Analysis
-
max time kernel
591s -
max time network
596s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
19/08/2024, 18:10
General
-
Target
PepperX.exe
-
Size
3.1MB
-
MD5
2ed601b0043d457f70fff1f1846acebb
-
SHA1
7c1a93357661d9b7ae82f570db12267b0163dc75
-
SHA256
fcece45f00b710bd5cb01a2a79781c871f1bd36fac18e00e85bd6452ecd5eadd
-
SHA512
36abc1f2c857e6d266b8bf7544f9f7bae9d1d8b96487588c0c7bb20f725323d12979831de4616d7af59424b4d2851359b2f2f5e97845585da6e7b18902f90d72
-
SSDEEP
49152:UvBt62XlaSFNWPjljiFa2RoUYIObKpF5MheLoG8oTHHB72eh2NT:Uvr62XlaSFNWPjljiFXRoUYI6KpFJ
Malware Config
Extracted
quasar
1.4.1
PepperX
73.190.43.125:4782
88509de8-78d9-4efe-9597-51afc31df588
-
encryption_key
76CFB69AF5F0F8C3D00E4C97AA198CA6E956A019
-
install_name
PepperX.exe
-
log_directory
Logs
-
reconnect_delay
3000
-
startup_key
Windows
-
subdirectory
SubDir
Signatures
-
Quasar payload 2 IoCs
resource yara_rule behavioral1/memory/4472-1-0x00000000004A0000-0x00000000007C4000-memory.dmp family_quasar behavioral1/files/0x000800000001abdf-6.dat family_quasar -
Executes dropped EXE 1 IoCs
pid Process 4488 PepperX.exe -
Drops file in System32 directory 5 IoCs
description ioc Process File created C:\Windows\system32\SubDir\PepperX.exe PepperX.exe File opened for modification C:\Windows\system32\SubDir\PepperX.exe PepperX.exe File opened for modification C:\Windows\system32\SubDir PepperX.exe File opened for modification C:\Windows\system32\SubDir\PepperX.exe PepperX.exe File opened for modification C:\Windows\system32\SubDir PepperX.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings firefox.exe -
Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 4128 schtasks.exe 2648 schtasks.exe -
Suspicious use of AdjustPrivilegeToken 8 IoCs
description pid Process Token: SeDebugPrivilege 4472 PepperX.exe Token: SeDebugPrivilege 4488 PepperX.exe Token: SeDebugPrivilege 2868 firefox.exe Token: SeDebugPrivilege 2868 firefox.exe Token: SeDebugPrivilege 2868 firefox.exe Token: SeDebugPrivilege 2868 firefox.exe Token: SeDebugPrivilege 2868 firefox.exe Token: SeDebugPrivilege 2868 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 2868 firefox.exe 2868 firefox.exe 2868 firefox.exe 2868 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 2868 firefox.exe 2868 firefox.exe 2868 firefox.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 2868 firefox.exe 4488 PepperX.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4472 wrote to memory of 4128 4472 PepperX.exe 72 PID 4472 wrote to memory of 4128 4472 PepperX.exe 72 PID 4472 wrote to memory of 4488 4472 PepperX.exe 74 PID 4472 wrote to memory of 4488 4472 PepperX.exe 74 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 4216 wrote to memory of 2868 4216 firefox.exe 77 PID 2868 wrote to memory of 316 2868 firefox.exe 78 PID 2868 wrote to memory of 316 2868 firefox.exe 78 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 PID 2868 wrote to memory of 4616 2868 firefox.exe 79 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\PepperX.exe"C:\Users\Admin\AppData\Local\Temp\PepperX.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4472 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Windows\system32\SubDir\PepperX.exe" /rl HIGHEST /f2⤵
- Scheduled Task/Job: Scheduled Task
PID:4128
-
-
C:\Windows\system32\SubDir\PepperX.exe"C:\Windows\system32\SubDir\PepperX.exe"2⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4488 -
C:\Windows\SYSTEM32\schtasks.exe"schtasks" /create /tn "Windows" /sc ONLOGON /tr "C:\Windows\system32\SubDir\PepperX.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
PID:2648
-
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4216 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.0.1896431052\1347487326" -parentBuildID 20221007134813 -prefsHandle 1664 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f331fb7c-8a53-4311-8c47-298b00ce1014} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1784 28b198d6158 gpu3⤵PID:316
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.1.495415119\1134430334" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5412878-3af4-4356-a412-8533f91e780f} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2168 28b075e4158 socket3⤵PID:4616
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.2.763046308\461062228" -childID 1 -isForBrowser -prefsHandle 2868 -prefMapHandle 2864 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e95bd2c2-e20b-40a9-82c7-777c119ae897} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2880 28b1da9d858 tab3⤵PID:2508
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.3.865044025\1003202553" -childID 2 -isForBrowser -prefsHandle 3360 -prefMapHandle 3356 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {da7f4812-af19-478a-a0ac-4c1c2b0cb75a} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3380 28b07562258 tab3⤵PID:4712
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.4.398514513\391907127" -childID 3 -isForBrowser -prefsHandle 4176 -prefMapHandle 4172 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {20a0d22f-80be-4c55-91ce-8936de0ff28d} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4188 28b1fb1d258 tab3⤵PID:4880
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.5.906151278\1080296547" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ccaa79b-c61e-4cae-9021-787511d68093} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 4984 28b20692e58 tab3⤵PID:2640
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.6.818588765\263672872" -childID 5 -isForBrowser -prefsHandle 5124 -prefMapHandle 5128 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad63f3fd-23ca-4153-a1ef-3b79dcb5fe72} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 5108 28b20edbe58 tab3⤵PID:1960
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.7.1009991090\827538769" -childID 6 -isForBrowser -prefsHandle 5316 -prefMapHandle 5320 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c327ae56-6584-42ba-9104-f358fcaea1d0} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 5400 28b20edd658 tab3⤵PID:4356
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5d63ff49d7c92016feb39812e4db10419
SHA12307d5e35ca9864ffefc93acf8573ea995ba189b
SHA256375076241775962f3edc08a8c72832a00920b427a4f3332528d91d21e909fa12
SHA51200f8c8d0336d6575b956876183199624d6f4d2056f2c0aa633a6f17c516f22ee648062d9bc419254d84c459323e9424f0da8aed9dd4e16c2926e5ba30e797d8a
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B
Filesize13KB
MD51603886b477b9cdaaeefd493a23247a9
SHA19c5c24b7ac111e08105fd7bd5d2c67009fd0cf16
SHA25621c306ce9ae9b4a3fb99a0e4e888d8b818fc890032cf35c5e0ba29e68f30d369
SHA512a44a168f9f3b5a12ceef6662aa213326c52eff76398cb1c655141a4a7410edddaf3ba390a488c258f156d9298454ee2ef8357bd17ec47e585b3558761648633b
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize5KB
MD5d8de3f7f0dc6edf115d973c1a2102a3f
SHA1b85dd90b4c40d46a77e3042007f426cbef4fffad
SHA256a30a091e1d1a0ffd2471517a4aa47ef60a0050aab9aed87942fe800112ac64db
SHA5120c8f2597f66dcf6bbb546f465fe99d4eaf3609a14779fa0f92dc04d9a918b7b54bcedd9ad665e8386f603be9b337c1ab6bd86594e0fb9d3fab345994a52442a2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\bookmarkbackups\bookmarks-2024-08-19_11_ynjabA+xcPNHPZU1gEyrew==.jsonlz4
Filesize946B
MD5bc3030c50bf86982219a2ef0685a4342
SHA1f5959d9850ba5f1b0e7ac71cfa35550c0dfb6c85
SHA2565e38cdcb2dda5e8038815eb31f05ec6bf9d4db0718af6443aa4247fb70d888d6
SHA5127970c02c7a335c3b1ae73f9363fd3282f495ddb8238947af59828eca4c52345e5ed2801e2b766b86d13f1fd784629ea86dba711711cc0760fcd579e11c0dae8b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json
Filesize216B
MD5c6da534f50ab008a784a62b6327a3ec3
SHA108554dbaec9a1b504cde8760072ca438544b776a
SHA25665f9ebbbe54cc02611f66ffb504c59d39afc8134db665e11fa292c8d1828d954
SHA512ec0feabb73429bab43c7ea5b0ce48911afb756b9457aa8a0469e7a5bf8595eecaecce5d0e7790da6fca789beafd62eaec3128a24755fbcce828312108b1dcb3c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD539f1a5966168bd73a09c51b6f155ee10
SHA1a4b0808fc831fa55b5d1d42678ab8cc5a26a6abd
SHA256e53bed37f795964d7b2abf6f785387831d73de51ea17e16a81da9e9734d2c415
SHA5125e20c7be94ece4adf4adcbeda2e6f246017e4a0e2081817463c6a4a0ffd05aab7c4eb6961f2c69812d083ede5ccceac1b78a43d1949d0e6b1a94fb3e677f4bec
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\5596ed59-2c2e-48cd-af54-e736687619ea
Filesize746B
MD58ff3fbe9260d61112f8607321d85505b
SHA1217d264c6274dfc1f359ba38bcc90a9cc35c3d0f
SHA25607358f5be4b5d860b87f86264b553e42a384bc642e0aa4153e963111a0ac6f08
SHA5128029564384f188fb6fe9f4aabe074d9ca361899acf97c773c4ef3149a2e210f15c559af7fd5535b19d385bac173c5610686f73fbccccf1e716f9cb4e39c76a9f
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\95202b27-bc50-448a-ac3a-b21cdc92689d
Filesize11KB
MD57ff2ba2e450262895c94840b452666d3
SHA17ebcf6f7e0a88af025a33edc72a11813e6fd8930
SHA256193f6d033257b93cd19f9e7d13ebb2c405aa5d59a2dea787b454f238c5cefd57
SHA512dca0e72446df013ffaf8e6b6ebc1d24076646a4d2fdaee17db0e3fea6d5046bc58c9b0671dbe11355d45750f9734ee50b1d246e4d57c2dc89f5d12426db4122d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
10KB
MD578ee8243739d3f39b57bf89d7d494784
SHA18f10174b101be336176069ae350c76380aa41155
SHA256e870f3dc8f0b6a6140b8dfaf4b60016670eb94dfa4428b529961db9943163ba3
SHA512fabe947728eb124af174c4f0677dd9e0e53ecdd1f7d02b5034034ca4d776e3a6d0c64c0bc219bc49fad9ad62b77d7b9fadada77d1825c19d885f25f2bce60cbd
-
Filesize
7KB
MD59e1c9be51f57b23c4c3d0529244d6db7
SHA1ca91c172b60fb6d76aebcd48c96c612f4dd87551
SHA2560fb664eb8d029a534281efe7e5c80bb13519b8bfe6021b2235d0d91f2be99c97
SHA5129b12d807107a6ed9ddecc7a0b70c2e864b4aa5e7048040c51eed3e69d272b7ed837351ed25bc25dc63a13e2542c9a60f6d8cc3a86ee5494c56877127da64912b
-
Filesize
6KB
MD53fafaa0dfd030dab7f342687a22a4ec7
SHA192440a7aebda3da906a05cae5f749555cd090005
SHA256a7f05b237a1ee18819fbbc28b6868525b10a9e452b0500b2b3cab8c3dcd7d851
SHA5127fec5f3f0a48a764e55c8ae8b73edb4b909f3a24edd650bd9cd5c61f34e50920b3231ee029f0610bd164d8add2a805546e88c7bec187157125e6f2a0a784ee5b
-
Filesize
6KB
MD5767d78436ff0c2c2c29c540882518d68
SHA1bd638f3d862b49b90c3206d345a08a5523cdede6
SHA2562e97bc27508683d2a23255c6929102966f0f35cb3eb7b906ba882ec43781ec5d
SHA512a65243b447637f7073540a4f37f7692731571674675a078f61dedf388754fdc434e24d015c25880642385c3cb3571a21d639dbd7cf0e63b0eedaabc785b415b9
-
Filesize
10KB
MD5bc6014165a1d910b42f1a948183cb745
SHA1a179708f7d6a9315678ccb135e56d47a8b538f60
SHA25629a680bece2f39901a677ca21b4335e8331d216c95a461d1fda78fcbc36a7bc9
SHA512118afdaf7cc29b576600c560e8e7ccea5d31e563f702bff0ccbc1aa16cda27f81d85ac393733dbd66c881706cb745f48b24d6768d9b706e648b9e1f271307dbf
-
Filesize
6KB
MD5f894aac846ae5f809dbdc7ee286843a6
SHA15b93d762dcf4ff0737055db2515dbddaebfe5faa
SHA25611145120cc7e020c847eef4e9c11bd9b23968b798865cb5a0c65603cbe5be81a
SHA5129e035fa8e4e77fa6c31390307734b57a4ac44d06710d55dc8f5b7a4927757a454b11f44494c98ae786b01305887cfd9c3104452770a95ee4852bca65c7a864b8
-
Filesize
6KB
MD5262962d964d5f63468225e655d0fac7a
SHA1f851187eaf091087803e07218b528f33296434fa
SHA2560f223b239171b5ee6c9f844352bce860a397f2dbf1e04f79b29f29a6b9d2f2d6
SHA512a0c068ed3030f592566ed7a3a193b08933ee49e7a9cbe5d126fd5e57c4634aacff65e8bf35aa3a332892064ed8e47dd7ca478bfbc83cda23bf94dd4f910611c0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5b78ff6a6136001d3fbf6c350cd61cb85
SHA10ba19feb045acea3539b5fe14b31ac4dc5926069
SHA256ac5786ea8faf46d9cb3d71cd8a13d57a6c46308a3eb6ad67c44a665fa5d53dbf
SHA512a972122884d2eb558904a326672c2227010860d48578be3b22f37f4a5ecce9a1b0e587d0d4d3008fdea030ab8984f4abb708c08a1dadac2f6d2643985f18bfbc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD54074ef7f2fe3552e8f546088dc5e7a67
SHA1a58159dd60d67afe4c633b28480c04a5859cb450
SHA256f6560a934efd84b777d55fabf56bc1d38e81c6dbaba4af68178a03af2bacf478
SHA5129f74d359d33328dad9904ee4771f139bc876651f7004a7d289a9aa8b38048ad9033d7d66c8b349d399c39952a3477d530d7a35a679b88bf09c42b49468cea7ec
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize7.7MB
MD5590941509220882007f650a991ae86d8
SHA1ce6e89e1b6f46e40809906041ecd7f0d54592e10
SHA2565d042b92875da76de5bef02cecdc6568bf56e8e94f33b200e91ed589a72baad9
SHA5122bb06adf621cce2e1cfb7a6c96639ac2093d07769f9261f60bd59c3d7625cc9e00137e3479ed4adf187fd9d1f81c2142962b11b4fdf4564570fa6c1837d83d01
-
Filesize
3.1MB
MD52ed601b0043d457f70fff1f1846acebb
SHA17c1a93357661d9b7ae82f570db12267b0163dc75
SHA256fcece45f00b710bd5cb01a2a79781c871f1bd36fac18e00e85bd6452ecd5eadd
SHA51236abc1f2c857e6d266b8bf7544f9f7bae9d1d8b96487588c0c7bb20f725323d12979831de4616d7af59424b4d2851359b2f2f5e97845585da6e7b18902f90d72