c1e7a6fb6e66f5c0fc2a4777dc61c8732ab4c05756de7f4fae76bf766148141b

Resubmissions

19-09-2024 12:37

240919-ptfczaydpa 8

19-09-2024 12:33

240919-prhqbaygnn 8

Analysis

max time kernel
148s
max time network
151s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19-09-2024 12:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nitro Generator with Checker/WebDriver/Jint.exe
Size

7.2MB
MD5

3835d3e8ee4feec6e173b292fdf2ff83
SHA1

0fba846445f7d59d33361827d0fa6fb47c332015
SHA256

d5928829da606afde1d43835e31ca1367f7105b5e28bba01be7a82775d3a735a
SHA512

99de33b7323cf392bcad275760154c542e8450968e50caecc9c7c7f5d30dbbd74de8965f6300e79c4b7ddef5052120f55a649487afef7903506c971e0c9d7573
SSDEEP

196608:t6PmCsXDjDyf6L2WliXYrHW1L0XFowUHWZrQ:QPmCEDVL2ciIrHWRCowU2

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 15 IoCs

pid	Process
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe
4256	Jint.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	664	firefox.exe
Token: SeDebugPrivilege	664	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
664	firefox.exe
664	firefox.exe
664	firefox.exe
664	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
664	firefox.exe
664	firefox.exe
664	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
664	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 4256	4472	Jint.exe	73
PID 4472 wrote to memory of 4256	4472	Jint.exe	73
PID 4256 wrote to memory of 2804	4256	Jint.exe	74
PID 4256 wrote to memory of 2804	4256	Jint.exe	74
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 4888 wrote to memory of 664	4888	firefox.exe	77
PID 664 wrote to memory of 4680	664	firefox.exe	78
PID 664 wrote to memory of 4680	664	firefox.exe	78
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79
PID 664 wrote to memory of 1584	664	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Nitro Generator with Checker\WebDriver\Jint.exe
"C:\Users\Admin\AppData\Local\Temp\Nitro Generator with Checker\WebDriver\Jint.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Users\Admin\AppData\Local\Temp\Nitro Generator with Checker\WebDriver\Jint.exe
  "C:\Users\Admin\AppData\Local\Temp\Nitro Generator with Checker\WebDriver\Jint.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.0.825184021\2134813682" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1668 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e99103b6-c814-4f67-bf9a-51c51d350a04} 664 "\\.\pipe\gecko-crash-server-pipe.664" 1780 23f4dcd6a58 gpu
    3⤵
    PID:4680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.1.103715027\797170303" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8e8b35a-a853-4604-96c4-3a4d9f30cc2a} 664 "\\.\pipe\gecko-crash-server-pipe.664" 2136 23f3b96f858 socket
    3⤵
    PID:1584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.2.913875597\243711710" -childID 1 -isForBrowser -prefsHandle 2964 -prefMapHandle 2960 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd5fc7f0-3e2b-482a-842f-27d180bc05a3} 664 "\\.\pipe\gecko-crash-server-pipe.664" 2936 23f51e9ae58 tab
    3⤵
    PID:4508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.3.714816411\567004217" -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c49fdf2-d730-4003-aa7d-940ef896b558} 664 "\\.\pipe\gecko-crash-server-pipe.664" 3548 23f52330458 tab
    3⤵
    PID:2456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.4.1375502461\1533217332" -childID 3 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c823fc-6130-4cb5-82f1-ace3000a78f6} 664 "\\.\pipe\gecko-crash-server-pipe.664" 4152 23f53490f58 tab
    3⤵
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.5.511237564\1585670010" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d152669b-9157-4f93-a094-a05b3c07e79e} 664 "\\.\pipe\gecko-crash-server-pipe.664" 4752 23f54253f58 tab
    3⤵
    PID:3028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.6.2062777367\1472961768" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5060 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {93c97690-c62d-45a0-bce9-24624bec01e0} 664 "\\.\pipe\gecko-crash-server-pipe.664" 4980 23f54361758 tab
    3⤵
    PID:3808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.7.1372750121\466973936" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5a42283-c070-47f5-a3b4-7022986eef96} 664 "\\.\pipe\gecko-crash-server-pipe.664" 5172 23f54363b58 tab
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="664.8.1642278029\1855019897" -childID 7 -isForBrowser -prefsHandle 5680 -prefMapHandle 5676 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1320 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad38da57-ae42-4eab-9b98-5673ceb7d6ca} 664 "\\.\pipe\gecko-crash-server-pipe.664" 5688 23f55e4d258 tab
    3⤵
    PID:784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\82DB14D28BFE25A39C92CF8FC2D585B192E2CCB9

Filesize
26KB

MD5
35d2cdf2eb571a5a24cc80eafb44aab0

SHA1
0ce5e28feeaf27dd8e41bba073fcc6e1d02ceb28

SHA256
33862b4c5dd474f4c73b1dcbc8b0668fb2e1c10db2ace3004c8aa5e559a6648f

SHA512
fa94c71895c3950d39960c1f13bb5b9937fe2d59583dfc30d6362fdf31dffd15f4129d3f954fa777b2437a7a7fa635b7882c654f7032364df430bde5ef9fb198

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\VCRUNTIME140.dll

Filesize
94KB

MD5
18049f6811fc0f94547189a9e104f5d2

SHA1
dc127fa1ff0aab71abd76b89fc4b849ad3cf43a6

SHA256
c865c3366a98431ec3a5959cb5ac3966081a43b82dfcd8bfefafe0146b1508db

SHA512
38fa01debdb8c5369b3be45b1384434acb09a6afe75a50a31b3f0babb7bc0550261a5376dd7e5beac74234ec1722967a33fc55335b1809c0b64db42f7e56cdf7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_ctypes.pyd

Filesize
124KB

MD5
7322f8245b5c8551d67c337c0dc247c9

SHA1
5f4cb918133daa86631211ae7fa65f26c23fcc98

SHA256
4fcf4c9c98b75a07a7779c52e1f7dff715ae8a2f8a34574e9dac66243fb86763

SHA512
52748b59ce5d488d2a4438548963eb0f2808447c563916e2917d08e5f4aab275e4769c02b63012b3d2606fdb5a8baa9eb5942ba5c5e11b7678f5f4187b82b0c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_hashlib.pyd

Filesize
64KB

MD5
88e2bf0a590791891fb5125ffcf5a318

SHA1
39f96abbabf3fdd46844ba5190d2043fb8388696

SHA256
e7aecb61a54dcc77b6d9cafe9a51fd1f8d78b2194cc3baf6304bbd1edfd0aee6

SHA512
7d91d2fa95bb0ffe92730679b9a82e13a3a6b9906b2c7f69bc9065f636a20be65e1d6e7a557bfd6e4b80edd0f00db92eb7fea06345c2c9b98176c65d18c4bdbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_queue.pyd

Filesize
28KB

MD5
f19d9a56df14aea465e7ead84751ea5f

SHA1
f170ccbeb8fb4a1e0fe56f9a7c20ae4c1a48e4a9

SHA256
17ccd37dfba38bba706189d12ed28ca32c7330cc60db7bf203bf7198287073e4

SHA512
2b69a11026bf4fe3792082d57eaf3b24713e7bd44dfd61ccaa6e5adb6771e49b6c81c1b542fbb159c9055db9739b9c4473a856914c72683a2a4cf658d6d7a469

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\_socket.pyd

Filesize
78KB

MD5
478abd499eefeba3e50cfc4ff50ec49d

SHA1
fe1aae16b411a9c349b0ac1e490236d4d55b95b2

SHA256
fdb14859efee35e105f21a64f7afdf50c399ffa0fa8b7fcc76dae4b345d946cb

SHA512
475b8d533599991b4b8bfd27464b379d78e51c41f497e81698b4e7e871f82b5f6b2bfec70ec2c0a1a8842611c8c2591133eaef3f7fc4bc7625e18fc4189c914e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\base_library.zip

Filesize
763KB

MD5
abbe5270af3906f418a479c104a04a5a

SHA1
520c6184459e9b526ffaefb985a1446d3511c028

SHA256
4d9abd9354a1a7554109a4a01f23d0b18e34b8fd1e953a2ede4cbca7952e695e

SHA512
a0c790f99fe4e7a02ab5107bcfa025e30ccb468b7b8f4f528fc34d6ad670087a5ff95ad38568b8ff0ec254a9fcad7fde743a1b98720277604720454bdb48ae55

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\certifi\cacert.pem

Filesize
253KB

MD5
3dcd08b803fbb28231e18b5d1eef4258

SHA1
b81ea40b943cd8a0c341f3a13e5bc05090b5a72a

SHA256
de2fa17c4d8ae68dc204a1b6b58b7a7a12569367cfeb8a3a4e1f377c73e83e9e

SHA512
9cc7106e921fbcf8c56745b38051a5a56154c600e3c553f2e64d93ec988c88b17f6d49698bdc18e3aa57ae96a79ee2c08c584c7c4c91cc6ea72db3dca6ccc2f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\libcrypto-1_1.dll

Filesize
3.2MB

MD5
89511df61678befa2f62f5025c8c8448

SHA1
df3961f833b4964f70fcf1c002d9fd7309f53ef8

SHA256
296426e7ce11bc3d1cfa9f2aeb42f60c974da4af3b3efbeb0ba40e92e5299fdf

SHA512
9af069ea13551a4672fdd4635d3242e017837b76ab2815788148dd4c44b4cf3a650d43ac79cd2122e1e51e01fb5164e71ff81a829395bdb8e50bb50a33f0a668

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\libssl-1_1.dll

Filesize
674KB

MD5
50bcfb04328fec1a22c31c0e39286470

SHA1
3a1b78faf34125c7b8d684419fa715c367db3daa

SHA256
fddd0da02dcd41786e9aa04ba17ba391ce39dae6b1f54cfa1e2bb55bc753fce9

SHA512
370e6dfd318d905b79baf1808efbf6da58590f00006513bdaaed0c313f6fa6c36f634ea3b05f916cee59f4db25a23dd9e6f64caf3c04a200e78c193027f57685

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI44722\python39.dll

Filesize
4.3MB

MD5
1d5e4c20a20740f38f061bdf48aaca4f

SHA1
de1b64ab5219aa6fef95cd2b0ccead1c925fd0d0

SHA256
f8172151d11bcf934f2a7518cd0d834e3f079bd980391e9da147ce4cff72c366

SHA512
9df64c97e4e993e815fdaf7e8ecbc3ce32aa8d979f8f4f7a732b2efa636cfeb9a145fe2c2dcdf2e5e9247ee376625e1fdc62f9657e8007bb504336ac8d05a397

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
baadaf574c430ace58cdf2a391d2273b

SHA1
79e25a0ae4429b7b1fd0bbb593ea1c708e29c16e

SHA256
57401a15cd685dcd8331ffe1dd3022e8f9e3527a7acd4e242c112ea624740998

SHA512
dc19c7b7fa89f42a1e694e0eef4ce0bd307ea447bfc04391cc425db7a7c0aca23c1fd26e063d0ac4fbe86273f46c6499a842c5dbfb3da45fbb69fd98f2dd5eb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\0b4e4e0e-bc1d-4eae-b580-497a59e6f291

Filesize
746B

MD5
23dd03ca3223872d4fbba01c8245817c

SHA1
d09f532d35dd472dff7ea7d3e7f9eb73eeae4419

SHA256
800bce8d4eecc8f35f9f8c77a9db02969ab8f52615bfc2fb458ca01f20bfcc9f

SHA512
1c76b26ad7883ea23ff869a0e8749d2d5e0e6e950c1904185ff12f69f7614d81cc698457f75b3b097fc80552395f488da87eaf5fd0df1b4032106fab5f22e2d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\cbbf4211-a32a-4533-9a76-67c92ddd407c

Filesize
11KB

MD5
4768fa4844e9030967d0f759edf23958

SHA1
8b9b699bc7dc5c743988825a2056784ad62407b8

SHA256
901a0e26cfc0b11472f242d71ed28a5f20dddc1083e36ddf2c50722dbaee02b9

SHA512
0145bf2a7efccdecabead1647f5b05d6e2a087b829f2e8d0af1f398996aeae67365902e2cf8a90c82e66b6c5b609ee98bb5c99ad1130bfb540702f59977ba541

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
a84d466e3963088506ab736b43a6f217

SHA1
118e84ee681ccf048c63ffa3bb835f24f80c1731

SHA256
fc6b80ded870fff123fba3b229ad14e3f70f81dc3769cacf231b679fbbe72127

SHA512
ce49b84a2b5ea2807a014a6b74eb36917e8b80136f65558a143da30e3ab641d1f5c9c82df9cf6e3218f59a76be09c896ea559d64e24c115ae87ab214c4aaceb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
a88beae19a730d896f69dce6751ac7e8

SHA1
56f9bf9e13b620275dae4ca5d0e20966f0d599ba

SHA256
55e8bf3ee88b117fdf752821d70d92e2653fd0fb6bcc9f14288bf6f9ccfe0aac

SHA512
2c53a7e5f1293673234c2a930526aeb643bfd2acb1ab67435b0ed043e7c534c41d9a2adbf232be0f113bedbb365f762754c851cfb325bd3cb987e21a3336fc64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
afd4a0e44d32b01c027b6d6d0ac7d0c2

SHA1
ae28c63efd625495ee2cd9b351f7addc0f91b2dd

SHA256
d0dcb008dcd8ec2abbe7ed8cb9280f29852a72c9e1937bc8098437596dad7a2f

SHA512
b7199c4fe7d57d6b967eaafc84f9584523e89fbb3aa6efd6a9eef228c9d57a441b3db142a144cfe4ab0b2682370e4aa51cef4f7a50fc316de8f4e428e6aaae3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b5556d527cb9dcd5b36f42f1629162e5

SHA1
daf08bb93e00454edd16b9ad236430b51e1f10bb

SHA256
74ec0025399b55ad9f85fc7d7b760155bb2bb8f9c06d209e3ed2d10e4e62fd39

SHA512
d6d3dbb13ca160a5f5a66dced37b07802dd27b1a31b32ec3c3bb5cb33b9b4eb863a1610584bbf92110f8c698ae4782a8c5432a3ce828e526c75e28c9b6f0aaea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3074865372639cc2e1fa7e188e03313c

SHA1
66ed46a7f85a20dc90aed5b26c999f28ade1c8fe

SHA256
1cb73a1f290bc9809496e284fb821245d3019bb3462d7e9d11751827ec32f71e

SHA512
ccbeef17ba924dd4fcc80c9e688b5c62b135e89120e237e18241fc3482733592a81e6fcc58954db8e85dc55cd5bda666b57761a6b5cc4122f3a533c43f4d6d55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI44722\_bz2.pyd

Filesize
84KB

MD5
a991152fd5b8f2a0eb6c34582adf7111

SHA1
3589342abea22438e28aa0a0a86e2e96e08421a1

SHA256
7301fc2447e7e6d599472d2c52116fbe318a9ff9259b8a85981c419bfd20e3ef

SHA512
f039ac9473201d27882c0c11e5628a10bdbe5b4c9b78ead246fd53f09d25e74c984e9891fccbc27c63edc8846d5e70f765ca7b77847a45416675d2e7c04964fc

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI44722\_lzma.pyd

Filesize
159KB

MD5
cdd13b537dad6a910cb9cbb932770dc9

SHA1
b37706590d5b6f18c042119d616df6ff8ce3ad46

SHA256
638cd8c336f90629a6260e67827833143939497d542838846f4fc94b2475bb3e

SHA512
c375fb6914cda3ae7829d016d3084f3b5b9f78f200a62f076ec1646576f87694eec7fa6f1c99cbe30824f2fe6e2d61ecdeb50061383b12143cd2678004703199

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI44722\_ssl.pyd

Filesize
151KB

MD5
cf7886b3ac590d2ea1a6efe4ee47dc20

SHA1
8157a0c614360162588f698a2b0a4efe321ea427

SHA256
3d183c1b3a24d634387cce3835f58b8e1322bf96ab03f9fe9f02658fb17d1f8c

SHA512
b171f7d683621fdab5989bfed20c3f6479037035f334ea9a19feb1184f46976095a7666170a06f1258c6ddf2c1f8bdb4e31cbfd33d3b8fa4b330f097d1c09d81

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI44722\select.pyd

Filesize
28KB

MD5
fed3dae56f7c9ea35d2e896fede29581

SHA1
ae5b2ef114138c4d8a6479d6441967c170c5aa23

SHA256
d56542143775d02c70ad713ac36f295d473329ef3ad7a2999811d12151512931

SHA512
3128c57724b0609cfcaca430568d79b0e6abd13e5bba25295493191532dba24af062d4e0340d0ed68a885c24fbbf36b7a3d650add2f47f7c2364eab6a0b5faff

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI44722\unicodedata.pyd

Filesize
1.1MB

MD5
cd12c15c6eef60d9ea058cd4092e5d1b

SHA1
57a7c0b0468f0be8e824561b45f86e0aa0db28dd

SHA256
e3ab6e5749a64e04ee8547f71748303ba159dd68dfc402cb69356f35e645badd

SHA512
514e76174f977cc73300bc40ff170007a444e743a39947d5e2f76e60b2a149c16d57b42b6a82a7fea8dd4e9addb3e876d8ab50ea1898ee896c1907667277cf00

Download Submit