6f7e15a88ba059384feef09f12906aed9894559128969942de5ef510be39dc29

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2023, 23:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Solar-Engine-2.1.4.jar
Size

14.3MB
MD5

4636d2db965cc440c2049dfc8bdc701d
SHA1

9655987c65a13e97020bc8dd200fd84b1f77a082
SHA256

6f7e15a88ba059384feef09f12906aed9894559128969942de5ef510be39dc29
SHA512

8e2423ae0d50433798ab5ebf8518daee990ee234b0622e82db94d635d585a198cb996a94e2772bd6b90c47b7fb9181920b1512f18ef14c0d5f229269477b3742
SSDEEP

393216:15j5K63bOg4OSMeWLhkBxnpjSXxYHm4tyHnnmStl3:15IQOgiWLqvpjBtgmm

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe
Token: SeDebugPrivilege	5084	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5084	firefox.exe
5084	firefox.exe
5084	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5084	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 4576 wrote to memory of 5084	4576	firefox.exe	86
PID 5084 wrote to memory of 8	5084	firefox.exe	87
PID 5084 wrote to memory of 8	5084	firefox.exe	87
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 3308	5084	firefox.exe	88
PID 5084 wrote to memory of 4092	5084	firefox.exe	89
PID 5084 wrote to memory of 4092	5084	firefox.exe	89
PID 5084 wrote to memory of 4092	5084	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\ProgramData\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\Solar-Engine-2.1.4.jar
1⤵
PID:1380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.0.693171208\117246757" -parentBuildID 20221007134813 -prefsHandle 1828 -prefMapHandle 1820 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c8880bc-dc42-4da1-b240-470ff172592a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 1908 1bd4e480758 gpu
    3⤵
    PID:8
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.1.842453174\1536864167" -parentBuildID 20221007134813 -prefsHandle 2292 -prefMapHandle 2288 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {251a9285-700f-46b6-a926-be38ccb801f4} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2300 1bd40472e58 socket
    3⤵
    PID:3308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.2.172625550\117851022" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 2724 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adef47e9-6d89-4d10-85f4-e4105f184d35} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3276 1bd510ceb58 tab
    3⤵
    PID:4092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.3.777025351\371082561" -childID 2 -isForBrowser -prefsHandle 3440 -prefMapHandle 3420 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84eafb75-c117-47b1-b733-740946f34674} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3544 1bd40466258 tab
    3⤵
    PID:3268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.4.1424270975\141181306" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4188 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a61428f1-bb60-41b4-a0ba-1639550261f5} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4224 1bd4045d658 tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.6.911907339\737267214" -childID 5 -isForBrowser -prefsHandle 5024 -prefMapHandle 5028 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31777213-5cd9-4d62-91ae-da2278861194} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5016 1bd53636758 tab
    3⤵
    PID:4008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.7.1256804436\1968488934" -childID 6 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90b0c629-d920-499c-b13d-92b765accd1c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5216 1bd534e5d58 tab
    3⤵
    PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.5.1562615730\306531974" -childID 4 -isForBrowser -prefsHandle 4824 -prefMapHandle 4844 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3dd290dd-ef80-4e5d-b1df-63bfd9900c88} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4880 1bd40462858 tab
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.8.1321646462\1509601346" -childID 7 -isForBrowser -prefsHandle 5684 -prefMapHandle 5252 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7177e30e-10ea-4054-9bb9-e8a1a4295e2c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5624 1bd54196458 tab
    3⤵
    PID:2160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.9.1912415321\214068548" -childID 8 -isForBrowser -prefsHandle 6016 -prefMapHandle 6012 -prefsLen 26579 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3657182c-745e-42d5-9794-38568427df1e} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 6024 1bd544dda58 tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.10.528898483\1382179503" -parentBuildID 20221007134813 -prefsHandle 3284 -prefMapHandle 2716 -prefsLen 26596 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37f90bca-42bf-43be-a01e-b2032eb456fc} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3516 1bd5232ca58 rdd
    3⤵
    PID:3208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.11.709003275\2050480072" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3744 -prefMapHandle 4076 -prefsLen 26596 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5751d4a5-9fa7-437c-bf40-983f66287e96} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3948 1bd52afc158 utility
    3⤵
    PID:2704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.12.918357594\812527010" -childID 9 -isForBrowser -prefsHandle 4852 -prefMapHandle 6288 -prefsLen 26771 -prefMapSize 232645 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f95cea1-d44f-45a9-9320-9e46ef30b1a9} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 1656 1bd54fc0458 tab
    3⤵
    PID:1096

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp

Filesize
142KB

MD5
9016da10418195a6cbe53997297ce48a

SHA1
a852cdc2691abb7649331c1d5b17013222ecac4d

SHA256
4fbce2edc19fd0261dbae229d48b815869a8988420c8455b71c56398cd1ba529

SHA512
456fe46bf514a978f85a19cfff2da8e20e5b5c1f370b8e148dec8239e13493a2530a171a0d0e4d7e184fb19456e107f5ff6755b24b427be9c7554e0823ea37a8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\doomed\10586

Filesize
9KB

MD5
7af947aa44e43df0409c3068ed38e0b3

SHA1
d8d2981eb20c42213ba4478ddb3aa0cedb07da80

SHA256
897fd464baf48c508c18ef6f255d3dbf5fbde0951748b6f7f095f8ce4acede7d

SHA512
9082eae9e680c61976dd8baebfa11d7b6d7950ee65f86459b6277c67cae9c062b88b325863d5a815079d6c78d5db31b6123ec0ae5c460890ffd5abe3f24998f8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\917E41E135032D6BD66E5D6F84F0988D37234A33

Filesize
14KB

MD5
f43fd4b397c80a497030d429c23934b7

SHA1
1125702da9386748cb797a58b5dd0d412ce45140

SHA256
8127bd8c70054f3c6196ae0ed55049406b25f1ff0e86d5679b57ef55cd10733b

SHA512
dcac0f075ce0d12b656fc2193ddffdee0eda9f5369b471507375e5f3ad66e99a4bcefb5eb61d4c22df023f942ef8f92c4c0952de85d3d2b54e37762a4afbc56f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
743e1e5252d5ffe740a0110976853449

SHA1
12631f1e76e3c06c00d0c1ad4979dfff71fc62ab

SHA256
394d3a774c3190d3cc52d96a13041da5863a29a5b5af804cb0dad916fe99fd0f

SHA512
c8ab58cef1965c7f36caf53c204bf2ba1863f9afdedeabd12bf8f21d8daa07687bfbab4af3ce4a9b1524531fa0e0d8021ce81bed1c2a055e1016543ed599ec45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
4016730cc7e3f4dbdb1ebf5f60d1b783

SHA1
76deeb225f64d5f6af34ad761c1829bb35da9a82

SHA256
93093b6811623e351347fde7745ebf1ddaf45f158223bcbd4e305ef6ba9d6ae8

SHA512
14a8d0a1b0fb08738e478856dfb4ea9acbd3336d3c2dcdb8e3c9e27af769fe5bcb24be308a5f75b8a1d5b40a4cf9f6d3904ce6de31a2b5485514372246d32602

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
8KB

MD5
9e2a346cbeeb98322c486b352dcfb7a0

SHA1
eaf4ba970f1e895a96bb4e8c0bdf89b752c801b5

SHA256
28666dc7d1cf382f5794676e365d60ce3405232bc8ff4c539b58ac983bcf91fe

SHA512
1ca53540a1bd23c85ebb5e92bd8cf76b1dbfb22f6d0b09ece3c045d94d64602ff0bbfd93ab436aed0915cd7ecb1de44a1fe0b3bcd194db96ead12ea8214dfdc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
10KB

MD5
9ceb61a6f4460d184dccc3165e53bf2a

SHA1
92b6c8fc9d950aed4ae121329185b6930a797395

SHA256
a79d5d5fa819bd3e5469b6811f3c454b685e0d10298b37f05b4a79a7fcebbc10

SHA512
a94cd11a1d04b34e89b85fae8bb1817dfc623ff6d38abbf8bd3a9738c590ff0b277c57c6bbe81fcdee16e313558ce741cc9f093d175cf9fc067a2b89de369c68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
08c0947aa093f3e3a8339e766dc93c7e

SHA1
085cd9c32ffc40361f1cf598b871738c04c88f1a

SHA256
016cd73b80b3dc2dcede7c9117356d5d1274811605b47fc62dbe023effe37288

SHA512
7b0dd2531b367efcea3b571065e928ecbc98f9b7b92521f08983794bbce796c1ebb3c517fce03ad43e2c6bcd088888f7dc979fe1c2c2a64f0ec2b1e58500316a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
f5da5fee3930401a08481fd7211fab4c

SHA1
cb7117cfcaaa2c4df4596c4d8d8216fb9195a344

SHA256
8d0ffd422812ae37bfec8cbdfe21479a34bdc128f26f6e746c15e2b7fd267821

SHA512
4035d77317e2b4594e6ddf30ccb03568d20e61c871298c340ba75dfc579cf1df462805c74abb8b77267d248eed18ab240af8b579245a93c103b9ad993ef9526f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js

Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bc176e2ee2df3433ddd5e2d561baca28

SHA1
d420f19587f38ed7b850008742cb1069576ef974

SHA256
180bc8e41fcfd7187fce90a4a2d5d48575fa48bb27c149b4d423fffdd464c60d

SHA512
f8d956f99e431f3fc0001c091ba6c750f913eee1652b62e534b74db5ca11146b162d93074a0a27c3acf3b436b7fd6121ada9ce51b6130746a2936a80f588db32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
2d2407dd08de0530f8f5581babe6ce9b

SHA1
7f46460ad0bfcd107856eb5a2ceddef5ae63c04c

SHA256
5e18875c3fb153956204266be200e66831c12040b90631e752b7396b17c904a2

SHA512
4616d5a87ab3cadfc2a573ba3575d8310f82a830a410bdd345c1a6a6899bb4c14bd59f8e173d291d3972888f68cdabb7746fd901e968eb9b1f44bf27bd4fb286

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\cache\morgue\109\{f314865f-0bd8-4b06-bf2c-3c417e001f6d}.final

Filesize
3KB

MD5
9ebc07e4666fc701c921c643fa8140db

SHA1
5f16b4e8bac3a9825df2fe04337d77055835debc

SHA256
5a7407da093057314ec29988a8bd20f52fcecd3bf5ede1903254bb42764e1c77

SHA512
f501cf9ca2d1825c87f68e8c1e8f7d8893c91d836f3cbceff8369e8cd7e8ec6c1a03c1aefb26887430010452ce9bb0b7f26aa3905b8a816da4e1f9fd4b2987e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\cache\morgue\68\{6f47a372-64f5-4fe3-bb36-0acd79a60544}.final

Filesize
74KB

MD5
12c153366b5873aa53b423190ef75c2a

SHA1
5b818717cb1f44e4b6a341cd84e347026c54309b

SHA256
8e97cfcb3bf25065e62b6f0fd08487172bd1f201bef681b7427e23187fd24171

SHA512
bf3739a35dc23fd3a19a280b66ae3087094312045ef0ea0ed2d224149a2f7df23092918a5ca450a37a4f9f2810332ae5a666ff7c172da8edb713094f4a0cc97f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
6ae1da266e83e09660e51c7377256023

SHA1
1ca26207d0006635ecbb6b4d4dc38114c7fc5215

SHA256
253891346ac2180de1679365d8eea3b48e107050bb0c8859d31f5f15335762da

SHA512
bbd2c70088cd17f497c286438c056d2bbedd75788b911d1241fa98fd07b8f1aca499fad9eebfbd7b6ff755dd0d8d25ba482d1e9e2df482718ef3fa4a3d109069

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\storage\default\https+++www.youtube.com\idb\435726073yCt7-%iCt7-%r8e4sep7o.sqlite

Filesize
48KB

MD5
283367b3beb54472151482e9d8c0a283

SHA1
41fa0b05f0dd84eae0acb519a59507f8f8fa8182

SHA256
8625507b11d1be4c0daadd0e088563057c466389b88bf7010317c66c7f885804

SHA512
2d71f833e691ae2091ef057f7aead16555bb3f8fc6666941d4fb1b1147ff65acc864c0a60d168bd8631d2ee350abc1cc87e34fc1e5f3fec081ef8663f81b6430

Download Submit
memory/1380-144-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download