Overview

overview

10

Static

static

10

build/pack...64.exe

windows11-21h2-x64

9

Analysis

  • max time kernel
    126s
  • max time network
    133s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    22-08-2024 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    build/packaging/nsis/wireshark-4.5.0-x64.exe

  • Size

    140.1MB

  • MD5

    3dabcbdceadc3c0f99595728b1aacca2

  • SHA1

    9cc72a1b9b8d655ceb9108c4a447f112d8d44511

  • SHA256

    45b22782db9f3b15b53d056e4b4b2a725e85d276f8f12125ea7e928b1d8c94a5

  • SHA512

    2648c7d202c4728617417a9df8ca0d198ec0793a3e8ea38f63c2c9d7095380cd79776b95f27abe566bb82789ddfae657ded33876fe13194046663b3ed35aed61

  • SSDEEP

    3145728:dmDxMO97QySz96BBgMDsonZWh5MPj0Qw/2w0FjIXvibrMpv3KgoakU2Tmu65:mjOv4BvDslh27K4jIXvf3KW2Tmu65

Score
9/10
discoveryevasionexecution

Malware Config

Signatures

  • Checks for common network interception software 1 TTPs

    Looks in the registry for tools like Wireshark or Fiddler commonly used to analyze network activity.

    evasion
  • Command and Scripting Interpreter: PowerShell 1 TTPs 6 IoCs

    Run Powershell and hide display window.

    execution
  • Drops file in Drivers directory 3 IoCs
  • Manipulates Digital Signatures 1 TTPs 8 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE 6 IoCs
  • Loads dropped DLL 64 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in System32 directory 34 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 15 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 38 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 41 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\build\packaging\nsis\wireshark-4.5.0-x64.exe
    "C:\Users\Admin\AppData\Local\Temp\build\packaging\nsis\wireshark-4.5.0-x64.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2820
    • C:\Program Files\wireshark\npcap-1.79.exe
      "C:\Program Files\wireshark\npcap-1.79.exe" /winpcap_mode=no /loopback_support=no
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:4380
      • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\NPFInstall.exe
        "C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\NPFInstall.exe" -n -check_dll
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:892
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq '0563b8630d62d75abbc8ab1e4bdfb5a899b24d43'} | Sort-Object -Descending -Property FriendlyName | Select-Object -Skip 1 | Remove-Item"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2984
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "If (Get-ChildItem Cert:\LocalMachine\Root\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43){certutil.exe -verifystore 'Root' '0563b8630d62d75abbc8ab1e4bdfb5a899b24d43';If($LASTEXITCODE -ne 0){Remove-Item Cert:\LocalMachine\Root\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43}}"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:916
        • C:\Windows\SysWOW64\certutil.exe
          "C:\Windows\system32\certutil.exe" -verifystore Root 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43
          4⤵
          • Manipulates Digital Signatures
          • System Location Discovery: System Language Discovery
          PID:4576
      • C:\Windows\SysWOW64\certutil.exe
        certutil.exe -verifystore "Root" "0563b8630d62d75abbc8ab1e4bdfb5a899b24d43"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3336
      • C:\Windows\SysWOW64\certutil.exe
        certutil.exe -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43.sst"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:1712
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Get-ChildItem Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq '5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25'} | Sort-Object -Descending -Property FriendlyName | Select-Object -Skip 1 | Remove-Item"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2552
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "If (Get-ChildItem Cert:\LocalMachine\Root\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25){certutil.exe -verifystore 'Root' '5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25';If($LASTEXITCODE -ne 0){Remove-Item Cert:\LocalMachine\Root\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25}}"
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:864
        • C:\Windows\SysWOW64\certutil.exe
          "C:\Windows\system32\certutil.exe" -verifystore Root 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25
          4⤵
          • System Location Discovery: System Language Discovery
          PID:2628
      • C:\Windows\SysWOW64\certutil.exe
        certutil.exe -verifystore "Root" "5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2196
      • C:\Windows\SysWOW64\certutil.exe
        certutil.exe -addstore -f "Root" "C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25.sst"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4784
      • C:\Windows\SysWOW64\certutil.exe
        certutil.exe -addstore -f "TrustedPublisher" "C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\signing.p7b"
        3⤵
        • Manipulates Digital Signatures
        • System Location Discovery: System Language Discovery
        PID:3304
      • C:\Program Files\Npcap\NPFInstall.exe
        "C:\Program Files\Npcap\NPFInstall.exe" -n -c
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:1824
        • C:\Windows\SYSTEM32\pnputil.exe
          pnputil.exe -e
          4⤵
            PID:1652
        • C:\Program Files\Npcap\NPFInstall.exe
          "C:\Program Files\Npcap\NPFInstall.exe" -n -iw
          3⤵
          • Executes dropped EXE
          PID:3368
        • C:\Program Files\Npcap\NPFInstall.exe
          "C:\Program Files\Npcap\NPFInstall.exe" -n -i
          3⤵
          • Drops file in Drivers directory
          • Executes dropped EXE
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Checks SCSI registry key(s)
          PID:2060
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "Microsoft.PowerShell.Management\Start-Service -Name npcap -PassThru | Microsoft.PowerShell.Management\Stop-Service -PassThru | Microsoft.PowerShell.Management\Start-Service"
          3⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:5056
        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
          powershell.exe -NoProfile -WindowStyle Hidden -NonInteractive -Command "ScheduledTasks\Register-ScheduledTask -Force -TaskName 'npcapwatchdog' -Description 'Ensure Npcap service is configured to start at boot' -Action (ScheduledTasks\New-ScheduledTaskAction -Execute 'C:\Program Files\Npcap\CheckStatus.bat') -Principal (ScheduledTasks\New-ScheduledTaskPrincipal -UserId 'SYSTEM' -LogonType ServiceAccount) -Trigger (ScheduledTasks\New-ScheduledTaskTrigger -AtStartup) -Settings (ScheduledTasks\New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -Compatibility Win8)"
          3⤵
          • Command and Scripting Interpreter: PowerShell
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1112
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
      1⤵
      • Drops file in Windows directory
      • Checks SCSI registry key(s)
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2932
      • C:\Windows\system32\DrvInst.exe
        DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{82f9caea-e682-1046-ac6d-afb0aa360e80}\NPCAP.inf" "9" "405306be3" "0000000000000148" "WinSta0\Default" "0000000000000160" "208" "C:\Program Files\Npcap"
        2⤵
        • Drops file in System32 directory
        • Drops file in Windows directory
        • Checks SCSI registry key(s)
        • Modifies data under HKEY_USERS
        PID:4752
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:5924
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe"
        2⤵
        • Checks processor information in registry
        • Modifies registry class
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        PID:6008
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fdd62de-16ac-4280-a781-f267a2b9e42b} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" gpu
          3⤵
            PID:4276
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a090d953-81d5-4113-b549-0d8b5fad49ce} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" socket
            3⤵
              PID:1116
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2780 -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2896 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59d21f33-8f55-44a9-8df2-8618d7d07237} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" tab
              3⤵
                PID:4796
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 2 -isForBrowser -prefsHandle 2696 -prefMapHandle 3532 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf5c812d-9590-416f-8fdb-78e4965a45fc} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" tab
                3⤵
                  PID:2692
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4236 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4232 -prefMapHandle 4228 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4c5ca71-e472-4ea5-a85d-67e0566d152e} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" utility
                  3⤵
                  • Checks processor information in registry
                  PID:1780
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5436 -childID 3 -isForBrowser -prefsHandle 5432 -prefMapHandle 5368 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aec43026-b005-4267-b02d-08d02401c9ff} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" tab
                  3⤵
                    PID:5324
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a1ac88b-b499-46d9-af14-cd7ba76d32ad} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" tab
                    3⤵
                      PID:5336
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5772 -childID 5 -isForBrowser -prefsHandle 5780 -prefMapHandle 5784 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1364 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2112aa3-de75-4691-8087-8c38b5b512ae} 6008 "\\.\pipe\gecko-crash-server-pipe.6008" tab
                      3⤵
                        PID:5348
                  • C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
                    "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
                    1⤵
                    • Modifies registry class
                    • Suspicious use of SetWindowsHookEx
                    PID:3900
                  • C:\Windows\System32\rundll32.exe
                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    1⤵
                      PID:2972
                    • C:\Program Files\wireshark\Wireshark.exe
                      "C:\Program Files\wireshark\Wireshark.exe"
                      1⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Checks processor information in registry
                      • Suspicious behavior: AddClipboardFormatListener
                      • Suspicious behavior: GetForegroundWindowSpam
                      PID:3612

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\PROGRA~1\Npcap\npcap.cat
                      Filesize

                      12KB

                      MD5

                      851cc374a87e0a83956a29c762c008c5

                      SHA1

                      1f1c907e687631c551caaaffb0de28dfcfb03c01

                      SHA256

                      f05d0dfba14aceb7cb27b49ec8c4f1ce179813e0cf89a32855d7ea2fda91e124

                      SHA512

                      260c822dbb2fd53cec2ad352e97a42a665fc030de9cf0b223fed3a945822ccbd7e0e12fa0873646aaf38f5f7b93428f29c0bed3709fbaaa83a3dab6dc39a2dc7

                      Download Submit

                    • C:\PROGRA~1\Npcap\npcap.sys
                      Filesize

                      68KB

                      MD5

                      1637086aa0ba4637d2788dc20a0cc67c

                      SHA1

                      4628fe7561526714361764ec637339b21ea88b60

                      SHA256

                      734c62543768e37c36386b4a07582bb5b322a60d5c997626465725c5b5cef978

                      SHA512

                      92fb3dd73873ef8a888823f14911f52fe7c11a06bf4172929783a3f3106ea6298d660389cfca902153424b8df64fbe9dc9c5651228d5eb72a650655df21f7cdc

                      Download Submit

                    • C:\Program Files\Npcap\NPCAP.inf
                      Filesize

                      8KB

                      MD5

                      ed7304fce3f5e3de28435d3f9e8b4156

                      SHA1

                      45bc86c10386c9368ac482f341999a289dd46897

                      SHA256

                      64be5edac3eba224120138c6dea3e4a75740e23324fba5a0799499402d96a258

                      SHA512

                      d7532a12b726869e430745da536b7e1e85ce5871bbf3c3cf5fb4261f5b3d5d4307e6267a8b5f53a6719369e261c66c85c05f3941974594ae4864b16242cae41b

                      Download Submit

                    • C:\Program Files\Npcap\NPCAP_wfp.inf
                      Filesize

                      2KB

                      MD5

                      8ca4504e8e9b66d925107a8f13d9babb

                      SHA1

                      a1d34e2a6e9ce395da0702a9b1e1ec815dc144f0

                      SHA256

                      d1b2726787010252e4dec2a1a47fdd42d86b917c9c41f8baab2219de938b90cb

                      SHA512

                      4c3fe98134c6e7c180829f82374b22ab052e1cadd2d2ff71ff6eefa4e2a7ff21b8bff14ff21677099d2656a0c216c40abb9246860e70be9f254d73d58b624c38

                      Download Submit

                    • C:\Program Files\Npcap\NPFInstall.log
                      Filesize

                      1KB

                      MD5

                      a7de1a6d83b700584eaa1437cf0a3cea

                      SHA1

                      7653b1247915e5fd6141dd3d2f8c5cfc9401e224

                      SHA256

                      1456378eec931e4514676a81e2f8caca854ae4033a6a4c268180ae808cf19eca

                      SHA512

                      deb83d6255d2652dcd9a5a0c9bd6987fcbf466ac28bdfc93b17d5bca6c2229850d9bb7e9e8b7aa36e957354dc2c7e765024ce97c4c81f92f49cecd6e94e0b024

                      Download Submit

                    • C:\Program Files\Npcap\NPFInstall.log
                      Filesize

                      2KB

                      MD5

                      f64ff041b23e4822730279987271fee0

                      SHA1

                      25699899ad929f3f5f0985ae0c4f4948192d3ec1

                      SHA256

                      7860df2cca134bfa62fda18aa9f5e6e5a1cb5256defaa17ebbafa41cab60d113

                      SHA512

                      4095e6a875b037a7ae93d3c3c8df0c10e73f5444e9b5eac34aa6597a0f288fc851aa164cc525151b25aff11d86fcf0aea1127887d599d88f0966fa65813506b2

                      Download Submit

                    • C:\Program Files\Npcap\NPFInstall.log
                      Filesize

                      3KB

                      MD5

                      c7e833b4ca5533ec21a204f7d7de1d3b

                      SHA1

                      4a43032ea7c793eff6a2db4f2e1480dd58b90952

                      SHA256

                      27aa3141f00142b6ae4dd2420defb763087cf9a00297ebd8b5f47129bd2553ed

                      SHA512

                      15cb551afbc54bc36c34a782f72f4bd5a77ddce543fbafaa2bcaf56e6bf611f8f0766b9699aed30acf20b255af34a8628ef18d01f19af8eee58816b65d323a41

                      Download Submit

                    • C:\Program Files\Npcap\NPFInstall.log
                      Filesize

                      4KB

                      MD5

                      d1bac023bbf774d41dc24d4ac73560ae

                      SHA1

                      c54d038f62fca8f537a5348421c7bbe70ce2cec0

                      SHA256

                      a711177c1398ac71511f56f1215e5e885c4ea8d06adcdae3c8a7f8f4270c08d4

                      SHA512

                      df403b073898ae08e349eca3aa29dde0bfd09b575c34a24298616242d12313b0ee63649c2529483d29e1d2073e8285d66e3c4223c6817eed6cde67bc0a274f76

                      Download Submit

                    • C:\Program Files\Npcap\NPFInstall.log
                      Filesize

                      4KB

                      MD5

                      924dd62894e5bb430728d9db055d778a

                      SHA1

                      b89c5ec6c3d405e4d5e90db13bee69b267d8f8ba

                      SHA256

                      56725678750a58560698ba16c0cd76d85405a3a00e14a9e033c1f3b14716f4a1

                      SHA512

                      5e3edf5c6448bcd3e64268de1eaf05894bcac1c9a05ba97be804019223a95b94669648f66729aac84255718b68a16a460692cc522c5005812d617245b9ce48fb

                      Download Submit

                    • C:\Program Files\Npcap\NPFInstall.log
                      Filesize

                      393B

                      MD5

                      a7dd7832fb1745725e6e68742a33e16d

                      SHA1

                      730c1cb98b11be92fdd3bc7719e462e9943316ac

                      SHA256

                      c59f93ef85820fd6d0b223fba78c720f130ddc009be219284a9e8d3bd21ae817

                      SHA512

                      a76551c5e630f3ac7dc121501aa8606fe7d63cfd1edf70bf0768ac2fb64f3475a5bfc1b5ce44cff3169f80a6133e731fe783d0719b0b9828cece2c906b5a715d

                      Download Submit

                    • C:\Program Files\Npcap\NPFInstall.log
                      Filesize

                      926B

                      MD5

                      b53e80e92f6b02398057b648788ce24d

                      SHA1

                      a5fb9bb28283d96e264f9901f2bece0212eaf6cc

                      SHA256

                      482129b342bccd03e1da1dfcbd6c690c410cc5de158980203f76e3ebcdb9ab51

                      SHA512

                      994886d1150496d26bad2b9b9f87fa8b8eed7ac0eb1d03a56cfac48cbd8ab1e4b0d88972773d61b35d8c63a67bfdfe30cb93d0b2f56529371b2205eaf5b74498

                      Download Submit

                    • C:\Program Files\wireshark\libgcc_s_seh-1.dll
                      Filesize

                      906KB

                      MD5

                      bfac021919090c9023159c0e3972685b

                      SHA1

                      8fc30beeb3e2c41a79f94bb46d6534e63336a903

                      SHA256

                      8838301cc288cb3266d15e56a5ba276d465ec6019ce3e17e2b9a08b9a0d4b230

                      SHA512

                      390c1cb5783d69f52570b5c0632abda3113241c30e71cc229f43aac403435e2abf0adeb31e560769f60edd06f62ed5fecb4f62d439304802a712c8b35c4efae6

                      Download Submit

                    • C:\Program Files\wireshark\libstdc++-6.dll
                      Filesize

                      25.1MB

                      MD5

                      d13cf05a080fb39f93b58d443361dfde

                      SHA1

                      c57940ac19701c469258f6cc86c4a52c7e3f69c1

                      SHA256

                      448d0cd49cfc47d1d2bc8951da44bebbe22966558b00140c1719d19e77667438

                      SHA512

                      55e46655c028b969869e54dc778676f4701fdb48ea9af3f48eb4e029fc3a051f1e06db5db512f1d0d52e3aca8872cbfd6bf81411153362a340bdf0942ef8adad

                      Download Submit

                    • C:\Program Files\wireshark\libwinpthread-1.dll
                      Filesize

                      66KB

                      MD5

                      aaf9881ca83e681cb00c5fb44b7f9799

                      SHA1

                      7cc722f3832f75c63c1a156f1b26125af38dabfd

                      SHA256

                      7fa357db9653b61d72657b5539680a2fef2b1fc3604477c5258bf08f165f017d

                      SHA512

                      d14030e37128763cef84bc5cba8ea4aa2c609c068eb218e3f04c15493ba0c43232f8668365cd6dc3d93feb48eb33469614238762947605d0cd9250b1491cebc5

                      Download Submit

                    • C:\Program Files\wireshark\npcap-1.79.exe
                      Filesize

                      1.1MB

                      MD5

                      a4d7e47df742f62080bf845d606045b4

                      SHA1

                      723743dc9fa4a190452a7ffc971adfaac91606fa

                      SHA256

                      a95577ebbc67fc45b319e2ef3a55f4e9b211fe82ed4cb9d8be6b1a9e2425ce53

                      SHA512

                      8582b51b5fea23de43803fa925d13f1eb6d91b708be133be745d7d6155082cd131c9b62dc6a08b77f419a239efe6eb55a98f02f5783c7cd46e284ec3241fc2ee

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
                      Filesize

                      2KB

                      MD5

                      08a41b2a5cba04117cc86ac7628814fd

                      SHA1

                      27ef154216bc996c5d6726072715f176ac349fc5

                      SHA256

                      8f2c523d6b851d6a91ebad962f18f005e8ab564efc5a2c3325a2d7ddd469f0a0

                      SHA512

                      df9d99b0cd8de5b2da7c74520c66a35acfa0dbf6fe927e3146a63d52c0808792a1cb56c36645810a4eccf3ada536f931e0e4b5e1472c01a709fda4d3eafb53e7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                      Filesize

                      17KB

                      MD5

                      ece761185d91c00d5aa620b1c18d45ec

                      SHA1

                      9d4bc72467a805d8a238ab05cbdce4efe3d41003

                      SHA256

                      639ecd2e696874bc4ba626f2a81767c1b76b5a33805d3cb2360098c12e8a0673

                      SHA512

                      8cea9d9c959d637582641d63d873392ab308f000837408bc31b5cc48bf561601a29ac030ece12c7a404310ab680b3cd99ba48ffb67ca559e54c73e4f3ae6f329

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                      Filesize

                      16KB

                      MD5

                      ffcc8be8b7819dcf5659ba12c590cc58

                      SHA1

                      e03255a32ccf93ff44a35dcb0b1f902188e4735d

                      SHA256

                      251a463724dc69b1d7f8e452399e10868cee86e33190e6b1a236c4527d18f6ea

                      SHA512

                      c5e2ecfdec89742b01b2eddfba21f585c397d8ed25845dc9cd7f1df3b51441f8043661bc83b0b47789ce0c411751eaaa0e1471f4d69834c4f1e0662ee7edff1f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                      Filesize

                      17KB

                      MD5

                      1e841cc21a84ce1a4c5c1024df47375d

                      SHA1

                      281136135a20777d707a0b3e32a6613c7f210299

                      SHA256

                      6d698ddcfe38c793adc49c9589cd365d42084dd2f44ff26d294114b1c5c0b063

                      SHA512

                      fa845c374f4cc9d5cbae7c2e5c1c087659de4980fca09f8b8526db8f19a9e7d1ea4762306e33fa4f8f31d896a64f6c8145df0f8d1910553b4025ca79cf36adad

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                      Filesize

                      16KB

                      MD5

                      a72a658d14306582df4b335459b3b603

                      SHA1

                      1064f33bef9c11392bc00c2aaf4625b8f0a38e73

                      SHA256

                      2b873447f978379f615665c803581e2eee803d468efb9e1da1f683a20ecc6a14

                      SHA512

                      250aed8ba9253a9d47f7d13f7a5b2abe33d0b8c8836cbea6a0619c4202a41cbf6fe3d0f69ef804ea3905437ef854db556a5c11b37af42c98e43535ed52557dc1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                      Filesize

                      17KB

                      MD5

                      9fb4476a61ca8e5a4dbc28bb86920ddb

                      SHA1

                      6c7e1a20664cb7a5d42adb0e89d8178f36546825

                      SHA256

                      ff16610f82859a146291a1744d7f70c0193b739b87d01fb1101c930e0f0a55ac

                      SHA512

                      f9268001a8cd1c7f7dc9b6584a13f4b0b3611956897a82df8628af4bbcefe622c79037e1452c6fe06cc3abf92a9cd6e2b68bd86ba1e27f6a4a19e597793aacdb

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
                      Filesize

                      10KB

                      MD5

                      ff07e178ba8fd05e3b7335166fde1825

                      SHA1

                      dc44452f11afdd25559d2098f0c045c9b2a28517

                      SHA256

                      716adcc5d6f564511bd854c6017cff26f1bd0925f2b9bce4b098b579581c2c6e

                      SHA512

                      454a97d5ce968a888739d06ec6c6ce3d300ab8652ab8afe1a3d4f6b382373a5fcd4bce4f4536ced35bfcf70e24d16e5f6f01300ce9caf3945383e75848e117bd

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e23k4lr0.lyw.ps1
                      Filesize

                      60B

                      MD5

                      d17fe0a3f47be24a6453e9ef58c94641

                      SHA1

                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                      SHA256

                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                      SHA512

                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\DonatePage.ini
                      Filesize

                      918B

                      MD5

                      72726ba6bfd863d0449ca1e27a748dea

                      SHA1

                      85014e495090e503556b1229ef67b9610296af37

                      SHA256

                      0d142071149151fe256ed12a4f924cbd2e6b29364e087ae78cc1fdcf14c002c5

                      SHA512

                      e457a94ec6ad36d662bf618036e895bc619b49a2c6796462b0495548dcdef33755dc8d13d6cf08ff22ad27f5255fef1b8ee95de7a3ddc0b0c2614a33c31bc4c7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\InstallOptions.dll
                      Filesize

                      32KB

                      MD5

                      bef770535d2b98e4f24486a5292b16f0

                      SHA1

                      9107f8a6fa3cf0dc2b57e6c97c34c2aa7aaf54a6

                      SHA256

                      37a4507cff4d8e1ffd01fbab23661cc28a6c024977ea912ce2f49419049d0bf2

                      SHA512

                      faca2009e37eaf28a39f47c95b63892972583d79ed3d320d2ad81a4862371e0af0237a5675b5e66b10275692128ac488f8255d81b022fbe5dc825c42a5e9537d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\NpcapPage.ini
                      Filesize

                      2KB

                      MD5

                      1777a1392599ee91f349c531085272e6

                      SHA1

                      8ea3b893f3d54ed0af575d3f84771a0ce3d01583

                      SHA256

                      207c3bc6d3aefa28cc110c4e603b331e8cdb7eb154796cb75e399b11106e7030

                      SHA512

                      ae9872388d6a71c6218e137dba03039fa777dac9e6d119c7cc244059403ccb4f72a1c13e4768593ef82d3d9ff934973b2ffc374cf23fd4ab1f4b4f7f0559786d

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\System.dll
                      Filesize

                      29KB

                      MD5

                      223b9d97f9bc580f7da1817ebf359223

                      SHA1

                      091ff63c957787916d1aed9f358b4e921d5312b3

                      SHA256

                      c90fea5a7efc0a4de0d37bd56b8552a42da2000ef7dc8e8487914c26117b232a

                      SHA512

                      f79a8e6448ef94f37075612e086b70847c4f59524773a8370cb4361cebf4537dbe0c8cb981f5247682a9fc89af147360e76f386d0d9825dc20d58bca7f0d7158

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\USBPcapPage.ini
                      Filesize

                      2KB

                      MD5

                      4fe0acbf9e356b80fcd82b142b0ebeac

                      SHA1

                      2a6727567b9302b90afa564cd6d0c23b94854229

                      SHA256

                      bfaca1e75f265a3a16579b589f8247b51e0f6d98fb226f54eab01fe4e2370802

                      SHA512

                      d33d1d82c2fa462ac69d8731a9e9d5d2da4eb2f90aedfad2d49b7a83e42f49974e2eb2f3fd0b1f671ec0475421c393b29dc32f0c3e217abebf70bae463761785

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\USBPcapPage.ini
                      Filesize

                      2KB

                      MD5

                      8a5e7b67990447b0d82a944f23bd083d

                      SHA1

                      c4bc4b61452bea9be840637aa591c81c21bb91b0

                      SHA256

                      088ec55cacd34e911d09f25626eceb0f5c1985fae3b49c93aff56dd13bbc1abf

                      SHA512

                      4cde5b92a3e6462c4be28e0210cfa85d2723797c1637dd27ca8223c3734285d80657964d2d5e65dc5ecdd97f1cffd667f392201a71e7eb284eb28048eb2848b9

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\USBPcapPage.ini
                      Filesize

                      2KB

                      MD5

                      2bacbeaabaacc8b28a8f471201682da6

                      SHA1

                      4d0b733bc645836d225e5ef7742c50b5b0769802

                      SHA256

                      b41faac8d5f62af0b93449f07db17da752f553bb963f9fd6d6ff601acdd9a1c2

                      SHA512

                      84f2e0a6924e5671016027b1e798f9eb16962ef09de3fb63a4211a12a8c168cef21f6bcf43eb1993d041fe33960ff5685e8d2c8ea7f8870e8ed0ef0e6f3b5b78

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\modern-wizard.bmp
                      Filesize

                      25KB

                      MD5

                      cbe40fd2b1ec96daedc65da172d90022

                      SHA1

                      366c216220aa4329dff6c485fd0e9b0f4f0a7944

                      SHA256

                      3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

                      SHA512

                      62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nsq8946.tmp\nsDialogs.dll
                      Filesize

                      14KB

                      MD5

                      c133aca05825e450a97e1cb474c80964

                      SHA1

                      85ac1b4250993c54c852af1eab1f05e9fcd6b327

                      SHA256

                      7a7d812895c6c47474217f248d59464eb2a5f163599adf50595536bb9f41339e

                      SHA512

                      e752b04a9a68b252c153dc128b111d555b8d2d33f639f0445ebc7bcfd8e741730bc7f02a38c96cb4516cd8944c038c74fead3000f3b7daff57742a394dcb36bb

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\0563b8630d62d75abbc8ab1e4bdfb5a899b24d43.sst
                      Filesize

                      1KB

                      MD5

                      de825a838e33ccf3d06b82de337c06d8

                      SHA1

                      68956e777f646361eae3f06ce6899cd48bb9f593

                      SHA256

                      3b63b09dff7e4c5fe7ccafff74d9f845d1eb04809b0b77a536b2e4aa7dd1097e

                      SHA512

                      e935ef759abfcafa4d9cf70a1c5508179600fc85d237e53d3e7f2683fa2e14859e5eee167007328995606996a19f4fcc0c1f9a851011a6fa8db6b53c68160a12

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25.sst
                      Filesize

                      1KB

                      MD5

                      a52f3195b5585e1d9a9b38fef66a1801

                      SHA1

                      986a5f05ff51d261fe595f0ab56598658aadc9c9

                      SHA256

                      40795f603b2eab75fbd886715b0103f2f362494576400ae88925ed1ba7063bdc

                      SHA512

                      e9eeb34c3667e56c425b91890f463b5d80e4e5e9f485c2bd3ac064e1784ad118c1460af461e5af8acbbb3bc02432e4f914e54e41d2bdaeaa8af528f0e669b64a

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\InstallOptions.dll
                      Filesize

                      22KB

                      MD5

                      170c17ac80215d0a377b42557252ae10

                      SHA1

                      4cbab6cc189d02170dd3ba7c25aa492031679411

                      SHA256

                      61ea114d9d0cd1e884535095aa3527a6c28df55a4ecee733c8c398f50b84cc3d

                      SHA512

                      0fd65cad0fcaa98083c2021de3d6429e79978658809c62ae9e4ed630c016915ced36aa52f2f692986c3b600c92325e79fd6d757634e8e02d5e582ff03679163f

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\NPFInstall.exe
                      Filesize

                      300KB

                      MD5

                      c01beb6c3526554ec9dfad40502317f2

                      SHA1

                      89f468496bd7e6d993a032f918c5baabb21c11be

                      SHA256

                      5d54a5e7230baf2b80689ee49d263612a6011bc46ec52843e7b4297e9656d32d

                      SHA512

                      a7fdb3d69cc2b12c9795c8f5e34f64014273e471dc0639ff4693f18e3d5ea758f38f58a5dfc4d1800511ce3e130a7454fd371579e31dbba049770fb74b889339

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\System.dll
                      Filesize

                      19KB

                      MD5

                      f020a8d9ede1fb2af3651ad6e0ac9cb1

                      SHA1

                      341f9345d669432b2a51d107cbd101e8b82e37b1

                      SHA256

                      7efe73a8d32ed1b01727ad4579e9eec49c9309f2cb7bf03c8afa80d70242d1c0

                      SHA512

                      408fa5a797d3ff4b917bb4107771687004ba507a33cb5944b1cc3155e0372cb3e04a147f73852b9134f138ff709af3b0fb493cd8fa816c59e9f3d9b5649c68c4

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\final.ini
                      Filesize

                      568B

                      MD5

                      cae757421db8d011e41266bfd9439885

                      SHA1

                      7108a9f0740ee4e3a118f6ac9212e0446f074181

                      SHA256

                      ff350a68202aadb145f590c8579f9284d2e3c324b0369fde39e5a3a31d7b8204

                      SHA512

                      785d19c796834065c823a7da99036378bba54b932ea1e47d4ba0c1d123a0a09ec307a3459fb862221de74ce61d9a8d7ec73901c9de007d31e7b39eb7a19b16b5

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\final.ini
                      Filesize

                      624B

                      MD5

                      c0e98c00336513acd39490e4d05ab8ec

                      SHA1

                      56d4140c68849fbd3e1edd296f0bbc29fb669901

                      SHA256

                      f0539c2c8cbce6746d1bd3980f020a1414594246f84fb6383ef39775591aeb71

                      SHA512

                      0b75de41aa5b5a030ca9b27039ffa19d368490e9a234712baccd182e85281eabf9141177cc8a8668f130b583e955930f3dee3bb3c035bb979bd2d121a63d54a7

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\nsExec.dll
                      Filesize

                      14KB

                      MD5

                      f9e61a25016dcb49867477c1e71a704e

                      SHA1

                      c01dc1fa7475e4812d158d6c00533410c597b5d9

                      SHA256

                      274e53dc8c5ddc273a6f5683b71b882ef8917029e2eaf6c8dbee0c62d999225d

                      SHA512

                      b4a6289ef9e761e29dd5362fecb1707c97d7cb3e160f4180036a96f2f904b2c64a075b5bf0fea4a3bb94dea97f3cfa0d057d3d6865c68da65fdcb9c3070c33d8

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\options.ini
                      Filesize

                      2KB

                      MD5

                      3dd16cbd205a93523b1e692863a4ef43

                      SHA1

                      0b3ad7597cdf3868968783e4d0dd53f7064a8581

                      SHA256

                      26b2bcce404f79f26adf3886f3565a08390ec19635235729c8b164f71286057b

                      SHA512

                      82e9d18b42fd5a66c0272f263ade9540872a67f92055624bd8632bc727dc2e69673f8dc58f45737bd53902969a119248e943bb543b311bb34e23bfa92666e966

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\options.ini
                      Filesize

                      2KB

                      MD5

                      9e816d5bea7f140a72381500eb58d252

                      SHA1

                      11e20766ba5f72e18d59cc8750a705a0dd6b4978

                      SHA256

                      e597825fa7a2dbd730cb1472de5655bf736e85a903724233c6900af7ee6624bc

                      SHA512

                      8c04c06418070204c3c7e6fe05c5fbfd57e045c715bfd8cfab20acc710760aedd6d820c41a786952e5764ce2b4908cf898391b7368f3d498e44ea13eb71fbe92

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\nssD8CE.tmp\signing.p7b
                      Filesize

                      7KB

                      MD5

                      dd4bc901ef817319791337fb345932e8

                      SHA1

                      f8a3454a09d90a09273935020c1418fdb7b7eb7c

                      SHA256

                      8e681692403c0f7c0b24160f4642daa1eb080ce5ec754b6f47cc56b43e731b71

                      SHA512

                      0a67cc346f9752e1c868b7dc60b25704255ab1e6ea745850c069212f2724eba62ffaaa48309d5eba6ae0235223518610fb4b60fc422e4babba4f33d331c71db5

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon
                      Filesize

                      479KB

                      MD5

                      09372174e83dbbf696ee732fd2e875bb

                      SHA1

                      ba360186ba650a769f9303f48b7200fb5eaccee1

                      SHA256

                      c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                      SHA512

                      b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                      Download Submit

                    • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
                      Filesize

                      13.8MB

                      MD5

                      0a8747a2ac9ac08ae9508f36c6d75692

                      SHA1

                      b287a96fd6cc12433adb42193dfe06111c38eaf0

                      SHA256

                      32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                      SHA512

                      59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\AlternateServices.bin
                      Filesize

                      8KB

                      MD5

                      7de6dc5796c7be55afe676fc0c7a2280

                      SHA1

                      573c5e533c0456b9778c94d9316e725d24baf388

                      SHA256

                      802a053ddbb42a25b4d60b885f3f52c9708ee970b55a8a11a500fdc72799f72f

                      SHA512

                      0d4b242b1776216d094fddcf0768a4a0905bca13cce11d1a56144c19f9cb3c182999369239523d34eed497b6ea68e5876280675faf48796b1e535954810a41e5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\db\data.safe.tmp
                      Filesize

                      5KB

                      MD5

                      0b6822e86004328893a95bdb941e7478

                      SHA1

                      d4eab2620b9a583a3133520d84c1b00c012286cc

                      SHA256

                      09adbad86f61cbad6dba8e86e570ad5fde169ea4139fd26197638c1543276481

                      SHA512

                      ca1b5607a6a5a5f7e7fb07d67b77a9e9e40de436fda0ddcf4cc987a6f426f7b02cc4df71b10688552730bf6d508bef6a6465865f8678434723ee4c5e553dd4ec

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\391ce881-791e-4999-805a-44f4cc78c6ac
                      Filesize

                      25KB

                      MD5

                      5745254426d7e097f5498d212aef67e9

                      SHA1

                      7281daaa20f8d75e8467935e0fb6616994c22580

                      SHA256

                      db5e38e02807c8fc72820b4ccb3e49658e8ddf9235d2ad5348e3fc254ecb60d4

                      SHA512

                      dd556679fb94d51d4c8fafebd717a5e2fee54399ebafd539b6ad026e1c4ea7bed859a59a936c4d53f7cb9363b2720c69957b9e6eb989ac45d175ee02e88826d5

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\743bf3b6-8504-4f5a-97fe-33defdbd280b
                      Filesize

                      671B

                      MD5

                      ef14a15cc11e1254032fa7996bc2fe09

                      SHA1

                      d56072fc4a972e24838ac1ecb09b90cf757e1470

                      SHA256

                      23f6f8f93a89ebbbd1e47c59dbea1f609aed4c0ab7042989ce092e398feb24f9

                      SHA512

                      caec13e06d468f0efb172777a25c629236ff3b1bacd4b2eff13bf9e1bb863dee9a70f9d48c18555768579061d591259ec32b6e7c08aab8ee7f0c0c303447b013

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\datareporting\glean\pending_pings\fdcf21a4-1ac5-40dc-8bbc-75bf688d6fca
                      Filesize

                      982B

                      MD5

                      38ea4f14a892a23fc36c6d781b7d1a3d

                      SHA1

                      f5ea05a0968095aba55115bd77afc26d81da3210

                      SHA256

                      c23217fad9c74258ab3065d14726b5ad0b59ba01526e90a64fbd34f224c44318

                      SHA512

                      4c99a93ba4554a59cb8ef893676bfbcd05134ffbcf86bdea4829a64c7c7a81e4a0b75a0cc42c78e3954fa3dd41ac8fe437d6b4bf53ad90404ef0c48b973d1b73

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
                      Filesize

                      1.1MB

                      MD5

                      842039753bf41fa5e11b3a1383061a87

                      SHA1

                      3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                      SHA256

                      d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                      SHA512

                      d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
                      Filesize

                      116B

                      MD5

                      2a461e9eb87fd1955cea740a3444ee7a

                      SHA1

                      b10755914c713f5a4677494dbe8a686ed458c3c5

                      SHA256

                      4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                      SHA512

                      34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
                      Filesize

                      372B

                      MD5

                      bf957ad58b55f64219ab3f793e374316

                      SHA1

                      a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                      SHA256

                      bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                      SHA512

                      79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
                      Filesize

                      17.8MB

                      MD5

                      daf7ef3acccab478aaa7d6dc1c60f865

                      SHA1

                      f8246162b97ce4a945feced27b6ea114366ff2ad

                      SHA256

                      bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                      SHA512

                      5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                      Download Submit

                    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5vinb3pw.default-release\prefs-1.js
                      Filesize

                      12KB

                      MD5

                      44013c50576d414767c75de9f1465559

                      SHA1

                      502494629816ffad6b3605145a5b5673ef1cc538

                      SHA256

                      c9378f29affa7054f90a3879cddfebdb5d42bbcc28d9911aa8e5418704a0c269

                      SHA512

                      b39f5d4a6a66e5aa382cd794f8c70962773307e2a991db30aa4c52e718142a65e02e2349c74b7c8d82f2d27dbac9b49992e375c934e44d33dc764a89d4c6e459

                      Download Submit

                    • memory/864-1076-0x0000000006370000-0x00000000066C7000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/1112-1331-0x0000000006E80000-0x0000000006EB4000-memory.dmp

                      Filesize

                      208KB

                      Download

                    • memory/2552-1062-0x00000000058E0000-0x0000000005C37000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/2820-409-0x0000000000400000-0x00000000006AD000-memory.dmp

                      Filesize

                      2.7MB

                      Download

                    • memory/2820-992-0x0000000000400000-0x00000000006AD000-memory.dmp

                      Filesize

                      2.7MB

                      Download

                    • memory/2820-410-0x0000000074E50000-0x0000000074E5F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/2820-2668-0x0000000074E50000-0x0000000074E5F000-memory.dmp

                      Filesize

                      60KB

                      Download

                    • memory/2820-2667-0x0000000000400000-0x00000000006AD000-memory.dmp

                      Filesize

                      2.7MB

                      Download

                    • memory/2820-411-0x0000000074C70000-0x0000000074C7C000-memory.dmp

                      Filesize

                      48KB

                      Download

                    • memory/2820-2686-0x0000000000400000-0x00000000006AD000-memory.dmp

                      Filesize

                      2.7MB

                      Download

                    • memory/2820-519-0x0000000000400000-0x00000000006AD000-memory.dmp

                      Filesize

                      2.7MB

                      Download

                    • memory/2984-1028-0x0000000005BA0000-0x0000000005BEC000-memory.dmp

                      Filesize

                      304KB

                      Download

                    • memory/2984-1013-0x00000000026B0000-0x00000000026E6000-memory.dmp

                      Filesize

                      216KB

                      Download

                    • memory/2984-1034-0x0000000006FD0000-0x000000000700D000-memory.dmp

                      Filesize

                      244KB

                      Download

                    • memory/2984-1033-0x0000000007E60000-0x00000000084DA000-memory.dmp

                      Filesize

                      6.5MB

                      Download

                    • memory/2984-1032-0x0000000007230000-0x00000000077D6000-memory.dmp

                      Filesize

                      5.6MB

                      Download

                    • memory/2984-1031-0x00000000060D0000-0x00000000060F2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/2984-1030-0x0000000006050000-0x000000000606A000-memory.dmp

                      Filesize

                      104KB

                      Download

                    • memory/2984-1029-0x0000000006BE0000-0x0000000006C76000-memory.dmp

                      Filesize

                      600KB

                      Download

                    • memory/2984-1027-0x0000000005B80000-0x0000000005B9E000-memory.dmp

                      Filesize

                      120KB

                      Download

                    • memory/2984-1026-0x0000000005690000-0x00000000059E7000-memory.dmp

                      Filesize

                      3.3MB

                      Download

                    • memory/2984-1017-0x0000000005620000-0x0000000005686000-memory.dmp

                      Filesize

                      408KB

                      Download

                    • memory/2984-1016-0x00000000055B0000-0x0000000005616000-memory.dmp

                      Filesize

                      408KB

                      Download

                    • memory/2984-1015-0x0000000004DC0000-0x0000000004DE2000-memory.dmp

                      Filesize

                      136KB

                      Download

                    • memory/2984-1014-0x0000000004ED0000-0x00000000054FA000-memory.dmp

                      Filesize

                      6.2MB

                      Download

                    • memory/3612-3107-0x00007FFBD3240000-0x00007FFBD340C000-memory.dmp

                      Filesize

                      1.8MB

                      Download

                    • memory/3612-3103-0x00007FFBD46A0000-0x00007FFBD46FD000-memory.dmp

                      Filesize

                      372KB

                      Download

                    • memory/3612-3086-0x00007FFBD60F0000-0x00007FFBD670D000-memory.dmp

                      Filesize

                      6.1MB

                      Download

                    • memory/3612-3083-0x00007FF684C20000-0x00007FF685C20000-memory.dmp

                      Filesize

                      16.0MB

                      Download

                    • memory/3612-3091-0x00007FFBD5710000-0x00007FFBD5777000-memory.dmp

                      Filesize

                      412KB

                      Download

                    • memory/3612-3113-0x00007FFBCFEB0000-0x00007FFBCFFBC000-memory.dmp

                      Filesize

                      1.0MB

                      Download

                    • memory/3612-3087-0x00007FFBD6710000-0x00007FFBD7D6A000-memory.dmp

                      Filesize

                      22.4MB

                      Download

                    • memory/3612-3112-0x00007FFBD40F0000-0x00007FFBD4110000-memory.dmp

                      Filesize

                      128KB

                      Download

                    • memory/3612-3111-0x00007FFBD3910000-0x00007FFBD3A33000-memory.dmp

                      Filesize

                      1.1MB

                      Download

                    • memory/3612-3110-0x00007FFBD4110000-0x00007FFBD413E000-memory.dmp

                      Filesize

                      184KB

                      Download

                    • memory/3612-3109-0x00007FFBD27A0000-0x00007FFBD2BE1000-memory.dmp

                      Filesize

                      4.3MB

                      Download

                    • memory/3612-3120-0x00007FFBD60F0000-0x00007FFBD670D000-memory.dmp

                      Filesize

                      6.1MB

                      Download

                    • memory/3612-3108-0x00007FFBD4620000-0x00007FFBD4658000-memory.dmp

                      Filesize

                      224KB

                      Download

                    • memory/3612-3105-0x00007FFBD4140000-0x00007FFBD4266000-memory.dmp

                      Filesize

                      1.1MB

                      Download

                    • memory/3612-3106-0x00007FFBD4660000-0x00007FFBD46A0000-memory.dmp

                      Filesize

                      256KB

                      Download

                    • memory/3612-3104-0x00007FFBD4270000-0x00007FFBD432C000-memory.dmp

                      Filesize

                      752KB

                      Download

                    • memory/3612-3100-0x00007FFBD3A40000-0x00007FFBD3D11000-memory.dmp

                      Filesize

                      2.8MB

                      Download

                    • memory/3612-3082-0x00007FFBD47D0000-0x00007FFBD499B000-memory.dmp

                      Filesize

                      1.8MB

                      Download

                    • memory/3612-3102-0x00007FFBD4700000-0x00007FFBD4726000-memory.dmp

                      Filesize

                      152KB

                      Download

                    • memory/3612-3101-0x00007FFBD4730000-0x00007FFBD47C5000-memory.dmp

                      Filesize

                      596KB

                      Download

                    • memory/3612-3099-0x00007FFBD47D0000-0x00007FFBD499B000-memory.dmp

                      Filesize

                      1.8MB

                      Download

                    • memory/3612-3097-0x00007FFBD4AD0000-0x00007FFBD4EBA000-memory.dmp

                      Filesize

                      3.9MB

                      Download

                    • memory/3612-3098-0x00007FFBD49A0000-0x00007FFBD4AC9000-memory.dmp

                      Filesize

                      1.2MB

                      Download

                    • memory/3612-3092-0x00007FFBD5090000-0x00007FFBD5709000-memory.dmp

                      Filesize

                      6.5MB

                      Download

                    • memory/3612-3096-0x00007FFBD4F20000-0x00007FFBD5083000-memory.dmp

                      Filesize

                      1.4MB

                      Download

                    • memory/3612-3095-0x00007FFBD4EC0000-0x00007FFBD4EE4000-memory.dmp

                      Filesize

                      144KB

                      Download

                    • memory/3612-3094-0x00007FFBD4EF0000-0x00007FFBD4F19000-memory.dmp

                      Filesize

                      164KB

                      Download

                    • memory/3612-3093-0x00007FFBEC580000-0x00007FFBEC590000-memory.dmp

                      Filesize

                      64KB

                      Download

                    • memory/3612-3089-0x00007FFBD5860000-0x00007FFBD60EC000-memory.dmp

                      Filesize

                      8.5MB

                      Download

                    • memory/3612-3090-0x00007FFBD5780000-0x00007FFBD585F000-memory.dmp

                      Filesize

                      892KB

                      Download

                    • memory/3612-3088-0x00007FFBD7E90000-0x00007FFBD7EEF000-memory.dmp

                      Filesize

                      380KB

                      Download

                    • memory/3612-3085-0x00007FFBD7EF0000-0x00007FFBD7F07000-memory.dmp

                      Filesize

                      92KB

                      Download

                    • memory/3612-3084-0x00007FFBD7D70000-0x00007FFBD7E43000-memory.dmp

                      Filesize

                      844KB

                      Download

                    • memory/3612-3126-0x00007FFBD5090000-0x00007FFBD5709000-memory.dmp

                      Filesize

                      6.5MB

                      Download

                    • memory/3612-3123-0x00007FFBD5860000-0x00007FFBD60EC000-memory.dmp

                      Filesize

                      8.5MB

                      Download

                    • memory/5056-1312-0x0000000005A10000-0x0000000005D67000-memory.dmp

                      Filesize

                      3.3MB

                      Download