Resubmissions

10/05/2024, 17:31

240510-v3t6daha8w 7

10/05/2024, 17:29

240510-v2zdpsha5w 7

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    10/05/2024, 17:31

General

  • Target

    setup.exe

  • Size

    10.5MB

  • MD5

    9c81ba6819a0ef69a320e5b4dc50ceb0

  • SHA1

    3244ffb1218c47a4e1ac5ec41c998a0c5cded43d

  • SHA256

    e06f03fad870c10cec46640576bd362d3862092ceeea1fb5e455f62786289913

  • SHA512

    21793eb18c1a6a1eccf8e2fa3ac09031dd7cb578e0b70b71c89f9d63377fc18d682181aec7f8cab2a0387f11b2201eb5f4624de216f53d239cee29b3622178b3

  • SSDEEP

    196608:eFluPpGAjMGhuPD5U4idQmRrdA6lkaycBIGpEnSE0eHnqvY0/:NP8AxYDwdQOlp97zQ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 20 IoCs
  • Checks processor information in registry 2 TTPs 5 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\setup.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3672
    • C:\Users\Admin\AppData\Local\Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\setup.exe"
      2⤵
      • Loads dropped DLL
      PID:2888
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4748
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.0.454989103\1393119484" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2bd9708-9ced-4d79-a7db-1494348e8d0a} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 1764 296684fb258 gpu
        3⤵
          PID:2708
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.1.1116138424\730541538" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {708da3ac-c413-48f5-a205-1ac491c83fe9} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2120 29656172b58 socket
          3⤵
            PID:428
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.2.1388963364\1520166174" -childID 1 -isForBrowser -prefsHandle 2860 -prefMapHandle 2856 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40a40e88-fac1-4f69-88be-85056cbf7106} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 2872 2966c79e358 tab
            3⤵
              PID:4192
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.3.497647811\25037643" -childID 2 -isForBrowser -prefsHandle 3116 -prefMapHandle 3112 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f57d75-1721-46ba-9e8c-992a10b436a9} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3188 2966af71658 tab
              3⤵
                PID:4828
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.4.1765249041\1403494622" -childID 3 -isForBrowser -prefsHandle 3552 -prefMapHandle 3652 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dbe85e4-238f-4dbe-8340-5d34afaccdd5} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3116 2966e5fca58 tab
                3⤵
                  PID:208
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.5.560792279\685545364" -childID 4 -isForBrowser -prefsHandle 4664 -prefMapHandle 4956 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00cae066-4de7-4a6f-b695-ef62bb502602} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 4972 2966b541358 tab
                  3⤵
                    PID:1860
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.6.162686555\2037293161" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 3720 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2d013b9-1b8e-4aa1-a82d-18180b7987a9} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 3828 2966f6f7b58 tab
                    3⤵
                      PID:3036
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.7.1503275084\2125900505" -childID 6 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b0b935c-cd35-45ab-a657-b5f874d8221c} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5220 2966febb658 tab
                      3⤵
                        PID:2828
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4748.8.1329653911\1764593978" -childID 7 -isForBrowser -prefsHandle 5624 -prefMapHandle 5620 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5f3b5d2-17f0-4723-a93d-f4d1e833a801} 4748 "\\.\pipe\gecko-crash-server-pipe.4748" 5560 296707efe58 tab
                        3⤵
                          PID:4420

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E00BECD303B77CED95A357A7A1E4C8D69B473C88

                      Filesize

                      208KB

                      MD5

                      f2377c5b4c485a1dd8ac8fd9dd299a23

                      SHA1

                      b6fa02d8e45a9170e854e203f59a128d7917f449

                      SHA256

                      8181a46a5e12b2de9d99b9161ca25a6def24e35678d5fa39b931d44e41d7b3d9

                      SHA512

                      162143b75951459461270b854de1da133ad989db99fbb41fb2d79e40f181ec07a44ec6b6a8024ad7efd4548d01e4cb2806d96a1a0f5bdb28ac5fe7ce93984a16

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\VCRUNTIME140.dll

                      Filesize

                      106KB

                      MD5

                      870fea4e961e2fbd00110d3783e529be

                      SHA1

                      a948e65c6f73d7da4ffde4e8533c098a00cc7311

                      SHA256

                      76fdb83fde238226b5bebaf3392ee562e2cb7ca8d3ef75983bf5f9d6c7119644

                      SHA512

                      0b636a3cdefa343eb4cb228b391bb657b5b4c20df62889cd1be44c7bee94ffad6ec82dc4db79949edef576bff57867e0d084e0a597bf7bf5c8e4ed1268477e88

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\_bz2.pyd

                      Filesize

                      81KB

                      MD5

                      bbe89cf70b64f38c67b7bf23c0ea8a48

                      SHA1

                      44577016e9c7b463a79b966b67c3ecc868957470

                      SHA256

                      775fbc6e9a4c7e9710205157350f3d6141b5a9e8f44cb07b3eac38f2789c8723

                      SHA512

                      3ee72ba60541116bbca1a62db64074276d40ad8ed7d0ca199a9c51d65c3f0762a8ef6d0e1e9ebf04bf4efe1347f120e4bc3d502dd288339b4df646a59aad0ec1

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\_decimal.pyd

                      Filesize

                      242KB

                      MD5

                      6339fa92584252c3b24e4cce9d73ef50

                      SHA1

                      dccda9b641125b16e56c5b1530f3d04e302325cd

                      SHA256

                      4ae6f6fb3992bb878416211221b3d62515e994d78f72eab51e0126ca26d0ee96

                      SHA512

                      428b62591d4eba3a4e12f7088c990c48e30b6423019bebf8ede3636f6708e1f4151f46d442516d2f96453694ebeef78618c0c8a72e234f679c6e4d52bebc1b84

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\_hashlib.pyd

                      Filesize

                      60KB

                      MD5

                      d856a545a960bf2dca1e2d9be32e5369

                      SHA1

                      67a15ecf763cdc2c2aa458a521db8a48d816d91e

                      SHA256

                      cd33f823e608d3bda759ad441f583a20fc0198119b5a62a8964f172559acb7d3

                      SHA512

                      34a074025c8b28f54c01a7fd44700fdedb391f55be39d578a003edb90732dec793c2b0d16da3da5cdbd8adbaa7b3b83fc8887872e284800e7a8389345a30a6a4

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\_lzma.pyd

                      Filesize

                      153KB

                      MD5

                      0a94c9f3d7728cf96326db3ab3646d40

                      SHA1

                      8081df1dca4a8520604e134672c4be79eb202d14

                      SHA256

                      0a70e8546fa6038029f2a3764e721ceebea415818e5f0df6b90d6a40788c3b31

                      SHA512

                      6f047f3bdaead121018623f52a35f7e8b38c58d3a9cb672e8056a5274d02395188975de08cabae948e2cc2c1ca01c74ca7bc1b82e2c23d652e952f3745491087

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\_queue.pyd

                      Filesize

                      29KB

                      MD5

                      52d0a6009d3de40f4fa6ec61db98c45c

                      SHA1

                      5083a2aff5bcce07c80409646347c63d2a87bd25

                      SHA256

                      007bcf19d9b036a7e73f5ef31f39bfb1910f72c9c10e4a1b0658352cfe7a8b75

                      SHA512

                      cd552a38efaa8720a342b60318f62320ce20c03871d2e50d3fa3a9a730b84dacdbb8eb4d0ab7a1c8a97215b537826c8dc532c9a55213bcd0c1d13d7d8a9ad824

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\_socket.pyd

                      Filesize

                      75KB

                      MD5

                      0f5e64e33f4d328ef11357635707d154

                      SHA1

                      8b6dcb4b9952b362f739a3f16ae96c44bea94a0e

                      SHA256

                      8af6d70d44bb9398733f88bcfb6d2085dd1a193cd00e52120b96a651f6e35ebe

                      SHA512

                      4be9febb583364da75b6fb3a43a8b50ee29ca8fc1dda35b96c0fcc493342372f69b4f27f2604888bca099c8d00f38a16f4c9463c16eff098227d812c29563643

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\_ssl.pyd

                      Filesize

                      155KB

                      MD5

                      9ddb64354ef0b91c6999a4b244a0a011

                      SHA1

                      86a9dc5ea931638699eb6d8d03355ad7992d2fee

                      SHA256

                      e33b7a4aa5cdd5462ee66830636fdd38048575a43d06eb7e2f688358525ddeab

                      SHA512

                      4c86478861fa4220680a94699e7d55fbdc90d2785caee10619cecb058f833292ee7c3d6ac2ed1ef34b38fbff628b79d672194a337701727a54bb6bbc5bf9aeca

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\base_library.zip

                      Filesize

                      812KB

                      MD5

                      524a85217dc9edc8c9efc73159ca955d

                      SHA1

                      a4238cbde50443262d00a843ffe814435fb0f4e2

                      SHA256

                      808549964adb09afafb410cdc030df4813c5c2a7276a94e7f116103af5de7621

                      SHA512

                      f5a929b35a63f073bdc7600155ba2f0f262e6f60cf67efb38fa44e8b3be085cf1d5741d66d25a1ecaaf3f94abfe9bbe97d135f8a47c11f2b811d2aac6876f46c

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\charset_normalizer\md.cp310-win_amd64.pyd

                      Filesize

                      10KB

                      MD5

                      0e2a2addd0d5b21193dbaae162604181

                      SHA1

                      526b25822b2571307fe8d4208c83227c0c64cb10

                      SHA256

                      ab0a8fd8f085766a2a7001380e6ee219d5ae68d0194498eeb8d3866f922fbcae

                      SHA512

                      6e0f0fa11fff0853e4063f5e1a526936cd682303f94b13da0bd4fb6b2da5efdbb3acb378951508ee3a2dea7f7e2c1d6f968e00ae63d1b6063cc2ad932a3856e9

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\charset_normalizer\md__mypyc.cp310-win_amd64.pyd

                      Filesize

                      114KB

                      MD5

                      c6c87fc7bd7555026bb1738857066cff

                      SHA1

                      3c89dcbc228a7b689860545495f7a081721c5a12

                      SHA256

                      1a6961fd249dbb3a9ccc903fe5ec4631616594edefb19db423fb488b3dba619a

                      SHA512

                      63d5b76830d17f90c7d846c8481fac33d86cf1e606d4e33cbe5af868b41d35e7c8c95b93906258d1954809d13a46036fabad093a8693bd29121c020f743faeaa

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\libcrypto-1_1.dll

                      Filesize

                      3.3MB

                      MD5

                      6f4b8eb45a965372156086201207c81f

                      SHA1

                      8278f9539463f0a45009287f0516098cb7a15406

                      SHA256

                      976ce72efd0a8aeeb6e21ad441aa9138434314ea07f777432205947cdb149541

                      SHA512

                      2c5c54842aba9c82fb9e7594ae9e264ac3cbdc2cc1cd22263e9d77479b93636799d0f28235ac79937070e40b04a097c3ea3b7e0cd4376a95ed8ca90245b7891f

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\libssl-1_1.dll

                      Filesize

                      686KB

                      MD5

                      8769adafca3a6fc6ef26f01fd31afa84

                      SHA1

                      38baef74bdd2e941ccd321f91bfd49dacc6a3cb6

                      SHA256

                      2aebb73530d21a2273692a5a3d57235b770daf1c35f60c74e01754a5dac05071

                      SHA512

                      fac22f1a2ffbfb4789bdeed476c8daf42547d40efe3e11b41fadbc4445bb7ca77675a31b5337df55fdeb4d2739e0fb2cbcac2feabfd4cd48201f8ae50a9bd90b

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\python3.DLL

                      Filesize

                      63KB

                      MD5

                      c17b7a4b853827f538576f4c3521c653

                      SHA1

                      6115047d02fbbad4ff32afb4ebd439f5d529485a

                      SHA256

                      d21e60f3dfbf2bab0cc8a06656721fa3347f026df10297674fc635ebf9559a68

                      SHA512

                      8e08e702d69df6840781d174c4565e14a28022b40f650fda88d60172be2d4ffd96a3e9426d20718c54072ca0da27e0455cc0394c098b75e062a27559234a3df7

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\python310.dll

                      Filesize

                      4.3MB

                      MD5

                      deaf0c0cc3369363b800d2e8e756a402

                      SHA1

                      3085778735dd8badad4e39df688139f4eed5f954

                      SHA256

                      156cf2b64dd0f4d9bdb346b654a11300d6e9e15a65ef69089923dafc1c71e33d

                      SHA512

                      5cac1d92af7ee18425b5ee8e7cd4e941a9ddffb4bc1c12bb8aeabeed09acec1ff0309abc41a2e0c8db101fee40724f8bfb27a78898128f8746c8fe01c1631989

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\select.pyd

                      Filesize

                      28KB

                      MD5

                      c119811a40667dca93dfe6faa418f47a

                      SHA1

                      113e792b7dcec4366fc273e80b1fc404c309074c

                      SHA256

                      8f27cd8c5071cb740a2191b3c599e99595b121f461988166f07d9f841e7116b7

                      SHA512

                      107257dbd8cf2607e4a1c7bef928a6f61ebdfc21be1c4bdc3a649567e067e9bb7ea40c0ac8844d2cedd08682447b963148b52f85adb1837f243df57af94c04b3

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\simplejson\_speedups.cp310-win_amd64.pyd

                      Filesize

                      39KB

                      MD5

                      a4c988361c7f69e080de5eb1a6c3f5cd

                      SHA1

                      86d77b7a17c79a1db9c6790b23b0702b245ed94c

                      SHA256

                      02d867d8f8120658255c6e5ec426010c149fe353795f79326fe5de3e849fc6c8

                      SHA512

                      dc73a144dc007ed9b207e9ca02e3a8663e705f71e3873d5d883e7e3fecba3d6268b4fa59a1f88db023d4b98aaef6fc5677e7269fff0c2c0e4eab8f98e57b062a

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\ucrtbase.dll

                      Filesize

                      992KB

                      MD5

                      0e0bac3d1dcc1833eae4e3e4cf83c4ef

                      SHA1

                      4189f4459c54e69c6d3155a82524bda7549a75a6

                      SHA256

                      8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

                      SHA512

                      a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\unicodedata.pyd

                      Filesize

                      1.1MB

                      MD5

                      4c8af8a30813e9380f5f54309325d6b8

                      SHA1

                      169a80d8923fb28f89bc26ebf89ffe37f8545c88

                      SHA256

                      4b6e3ba734c15ec789b5d7469a5097bd082bdfd8e55e636ded0d097cf6511e05

                      SHA512

                      ea127779901b10953a2bf9233e20a4fab2fba6f97d7baf40c1b314b7cd03549e0f4d2fb9bad0fbc23736e21eb391a418d79a51d64402245c1cd8899e4d765c5a

                    • C:\Users\Admin\AppData\Local\Temp\_MEI36722\zstandard\backend_c.cp310-win_amd64.pyd

                      Filesize

                      512KB

                      MD5

                      4652c4087b148d08adefedf55719308b

                      SHA1

                      30e06026fea94e5777c529b479470809025ffbe2

                      SHA256

                      003f439c27a532d6f3443706ccefac6be4152bebc1aa8bdf1c4adfc095d33795

                      SHA512

                      d4972c51ffbce63d2888ddfead2f616166b6f21a0c186ccf97a41c447c1fac6e848f464e4acde05bea5b24c73c5a03b834731f8807a54ee46ca8619b1d0c465d

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                      Filesize

                      442KB

                      MD5

                      85430baed3398695717b0263807cf97c

                      SHA1

                      fffbee923cea216f50fce5d54219a188a5100f41

                      SHA256

                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                      SHA512

                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                      Filesize

                      8.0MB

                      MD5

                      a01c5ecd6108350ae23d2cddf0e77c17

                      SHA1

                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                      SHA256

                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                      SHA512

                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

                      Filesize

                      2KB

                      MD5

                      0a2ec60d5ed30a1e0dbf47a7a4b7b44f

                      SHA1

                      fb5a5ddf6cfe45468b28b037c759a87e4fe35b53

                      SHA256

                      811b27d042cfabde8259342fe2a42d4f32f0175f3f1bc552e0062eab53cbf1ab

                      SHA512

                      870f01cc6b5e20a245f0e8a8737bd35dd76eaa3f2c952b04ce184ed97a3e401c946ed58150c0826cc15c54cf5228a1e85226151d6cc92c3cb934ac8e279829fc

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\010f5302-fbdc-4e86-a62e-6e308c089374

                      Filesize

                      9KB

                      MD5

                      a312122894ae38d4deaaed4d292dd093

                      SHA1

                      7f20dde66c5e3e917dc0a9592de35d80c373b8f7

                      SHA256

                      0c921d11920ebaebbf4ec5ee1d6081200b54c7c171acec99be6d8d3182a131a5

                      SHA512

                      24ad3e1c920626e42c7cc195e5a94ae640bb580227e8222ecec4543b651d3b0410022ccab39c90f5dab8694a34f6f61705d1536218db62c58b7a9dbba3b50659

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\4e57bb45-0985-469b-9f9c-87a5f7e09e70

                      Filesize

                      746B

                      MD5

                      8842cee7d385621f06a092406c172849

                      SHA1

                      a4f426a2628207d81e0241d01ee861ac2a29cd94

                      SHA256

                      62199780ff78024bfe1980c55dcb2a6e7bdab395c26ddcb838b851c1acd7ea96

                      SHA512

                      3efd819e48084f33a5e78f123dcd38699f47962d2c08600568184dfc2518c3706a49a3b8f2f02c819378d91e9a5d85b45f215e7dab67ed1269e506d0b54a5f43

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                      Filesize

                      997KB

                      MD5

                      fe3355639648c417e8307c6d051e3e37

                      SHA1

                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                      SHA256

                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                      SHA512

                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                      Filesize

                      116B

                      MD5

                      3d33cdc0b3d281e67dd52e14435dd04f

                      SHA1

                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                      SHA256

                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                      SHA512

                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                      Filesize

                      479B

                      MD5

                      49ddb419d96dceb9069018535fb2e2fc

                      SHA1

                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                      SHA256

                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                      SHA512

                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                      Filesize

                      372B

                      MD5

                      8be33af717bb1b67fbd61c3f4b807e9e

                      SHA1

                      7cf17656d174d951957ff36810e874a134dd49e0

                      SHA256

                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                      SHA512

                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                      Filesize

                      11.8MB

                      MD5

                      33bf7b0439480effb9fb212efce87b13

                      SHA1

                      cee50f2745edc6dc291887b6075ca64d716f495a

                      SHA256

                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                      SHA512

                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                      Filesize

                      1KB

                      MD5

                      688bed3676d2104e7f17ae1cd2c59404

                      SHA1

                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                      SHA256

                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                      SHA512

                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                      Filesize

                      1KB

                      MD5

                      937326fead5fd401f6cca9118bd9ade9

                      SHA1

                      4526a57d4ae14ed29b37632c72aef3c408189d91

                      SHA256

                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                      SHA512

                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

                      Filesize

                      6KB

                      MD5

                      858d78b90f61a122f652b8913f2401be

                      SHA1

                      cdf05de2e814df3493727a75153b7858e75d702a

                      SHA256

                      ec550ee126bcd64ff1c9d2f189743b0ce4255d2b8407ad18d0b35be2af38a9d4

                      SHA512

                      620ba1a72a9c64ab9fc391403de9b9d28353dae58493d81832aeed88318bfb7450020b28a2f673f178572ed1ff4557fb3a545adbc4bfb2b48ef259572be390a8

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

                      Filesize

                      7KB

                      MD5

                      2d3cc3debf54fcb85655af0083cf7aaf

                      SHA1

                      1a84b5c2ff39d8c803399b96fdfb56573bfdd657

                      SHA256

                      921cdb9053864dc4ef7eeb72f130756da63371d329768729a6e6be475234849c

                      SHA512

                      a38e3f54ba4b5b92c93cda1191978ceb581e2bfb2b977f488ba66dbf39c4718cabf38958f7fd877628c2946527073d4da4cfc6a32d799a19c152428b990bc96f

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

                      Filesize

                      6KB

                      MD5

                      d701847e410b63e7fc87b8c392b71e15

                      SHA1

                      17a493f91ebe75be1d12f76bdaae6b789342f3da

                      SHA256

                      5586fc7f3f2c48795d0c5559be0bba572d13f37d9caa26801accbeac4b701f9f

                      SHA512

                      a59fa9f0d1553ae1428a95616c16b56e1125476c31b6c222e7f9a253d93de45d74ad3f3976684b36fb10ff8fb8c11c8d6fd9c091253e5911e03c2956759f7b9a

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

                      Filesize

                      6KB

                      MD5

                      20335e37db32081a8ba71df59adc063b

                      SHA1

                      7e1c60060f4df83a9243ac45f8505df6f3ee8040

                      SHA256

                      803c47cd9fcae15dbd3509531fcf32f7188c94692ec68e224d76b67c00982a1b

                      SHA512

                      ead9b4371b6ee4414a645d3f7657dede7884d44e5d2911c1d8dac191177a7814880eb2452487d82e620ca82a4e5b5ebd804746f69ad6295d984f036e6cf0bba6

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      3KB

                      MD5

                      5a2b7928a53b9a763849b8336dad90ab

                      SHA1

                      d10b0a5ac56b4fdd13d489cb313026b4658e7e25

                      SHA256

                      d2ffbbf6ec0261b86bed7ae96543d5c5bf0cb6eecfc2263698533a0ab0e44f0f

                      SHA512

                      fb23bb694b7d09f56830e379063f66788f3070716bb80fb03b98ac7e85e529240b16f053ce2943c389348e9e05b83771339f8b7ee8ffc038d0a6c3ab8ea0870a

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

                      Filesize

                      4KB

                      MD5

                      5c3b8877a54f21bf818364a18caa9f2d

                      SHA1

                      8f43f1ea538926d74ec434c8b5922e2ec6318b5d

                      SHA256

                      eaf4311a250ee38f1c43505b652b3e5ce5844bf920e840da2d7e157e9b175515

                      SHA512

                      88ad7b6f7763f3ae4155a2deb2fde6dbd897f7536fd32a34e739d188d74b1bc02995d1f988af6f39c0b9aad75e334cc48d6cd2bad6893ce8d51b871cead7c8d5