Overview
overview
7Static
static
3publish/OpenAL32.dll
windows7-x64
1publish/OpenAL32.dll
windows10-2004-x64
1publish/Ry...va.exe
windows7-x64
7publish/Ry...va.exe
windows10-2004-x64
7publish/Ryujinx.exe
windows7-x64
1publish/Ryujinx.exe
windows10-2004-x64
7publish/SDL2.dll
windows7-x64
1publish/SDL2.dll
windows10-2004-x64
1publish/av...v2.dll
windows7-x64
1publish/av...v2.dll
windows10-2004-x64
1publish/av...59.dll
windows7-x64
1publish/av...59.dll
windows10-2004-x64
1publish/avutil-57.dll
windows7-x64
1publish/avutil-57.dll
windows10-2004-x64
1publish/glfw3.dll
windows7-x64
1publish/glfw3.dll
windows10-2004-x64
1publish/li...rp.dll
windows7-x64
1publish/li...rp.dll
windows10-2004-x64
1publish/li...rp.dll
windows7-x64
1publish/li...rp.dll
windows10-2004-x64
1publish/li....dylib
macos-10.15-amd64
1publish/li...io.dll
windows7-x64
1publish/li...io.dll
windows10-2004-x64
1Resubmissions
16-06-2024 14:53
240616-r9bqtsxdrd 7Analysis
-
max time kernel
150s -
max time network
158s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
16-06-2024 14:53
Static task
static1
Behavioral task
behavioral1
Sample
publish/OpenAL32.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
publish/OpenAL32.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
publish/Ryujinx.Ava.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
publish/Ryujinx.Ava.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
publish/Ryujinx.exe
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
publish/Ryujinx.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
publish/SDL2.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
publish/SDL2.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
publish/av_libglesv2.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
publish/av_libglesv2.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
publish/avcodec-59.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
publish/avcodec-59.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
publish/avutil-57.dll
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
publish/avutil-57.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
publish/glfw3.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
publish/glfw3.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
publish/libHarfBuzzSharp.dll
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
publish/libHarfBuzzSharp.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
publish/libSkiaSharp.dll
Resource
win7-20240508-en
Behavioral task
behavioral20
Sample
publish/libSkiaSharp.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
publish/libarmeilleure-jitsupport.dylib
Resource
macos-20240611-en
Behavioral task
behavioral22
Sample
publish/libsoundio.dll
Resource
win7-20240508-en
Behavioral task
behavioral23
Sample
publish/libsoundio.dll
Resource
win10v2004-20240611-en
General
-
Target
publish/OpenAL32.dll
-
Size
1.7MB
-
MD5
ff08ba3a9dfe6bd0b26f9055094c9550
-
SHA1
2dd9130b6dd4c49864635b1b7cc4a93ebcdd5e17
-
SHA256
5a42440a18a75ce588659158d74d26ab1850eabd34f3b25abd969a56d871db42
-
SHA512
db7eba84f7545740bc267298fbdcb70bcc820e5b7f1b2a38a5e0396d2c5da62715f5338f52025477a5bd0160389f1e27e12370a7829c8070d430d7838494b9dc
-
SSDEEP
24576:Vp4Z+cv92VrcRfw5K89ISay/D1IkYl57p+KGoq9gHvfnj/pC:VDARY5t9gy/D1ItHaiPP
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
firefox.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
Processes:
firefox.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
firefox.exedescription pid process Token: SeDebugPrivilege 2212 firefox.exe Token: SeDebugPrivilege 2212 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
Processes:
firefox.exepid process 2212 firefox.exe 2212 firefox.exe 2212 firefox.exe 2212 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
Processes:
firefox.exepid process 2212 firefox.exe 2212 firefox.exe 2212 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
firefox.exefirefox.exedescription pid process target process PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2324 wrote to memory of 2212 2324 firefox.exe firefox.exe PID 2212 wrote to memory of 2716 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 2716 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 2716 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1960 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1448 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1448 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1448 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1448 2212 firefox.exe firefox.exe PID 2212 wrote to memory of 1448 2212 firefox.exe firefox.exe -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\publish\OpenAL32.dll,#11⤵PID:2736
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2324 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.0.547805855\780381356" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd314ea0-77f7-4ec9-82ae-c83535685ead} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1300 110d5258 gpu3⤵PID:2716
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.1.384545285\723266756" -parentBuildID 20221007134813 -prefsHandle 1476 -prefMapHandle 1472 -prefsLen 20830 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4437d488-6a0f-4cdc-8f6b-9730d9103b37} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1488 e72558 socket3⤵PID:1960
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.2.1369094977\297156278" -childID 1 -isForBrowser -prefsHandle 940 -prefMapHandle 860 -prefsLen 20933 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {511d9549-60a4-4a0e-8087-a0e581c2c8e6} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 1068 1a295958 tab3⤵PID:1448
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.3.109809501\730388042" -childID 2 -isForBrowser -prefsHandle 2412 -prefMapHandle 792 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b5108bd-4a64-42ee-9e48-12917552096d} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2516 19b96e58 tab3⤵PID:1264
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.4.789885443\1881749684" -childID 3 -isForBrowser -prefsHandle 2904 -prefMapHandle 2900 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f990641a-02f4-4707-b984-846e2aec60a6} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 2916 1cf09258 tab3⤵PID:1760
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.5.1298130800\950700441" -childID 4 -isForBrowser -prefsHandle 3720 -prefMapHandle 3708 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e9e9e0d-5e1d-4b26-aef1-e4810442334f} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3724 1e7f9558 tab3⤵PID:3068
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.6.1911048926\2086154872" -childID 5 -isForBrowser -prefsHandle 3832 -prefMapHandle 3836 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6549d5f2-c2f3-4ab1-824d-d4b1a40f3eb4} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3820 1e7f7a58 tab3⤵PID:560
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2212.7.1662221346\1913926499" -childID 6 -isForBrowser -prefsHandle 4008 -prefMapHandle 4012 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 892 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b07881c-ae8f-457e-a73b-25913ebd9ea7} 2212 "\\.\pipe\gecko-crash-server-pipe.2212" 3996 1e7f9b58 tab3⤵PID:548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263Filesize
13KB
MD5cc24e5541e7dcadd4b1b56b90894f1b3
SHA1ddc2f5cd5da64fe74d007af5eb39a95f20831d48
SHA2569a514dbe5f17f59608462d039071b3eb375411c10ab53c60c478576a6d857620
SHA512883d985f06990b8213fb6fc1b12d82a9bc6ac1786ed0378192e18b25d8cef0d624c7c8699d5a04ee63bc1a0191eb0673119401d0b5c39a87ed44d16a1ec6b48f
-
C:\Users\Admin\AppData\Local\Temp\tmpaddonFilesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD5f27e6e94b63cb1c9def17773e48035bd
SHA143f5cd90395c6b855f7493a08d1c21521f5f5bac
SHA25668cd11f02d1afa65b3a952b1339dddb473aeecb16d430f977bd78be325a94769
SHA512f411fd7ee806698856cdd48d22ec18554783b292b675db0f72d41f3d000f6ec3975d928b2fcf2985ed2dd8208db60ecab6f3d7b950e2424c9bc538e5a7e07d0b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.binFilesize
2KB
MD55576579fa9b1a279a7e849915ef947c5
SHA1d36587ab99ae5cf2afefee7a21e462c2702fac21
SHA25626783fec36b9b3f434c1e125c1931fae733bb91aea32f4c48597c8d6fd450f9b
SHA5126bd35363e07fc14132f6457afc1cfe06e3a769977c11ea9a991920346a732858aed47fb50bff9facca7ba644ce7f0c4e27192898a9622bf88a79aa5d663875f1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\3867796c-8d0f-4109-8cbd-2e3d2e0424b2Filesize
11KB
MD5b065df1f41b785b22a5851c8659b5edb
SHA1d2ac3f7f769425ec9ecc5f68a7b7ff973193fcc1
SHA2568b52c2c0474d0fa6c08d9e1769039627a14c05e1fed8d5cce88725565dc642fe
SHA5120ae531b9084d5db497b8ab74b13463a37f8a4567d872f2ff3167b046acefda89fb651b65d82b789fb5b015a5d2132a43e95bc030fb471f651687098d0491cac6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\8303a883-a4c8-46e1-a8e0-4182c429b2fbFilesize
745B
MD5a28cd5ad22e98d1fe2aaf88bdd879e43
SHA1174c08d6743dcd9725269bf6808b068d7e438cf8
SHA25667fe6e8ff7c9b6ee18e409e07381348391e61837686cf1eedd1a5250a30e2493
SHA512b51635a0d32189eef59443cc367acc30cd44d95aecf134cea15bd1c571025c6cc2dae0daf0741c30996ca65e58ce076e697a2199d35deb26e90decda4b84362d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dllFilesize
997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.infoFilesize
116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txtFilesize
479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.jsonFilesize
372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dllFilesize
11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.libFilesize
1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sigFilesize
1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.jsFilesize
6KB
MD5c190bbfa9735ee1732dca0f19fa55289
SHA1a014cd68055f6356f33a450a7ca9efa25868f2e8
SHA256030d01c8b7c2f5e44b3b970edb1c4af10644d281096b763d8467a456107d6ac4
SHA51213a47b00e293402a3d288e6e41b2defacaf8e4e1e63f60884d47984b6c9abe5ba863da109f69f67adabb5c831b42618ee676ccf92d42d5a66e0981531f4524a8
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4Filesize
1KB
MD503b69c1c5b905e918e2ee4dd356531d3
SHA1d9a83eb96b0bc844cfc1fa3b29299b141694ca7f
SHA2563bdd3f6dd9141ab5ba192ea2ea4ccbd566ab89f6d8ff845ee4ad9e11477e27e2
SHA51260605323743407d74498672faf6e4fe73ad6b81366b0f3870d74d8327a2cecd8a9d07591bf663ae54e12d9311ab3dff6467356b9baa287061001c2058bcc2295
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqliteFilesize
184KB
MD5a2ffce9200aae731041efd2af9dc9b00
SHA179f47c99dbbfd8f103309538516887265c087adb
SHA256c9757e1d7b33333d4306f9e3478f7fbef91b208a7e6a684b38a07b510adc8930
SHA512dcfb64d8ca2fc018de57d4662db6ba0195f4c3f9bcc6f570b784571852c2039497adb4b7edf83d6b461ecb68f779242619076903707ee31f891474d552664dfa
-
memory/2736-0-0x000000006F000000-0x000000006F235000-memory.dmpFilesize
2.2MB