Analysis

  • max time kernel
    65s
  • max time network
    262s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-08-2024 22:30

General

  • Target

    009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe

  • Size

    89KB

  • MD5

    d9cb86f07f84abd7359a4b51371db020

  • SHA1

    ca4b6f262aa3794879759baa0e775ea311f3e74c

  • SHA256

    009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8

  • SHA512

    a4646fb436e82a595609230a25594a20bcfc2febba022758c7c618221a7716093933aac70f0ee7fadf708db8eea25b4fab17c3c7953ffb6dee596422791bf01e

  • SSDEEP

    1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfoxfigOq:Hq6+ouCpk2mpcWJ0r+QNTBfopD

Score
3/10

Malware Config

Signatures

  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 6 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 35 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe
    "C:\Users\Admin\AppData\Local\Temp\009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\system32\cmd.exe
      "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\8334.tmp\8335.tmp\8336.bat C:\Users\Admin\AppData\Local\Temp\009e010215fc78a080662f6ca095fd9beb018cf1cf94b7aa539a969e232a89a8.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2396
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.youtube.com/account"
        3⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1620
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef74d9758,0x7fef74d9768,0x7fef74d9778
          4⤵
            PID:2292
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1116 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:2
            4⤵
              PID:1172
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1432 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:8
              4⤵
                PID:1804
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1484 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:8
                4⤵
                  PID:1408
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=1996 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:1
                  4⤵
                    PID:864
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2004 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:1
                    4⤵
                      PID:2664
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2256 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:2
                      4⤵
                        PID:660
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2948 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:1
                        4⤵
                          PID:3620
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3608 --field-trial-handle=1844,i,14715255478293002227,4977158060915296749,131072 /prefetch:8
                          4⤵
                            PID:1628
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" "https://www.youtube.com/account"
                          3⤵
                          • Suspicious use of WriteProcessMemory
                          PID:2404
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" https://www.youtube.com/account
                            4⤵
                            • Checks processor information in registry
                            • Modifies registry class
                            • Suspicious use of AdjustPrivilegeToken
                            • Suspicious use of FindShellTrayWindow
                            • Suspicious use of SendNotifyMessage
                            • Suspicious use of WriteProcessMemory
                            PID:2564
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.0.355088090\1200856759" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {583fbbc8-6ea5-43ef-8745-9fb61d9e7a0e} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 1296 11dd8058 gpu
                              5⤵
                                PID:2696
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.1.1892755261\1908081648" -parentBuildID 20221007134813 -prefsHandle 1488 -prefMapHandle 1484 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e0b2473-2909-4077-a05b-87842e7aba23} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 1500 d71258 socket
                                5⤵
                                  PID:3056
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.2.539644549\53316171" -childID 1 -isForBrowser -prefsHandle 2044 -prefMapHandle 2040 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7aa1d93a-25d8-4dd5-8626-f41fe9b961d0} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2060 19ba1a58 tab
                                  5⤵
                                    PID:1508
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.3.1203483728\427415412" -childID 2 -isForBrowser -prefsHandle 2604 -prefMapHandle 2600 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {448d78d7-491d-48a3-a731-1f17787231fa} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 2616 d61258 tab
                                    5⤵
                                      PID:2936
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.4.1793075907\17079015" -childID 3 -isForBrowser -prefsHandle 3932 -prefMapHandle 3872 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdba3f81-c8e3-4795-aab0-5ce79b7e4d01} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 3692 1e509b58 tab
                                      5⤵
                                        PID:3272
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.5.908144681\986070634" -childID 4 -isForBrowser -prefsHandle 4044 -prefMapHandle 4048 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57a815d4-77ca-4a4d-a04c-40086d2ef622} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4032 1ee16958 tab
                                        5⤵
                                          PID:3280
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2564.6.282649745\892706663" -childID 5 -isForBrowser -prefsHandle 4200 -prefMapHandle 4204 -prefsLen 26356 -prefMapSize 233444 -jsInitHandle 620 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f18a80-64f9-4e12-848f-1711a39974e9} 2564 "\\.\pipe\gecko-crash-server-pipe.2564" 4188 1f58e958 tab
                                          5⤵
                                            PID:3288
                                  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
                                    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
                                    1⤵
                                      PID:1896

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000006.dbtmp

                                      Filesize

                                      16B

                                      MD5

                                      aefd77f47fb84fae5ea194496b44c67a

                                      SHA1

                                      dcfbb6a5b8d05662c4858664f81693bb7f803b82

                                      SHA256

                                      4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

                                      SHA512

                                      b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                      Filesize

                                      264KB

                                      MD5

                                      f50f89a0a91564d0b8a211f8921aa7de

                                      SHA1

                                      112403a17dd69d5b9018b8cede023cb3b54eab7d

                                      SHA256

                                      b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                      SHA512

                                      bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      6645e818dcc76dcde672af7137dbcea3

                                      SHA1

                                      dc4826401c6dd715800c8024f3d3571d4c23eec8

                                      SHA256

                                      c7c372ca4cc0e6e19c4ca0f07ae7bfd39eb716e9f1bd1eb3eddfae1ccef994db

                                      SHA512

                                      967d138f64b11a62a0febdccac6f683a5cbb58a7aa0d2e78e087b17177a0914811349ed32c1b82a62976338fb9f65e7c7c09c558b2a006274cbe7cabb8c6fc64

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      59a5a36e5bb76e5bf65cceed29d82985

                                      SHA1

                                      8af7750b142b1d64a797d555209d92922f7a41df

                                      SHA256

                                      3be4772e202d7e9257b26f643ea1d6c8b3d710a37ea3e5293e46b2468fcdd0b5

                                      SHA512

                                      ef505b50b0fa8da18523b931f8b5ddaf7a57c57f1e973be95b2a4e53ea4024926e5cc91934e83117015239b92a66ecdb15628cab57ea982be06ae76c40326b05

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                      Filesize

                                      2KB

                                      MD5

                                      d0060a2812763e7f4c0e84c7f02cdf35

                                      SHA1

                                      4438cc4901f7c3178855c14131ff4cb395b55f64

                                      SHA256

                                      b223f3cee576c4367dd1940869b91d61233931b6fb29420b601fbf47aab7f57b

                                      SHA512

                                      572628b3424b40f15807869e86c42ada7f01ce19cfbaa443b26566acbe114774a378286aedad70065307954889fcc0c5474a2a0b907a65fff2f3108aec139b08

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      4dfc947631e045bb741614c88692fed6

                                      SHA1

                                      6e8b1c930d598ca245f97950c843f6e3652bff5d

                                      SHA256

                                      292119231e282b2bf4c83f97c9ff3fc8a39f3686cab230e9dc7288b7304ae740

                                      SHA512

                                      2860b5a6a8d27088008cd265f07832fdffd573a92e28f6b8ef5247fc4fec2f053a31e2ef6e5291117b9396b56297c5ef4b404ec45f0a787e372e2926d9b6d522

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                      Filesize

                                      6KB

                                      MD5

                                      84a4a061e624edff180fb894fdf919a0

                                      SHA1

                                      3f7e5a9289f4e61a91cb167d15c16eab47924d6f

                                      SHA256

                                      efe342dcc4caac0ec38f84c90168cf71ea979fd8091d68566390516059cb2708

                                      SHA512

                                      5717a61490a26eff565d112cf8bee278e78e938bade9121f78edeaeff7de3461bd69dd843134316eab5cc85e95e6e5e052ee7d5133b2298bfc06006965abc105

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

                                      Filesize

                                      16B

                                      MD5

                                      18e723571b00fb1694a3bad6c78e4054

                                      SHA1

                                      afcc0ef32d46fe59e0483f9a3c891d3034d12f32

                                      SHA256

                                      8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

                                      SHA512

                                      43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

                                    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\df5c6346-3bc8-4aca-8782-6aae052e01d3.tmp

                                      Filesize

                                      6KB

                                      MD5

                                      1d5ce49f10c041ee6a3a7ecea283b7d6

                                      SHA1

                                      252e3242b1fbd799e7e76af84b9d7960de726dbb

                                      SHA256

                                      d54e99286cda637e683244ed83dd5e43a5304288320fe3933fa7c8fb9d2be144

                                      SHA512

                                      de7d0f78f9e74210aa3ab4b091b2b9b9151c70fd65d503b2722998624b7dca221850edf25dee0cead49a6da7bb200e5ee6cab93ed3770d096b056c27993a7009

                                    • C:\Users\Admin\AppData\Local\Temp\8334.tmp\8335.tmp\8336.bat

                                      Filesize

                                      2KB

                                      MD5

                                      de9423d9c334ba3dba7dc874aa7dbc28

                                      SHA1

                                      bf38b137b8d780b3d6d62aee03c9d3f73770d638

                                      SHA256

                                      a1e1b422c40fb611a50d3f8bf34f9819f76ddb304aa2d105fb49f41f57752698

                                      SHA512

                                      63f13acd904378ad7de22053e1087d61a70341f1891ada3b671223fec8f841b42b6f1060a4b18c8bb865ee4cd071cadc7ff6bd6d549760945bf1645a1086f401

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                      Filesize

                                      442KB

                                      MD5

                                      85430baed3398695717b0263807cf97c

                                      SHA1

                                      fffbee923cea216f50fce5d54219a188a5100f41

                                      SHA256

                                      a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

                                      SHA512

                                      06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

                                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                      Filesize

                                      8.0MB

                                      MD5

                                      a01c5ecd6108350ae23d2cddf0e77c17

                                      SHA1

                                      c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

                                      SHA256

                                      345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

                                      SHA512

                                      b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

                                    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                      Filesize

                                      7KB

                                      MD5

                                      09b3f13360b2ffa9e65ea1d56832cf60

                                      SHA1

                                      8faefa52f3a129951ffd36f6cb062878c26675a0

                                      SHA256

                                      169a6b7695232e882619b8945fd5b72f508ab2d23aa912f0154ec3b0435ecd5c

                                      SHA512

                                      d7b911edd59a4db0566b7ee0ade3728db62b73f26da36a8148b59e152988922f9eed311122c878123f26793a896fae8c42e71ee864fea5985216c49908f9a56e

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

                                      Filesize

                                      1KB

                                      MD5

                                      e3558ce1fe82cbbc05aa5b7344f2f2aa

                                      SHA1

                                      55c834f99d0ccb441a966fe5fb2288f10082ae6c

                                      SHA256

                                      ad6b85e5d817ddd7edb5b954d81d65bd9765a85cc4359fe98964d5f8cadce16e

                                      SHA512

                                      9d60525c3118e48eeb10caf812cf26bc7fe826e05cafc6db03d6a10f05f35e1e1ed01ed63f27fb0450ece5cd123564d38bcb2ba33a45ba47615b2ba265716e90

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\db\data.safe.bin

                                      Filesize

                                      2KB

                                      MD5

                                      de7e8a41d6ba9076114224363fccc7fb

                                      SHA1

                                      0864c0c8bc7d28e168424b291e02285b6a6a33a4

                                      SHA256

                                      b70955d1ab32092527f2e611475abe117654529005042a46707739349e9b482d

                                      SHA512

                                      2885f11ef73f6cd8127c8d25578f7983b8d5f820f2f88c4911039ab6e07ef577094a8577517efeeac3bb0f7b53d2233e392a678234ce900a24f91d1a35066812

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\03bda2f9-6496-4b68-949f-26bbe12bc361

                                      Filesize

                                      745B

                                      MD5

                                      38d48da6619467538f2bd7c0cd6b36a4

                                      SHA1

                                      8fb596edb0ad5d72a76b0eb7c5ccdfc16b91c61c

                                      SHA256

                                      8bd968954ae124337dbdf580e1fe98b9499c941a34e9c42b87094f8c0962da88

                                      SHA512

                                      23028600c2e24f0a8d13e7ef6c587173018c86c720c02bd833c5d5bbd30efb17fcf2d6722acc798f9d6cee150a411b5067d1c3cca20b28b1837d1a125e1c4b68

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\datareporting\glean\pending_pings\0b515422-e268-41cb-990f-4964f1a2268d

                                      Filesize

                                      12KB

                                      MD5

                                      7537d25b335ba1020cde5bfa5cb0a586

                                      SHA1

                                      f9f0131dbe574a0334405eb18d0637887790a69c

                                      SHA256

                                      bb9dec3b49133d7eb076377d151ef822cfc979d3efb6b807940b2b5a0aa41622

                                      SHA512

                                      b022f14a36ad911c284f6baccfa6515b2ff96d4ad264d1a6c96835e46bcadfd15b19ed3bb9db75b2c4b509e52da36ca20f6715878d1f7823ccd2bed1346414b2

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

                                      Filesize

                                      997KB

                                      MD5

                                      fe3355639648c417e8307c6d051e3e37

                                      SHA1

                                      f54602d4b4778da21bc97c7238fc66aa68c8ee34

                                      SHA256

                                      1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

                                      SHA512

                                      8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

                                      Filesize

                                      116B

                                      MD5

                                      3d33cdc0b3d281e67dd52e14435dd04f

                                      SHA1

                                      4db88689282fd4f9e9e6ab95fcbb23df6e6485db

                                      SHA256

                                      f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

                                      SHA512

                                      a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

                                      Filesize

                                      479B

                                      MD5

                                      49ddb419d96dceb9069018535fb2e2fc

                                      SHA1

                                      62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

                                      SHA256

                                      2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

                                      SHA512

                                      48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

                                      Filesize

                                      372B

                                      MD5

                                      8be33af717bb1b67fbd61c3f4b807e9e

                                      SHA1

                                      7cf17656d174d951957ff36810e874a134dd49e0

                                      SHA256

                                      e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

                                      SHA512

                                      6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

                                      Filesize

                                      11.8MB

                                      MD5

                                      33bf7b0439480effb9fb212efce87b13

                                      SHA1

                                      cee50f2745edc6dc291887b6075ca64d716f495a

                                      SHA256

                                      8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

                                      SHA512

                                      d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

                                      Filesize

                                      1KB

                                      MD5

                                      688bed3676d2104e7f17ae1cd2c59404

                                      SHA1

                                      952b2cdf783ac72fcb98338723e9afd38d47ad8e

                                      SHA256

                                      33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

                                      SHA512

                                      7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

                                      Filesize

                                      1KB

                                      MD5

                                      937326fead5fd401f6cca9118bd9ade9

                                      SHA1

                                      4526a57d4ae14ed29b37632c72aef3c408189d91

                                      SHA256

                                      68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

                                      SHA512

                                      b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

                                      Filesize

                                      6KB

                                      MD5

                                      710a5ce765aaa4ff791dcdb5e292e03c

                                      SHA1

                                      07a2de8ade51809e5f24fd56539ac2be58b64d04

                                      SHA256

                                      39cdab31b06e095a48edc5486780d7a10229b76adcea919dab763b58880b3182

                                      SHA512

                                      1a6e2143c0b506ac355f7dc921f843683eebf68fdd9824efcbb685fd94251281779898f80a0ff7df389be4dd9c88b260dd2dab2cced21a703e7fc5e5ba463205

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

                                      Filesize

                                      7KB

                                      MD5

                                      fe62e3b8af0be7215d330055062a4f4c

                                      SHA1

                                      905ab27f3fa35c22922afaf7714ac5fe5ad18900

                                      SHA256

                                      4e197b98d3680188858481fc16db96f80b51779ea134478692c88c24d51b5dc5

                                      SHA512

                                      41f817722d5bf2713f530c938790d069f497705dc6a41af35cba60e487b34f432c7177cac195ea1937471e547513245f26defd30102ccb1cb2e179763b3a7342

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs-1.js

                                      Filesize

                                      7KB

                                      MD5

                                      0fef96a3a071fd3196b177773462833b

                                      SHA1

                                      5f4767e19925df4ba264ee8a5b5a444a8a02727f

                                      SHA256

                                      4af22c1518209e7105a6839430cfd9016f7f9d91d30d56c8428b67594284d39d

                                      SHA512

                                      de9103f1049dd5aa2f9cb62e53e560917138ab9967cbcec8a52dd3f9f61f633d77524380f4d62672be866621fe3ad252f2fdd0306f36b9719d4170ae41b4d71b

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\prefs.js

                                      Filesize

                                      6KB

                                      MD5

                                      bea7fdbea8897bab26e5a48e376477d3

                                      SHA1

                                      2fdb2023bd0af2d59354693b9109638b591eee4d

                                      SHA256

                                      d0f2942eab83e2ab8ec90a03f03951f27080b93ee192ce94c843450d0825a110

                                      SHA512

                                      781e3291a8b06bbe15b486870fdf9abdc08a95b4ee30d3eda8b3667cb5b64799d3522be5ec632f989c304d1972b10c6d6174c42909816831fc05dc4f0b47d832

                                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\i7f18jmm.default-release\sessionstore-backups\recovery.jsonlz4

                                      Filesize

                                      4KB

                                      MD5

                                      e0cb4ed60baae07ef92a5d7886ee1164

                                      SHA1

                                      5dadf58c82fa57d10ec9396f50078cf23b8c29d7

                                      SHA256

                                      c584c77b03c196907da1329876265656b397014c142e8cfc019362dff12e9d50

                                      SHA512

                                      f56ec12096c7f3560a7c131a500b017a1b60d720737c7a2fa6ffdea31575b2ace3ec004d85d322981470ec10a05fb24d28e53451c6e4716892e6f06744e9a442