Overview

overview

10

Static

static

3

amadka.exe

windows7-x64

10

amadka.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/07/2024, 03:30

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    amadka.exe

  • Size

    1.8MB

  • MD5

    e0e2f68f326a6fff31957eb78a24533e

  • SHA1

    54e89a7fbaa6c156a27ee66b0d80634d9e67809c

  • SHA256

    48c452384ef38cf45d25a69ff42712a7236f523b6f2f5715988c325c0e177d0e

  • SHA512

    8ba6961fabcf006e7618ea68e0db1e120b0b26b877e223b83809eb92dcc1ea536af3aa1d56c767676b16486109d245d20870e43cb49ed5ccc4a8baea90d0cadd

  • SSDEEP

    49152:3pzmUs0yliNt8whKkvoLUPBa4DCN642ET7QsXO:Iw58w8kgL+a4elpQs

Score
10/10
amadeystealc4dd39dsilaevasionpersistencestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.30

Botnet

4dd39d

C2

http://77.91.77.82

Attributes
  • install_dir

    ad40971b6b

  • install_file

    explorti.exe

  • strings_key

    a434973ad22def7137dbb5e059b7081e

  • url_paths

    /Hun4Ko/index.php

rc4.plain

Extracted

Family

stealc

Botnet

sila

C2

http://85.28.47.31

Attributes
  • url_path

    /5499d72b3a3e55be.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs
    evasion
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 8 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 6 IoCs
  • Identifies Wine through registry keys 2 TTPs 4 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\amadka.exe
    "C:\Users\Admin\AppData\Local\Temp\amadka.exe"
    1⤵
    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
    • Checks BIOS information in registry
    • Checks computer location settings
    • Identifies Wine through registry keys
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:1952
    • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
      "C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Checks computer location settings
      • Executes dropped EXE
      • Identifies Wine through registry keys
      • Adds Run key to start application
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious use of SetThreadContext
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3964
      • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
        "C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe"
        3⤵
        • Executes dropped EXE
        PID:4004
      • C:\Users\Admin\AppData\Local\Temp\1000021001\c0b3fc37a4.exe
        "C:\Users\Admin\AppData\Local\Temp\1000021001\c0b3fc37a4.exe"
        3⤵
        • Executes dropped EXE
        PID:1124
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 1284
          4⤵
          • Program crash
          PID:1696
      • C:\Users\Admin\AppData\Local\Temp\1000022001\680b1a6e49.exe
        "C:\Users\Admin\AppData\Local\Temp\1000022001\680b1a6e49.exe"
        3⤵
        • Checks computer location settings
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:4220
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1644
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
            5⤵
            • Checks processor information in registry
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SendNotifyMessage
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:2652
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a2e605b-313b-4c59-96c0-06dd7489fc13} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" gpu
              6⤵
                PID:3800
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2432 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {321c10d1-6a56-4e45-acc6-486a273d6090} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" socket
                6⤵
                  PID:2468
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3012 -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 1428 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bac7235-6399-4fb8-8519-82265eb456e6} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" tab
                  6⤵
                    PID:2428
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4012 -childID 2 -isForBrowser -prefsHandle 2584 -prefMapHandle 3356 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8190d3a9-4a4b-41f4-9ef0-d699ea00c4c8} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" tab
                    6⤵
                      PID:1124
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4772 -prefMapHandle 4768 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {106a14a1-2019-49e8-89a6-72f82bc723b1} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" utility
                      6⤵
                      • Checks processor information in registry
                      PID:5516
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 4180 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44785e5b-34e8-49c7-893d-3b31d4264da1} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" tab
                      6⤵
                        PID:3176
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5588 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5660 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a07a55e5-71b5-40e6-98c6-8bcf50418422} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" tab
                        6⤵
                          PID:2492
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 5 -isForBrowser -prefsHandle 5800 -prefMapHandle 5808 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ca3fa8b-9893-403f-a20e-1a78dbb71612} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" tab
                          6⤵
                            PID:1448
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 1124 -ip 1124
                  1⤵
                    PID:1944
                  • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    1⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:6040
                  • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                    1⤵
                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                    • Checks BIOS information in registry
                    • Executes dropped EXE
                    • Identifies Wine through registry keys
                    • Suspicious use of NtSetInformationThreadHideFromDebugger
                    • Suspicious behavior: EnumeratesProcesses
                    PID:6024

                  Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\activity-stream.discovery_stream.json
                          Filesize

                          21KB

                          MD5

                          3f21735ecbd05700a9c7034ae2e1be70

                          SHA1

                          ac5270795b2211d579ee18aef9c943759aad8bc2

                          SHA256

                          580b8c10df39d3e02b5fa073c703526edcab7ae35025a69ffb3f02338e4e699f

                          SHA512

                          16fba0d1d7c9c70644223ed29ca27ac19e85d2f4abd1982840c60e0c455fb058098d2930bdeff02343a4de86851d7fdef162b93d00f76eacea43457b14c5c6db

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3mrom4gn.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D
                          Filesize

                          13KB

                          MD5

                          fb09de14db445d2ac63e8f6a5e631b91

                          SHA1

                          074b4b7fe1e7f196e1df6873e271bf500d618cbe

                          SHA256

                          df9b67ebc72941ebc4d63b1840cbf2db2cf8a192dd1182c525fff65b19b120d5

                          SHA512

                          20b81ea0ab7aaabfd84f238880478562712ebd449850cb583196c29726ce4a7246ad19a9e78f4666b37eeb023b602075fb563583126e0544c6090ba5e7d8bb39

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\1000021001\c0b3fc37a4.exe
                          Filesize

                          199KB

                          MD5

                          4ee0b6214eb06ae32de0773dc4e5e30a

                          SHA1

                          4c1bcf6f93fd67a82d1bac890df32ee82027af32

                          SHA256

                          18b8662e5d0b1f00302bbe26ddb5fa099da34a0d3255180d2358d6066bb42348

                          SHA512

                          5f2e2cea8ab75c0b2d79b0466531787beb2ca234e7e1b32d505fb61aa5a5843226847874e7ae890cce061b5de40b24567bd9d00a8eec08c827209e375f50aed9

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\1000022001\680b1a6e49.exe
                          Filesize

                          1.2MB

                          MD5

                          88ea6cd6c7c2f278a05067d3727250e8

                          SHA1

                          a9a9147048637cbc4ab69ed9f91162f5cb8c6b70

                          SHA256

                          560fb71feb7abad3bec0b88e3ff170f1ea0dad82f717b2c5f2739553973682f5

                          SHA512

                          1829a1e985469acc06d2ab24c62ef5f4a6774563978c84a4a9acaa72b8aeb66d28ada338ec9168efe92e438d9179c114c9256019557d957d88bf59249c3ecda6

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\ad40971b6b\explorti.exe
                          Filesize

                          1.8MB

                          MD5

                          e0e2f68f326a6fff31957eb78a24533e

                          SHA1

                          54e89a7fbaa6c156a27ee66b0d80634d9e67809c

                          SHA256

                          48c452384ef38cf45d25a69ff42712a7236f523b6f2f5715988c325c0e177d0e

                          SHA512

                          8ba6961fabcf006e7618ea68e0db1e120b0b26b877e223b83809eb92dcc1ea536af3aa1d56c767676b16486109d245d20870e43cb49ed5ccc4a8baea90d0cadd

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                          Filesize

                          479KB

                          MD5

                          09372174e83dbbf696ee732fd2e875bb

                          SHA1

                          ba360186ba650a769f9303f48b7200fb5eaccee1

                          SHA256

                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                          SHA512

                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                          Filesize

                          13.8MB

                          MD5

                          0a8747a2ac9ac08ae9508f36c6d75692

                          SHA1

                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                          SHA256

                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                          SHA512

                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\AlternateServices.bin
                          Filesize

                          8KB

                          MD5

                          c98916bd9ebed9b50477dafed0cc050c

                          SHA1

                          b5608a34a717211a3ea0982cfa83dd2dfdd2a001

                          SHA256

                          08cd1f120bd163fbf0d5b7ac9834633afef2b6872647b5782ead5c16846c6df2

                          SHA512

                          d795467f8915c52bf99a48cfe427536762b134c418605202c031139d4c4495301f1f8badc9473b5a634b11f47278d6a8728a06dd507b2522a95972e8e8faa9dc

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          22KB

                          MD5

                          401c34bcfff2c0496efb19a3fbd67e98

                          SHA1

                          aa17f2506c53b3330448306fc546e3d4f2dd8ef6

                          SHA256

                          df975fa45e832cd10e3a4aecf272650f0f5f2b5ff0799335c471155449350149

                          SHA512

                          8bc45a7aa44b432cedc12e6ae612218b6175602f4a9273358898e54dfbea02f8e48571d1cd14c715e82f10c0447b69ef9bdb093dd03ffe98bf7a3d05013ef10c

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          24KB

                          MD5

                          9d2a3556b702a74639954c728e38e51f

                          SHA1

                          b954f2d6c4fc42e619bdb1981e99c372ffe4d8a7

                          SHA256

                          f5afe9a32879cb576958896feb103c994fff35f84eb57be8608e0a32fa4d5c05

                          SHA512

                          0aa18ba6ff87f49872bedcc2b0b159564f2bb7ac426c6b06e926e03aa2042d935b63c1eda4b961372fda5695645648ef87bb22435c8d071a194e4f0548ec1523

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          21KB

                          MD5

                          fe8576e701d54736d0f1902ebff9d32e

                          SHA1

                          69f613595dbdafd73c05247a3e0741b6aac83115

                          SHA256

                          a7aa9959c86a615585f16f63aba2d76c54b0d72f58d3a21f5bac199495c2443d

                          SHA512

                          731ca9702f53a65df2a4f463937113b4a9d577a70323ce038eb3a90b84abc700b5f19b0ff7136ed2e8b21eebda557423e856de3e979618d7c164eda684f33940

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\db\data.safe.tmp
                          Filesize

                          22KB

                          MD5

                          ca5597ab8938bfa0af4363f0367e2669

                          SHA1

                          597b316d6fa09291781ecd5548d271ac71e1d372

                          SHA256

                          8425cf81d18a0ab4164347b41728968314671f02f0a040e20924d42dc7eac4f8

                          SHA512

                          97576043b6f780e385c64a39251687a47f100f2e9ac833d2028e0f6d44b4ea6cdcc2a09ada03a913099e433db7dee273da26e721a70c848febdc7474e25c88e1

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\46152699-0a81-4b9d-a77d-5c833cad6ca2
                          Filesize

                          659B

                          MD5

                          bcb197115e1457aeb7e31c5d66edf3f0

                          SHA1

                          470eed60b4762480df9b4521e132e2c562bad159

                          SHA256

                          3a46ba09e9b10f6f705d1d4f441deb4a104d0c113dd8da1b5ed548910e90a946

                          SHA512

                          879fe6a98f9c260be9fba64aaf29f9dcc8024dbfbfd2da680768dc55a752522b97431b58a7b1558c2824f4b0099f1f47fd8915ceefa047292d4d64aed06ca62d

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\datareporting\glean\pending_pings\7f9b9d59-c3a7-45fd-adc6-2d25ef8ace7e
                          Filesize

                          982B

                          MD5

                          8d2f8fe0186b9c7694664cb4fb4da8a0

                          SHA1

                          f17f0ed6878deee494ca012d7cc61e200874b6cc

                          SHA256

                          71e0d5d2e2fec25b0d5fa14864fe8478798f2db4a5528bb3500bbe5e59adcb5a

                          SHA512

                          04d6af7fae49587fd86ab5314ac08814591997c7ef58888afa02fd5a1976ba98a9d78a18514ee067bde452455ddb5b173e7f3d75dfe4d04f0927abd384486d26

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                          Filesize

                          1.1MB

                          MD5

                          842039753bf41fa5e11b3a1383061a87

                          SHA1

                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                          SHA256

                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                          SHA512

                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                          Filesize

                          116B

                          MD5

                          2a461e9eb87fd1955cea740a3444ee7a

                          SHA1

                          b10755914c713f5a4677494dbe8a686ed458c3c5

                          SHA256

                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                          SHA512

                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                          Filesize

                          372B

                          MD5

                          bf957ad58b55f64219ab3f793e374316

                          SHA1

                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                          SHA256

                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                          SHA512

                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                          Filesize

                          17.8MB

                          MD5

                          daf7ef3acccab478aaa7d6dc1c60f865

                          SHA1

                          f8246162b97ce4a945feced27b6ea114366ff2ad

                          SHA256

                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                          SHA512

                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs-1.js
                          Filesize

                          13KB

                          MD5

                          e8353243158104eae01859f6a43ae197

                          SHA1

                          7b3441df8c0bb4ea0254911e16c338316603bc5c

                          SHA256

                          7bb026ec6f7be868d95e14ac5b1f6660453bbb5fbcaa7aa983ec93744763cb8d

                          SHA512

                          f2adefe64127eba5547b8a8c470bede0403b6051da061ec3c6a1796974fd84c64aba2b6798a8d7674e8d50a3ec6abdaeac8af418e0e507b879e3d31681049bdf

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js
                          Filesize

                          8KB

                          MD5

                          8d7d7444f6638321f1a72959c1c21ac2

                          SHA1

                          f3f68547ab00e45d3fb71bcb4cba812625c270cc

                          SHA256

                          35e4f1abb7ab281dd80f751bfd993b6dd369b6667283839293daf46303ee9885

                          SHA512

                          c87161fba007df513388017be0e935fd63dfcdf722372cb9277f3e72c8aeb9ca03a68805cc315642f93cefb7650c3ef40e28752dd734df18034bb2585e340e9b

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3mrom4gn.default-release\prefs.js
                          Filesize

                          16KB

                          MD5

                          b023261d115124098a1a2070d51e812d

                          SHA1

                          3b5b0b67655221a383eda979057d082a4c837dc2

                          SHA256

                          8091008eba975bca2771367b2789b73824ba1e510c7e2e726f3caba093c7befd

                          SHA512

                          ed94cd25d26a7add2bbd632e3e875fdc178eb609c64c69f811fc1e073087577be682ec354ae3273078e83f7f3bc037c7e363a7df476df3bf5fdaa94bc9350c00

                          Download Submit

                        • memory/1124-45-0x0000000000400000-0x0000000000643000-memory.dmp

                          Filesize

                          2.3MB

                          Download

                        • memory/1952-17-0x0000000000330000-0x00000000007EE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1952-4-0x0000000000330000-0x00000000007EE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1952-3-0x0000000000330000-0x00000000007EE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1952-2-0x0000000000331000-0x000000000035F000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/1952-0-0x0000000000330000-0x00000000007EE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/1952-1-0x0000000077794000-0x0000000077796000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/3964-385-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-20-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-400-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-391-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-64-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2600-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2594-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-405-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-21-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2587-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-19-0x0000000000B01000-0x0000000000B2F000-memory.dmp

                          Filesize

                          184KB

                          Download

                        • memory/3964-678-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-18-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2593-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2592-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-1773-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2574-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2581-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2585-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/3964-2586-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/4004-27-0x0000000000400000-0x0000000000643000-memory.dmp

                          Filesize

                          2.3MB

                          Download

                        • memory/4004-24-0x0000000000400000-0x0000000000643000-memory.dmp

                          Filesize

                          2.3MB

                          Download

                        • memory/4004-28-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/6024-2589-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/6024-2591-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/6040-1595-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download

                        • memory/6040-1450-0x0000000000B00000-0x0000000000FBE000-memory.dmp

                          Filesize

                          4.7MB

                          Download