Resubmissions

10-11-2024 01:42

241110-b41vrswgrj 8

10-11-2024 01:38

241110-b2c1xswkft 8

10-11-2024 01:32

241110-bx637swjhx 8

Analysis

  • max time kernel
    269s
  • max time network
    271s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-11-2024 01:42

General

  • Target

    fnaf plus restored.exe

  • Size

    937KB

  • MD5

    10fccccf042d47d4bf56bb1bc5e04273

  • SHA1

    42268e93106a8b9831f1750dbda236137d37542c

  • SHA256

    60ccfd2af3e5f68d1b1fa36140e97a65411f0ce26da19768933cd5128fe342fb

  • SHA512

    ef5f4cca065311aae4b3d35c74de5d2daeebb36396e0a15fa5a544460ccb8ef82dd2efa7efae1afa0bb76468e9986c2e3dfa37cfbca1c01ca212c9379b3b36a9

  • SSDEEP

    12288:qUDU9hdC/8PqDaPcUewtn10Gkt+Tu8mTLUyitik5ZEXhttD:qIU9hB5Bkt+TmYti8ZErtD

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Checks for any installed AV software in registry 1 TTPs 4 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 14 IoCs
  • Suspicious use of FindShellTrayWindow 21 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

Processes

  • C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe
    "C:\Users\Admin\AppData\Local\Temp\fnaf plus restored.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    PID:4452
  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2580
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      2⤵
      • Subvert Trust Controls: Mark-of-the-Web Bypass
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3300
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55cf3f9e-9955-450e-8eca-ee11e2d56bba} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" gpu
        3⤵
          PID:1644
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47109e2c-ad0d-473b-b723-f0938b4ba0fb} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" socket
          3⤵
            PID:3060
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2968 -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2868 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49bb3281-c9d0-4ef9-99c2-14e02e83f824} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
            3⤵
              PID:1928
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3784 -childID 2 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3157e2-af96-4fb5-b03f-cca97fb158df} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
              3⤵
                PID:564
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4980 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {321c1ad8-0c4e-4f48-81fc-62a6da517afb} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" utility
                3⤵
                • Checks processor information in registry
                PID:5384
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5352 -childID 3 -isForBrowser -prefsHandle 5376 -prefMapHandle 5280 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {049a2633-13d7-494d-b00b-b7fb6f1090a9} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                3⤵
                  PID:5772
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4928 -childID 4 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71286dc2-d6d3-41a6-8de4-54d8e5f56f2a} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                  3⤵
                    PID:5784
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5696 -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5268 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1b44ed8-28aa-45d4-923e-ff0123a7db9c} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                    3⤵
                      PID:5796
                    • C:\Program Files\Mozilla Firefox\firefox.exe
                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6156 -childID 6 -isForBrowser -prefsHandle 5948 -prefMapHandle 6148 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48f77685-d2c3-47bc-82ed-8c16b18a4de2} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                      3⤵
                        PID:3124
                      • C:\Program Files\Mozilla Firefox\firefox.exe
                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4052 -childID 7 -isForBrowser -prefsHandle 5872 -prefMapHandle 5880 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4960a1f0-87b0-4d2b-b34e-e238a709f09b} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                        3⤵
                          PID:5628
                        • C:\Program Files\Mozilla Firefox\firefox.exe
                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5204 -childID 8 -isForBrowser -prefsHandle 4772 -prefMapHandle 4156 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {434f48b1-bd8d-4966-b114-6268560abfc9} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                          3⤵
                            PID:3744
                          • C:\Program Files\Mozilla Firefox\firefox.exe
                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4596 -childID 9 -isForBrowser -prefsHandle 6896 -prefMapHandle 6860 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8198ce95-dbdd-4e1f-8754-001167d1ba75} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                            3⤵
                              PID:2056
                            • C:\Program Files\Mozilla Firefox\firefox.exe
                              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6856 -childID 10 -isForBrowser -prefsHandle 6836 -prefMapHandle 6844 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f978ee-6450-4932-a58e-6314bf9a20f7} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                              3⤵
                                PID:1980
                              • C:\Program Files\Mozilla Firefox\firefox.exe
                                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6256 -childID 11 -isForBrowser -prefsHandle 6328 -prefMapHandle 6344 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d582ac7b-aef9-4bb7-bce6-7c72e36c32e1} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                                3⤵
                                  PID:5872
                                • C:\Program Files\Mozilla Firefox\firefox.exe
                                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -childID 12 -isForBrowser -prefsHandle 6456 -prefMapHandle 6452 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd84271f-ce8e-45ae-90fe-f6e549b5287d} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                                  3⤵
                                    PID:5976
                                  • C:\Program Files\Mozilla Firefox\firefox.exe
                                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 13 -isForBrowser -prefsHandle 5448 -prefMapHandle 4244 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {479bea34-0ad8-4dbb-9209-644a2946cc74} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                                    3⤵
                                      PID:5956
                                    • C:\Program Files\Mozilla Firefox\firefox.exe
                                      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4452 -childID 14 -isForBrowser -prefsHandle 4172 -prefMapHandle 3712 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b6c4181-09e5-4a25-8460-1a2d6831857b} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                                      3⤵
                                        PID:5696
                                      • C:\Program Files\Mozilla Firefox\firefox.exe
                                        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4176 -childID 15 -isForBrowser -prefsHandle 4576 -prefMapHandle 6460 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc122993-de96-458a-8760-99030069e3b7} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                                        3⤵
                                          PID:4688
                                        • C:\Program Files\Mozilla Firefox\firefox.exe
                                          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7308 -childID 16 -isForBrowser -prefsHandle 7400 -prefMapHandle 7396 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e6dc7c1-a855-444d-8dc4-d4b3a2e3e026} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                                          3⤵
                                            PID:756
                                          • C:\Program Files\Mozilla Firefox\firefox.exe
                                            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7684 -childID 17 -isForBrowser -prefsHandle 7604 -prefMapHandle 7612 -prefsLen 27998 -prefMapSize 244658 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f59f476-7142-497f-9cc4-8bf7bdc5259b} 3300 "\\.\pipe\gecko-crash-server-pipe.3300" tab
                                            3⤵
                                              PID:824
                                            • C:\Users\Admin\Downloads\WaveInstaller.exe
                                              "C:\Users\Admin\Downloads\WaveInstaller.exe"
                                              3⤵
                                              • Checks computer location settings
                                              • Executes dropped EXE
                                              • System Location Discovery: System Language Discovery
                                              • Suspicious use of AdjustPrivilegeToken
                                              PID:760
                                              • C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe
                                                "C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe"
                                                4⤵
                                                • Checks computer location settings
                                                • Executes dropped EXE
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:1316
                                                • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe
                                                  "C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe"
                                                  5⤵
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Checks for any installed AV software in registry
                                                  • System Location Discovery: System Language Discovery
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3992
                                                  • C:\Users\Admin\AppData\Local\Luau Language Server\node.exe
                                                    "C:\Users\Admin\AppData\Local\Luau Language Server\node.exe" server --process-id=3992
                                                    6⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:2796
                                                  • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe
                                                    "C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe"
                                                    6⤵
                                                    • Checks computer location settings
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetWindowsHookEx
                                                    PID:1516

                                        Network

                                        MITRE ATT&CK Enterprise v15

                                        Replay Monitor

                                        Loading Replay Monitor...

                                        Downloads

                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.dll

                                          Filesize

                                          4.3MB

                                          MD5

                                          6546ceb273f079342df5e828a60f551b

                                          SHA1

                                          ede41c27df51c39cd731797c340fcb8feda51ea3

                                          SHA256

                                          e440da74de73212d80da3f27661fcb9436d03d9e8dbbb44c9c148aaf38071ca5

                                          SHA512

                                          f0ea83bf836e93ff7b58582329a05ba183a25c92705fab36f576ec0c20cf687ce16a68e483698bda4215d441dec5916ffbdfa1763fb357e14ab5e0f1ffcaf824

                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.exe

                                          Filesize

                                          249KB

                                          MD5

                                          772c9fecbd0397f6cfb3d866cf3a5d7d

                                          SHA1

                                          6de3355d866d0627a756d0d4e29318e67650dacf

                                          SHA256

                                          2f88ea7e1183d320fb2b7483de2e860da13dc0c0caaf58f41a888528d78c809f

                                          SHA512

                                          82048bd6e50d38a863379a623b8cfda2d1553d8141923acf13f990c7245c833082523633eaa830362a12bfff300da61b3d8b3cccbe038ce2375fdfbd20dbca31

                                        • C:\Users\Admin\AppData\Local\Bloxstrap\Bloxstrap.runtimeconfig.json

                                          Filesize

                                          372B

                                          MD5

                                          d94cf983fba9ab1bb8a6cb3ad4a48f50

                                          SHA1

                                          04855d8b7a76b7ec74633043ef9986d4500ca63c

                                          SHA256

                                          1eca0f0c70070aa83bb609e4b749b26dcb4409784326032726394722224a098a

                                          SHA512

                                          09a9667d4f4622817116c8bc27d3d481d5d160380a2e19b8944bdd1271a83f718415ce5e6d66e82e36819e575ec1b55f19c45213e0013b877b8d61e6feb9d998

                                        • C:\Users\Admin\AppData\Local\Luau Language Server\server\index.js

                                          Filesize

                                          6.1MB

                                          MD5

                                          6b1cad741d0b6374435f7e1faa93b5e7

                                          SHA1

                                          7b1957e63c10f4422421245e4dc64074455fd62a

                                          SHA256

                                          6f17add2a8c8c2d9f592adb65d88e08558e25c15cedd82e3f013c8146b5d840f

                                          SHA512

                                          a662fc83536eff797b8d59e2fb4a2fb7cd903be8fc4137de8470b341312534326383bb3af58991628f15f93e3bdd57621622d9d9b634fb5e6e03d4aa06977253

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

                                          Filesize

                                          24KB

                                          MD5

                                          5ae538c1207fcfad6edf9c301e366cdb

                                          SHA1

                                          f37d5d2651163f864dfb9220328dbc958aa94bc6

                                          SHA256

                                          da71f6c756bd77924dece967abf9397df4f29a4f8fd5ac449d7a81f34da75eb3

                                          SHA512

                                          86d820519151375e5905ea76eb00af2096092b67e7d3cd81ac053f8a6e9f01fee7cfabbd62eca79ad1fd0273291313d97332fb2af8e88f77192958e0dc4c86a4

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\doomed\26104

                                          Filesize

                                          86KB

                                          MD5

                                          abe3073907362e8df7b199d214d411d4

                                          SHA1

                                          273ae71ade06d8c14caff5d4f397e2841e6247dd

                                          SHA256

                                          ed48b3e06ea31154c28be8c70f769a572f1f2808d4e07544122d834f20d2f3c6

                                          SHA512

                                          0f3cdd45dfd7ddb03037b908d6c7dad04ff151b2a64d49e3a9e92214a7695cb219edc12759745ba17380e196503e2d429ca235ee3e8ecf4dcff7716c1446bc46

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\doomed\4033

                                          Filesize

                                          125KB

                                          MD5

                                          17f92159a6dfaf583927360526c74ed2

                                          SHA1

                                          6ba5bfa28d4aa16e0580311c6cde166411e25f3a

                                          SHA256

                                          25bfa6d812d79e68714a9e4c040b2947c19b601471e7ec9c66c0cb1e62a6a943

                                          SHA512

                                          9349cf5fc74e58da133bf32d7e6a700bfaa2ccf02e7ad78d1a447590437f961f48b3599543e80d5b1063cf747d47e42b55474ca5077322061be55308b70af614

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\0B09FAE341F4DDD969BBA2C6B6B8F6253CF20D50

                                          Filesize

                                          13KB

                                          MD5

                                          c9f6bbeb184165e9a2e2407584bf4526

                                          SHA1

                                          b05bf3e5aca7d21d28b35732f899950d1cbe089c

                                          SHA256

                                          5f397f988c6e49c66faed4e2329453999598cb3d78586bec3ec58eb4746594ed

                                          SHA512

                                          19fb282e6fb625a2f23e71ae18fc7567988dbdd6357a54301e8b57c8da7495ffc9ccb90dc0eb8b4982b4e38d364a770f7f92366370f02b62b1ef289921f11a30

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\15452148DC37F7F3E37A31F6162F9E9EF7545424

                                          Filesize

                                          43KB

                                          MD5

                                          39134d0dfea80998129e82a84cd62acd

                                          SHA1

                                          75ab5ba5a5e071fde6b565b3130a05fb33864c05

                                          SHA256

                                          0b4885575123d56aac012da631b424548f68c15fa2f8e995efdcaf82c89ffa90

                                          SHA512

                                          a601790fa14467ec45bb3adf0c97d2f0254f98df20edb4cce9a218ad6eba1bb714b990b04b8a8c547953ef338e7fe42eacc42fd27f52084a229e831422388bbd

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\1951DE72CFFA8150C812E912B27FCB419836A7A8

                                          Filesize

                                          22KB

                                          MD5

                                          2ff56147f449ff5fc45d762ecd77c5f8

                                          SHA1

                                          c4bbeb2e974e75a986d518736112d2daac977dbf

                                          SHA256

                                          6cade1c6e4bc79ae9b0dd605b6a0367049d97c488318ea4bb3822a87e4e215b4

                                          SHA512

                                          50012439f3b5bc29dccf87863f404aa1d98933080959cb7013e15adbd2c8f4ddea257caac6eecc6e61e99f36a508ed087cb7980f1a2f62c3c67f38435aac71d4

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\2F80A05A314CCDB66FB88D0D30B7405BCD9AB353

                                          Filesize

                                          1.1MB

                                          MD5

                                          2de9d573a934efebc99b2e32a38409c6

                                          SHA1

                                          198f11cf1b9cb6bc3cfcaffe9cc635db473b085c

                                          SHA256

                                          b31d2b6da67f8bfd11560e3da27d967ad9ef838af52659447f9e687e3f746d7c

                                          SHA512

                                          f19f78a5a8d2ddc80a1987ed84c2d591130af3322d297022bec480632df137a399584f4e0802676e200c9c9299201526f30a7877225927261ae5930b3f6a7ee5

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\5C36AD522D06CBA27C557B84549A66AC74D92835

                                          Filesize

                                          10KB

                                          MD5

                                          f8d428409be95a771c9d414023e01ccc

                                          SHA1

                                          19513d44e8b9bd28f3a655a4f7252ff0836d360e

                                          SHA256

                                          cc72ac8f1ae1891e8887753f261a49ca217a6c693c71a090354a9f7cd5e6fc1f

                                          SHA512

                                          5cf7164487eee73199beb8deecd60aec9e021a66a015c50e83212617a9512384ad4f370f4048fc01d3a1036fda88e9031c236608b0e7b1b444b644a743ce6e6d

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\5CAF0F45716E767E04F44899002CD8DC8EFBF123

                                          Filesize

                                          44KB

                                          MD5

                                          7b8e97a8eb029284d05b89980b37d81b

                                          SHA1

                                          5af64eea60949747f3c1007342e5f015d03d1641

                                          SHA256

                                          6d91bbe99f3872fefd1668d70ed0d51a7e18ba1da367554b66e7b2668916ea5f

                                          SHA512

                                          e5bbb52ae12fd6da27adf6d593cb8ddaf18f78a73f0aee9307f0af77f1405f03979960b2f77c657c91af109aec2a3fd1a4ffd3a4446bd00814e3ad413cae6a65

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\5D88F86F32DC808B55FF241F00F12611A6FDBCB2

                                          Filesize

                                          121KB

                                          MD5

                                          b651bc9527c9aebe800eece7682a561d

                                          SHA1

                                          df406cc1646a8c0c53b1a704883164b19e39ed3b

                                          SHA256

                                          7faf1d0475ced72ff6badb40e840bc494af69fd1f504f83a17f5d9dbff8da479

                                          SHA512

                                          3f8b6bedbfd30f0f491130f33de8aa8c578e7ffb3f59ab4efa2f4845b4dfde751a595597755fad22bcd7da7c6c2f1150e188d00df6fb9a986ded96509ea2ee5f

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\816705FEF1DB3481B3B6CB5A4542A9BE5F9F75C6

                                          Filesize

                                          788KB

                                          MD5

                                          e2c8f6579c2bcc07bb593bad7b21dcf6

                                          SHA1

                                          0cbb9be957d6ed1c873180168a3e8d44ee578c6a

                                          SHA256

                                          aac12cc4e198baf98a3d85e475bcf68c86fc883867eb92b455fb49c50ea71515

                                          SHA512

                                          cf9b73b129eb095e81175f150f35fc2258e3cca38eec1324695cceca938c91b830f3b5969282b6cdea3992b748a5d1794dccaf1ba24420e950bc3866d934e238

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\944281DE8E653E8D9793A8E9F6BD27DE1695F581

                                          Filesize

                                          122KB

                                          MD5

                                          47457ee238bef4cb7e8301d77d116fed

                                          SHA1

                                          09dab270f3d105e664f1860455d3ab61f3a110c1

                                          SHA256

                                          cfb82b41bcada3107de248dab9b161c5aad5668c151a12fa083f8594d0e3d9cb

                                          SHA512

                                          98aab2b843711007d8ca4029e26038d2c8932f4a0373ce395b52468b457f0764cac6014959d57240edaff6577fc445322ca3a3c424e8d72d6ffffce9a7a28a40

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\B3E9141EA653832D356942C18CCBE9C056FE1193

                                          Filesize

                                          139KB

                                          MD5

                                          97622ffbb4d13d14ca5c3e35bf28cf60

                                          SHA1

                                          def4ebd751c025285dc25e8457ae49ff6705cabe

                                          SHA256

                                          d2afb0e76f2910b969b8ae3a455b4b73cabf9e2b132af39bbee0c35066018374

                                          SHA512

                                          11e37fc53613ba49aeac4e080d07000ae74d42050126f6246d032f3f89295ea398027e9fe579f5a6831080bc937b29da424209439b6cdd54379884a5c9affc4b

                                        • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\cache2\entries\C0F4D880C1B3CF628066058BD865CA7B495E5F29

                                          Filesize

                                          218KB

                                          MD5

                                          2abcb59db78a343418d5a485103021db

                                          SHA1

                                          9d018483c44193c83c804c888d8d5d965f8e18b6

                                          SHA256

                                          ee427998f947b5522c8c8a5394197c0a551d961a5f6110caddf6ac84e759975f

                                          SHA512

                                          646f5151ebf1d1804b7aaddc0fa2a3674467f714c27efae17fdb9c435a6f03d77a2d8b27577c7504fa1375f5932601d0221dd5db4c1c12716836722356a0754e

                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon

                                          Filesize

                                          479KB

                                          MD5

                                          09372174e83dbbf696ee732fd2e875bb

                                          SHA1

                                          ba360186ba650a769f9303f48b7200fb5eaccee1

                                          SHA256

                                          c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

                                          SHA512

                                          b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

                                        • C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

                                          Filesize

                                          13.8MB

                                          MD5

                                          0a8747a2ac9ac08ae9508f36c6d75692

                                          SHA1

                                          b287a96fd6cc12433adb42193dfe06111c38eaf0

                                          SHA256

                                          32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

                                          SHA512

                                          59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

                                        • C:\Users\Admin\AppData\Local\Wave\WaveBootstrapper.exe

                                          Filesize

                                          949KB

                                          MD5

                                          495df8a4dee554179394b33daece4d1e

                                          SHA1

                                          0a67a0e43b4b4e3e25a736d08de4cec22033b696

                                          SHA256

                                          201263498c60fa595f394650c53a08d0b82850349123b97d41565e145ddf2f42

                                          SHA512

                                          ce3bef1038741f7a0f90cc131a4a1883fd84b006654024d591f5451e73166b4cae546e307c358b5b90aa0e6517bf7b6098f1f59a3ecc01598d4feb26e6b6af33

                                        • C:\Users\Admin\AppData\Local\Wave\WaveWindows.exe

                                          Filesize

                                          8.0MB

                                          MD5

                                          b8631bbd78d3935042e47b672c19ccc3

                                          SHA1

                                          cd0ea137f1544a31d2a62aaed157486dce3ecebe

                                          SHA256

                                          9cfda541d595dc20a55df5422001dfb58debd401df3abff21b1eee8ede28451c

                                          SHA512

                                          0c51d6247e39f7851538a5916b24972e845abfe429f0abdc7b532f654b4afe73dc6e1936f1b062da63bfc90273d3cbc297bf6c802e615f3711d0f180c070aa26

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                          Filesize

                                          14KB

                                          MD5

                                          9f02b5ca14334400200521ef95ae1f2f

                                          SHA1

                                          68ad8777a658a23830ab993ece7c9e6ba0f285d1

                                          SHA256

                                          6e968e2ff79391f5c5aca818e1d4860a25733b132a9492260528a15952edc2a6

                                          SHA512

                                          2dc8e207ed362700eb84e76a08343ea83faa9d35f6b77293d20cf4b6c68a0b393e70f41db51872c5c9eaaa6b79684fceae6838f7d45286f964d962ffd6079f84

                                        • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

                                          Filesize

                                          20KB

                                          MD5

                                          7eceb2d53ac1333b643809105c569a03

                                          SHA1

                                          7d2ee1fabe4d6f5027af488a18cc14a5ac91d76a

                                          SHA256

                                          205bdc219a2da231d0ebf2e714bda8ae75807bcfd8f5c1c434e3277f0e0a414e

                                          SHA512

                                          ea010887277601335938dbe41334fed1a0c7eb8a1855a22cc9080963a8118d480a1a0b89e30f89e4670534330937d1e57f59d39cea621982429f693e1b8497d6

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          8KB

                                          MD5

                                          65ec2f218c073d662943e63786c87304

                                          SHA1

                                          22c8d20c7e04bd24ca77aca2b226b27fda9bcf41

                                          SHA256

                                          4da1b7c18ab0b2821c7ff5f8c90661f271900f570c0d939ce0b0a4f6804e98e1

                                          SHA512

                                          a408eb1fd8a76f78c790ac081862af6297b089c0041030d5fe54ce3179a791d98169716b2364111625897bb1c32ef402be89d36379d3db9483bcb95cb387d0a6

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          7KB

                                          MD5

                                          932bef375ba231ec9369efa5b70e5edc

                                          SHA1

                                          df0abddf83f89434e456e2406be8b253ad6935fa

                                          SHA256

                                          73640d344269a1f35c2b55b2b243d51c5c3ad74b1eef105d3e932c53b9ba2a72

                                          SHA512

                                          0368cc5bde4c94835f7ebab3eed21276a29ad2088c9b1195c2718b0cf2b083cbaebbdab60c2ef591d422d5cc387696c720a32180dd9765314bc4cd7733ed2116

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          13KB

                                          MD5

                                          986613ecaa1d5ffe7eec18396ea8ecba

                                          SHA1

                                          1246edddd837b593112526c352d9ae8683746f24

                                          SHA256

                                          8dbb0f4a3df19030b3dacc93cd137d7c0642ef0bb9b78f467f37ca628bae7528

                                          SHA512

                                          ffab0a1df960be4d379fb550ea7227428a259928378f041c7dc6dda93c5c9b10013cf7979d277d90d62cbee729284e36ae8477141658aae2dc2c21403264ccf5

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          17KB

                                          MD5

                                          1166b284dde38196a1b75aaa66aa4723

                                          SHA1

                                          0777a06beb5b5fef9b077cbedd9b056b4f0b6bad

                                          SHA256

                                          2f24b1ff74922c55720f4fa928596991c80ca6d1616e5b9d67b4328c8a5125d9

                                          SHA512

                                          2f5d4c3b2da9bcbd8f3520f9a3e99f681ff7fcbcd7fa9124a3977ef7262265ead08e4fc4b340703487b4471b2ead22287a7b4104c549150836f865751697d323

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          20KB

                                          MD5

                                          a163122f8362372fbf8cc0f8de832bd7

                                          SHA1

                                          46244bb45e00a9285f527ba99d5911e51eabf7f0

                                          SHA256

                                          5b4b96827805ae0d21553227c058f223faf3e18669772222276bcb0a0dc6cc0f

                                          SHA512

                                          385c7f01e3c4c7ac3bd76ba6616e77068619f486162bf7d008e4193ab34d9147a3a6a9824b7b1d171e76dfd86ce6f9fe6bf75e3c6c6818477bcf50429f5cfa4c

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          25KB

                                          MD5

                                          2fb74fbb662f6bf11e756e7c8803e28d

                                          SHA1

                                          2b35c28101329dfc8f8f922cfc619d3d96491dd7

                                          SHA256

                                          a33e3a6ed6960c4b67aa9836b1e0a0733146cd5b96cb30b1f8c9bd2743dfdd80

                                          SHA512

                                          390473fd1bcdb31c1d4137bff57a544680ce134989209bf07bba4b867a9146949cd8d66d4ae30b8a834e13eaec96e605e6839a9645f8ad81bb84b9471db31ac4

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          8KB

                                          MD5

                                          4913649c1a6f8ec5c9d961956903393a

                                          SHA1

                                          782496ed73ad6596bc49dc5020e6876fbe7aad15

                                          SHA256

                                          777ff608aeba0db5450ce75c394bc3981acd8608a7d66014b0315e6b87ecec84

                                          SHA512

                                          6bf46d48372c71c973530f90f2b1e519d7bd0b4ffd379ff82599ab1857de70fe767b59a69c1ba5c50d686633222dd6ca0780b26e6270c48ac6eeb12c474cf78e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

                                          Filesize

                                          15KB

                                          MD5

                                          5e9615d2523f3707434cd2d1d1bffb0a

                                          SHA1

                                          cd326468334ad58ed6d9ea4ef69820712a56efac

                                          SHA256

                                          89c41b49703f1af86e46afb4e2399acd1615f2246244357e48757e9ef7c812d2

                                          SHA512

                                          54dbcb5a1e448c828b88c1b7279eae97a7c3d5d0b5c1ad843f5efe9499a0e51ca0a0eaaef75a64c1516645f0a901a56c67be815bff0c7862b3f9726e95a590aa

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

                                          Filesize

                                          22KB

                                          MD5

                                          b8ecfc8a5713b0f5e4b0520bc157fa51

                                          SHA1

                                          c1d3cf2e2789b46326ba175e122ccdc22151b452

                                          SHA256

                                          7628d319345668b3513bb08eb77fc4cb92385878ff36a70b3eccfa0b97277e8c

                                          SHA512

                                          e2b41cdb8d1720cb00eb5c28db6e207916db8be76f13bb672f9b84ee4713c979fa73781d9c6c1fc40951b4db2bf69ef3bcae67bf0b185ded82d58def17c1ff1f

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

                                          Filesize

                                          96KB

                                          MD5

                                          0588032595cae55ffdcdbf98ee865a6e

                                          SHA1

                                          e9ced0ccae515ff72c869fbc381a986a2886740d

                                          SHA256

                                          b29e516c423349c54f8855f33ca0a328ef34858b5967d6526c8c18c908a5c31e

                                          SHA512

                                          12af6d38e0524c3f73e2ca50fdee60bf30cd718de48a543e59f8915cbb55eba4f47fc7df594a2ff21ee21a511334d9004ec564865a8e9419c4dd39352392fa1b

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

                                          Filesize

                                          22KB

                                          MD5

                                          ce83bceb6e080e1192bae2b362a246de

                                          SHA1

                                          1cd46714a37f8b1e23b75444ed2ebb9f1cfdffa8

                                          SHA256

                                          87b19911f946c4140b01f6026cbd40ed455d42f2c51e0befbca509e9fd499759

                                          SHA512

                                          8eafa7b704a32f615ac09be254ee89eba9277565524cc15be25c959d0e09344a296c4f29c7617e798c47d946447a1f38484940f1de2e2be4ea394fc78e691ed8

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

                                          Filesize

                                          23KB

                                          MD5

                                          a5a948a8a78889767828138d7313bbaf

                                          SHA1

                                          5eea307189916da291827711363c78bf3a44d892

                                          SHA256

                                          379faffb9d503943ab66791f59f25f09dac9a29efb4d98826c3275be7f41c768

                                          SHA512

                                          f385abd13b5fe1e84e5392bd7d29cfb035e5ed4f52d109bd774eab3abb967ea7e79b5f3776958362419d47c957f1623326506929972d41029a211d4005ef616a

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

                                          Filesize

                                          96KB

                                          MD5

                                          d7b11c7ea9e6de388212593952f59606

                                          SHA1

                                          f74fda99d7fb5057b5ade476ae8b00dec0859ea2

                                          SHA256

                                          6779cb5b0ce3b9fa158960d77eac030dd4cbbf9cbacf53f4d604548f21175f72

                                          SHA512

                                          8a0e84c1671660bf339948bd9f7b6d952300bb256aa4c53d2c9729a6a6fff7c6efe03f54115ac9261829c11a80111a9232c8b5ac01f2d5a4f6bca6235979b96e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\3c1db6f6-1e0c-442e-9f31-f6584ae000b1

                                          Filesize

                                          4KB

                                          MD5

                                          c5757489bf889a243b4bfcf43830797a

                                          SHA1

                                          65f4d3d9221cbb4b004d3dfa87375a2ec985a9e9

                                          SHA256

                                          23c55b294f33a8776265570fc4f5fac28db25090156d5aad5eee22993444bc45

                                          SHA512

                                          d941fd98932fd6ef7169beb871a11cdd5bd57534a0029e72894f885e4a9f65fcb0c0e46130cfdf09d184afda1c5101a03b942dc440bea455d6a6d943e4769cfc

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\b602185f-0ec5-4fd8-a328-a874c68accd7

                                          Filesize

                                          659B

                                          MD5

                                          80f5ba69534aaf27846eec38d7052c75

                                          SHA1

                                          6909faae95ffb47b02f4697b68fc62d26601793f

                                          SHA256

                                          6585be0dbf699fc077c542dbf3a98ebe465afebacb7e51186a232b97f51a0b24

                                          SHA512

                                          ff7e8cf45638d9584c00d27fe0acf619e29dc418fc611ee682a1f73c688560cc8123f500c6bccc8c4cec50c683891fb2fd100e7dff072109e7e8d31a3000b405

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\e0159c21-9161-4d2b-b90c-761d73fec01e

                                          Filesize

                                          847B

                                          MD5

                                          f3243ce8be9c1e83be61c990829a9e89

                                          SHA1

                                          db13c86c94110f68f85ad57e0e191d7cc21d91d7

                                          SHA256

                                          a31c62d8561ac5e89848e580706b5762aae633c8e347e73b2105f982dafd7070

                                          SHA512

                                          cd3ca5e25dc5829df59f0c64fc81fc62a32c9fdeb65c6d89366556eee2b8a7a92a2329ed9afb79a95a65a2299d9643e38d565d7f287eb1b54b2b42037479b145

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\fb2d409f-e005-4ed0-9400-be0e692978ee

                                          Filesize

                                          982B

                                          MD5

                                          62208780c18354865f58f86a67bff58e

                                          SHA1

                                          460fa142437bb97286de5262ffa5910c0a23c9e7

                                          SHA256

                                          92b829d67aee88adbb34eb8707967be380b04f1c392faebc72f1860a21151bb7

                                          SHA512

                                          abd46ecb1bab16541b342c80d8db3b57515d7c470ee417d48e526742ff87de0ae1610f9e711cb9fb0be0fc775b725b5c53f8257b08dcaea8d9ca71387d454342

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

                                          Filesize

                                          1.1MB

                                          MD5

                                          842039753bf41fa5e11b3a1383061a87

                                          SHA1

                                          3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

                                          SHA256

                                          d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

                                          SHA512

                                          d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

                                          Filesize

                                          116B

                                          MD5

                                          2a461e9eb87fd1955cea740a3444ee7a

                                          SHA1

                                          b10755914c713f5a4677494dbe8a686ed458c3c5

                                          SHA256

                                          4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

                                          SHA512

                                          34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

                                          Filesize

                                          372B

                                          MD5

                                          bf957ad58b55f64219ab3f793e374316

                                          SHA1

                                          a11adc9d7f2c28e04d9b35e23b7616d0527118a1

                                          SHA256

                                          bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

                                          SHA512

                                          79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

                                          Filesize

                                          17.8MB

                                          MD5

                                          daf7ef3acccab478aaa7d6dc1c60f865

                                          SHA1

                                          f8246162b97ce4a945feced27b6ea114366ff2ad

                                          SHA256

                                          bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

                                          SHA512

                                          5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

                                          Filesize

                                          11KB

                                          MD5

                                          c4fbfc42fcacf7d8fd9eece925d8df5f

                                          SHA1

                                          84cc35d46844717f7db45472be69e2670c366ca8

                                          SHA256

                                          d5aaf5bbc028389f89dc80679b56f034ba5e9c850605fb3f4fda8395e2533134

                                          SHA512

                                          817c67fd7e68ac572cc9fa0a655265835fe7be3e327580fabfb9e56ddcbfbe0dc48c491c1b513c1be8a2775619ad1c97996be9ef97c1abe4147cb597c4a944be

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

                                          Filesize

                                          10KB

                                          MD5

                                          1e4921760188a6c00a165d37f0e4644d

                                          SHA1

                                          403596caad70207fc192bcc850dc3e1e1ee2e9ef

                                          SHA256

                                          a6bd86dd905dec24b3c27c95cd740a853f73b55cf44f1c3218c1a668340502e4

                                          SHA512

                                          4cfe65bfe699825ad7e1cd84c4eec780f8a51fafd08080e6c9208a5141cda32ae1a7e0292a8c4850377ace524f811e27c38578efb11c7aa2eaacb5507e76cf5e

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

                                          Filesize

                                          10KB

                                          MD5

                                          8e9a1a345d4a05a2ab745fcec186ca17

                                          SHA1

                                          9ce0844b23f9efb4c2cf7d65780ceee12f79c154

                                          SHA256

                                          1ba10490d2958e97c3b3be73c7b46922b5aae08cae4a315623a6ad37968f6cb5

                                          SHA512

                                          8519879ffc8f0db5efb59e49e3e78d97863cd56ebe4a1ad4fd44faa87d60a9f18e865bdfe60a3d6e5d0d8a05adaef294143ee3fad9178754c7645211dae3641f

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

                                          Filesize

                                          4KB

                                          MD5

                                          cebfd236335c96cf990e98b48957014a

                                          SHA1

                                          b2c180c778dc8ab173e777aecc67e275567b00ac

                                          SHA256

                                          85147370ec31a574ad8d7cb5a6589cd4971c14fd001ac9477df4c44587dbd477

                                          SHA512

                                          ec79878b2ba252694e63d4ed5b6d8671f85f8149ed7d296dd9df6f472220850542a0e7f80bd5668595f34ce5306a56c5dd939d26948e6d4172336419b2eda242

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

                                          Filesize

                                          24KB

                                          MD5

                                          576428b1052758c5b418696150fdbbb9

                                          SHA1

                                          3ee0dc2a0af329abbfd5765f69d60d9ac31f9fcd

                                          SHA256

                                          442b722d58acbe3c7d00e3a53d988bcc2eac27b69565e883dc5188e5d6dc4ad3

                                          SHA512

                                          47668ed4bd274e1d81dec06f99802d5d947da99f3fcebf5c7fb47e7955f0f0689aa1598aa65aadd5d9ce859bb0ed5cc6c45670f3f66fe069a741f23edc9e5074

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

                                          Filesize

                                          6KB

                                          MD5

                                          ec8485943eec7180a9b04c91b021c069

                                          SHA1

                                          089b6dea05b6f6a05a736f56fd7ebc042a0db58f

                                          SHA256

                                          be28c35212eee50cb55568860d52157a96df5b6368a3ba9ba69472cd4c2e4123

                                          SHA512

                                          78f03b1bf7db2c9545c24a0836b7bd21cf64d6192d8c589d7682c35301e4d005bf5c2c6cd9c9f89ab776fe34d7d6f7100129126c0c0208452f0fb1de8b65d15d

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

                                          Filesize

                                          6KB

                                          MD5

                                          875bbbbbadf364c9a59ebd3c8ff9c98c

                                          SHA1

                                          ca4b74e30311eb9590dd744913bf90a21d651b7b

                                          SHA256

                                          cf9e6801f375629d5242a697a35e81a231c05a04db615b8ee3d1c62abaf050f1

                                          SHA512

                                          d0f0056cd7cbca325ceea71fb1066d7f56b7a61c4768490d00a0f5b11ce8e0ced257c2dabf47b837918fba185fb87ac284c2328d09c356c41735bb4cab7daf00

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

                                          Filesize

                                          6KB

                                          MD5

                                          4d9de78b5f7be5279e9567783d8603bd

                                          SHA1

                                          b8c2bdc23208c8d85669b732f0b8dcf5e6ca5689

                                          SHA256

                                          18b75313d1ba773389eae2e553013919b8798aa133133a5a665ed70e6fb9273c

                                          SHA512

                                          1cffa1747545376bfc193705dfe07ea1eb206d1db08c9c798a2c4b232192a599a039d3f0989cdbf641519a64b89fa375d417011c91df4afda059d41e742dfc67

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

                                          Filesize

                                          24KB

                                          MD5

                                          954215cd48e41901c3ab8abf36ec2951

                                          SHA1

                                          0a4e08128710bdcac19799e0d7c9e717c7b8c905

                                          SHA256

                                          44565919bdb3cf8b13d13af9a1aa9656d62bca2feb0cc6aaa0ae39fb29a77bf5

                                          SHA512

                                          7d1d4b2c3720c1109d9093e3e4dd44fb3d8c742e01d255178e5b457cc34fe260ff26c834cd11d798ce50d1732d4192c76a13bb836a436c168afe4c2fdff41dc1

                                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

                                          Filesize

                                          8KB

                                          MD5

                                          3407e32b118171c0faa4abdb553bc1a9

                                          SHA1

                                          2f723e4bacbb787e3890d323a33d195a889dc97c

                                          SHA256

                                          daa5e036dd520ea5ece7b9c7096f4a22561a90caaa1da3b34939c0f35c31401f

                                          SHA512

                                          45e82cd6f43bd4011a2485868c1f60bac913e27573b6a2e99a889b342f6113006e32b25363aff50ac4d2003136d0fc96821f891fd244b6a3f24148dd1feeaa8f

                                        • C:\Users\Admin\Downloads\WaveInstaller.URFM5EZE.exe.part

                                          Filesize

                                          2.3MB

                                          MD5

                                          215d509bc217f7878270c161763b471e

                                          SHA1

                                          bfe0a2580d54cfa28d3ff5ef8dc754fdc73adcd9

                                          SHA256

                                          984dfc64c10f96c5350d6d9216a5d7abfece1658dfc93925f7a6b0c80817c886

                                          SHA512

                                          68e615dfcb1b7770ad64175438a913744c14bdd3af93b339c2b526271bdd0d23334e78d049fdae8ca9fe66672a8cf252ebf891be9ab6c46a3d8f1fb00fa8c83b

                                        • memory/760-1437-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/760-1435-0x00000000748CE000-0x00000000748CF000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/760-1515-0x000000000BD40000-0x000000000BDD6000-memory.dmp

                                          Filesize

                                          600KB

                                        • memory/760-1516-0x000000000B540000-0x000000000B566000-memory.dmp

                                          Filesize

                                          152KB

                                        • memory/760-1517-0x000000000B590000-0x000000000B598000-memory.dmp

                                          Filesize

                                          32KB

                                        • memory/760-1519-0x000000000B8E0000-0x000000000B952000-memory.dmp

                                          Filesize

                                          456KB

                                        • memory/760-1520-0x000000000BDE0000-0x000000000BDEA000-memory.dmp

                                          Filesize

                                          40KB

                                        • memory/760-1521-0x000000000BDF0000-0x000000000BDFA000-memory.dmp

                                          Filesize

                                          40KB

                                        • memory/760-1485-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/760-1484-0x00000000748CE000-0x00000000748CF000-memory.dmp

                                          Filesize

                                          4KB

                                        • memory/760-1436-0x00000000003C0000-0x000000000060A000-memory.dmp

                                          Filesize

                                          2.3MB

                                        • memory/760-1738-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/760-1438-0x0000000009870000-0x00000000098A8000-memory.dmp

                                          Filesize

                                          224KB

                                        • memory/760-1440-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/760-1439-0x0000000009850000-0x000000000985E000-memory.dmp

                                          Filesize

                                          56KB

                                        • memory/760-1486-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/760-1441-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/1316-1742-0x000000000A0F0000-0x000000000A0F8000-memory.dmp

                                          Filesize

                                          32KB

                                        • memory/1316-1741-0x000000000A0B0000-0x000000000A0BA000-memory.dmp

                                          Filesize

                                          40KB

                                        • memory/1316-1735-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/1316-1736-0x0000000000A80000-0x0000000000B72000-memory.dmp

                                          Filesize

                                          968KB

                                        • memory/1316-1747-0x00000000748C0000-0x0000000075070000-memory.dmp

                                          Filesize

                                          7.7MB

                                        • memory/1316-1739-0x0000000009200000-0x0000000009304000-memory.dmp

                                          Filesize

                                          1.0MB

                                        • memory/1316-1743-0x000000000A150000-0x000000000A16E000-memory.dmp

                                          Filesize

                                          120KB

                                        • memory/1316-1740-0x000000000A070000-0x000000000A086000-memory.dmp

                                          Filesize

                                          88KB

                                        • memory/3992-1750-0x0000000005AE0000-0x0000000005B80000-memory.dmp

                                          Filesize

                                          640KB

                                        • memory/3992-1762-0x000000000BB30000-0x000000000BE84000-memory.dmp

                                          Filesize

                                          3.3MB

                                        • memory/3992-1761-0x0000000006160000-0x0000000006182000-memory.dmp

                                          Filesize

                                          136KB

                                        • memory/3992-1756-0x000000000A170000-0x000000000A222000-memory.dmp

                                          Filesize

                                          712KB

                                        • memory/3992-1751-0x0000000005B90000-0x0000000005B98000-memory.dmp

                                          Filesize

                                          32KB

                                        • memory/3992-1749-0x00000000059F0000-0x0000000005AA2000-memory.dmp

                                          Filesize

                                          712KB

                                        • memory/3992-1748-0x0000000000880000-0x0000000001082000-memory.dmp

                                          Filesize

                                          8.0MB