Overview
overview
7Static
static
3Era Setup 1.0.80.exe
windows7-x64
7Era Setup 1.0.80.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3libGLESv2.dll
windows7-x64
1libGLESv2.dll
windows10-2004-x64
1resources/...ry-cli
ubuntu-18.04-amd64
3resources/...ry-cli
debian-9-armhf
4resources/...ry-cli
debian-9-mips
1resources/...ry-cli
debian-9-mipsel
1resources/...per.js
windows7-x64
3resources/...per.js
windows10-2004-x64
3resources/...dex.js
windows7-x64
3resources/...dex.js
windows10-2004-x64
3resources/...ger.js
windows7-x64
3resources/...ger.js
windows10-2004-x64
3resources/...dex.js
windows7-x64
3resources/...dex.js
windows10-2004-x64
3resources/...oys.js
windows7-x64
3resources/...oys.js
windows10-2004-x64
3resources/...aps.js
windows7-x64
3resources/...aps.js
windows10-2004-x64
3resources/...ker.sh
ubuntu-18.04-amd64
1resources/...ker.sh
debian-9-armhf
1resources/...ker.sh
debian-9-mips
1resources/...ker.sh
debian-9-mipsel
1Analysis
-
max time kernel
96s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30-08-2024 15:23
Static task
static1
Behavioral task
behavioral1
Sample
Era Setup 1.0.80.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Era Setup 1.0.80.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240729-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240729-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
libGLESv2.dll
Resource
win7-20240708-en
Behavioral task
behavioral12
Sample
libGLESv2.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral14
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral15
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/bin/sentry-cli
Resource
debian9-mipsel-20240729-en
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/helper.js
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/helper.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/index.js
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/index.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/logger.js
Resource
win7-20240704-en
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/logger.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/index.js
Resource
win7-20240705-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/index.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/deploys.js
Resource
win7-20240704-en
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/deploys.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/uploadSourcemaps.js
Resource
win7-20240708-en
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/js/releases/options/uploadSourcemaps.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/@sentry/cli/scripts/build-in-docker.sh
Resource
debian9-mipsel-20240729-en
General
-
Target
$PLUGINSDIR/WinShell.dll
-
Size
3KB
-
MD5
1cc7c37b7e0c8cd8bf04b6cc283e1e56
-
SHA1
0b9519763be6625bd5abce175dcc59c96d100d4c
-
SHA256
9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
-
SHA512
7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4252 2908 WerFault.exe 86 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 4872 firefox.exe Token: SeDebugPrivilege 4872 firefox.exe -
Suspicious use of FindShellTrayWindow 21 IoCs
pid Process 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe -
Suspicious use of SendNotifyMessage 20 IoCs
pid Process 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe 4872 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4872 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4492 wrote to memory of 2908 4492 rundll32.exe 86 PID 4492 wrote to memory of 2908 4492 rundll32.exe 86 PID 4492 wrote to memory of 2908 4492 rundll32.exe 86 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 2796 wrote to memory of 4872 2796 firefox.exe 104 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 1420 4872 firefox.exe 105 PID 4872 wrote to memory of 632 4872 firefox.exe 106 PID 4872 wrote to memory of 632 4872 firefox.exe 106 PID 4872 wrote to memory of 632 4872 firefox.exe 106 PID 4872 wrote to memory of 632 4872 firefox.exe 106 PID 4872 wrote to memory of 632 4872 firefox.exe 106 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4492 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\WinShell.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2908 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 6123⤵
- Program crash
PID:4252
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2908 -ip 29081⤵PID:4964
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2796 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4872 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a4ee4dd-773f-4873-a1cf-9ee4221e5871} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" gpu3⤵PID:1420
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2380 -parentBuildID 20240401114208 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dcc3cb0-d39b-4f1e-a1d1-2b067b0468d7} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" socket3⤵
- Checks processor information in registry
PID:632
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2904 -childID 1 -isForBrowser -prefsHandle 2996 -prefMapHandle 2860 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c9d9eb2-7a0f-4d4f-bce5-a261e3f84b4d} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab3⤵PID:4356
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3792 -childID 2 -isForBrowser -prefsHandle 3720 -prefMapHandle 3724 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3da03180-5fef-43be-8fe3-c075178e61d1} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab3⤵PID:2112
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4992 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4980 -prefMapHandle 4976 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {440f91bb-cd93-410f-ae98-f005aae14844} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" utility3⤵
- Checks processor information in registry
PID:5536
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3756 -childID 3 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f67f9077-be3f-431a-9e7e-b459ac6c06fa} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab3⤵PID:6072
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5576 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6319d8dc-dc09-4b67-982d-1c31169f413d} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab3⤵PID:6084
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5772 -prefMapHandle 5768 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1228 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66d5dd9f-49a1-46c2-ac50-6b9d359de2e3} 4872 "\\.\pipe\gecko-crash-server-pipe.4872" tab3⤵PID:6096
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json
Filesize40KB
MD5b80361e1c995acb516ad11ea13c50007
SHA11b7076273f73c64544d12a1eda716bcc0ea7dfb6
SHA2561cfa6ba2ac884f0f45138d75e94238b3d67d9f087c0e446c4c2d70f81f982812
SHA5122cac567f6ffc6a5b0806b1a12f9ec06a67abd4b0e4abb2e63971c9c9e62739ad35769f0fe529b99c9b7214607f3f6f5f4a3d48f1865685baf03c0ab23ac73e3a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD58a7d9431bb410b515414f83fdad2760d
SHA1ada7adb5a0ded6f569b9418873e53ff58a4f5eec
SHA256115aecd436e6a90a31eea4835312d0f8746f0b28ffb4ee9385b0f0c6b7a57395
SHA512b28d7821bc83ba4c12580c1826f12d8a7d76818ef1071e4cd2ecfd154be0cb991778caad6c9cafebbfc6d55e9dd4590f80f856750b8af7209187ffa01361f4b6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD53e27b879a180096d9f25f642549fc6b1
SHA147e3566db0375aecf3b91372695cfbd610a01bfe
SHA2564c28e878e07bb5af21c6e26c3265cf6e29ef10738d19921e3bbd233bb558cd47
SHA512056dcb98e54879fd539bc2b6422bb40a6d9a12b1d628a31fab638bb716161c4ec5d80e01ed094c340e8d1ab4d4e9a7a4297bf967f734fecc0473f4105d03419d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\205b50c3-1ba5-42b7-a37d-4b83b2d0a9a2
Filesize26KB
MD5832a1642ec2e1b68a50230db55aedc7c
SHA1a7194ba78406a7d443a8bab1fd53f6dee0ca9f1f
SHA256f91a48f45e47341d8a2048fa61bfe3c8ef2444d769dc08ac047841b72d68fad7
SHA512b135e492b4a0e80fed529a935ee65e7d5192fd4239990d27fa9a06cf606404b5c46df2d8dde0be2dc45e612dd111a45f6c0fa02948b3da8f36b4ad6b06750c03
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\8a9fc6ea-ee35-4ee4-84b2-e8a955767aaf
Filesize671B
MD5d9518f68c900b839bb9e30446fa5383c
SHA175b78b5ff566a250276b50c3e41cca57799baad6
SHA25624f27c8b33ad54c0c0898729ad04dd76083278b36cbfd8c640c79750ee8cb7c4
SHA512bb02baa48bccea0a6d7bb1ca959bd3c122306a959f40591d0e937542a1f09a06417efead3074e50472045278647f23628053e03d73acdd0349dfd6bc03b2b5f5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\decfb8ca-d828-40f2-abd6-82faa79bdf9d
Filesize982B
MD5ae88f8adca865dc88b665f49c7e45cae
SHA1e452fc785009691926817184f7e3284d1ef942e4
SHA256fa77b01ff84364cb7effbbbab3c987b17c16f1865dab75d0e5c70193bc90d5c1
SHA51294831f6b73bb3bc3a8894490be4ef82c6b4ed7f36202c42f46e1922c10c3f6d6416aec719c630c41bcfc5023cd39fa24f49b4169d241befbe37ae4d99c13701e
-
Filesize
11KB
MD5d0cda7e9dbb12d9b1b25d7ca3678c415
SHA1388d140b3483147350ee67d3c4931b5cb6d42914
SHA256821d3d621eacb282de31fc9cff678c61c799f4b49fd5d6f610a44917cfce2c76
SHA512e116245fff546490025cdd2da22afe22e60a6be6bf6412604cd503dce3805dda45e05b010d51eb4eceae333ce6f6531dc77d08a764cbe6a01bb3474f2b676f8e
-
Filesize
11KB
MD5a0f3b5158d81b2fbd74906f2c8a28408
SHA1873b71782d6fefa44e83390c2e53dfee65679de8
SHA256fe1134ded02e45289066899f8ee271051db6fcbbffa84ac9ec2b8f6b6a752760
SHA512fe86d6d76bb24fd3d9f66b14f6ef2ce94e02beb67e9620431b339b2c5cc3a3be83fa2d9150dc896302a79544c1b12dad745610aa1525d0aa9196c836f44b3939