5aef11b87287d509d07a8d2d4b6b61e8033966bba022b495635df5e313cfdcb24b00e0
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
2.1MB
MD5e4834f24346a09df3ba9b795f45d5a5e
SHA115ad8e2495706d12164a251f01ff90e2aa72cc0d
SHA2568b0b63cd95321142389e81fdbf3c050bbaee5ee3bf63ecf898a20d136bf8cf81
SHA512d1be7d76f435337532cfa61445defdd156d5575900f81f2cd223ce805eae5abee34b09afcd65b95a5f45501e8a4c89e34c62d0ba3f5f7351fa582d1b59554e59
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD5576873ef3feb40559b757e5f075fbafc
SHA1499637ce50ccf463aa659862e0a1f0ec7eb02920
SHA256717d1906277e313d4513acf7eeb3472f22e4972a3bcc2b5385ff5c1e9785bb3d
SHA51208d8b0cd4c9970467a49811304501d7e373c8bf895282aa070a2b507ba578fa37250ba8c23d1e71c1ebd317bb9b1e767ebd44d08f310a986746a19254b54e7c9
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\SiteSecurityServiceState.txt
Filesize372B
MD53e7b387280a801d94a6ce0cdf6e3a1d0
SHA1fcc6e2d2902769c98966aca15d28a455b4462650
SHA256d3c55ee558fb6ab6221b0806c9b313041dcb77eb4142a7e46fe2e6132cb1c885
SHA5124921d7f982e343d3f533f5794b61c509b938cfee96e24383d17b1e51da65259d775ffe5cb3ba01a08f22925ee00d2e4c185afcbe73e58e205bb2482f5f1a9e87
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-05-08_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4
Filesize945B
MD5838d93fe7f64f4f752cc6aa88379ef54
SHA155f0a2bd40fd96e3a319f886a58891fd9d416c0b
SHA2561b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d
SHA5128a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json
Filesize216B
MD5abcc0f42bb5d541a22471d66a24004a6
SHA103e6515a5407620c8e5f48f5024b0824cb866a52
SHA256c917bdac59f9ebc4432d65a236d77834490a2f991845dfbb74beb704d1ca9378
SHA512eb9cc368afd27c3e37dfb6285ca1ccaecc135220b98e7d24c1afced6433d27eec23b1546352104d53f594721f84a3400ab9279ba966d5de88cbef89d43f0fd7c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD51e95581207e41f2bedf26496125a0d40
SHA1f11ef2107284f1e0c96eb7935b5d2724519d7227
SHA256edb308b3fbd6f209b6693d582497a673acfaf865d49476de06c90d4c5f5eefe4
SHA5128e305585bdd8f1e098af19966b3c8950432409be0d3dca15ad3c2c08db81e99bd7e34756a7c603f2c1a1065c5eb374bd1a9e1afb5b680b28553d139d7814387b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\1b3c29d6-3a8e-4a4d-9699-3b325eba8bc3
Filesize746B
MD5330494c19bff99d45da5f28db1a48618
SHA1963cb27599fc4ed19e7979a09ad36e2db1f0349a
SHA25617c4e036459ef759b1eb1badfa4fc199dfa45fc1f5b1ec8c78fe3bb7b4166bed
SHA5126f2b0db678b2240954b0b4cfda593e4955b37ac88eb1ae6c6517887bc29accb52d4e8ad0467686317b411c22671f3c05b546f4a207df62db1b1065be77fe8899
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\b4e3ac5e-55bb-4cc3-8ac8-07664b1a5d22
Filesize11KB
MD5310c935b98b3380ced6491a1664e5c70
SHA12a1999d75cda489c2160d79aa9d487bf09e4c64b
SHA2563108bac0f340235365b0784bacc581b3d03f357e545b0513f45e64e247a8aa7c
SHA51245077a936259cc7be899c266b6f6f0df0a5ec45ff339d5aefe154e9663cab99c262dff1d63c59add29018bbf87b806c2c331df4a77a77c71016d3c0eb452c134
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\extensions.json.tmp
Filesize34KB
MD5f8b209c5df7a3833cd9bf79d62380f6d
SHA125dce57657618f1be8d98409f28537e38f0d8d8e
SHA256ca033cb0c618bfd2e0982b404363686a79a0e6672d7a484fe97a5f1d7a74c398
SHA5122758d26715470183d207d2dbe8c9c95698e8f1bb79a2faa0c922f701175cc96e7bd2fbc7e43a2e2fb806c4e237bdfed7dc6e1d1a131dffc071e19cc94903bd1c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize1.2MB
MD5e1fc7b1319afe491f5c4895347946f39
SHA1be9e8389d0f9ee8d3a74d9a4d478860be97eb6b6
SHA256cf114d548ac4f249d685b4ffa43f520c29da2bbb42b9a3c37cf76ed35162e540
SHA5120f63234766f9f3a10440cb776cf30409bdded576edde9608aec548bddc92a332a0ecd7b728f116e5e4456ee743c3a78109310ee640d5eecf5413d00d549913b6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
10KB
MD57fb20b60bf748f6c3d63b448e086bd0b
SHA15a43fe5c287fa991756837badffc666a5940329f
SHA256988d6db993c6068e8cbab08e7d569b70bf83915b27646305a3db9e3a12868d0c
SHA512075fbb134b86a9c7e754a04fda100a1cfb8ff658f6eeaf1b96694adbaf2e4e1d452cce5de9e1e5f6581c7e79ac20c85df515795457882ef4ba9f19bfd7173108
-
Filesize
6KB
MD56b026afba5affda87cb49cdfb5f00620
SHA185ab70da05c0894b49159aa19d12329a4e989655
SHA25623f7e8239a206294ff7f92609b2eb027a73fbc23a6ce0e0cff251f52c196c5fa
SHA5128107e5e1f57a135133ddaf0bbdb7cf326d22cec6e7f72535fd00ef54e713d351f896fa474b9a343b7d58af17bcb34c1a1f2dcfd2270ba289846aed317f3bcc91
-
Filesize
10KB
MD5bc81217d25b308edf53983fceffcf125
SHA190da9c52c882f89f6cf95d3cf9b8e0e7baa795bc
SHA2562e95796a65836a04accd2ebf2f6a4ccbc3618d316d23eceac09edf94fe4cfae4
SHA5121854e2a4e697a2e34edd0edbe7e09da4f58972ba30252fcec610485532282b83a9812604ce55284b8513132b2c937d35ff99772e40c0b9e5bd0e918693b429e7
-
Filesize
7KB
MD52f239a2e3769512def27edcae623c222
SHA15b6669131a2731585e258ffa390bbd3c7da3887b
SHA256d042ac4e072a65f73144977ca8767542607fa86d7bebb3c4c58ee0307205c94f
SHA51208b5187a061dd9173fb288c50c11f0ec11578061e8fed5bbf48e9e2f08aad489cd6a1e269333aea3e67c7c6a0a9ac7f392d351735e6005bd148dadc6a2fe4f42
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD588c2b1f4fcec1a99c8ec63f7182c1fe6
SHA161f93d4b0bfc76bf8adf06635dfc6d4301b421c6
SHA256abe143f0802c14ffe8cc6ea7b53db35dd9c416d916a39533a7cd0782c2f458bc
SHA512f3090b92ad8e32a4e0118240637fb4315fa964f55c10f99b11ca926cfae9e84cacc3c62d47fb966fc19ec3ab1a41c4dc838f2814a56c6d9fcbe4f58f098ea9ea
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize1.9MB
MD562624c47252940db3f30daf7ba749c91
SHA1ab0699ae027fe4c8a833524c418646d8d5f62402
SHA256efb8db12b1f8ee8ad4c1d2baec9d5d713ee86843de5cf494211e2b0b3ebd9685
SHA51235b86b024635f4bd3df44ea6aab0ca6d2fe15940bb3e6e42c1e1c6c2b506c27f5b9cb4d3772fcd193781271ceb862b18167f4cd2fbdf4d6dd95e112222b07560