hxxps://tecnologiasegura[.]canadacentral[.]cloudapp[.]azure[.]com/

Analysis

max time kernel
167s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2023, 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tecnologiasegura.canadacentral.cloudapp.azure.com/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3732	spinstall.exe

Loads dropped DLL 1 IoCs

pid	Process
3732	spinstall.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Logs\CBS\CBS.log	spinstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\6001.18000.080118-1840_x86fre_wave1_ServicePackInstaller-FRMCSP1_CD1.iso:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 2652 wrote to memory of 5040	2652	firefox.exe	85
PID 5040 wrote to memory of 2716	5040	firefox.exe	86
PID 5040 wrote to memory of 2716	5040	firefox.exe	86
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 2660	5040	firefox.exe	87
PID 5040 wrote to memory of 364	5040	firefox.exe	88
PID 5040 wrote to memory of 364	5040	firefox.exe	88
PID 5040 wrote to memory of 364	5040	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://tecnologiasegura.canadacentral.cloudapp.azure.com/
1⤵
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" https://tecnologiasegura.canadacentral.cloudapp.azure.com/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.0.961304830\804652461" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a03ff567-3394-4491-a09f-9c4aea1e145f} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 1932 1b642716858 gpu
    3⤵
    PID:2716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.1.524473130\67504377" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2424 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed0602c3-0510-42a0-bc95-d9b517735ed0} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 2440 1b634770e58 socket
    3⤵
    PID:2660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.2.250181458\1407626821" -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3004 -prefsLen 21789 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa2d6ed9-82c5-4ccb-b710-80c7e41963c2} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 3188 1b645605b58 tab
    3⤵
    PID:364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.3.1628634462\813178642" -childID 2 -isForBrowser -prefsHandle 4088 -prefMapHandle 4084 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a53710c3-3f99-4ce3-8977-6c8a41ac0195} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4104 1b646987858 tab
    3⤵
    PID:660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.4.2062295950\1472160132" -childID 3 -isForBrowser -prefsHandle 4752 -prefMapHandle 4768 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8493a334-4085-44bc-9623-2fc2890a4591} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4772 1b647e31a58 tab
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.5.1233857966\1574977863" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4616 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac387c11-c530-4a7c-9a70-a82a5e58aa43} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4896 1b647e33e58 tab
    3⤵
    PID:1820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5040.6.630738813\1057586134" -childID 5 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26753 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd24dc34-665b-4059-9431-a0284228784f} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" 4964 1b647e32c58 tab
    3⤵
    PID:3692

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5088

\??\E:\Windows6.0-KB936330-X86.exe
"E:\Windows6.0-KB936330-X86.exe"
1⤵
PID:3348
- C:\0568320aadd3b9a2634647b06abd\spinstall.exe
  "C:\0568320aadd3b9a2634647b06abd\spinstall.exe" /path:"E:\Windows6.0-KB936330-X86.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:3732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\0568320aadd3b9a2634647b06abd\SpWizUI.dll

Filesize
149KB

MD5
562f9c10ed7a3092e177dc936a5364e6

SHA1
29880609110ca6968b0b42fff4088d0a98a466a7

SHA256
bd2fd1bf5b65feb4b1ee15afbf0f7d6b40a0646251131748413cefc9b30d28b3

SHA512
3f441aa13814a9c68a1bbf005ad826ef76b094bc6b181ab03385e9c949091ab5a7eb9951fc834f3651276c5d9f366e6d5db2e50624165a7e6788d53c7dd104a1

Download Submit
C:\0568320aadd3b9a2634647b06abd\en-US\SpWizUI.dll.mui

Filesize
20KB

MD5
c3599c3a6f6be618021eb2b080b1066a

SHA1
a367e797ad156a682669743154b9e242655d3908

SHA256
814c7a649a88ed5733f96d26de705854ed8a2d035de9ea155607940fb210222a

SHA512
358ce4b7c576eb1084f9b59a74e349a8fd8e32aa333f1624bcbcf14c1425d2bf1060592f0c0614a148be2071cb10ab7285d0ba480f5e7465dcfec6fff9f9f165

Download Submit
C:\0568320aadd3b9a2634647b06abd\en-US\spinstall.exe.mui

Filesize
5KB

MD5
95661bd162290be0082df7c659596435

SHA1
0fe3b15af97312f25cd9236e69e366e714b9d5f6

SHA256
4c1c038a39abe71886f3028427903b3d076bcc3643c747ec285e3841edabaffa

SHA512
26b54bb47aeb01d77d579bbb2d0477633f1fda1fc612f2d7137553fa08c99341df651642e49274f0aee61fdfbc4e31c597680eb112f4c6df8c2a6c972cf493c3

Download Submit
C:\0568320aadd3b9a2634647b06abd\spinstall.exe

Filesize
127KB

MD5
8aa6c43ca7aa28e8851c9224e2e21be5

SHA1
7e2378cbb4c52503d30b1749a8b31dd82f534226

SHA256
0aba742c7cec729912017cbe9f1be87234822730aae4702202d5459df48685bf

SHA512
6eb052d860ec5d894c0d1e8f58d8e703456c525e5d43e0f3cbde62ff99041828b0a1da3c196cafb65e907836983c1cd4545d4f3ac13c22829bb75b9b48d93d47

Download Submit
C:\0568320aadd3b9a2634647b06abd\spinstall.exe

Filesize
127KB

MD5
8aa6c43ca7aa28e8851c9224e2e21be5

SHA1
7e2378cbb4c52503d30b1749a8b31dd82f534226

SHA256
0aba742c7cec729912017cbe9f1be87234822730aae4702202d5459df48685bf

SHA512
6eb052d860ec5d894c0d1e8f58d8e703456c525e5d43e0f3cbde62ff99041828b0a1da3c196cafb65e907836983c1cd4545d4f3ac13c22829bb75b9b48d93d47

Download Submit
C:\0568320aadd3b9a2634647b06abd\spinstall.exe

Filesize
127KB

MD5
8aa6c43ca7aa28e8851c9224e2e21be5

SHA1
7e2378cbb4c52503d30b1749a8b31dd82f534226

SHA256
0aba742c7cec729912017cbe9f1be87234822730aae4702202d5459df48685bf

SHA512
6eb052d860ec5d894c0d1e8f58d8e703456c525e5d43e0f3cbde62ff99041828b0a1da3c196cafb65e907836983c1cd4545d4f3ac13c22829bb75b9b48d93d47

Download Submit
C:\0568320aadd3b9a2634647b06abd\spwizui.dll

Filesize
149KB

MD5
562f9c10ed7a3092e177dc936a5364e6

SHA1
29880609110ca6968b0b42fff4088d0a98a466a7

SHA256
bd2fd1bf5b65feb4b1ee15afbf0f7d6b40a0646251131748413cefc9b30d28b3

SHA512
3f441aa13814a9c68a1bbf005ad826ef76b094bc6b181ab03385e9c949091ab5a7eb9951fc834f3651276c5d9f366e6d5db2e50624165a7e6788d53c7dd104a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\activity-stream.discovery_stream.json.tmp

Filesize
154KB

MD5
c563978997ad8f3157158e5e5fc91e78

SHA1
c9f807c220483ec041f620e15e16070a731496ee

SHA256
96e36c823d2b3598218e790c796855ad5b2ed1db54c747332b2054105dc95d1e

SHA512
81f971d2ce873545ac6d7fb32faf0e298563e46ce72998df3b75abc08e479365cd5aad30e27be7b3ad352ceb7ad80843094169e5be0177d89b437bc8371901e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\57nap2zl.default-release\cache2\entries\250EE2BC03AFF526F1A1C3DB212A79DE3EB60D5E

Filesize
14KB

MD5
59e32e7a9783d4544f02e0cf684d3791

SHA1
05931133cd7342e54cf5e9fdc29fd632e075e28e

SHA256
1503682be9a0e48b8cfbc630547c3cddd46e820337a99d4bc80a9424e297d71d

SHA512
7f09b3639741231cb9456aeac56b6641daf46ebb3f321845e08805635a4a9a20c82a625d5b5056aeac3fa708385189f22757f60f1e8edafde4741b6a3c4e6564

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
c2f62b8f2eba26a32fe05e494ed6fb0b

SHA1
980770de08a7bf92d40a89ce634309619bb53b6e

SHA256
faadc50154449bdb18df7c374987b96d333988139306c3fb5b48865dc5c0fc3f

SHA512
fe5093c6d4cc7be41afd6c894e4446d6e10e0a395e4835ce38fd3653bce2d30b05b8691dd0d2941ecea25e7f35ac3e40b231de740dcb4a276156788c7ab16c4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
92b9308f3236c9663e9891edcccf3b1a

SHA1
5baf19529ab763685ce090f851633a692ddf7c2d

SHA256
27c39f1ac2fcffbcccf0d4b85028f22c0e9f9c276363b92d1f5eccebad3fd964

SHA512
54b8aac2153c6c5258297ed1a3b1a13b262f374d7fe8f5c1a51d91a39fae182d389dbc2bfadc1a6671c7f318de0a19fc04c056b00b8ec549f0a938e6965d6d1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
0971c90fb1e46c6c13642769dc416cd6

SHA1
3f62b38ed5f8b9ebdf20b5e8bf71185a1f929abc

SHA256
3277cf22a685bd52bae07c853ea356d22a1b3af9c1d095f4d21811bcababfb62

SHA512
0ac82c3b5b8b36dc866ad2cd08feec33e02b731c7ea720140eacc9855207650bc2f6ce62ba57de6485e169dee9d5b5561f4b7c1caa602d48f7445bc6e2c34ab8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
6KB

MD5
17be0b4b32bfda7227d2cc7f09bf35f1

SHA1
a9b5cc0eb9d0984badbcc20852b944c1b813f01f

SHA256
a97d27acc106537bfd7d832fcf58d87787da267904cd5fab469b3cf802f58baf

SHA512
d745ef4bb32afd95f99b4ae37125f3e9989e90a71a046672d72afd6333a1a8dc4981515f81652c5ba1e08211a4b2a9dfc4bde4c4651514ad9605834e4066c1fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
821dfad9d29d83c51e34262823fb355a

SHA1
2bd40a3bee296fcc37cd3bffa59e174b4dd4d035

SHA256
23aa55031c1032c152ae9b3ef939b48002a40eabdbc333ecfeee31e624f9de22

SHA512
a6c192c75d8aeb6c07e615c5f1474fb9727f6ce319eba9ce39f849396c17b1e1931a753a7e9afadbe2fd93c0e8ed85badf6f7a10d504ca80eab3be00be9a04a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
7KB

MD5
dd863d19a2567a76ce25e4d1896a6e74

SHA1
f935e574dee84e53ffaee0f8da09771b25cc54ef

SHA256
3da477efc77c5b3bedaaba9eaccd2e689c4b2223f151721b49fa2ae620516536

SHA512
4deb12c7e6e957d8daea14d1b29d2ced1aa2da690e1ee8699c8d05e8c52f79c0a20727a44b96fc50750cbbae5d48480f93c7fbb447ad81b6a670a2dc25b4838a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
10KB

MD5
ea462a3415d7e2045bbea565a515bef2

SHA1
59af966426c689b1d48b3fa3382fac89de36287b

SHA256
84d01fe5f53f36ed95b7b2424b645d65b1cd14bf3c2490ca8b43830f77998fb2

SHA512
6882706f7a8593ebcfedca5028860647b9ec560fe95bc4b612926f3a5fba0d7c4f904025fe1691542d144688d3a9073169a4e0a89cf5340094c522831620b10e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs-1.js

Filesize
10KB

MD5
8c0d904580e14322c4114f48a26a80a2

SHA1
8e23ad220f05ea8b5a8d10ea7284736217243770

SHA256
8dff2da4721eac0b41358f429076bb9a7f09b12d7443c7c8ff0d07cc21474fd7

SHA512
c5a82757245631cc5d96e6a4601ce36eb7ce9926baf50b6cafca39f8640cdf0f8e5da367a784935ab8d1c11dfe17f258f4b445eda13f83ca4b2f567bb74fdc35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\prefs.js

Filesize
6KB

MD5
feb8a52858c8167a58f36caa1b37f116

SHA1
7ae7f9d2721ae3c579f9e18e4fea679e8c848158

SHA256
adbc4c7b5e775c3d401ae811d5be5a69b844f5937e3d0a416d374dd5a7ec227a

SHA512
109d42ec5b9744b3561d29a9cabdcf2ffb81233935fa5c2d80c39f27b92ae55366c3c51ae3d26cc1a8936635662acbd11af89e54efac374aceaa279f13e7dc16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\57nap2zl.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
d25b335d090c4a5c5ebbafcc1da0a848

SHA1
a2b570f26a43c11579ce30f78ad4363f7a4ba925

SHA256
3bb4331f62064e4b65624a27a04b13cfc3f50d00ffa6a5b9531a04a3db406404

SHA512
e8d5bff86265f53585997eea6d416fa24fe6d258f0120a1f4fbce1fe5791765b5708d340960a09a2dee5c32c5ed6ba3cefe3e9ccb7ada25f49f7f36f01142956

Download Submit
C:\Users\Admin\Downloads\6001.CS57WtBV.18000.080118-1840_x86fre_wave1_ServicePackInstaller-FRMCSP1_CD1.iso.part

Filesize
544.4MB

MD5
cce365984c8754e234a38010c36058eb

SHA1
5ca9e62a3309e1ec10381f41dac9e72d1cbde336

SHA256
9f0ba198537bef58b22a80d542f01a5c9cb8b72e3d0de66a179e0d48ba85ed15

SHA512
216c9052125338c6cdfca7b4b87d5830767cb0e368c83335cf21ebb98d5ba1a9f78c64e61de1c6d01ee80050399e30476f08434c473489827663ffa0e595e302

Download Submit