hxxp://google[.]com

Analysis

max time kernel
1515s
max time network
1589s
platform
windows10-1703_x64
resource
win10-20230621-en
resource tags

arch:x64arch:x86image:win10-20230621-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2023 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2920667096-3376612704-1562175574-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2920667096-3376612704-1562175574-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe
Token: SeDebugPrivilege	3564	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3564 firefox.exe
3564 firefox.exe
3564 firefox.exe
3564 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3564 firefox.exe
3564 firefox.exe
3564 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

3564 firefox.exe

pid	process
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe

pid	process
3564	firefox.exe
3564	firefox.exe
3564	firefox.exe

pid	process
3564	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3536 wrote to memory of 3564	3536	firefox.exe	firefox.exe
PID 3564 wrote to memory of 2612	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 2612	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4052	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4768	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4768	3564	firefox.exe	firefox.exe
PID 3564 wrote to memory of 4768	3564	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" http://google.com
1⤵
- Suspicious use of WriteProcessMemory
PID:3536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" http://google.com
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.0.1778056237\2145597748" -parentBuildID 20221007134813 -prefsHandle 1624 -prefMapHandle 1612 -prefsLen 20888 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25837ef4-5605-4890-81d7-1adb1f0d535a} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 1716 23c1c0eec58 gpu
3⤵
PID:2612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.1.1640070024\1310605465" -parentBuildID 20221007134813 -prefsHandle 2140 -prefMapHandle 2136 -prefsLen 21749 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {798c08cd-6cfd-478e-8665-c0bb8dbdd2f8} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 2164 23c1c012558 socket
3⤵
PID:4052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.2.264378941\70853207" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 2928 -prefsLen 21897 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01480248-d282-4e4d-aacc-520e211a96a3} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 3000 23c20050558 tab
3⤵
PID:4768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.3.1731766140\784243096" -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 26562 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {429139dd-103b-43fb-9d15-d162f80e550b} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 3712 23c211a8458 tab
3⤵
PID:3044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.4.1833715219\1883051604" -childID 3 -isForBrowser -prefsHandle 4584 -prefMapHandle 4588 -prefsLen 26621 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c81550a6-7676-4a10-a9fc-a579df278ec3} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 4572 23c227a7f58 tab
3⤵
PID:5028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.5.851901121\908862932" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 4948 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8565624c-9e81-4bd1-986a-d31deff67ae7} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 4924 23c09662e58 tab
3⤵
PID:816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.7.1735591905\1047357453" -childID 6 -isForBrowser -prefsHandle 4760 -prefMapHandle 4756 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a7c2918-2b89-492e-abfe-0085a7588b11} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 4768 23c2361e058 tab
3⤵
PID:1524

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3564.6.714899527\1608318693" -childID 5 -isForBrowser -prefsHandle 5100 -prefMapHandle 5104 -prefsLen 26702 -prefMapSize 232675 -jsInitHandle 1384 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c235e171-fd86-4481-86c8-048602741d0b} 3564 "\\.\pipe\gecko-crash-server-pipe.3564" 5092 23c2361f558 tab
3⤵
PID:1884

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\activity-stream.discovery_stream.json.tmp
Filesize
155KB

MD5
e210fe9d66f63105b5027d3d02b7aab0

SHA1
187db19c91e8cc4394b3e5567fc8ca9ab0697c9f

SHA256
ed78cf0ddbd32d46e3ac5142ada3a3d56731bdc7051d59c4bcf4ba2052249f93

SHA512
d719065d33990bb4c1fa1be25c7b1526d72f0b8b2e4746126cf01d0df8feb462efc71190de775692ebf19d19502ca7512b1b66b1aabf8967e0c713bf616fff10

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913
Filesize
9KB

MD5
4e3592ad406f98af01d2cef5a8a2e8c0

SHA1
0e028b92108391c044705f012290b1b658d7cb24

SHA256
141d0c933b88235d7e7982662e6abb11af8f26ff2463ba4d19abb626818f975f

SHA512
4b0ff92840c895f6064907681138cbe838159fef62896782a27abeb2f7b473ec6d1f8492f867c7084a128c571d4bf57d05476c9c516bf41628391ecc0335f34d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\38FF788A718C79DDC3D1E23EAA975517D9BA3BB0
Filesize
9KB

MD5
ff5162e76773fc8b5c5c7c7ddcb832bc

SHA1
9073144947a6b73ec7b189bddf83af3652d31731

SHA256
ba1981aca6665899cbafbd56e04acf9223026d3a1e0799c0af9c9865ecda7a54

SHA512
5a903407e56d73552aca6a7d13e509970783ad9c7d20b5557c52e3f2536d02f1452fb2077c0983322a10f5ffd1622ed9be9720dc47d5ccd80ddd2a239f9562b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F
Filesize
9KB

MD5
e42c76467d7acfa5be2a1b6b194b1b5b

SHA1
69ec24e8bccca8a45dccbf0e7394be4cded0380d

SHA256
ab589f2f026b431ec52acb5c9a37e0216adcdfd20cc1e8a9573133dbbe6f0ca2

SHA512
c27f3799765fcce1358826dd60520e69a002a5c0e4a5bb694dafcd7b05916796a01921cfa850c71a83ad771da927158e4c6741cd25a2e66b2f87093ec5bdca9e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\9648808B6C63CD1AAD97A7B68F84F35C95682143
Filesize
9KB

MD5
66c08c2ed771c0dc4d0cca90fa404dd8

SHA1
f751b43106c82ac14081e0b84ad9db77b5748c76

SHA256
9956ddf00ef2aefb1f4dfa515e7f241a8de3f024831758fbb0372a65b389dae3

SHA512
25e4d6b44f144aa4d4177e98ec2369ad148f5bd3e088ac292578d10bf6cb278c20e6d052309e570c86b27b90afc9272ba50c3f4ace9c7f0f53588ad4dc31599a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\AEA9BFF7CEC00D4B526DF934581FC40809985959
Filesize
298B

MD5
095a98fb8fef2f03e87abe79ad3fa7f8

SHA1
7a547e94eb9be2c31b7545ad55ca9cb3286164f6

SHA256
44d153725ea59302856e59e15dd2214d563143a379d299720ce61518f9da6776

SHA512
ce24127b6cc433cc07c421d2cf102fabcd0d56790d2449c2b8bf6863654a4aef249a55186a7b439b379bff31d6091d310b119d834182d34317aff07e65cce6b4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\E78E3F76C38A478389988CA4F4C125CDF3D80965
Filesize
56KB

MD5
567b717f6aa6f6a587db031e9707e468

SHA1
87fd27f24a14794e757597523d37c08595dce09e

SHA256
77e8bb2351af6d0e8ba898af79d1ee27f5a2e221d2cc07819a0048d13b3c7bee

SHA512
ac7e30fd36aacbd9f3b55ec537bd57762bf9542b72e0fd7e0e8e8dab124b6ca2cd942cb1e0ce208a44804e497941900d4cc622959aa50e8985c5fb7f5357fee4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C
Filesize
357B

MD5
9af075b1f1ae8d7e1569ee94669a02ea

SHA1
56cc397665707d99fe8500d89f2c917fcdc98f7c

SHA256
0f7b3ea6e971a05b8890471da18a5bd780de79dc14411d8abdf2131ef191dfd1

SHA512
b1335bd8de0d87983806050b6e04c2d83fdde13b75a228e731a9ddd9d9ca7dde0818340da73536820a1847101077925946e3b6251a5e4b3558d32a982c982d61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tsy7k28m.default-release\cache2\entries\F7600B964755844B6FFCEB39794F8968E4967574
Filesize
10KB

MD5
6d2255ee49d0c0a92b1bdac71ff948c0

SHA1
fd86c90e29ada8bb5927ce9a2426aeef94d9fcf8

SHA256
466e57fdf60159cb03d07c973fb09a67cf3f41025f9e75cd1bb85b28c09513e4

SHA512
d790dff163055f74389b73202bde7865f2e905dee52357a972d1cd353d12505b1b44d4195ffca2254308c2ddf5c74487ba468f10e8fcac530b9df696941f31b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
3d98add678d47cfd39d7dde3e47c7474

SHA1
fcebc2b6166b9b01649dbe515b0512fd5effea44

SHA256
c327d26debb601eef34de4b82d3b97c9dc2cc3729ae01d3827a6fd3672284e6e

SHA512
dba76e9b4c722dfd274b2ee74139027b822d75f1d583ad159f94077d7d8c17dfd70be52dcc6ec178ec282d68d76e94ad4c6055653f5da892d13a5418451f54f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\addonStartup.json.lz4
Filesize
5KB

MD5
f250c684a241935c2794c30ae164ae52

SHA1
ea384bb1ba6744718b3bb8180800365d19887692

SHA256
ff08fca842608945bab874f225d809065a58d1eda82f37f80f727bff95bc00a7

SHA512
e16698db5705fb140ab0579c4ecbe51ba7fd2d494bf987c23bc5c46294e84749a3f1b43d0ef43fa75e7ce0d1b67ac3c22421717506be6fedb4dac49e2e7870ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\bookmarkbackups\bookmarks-2023-06-30_11_WFb9aLaJXRtUOlU2neBQcQ==.jsonlz4
Filesize
948B

MD5
324d4ee73e73c8d4b4ccb6b808236c4e

SHA1
f03623f980b2eb3ed6a41610d4f562cb7285b10e

SHA256
609fdb31182622cef2c50fc431f11d5c64639a0ab1c4341dd1fe269032122354

SHA512
08095a8a67601a91af5271396c66c1ea091e1a8b9b543a0904321535e0dd99f4a20716d23b251227f6088fd10e88320feca82bdf91d1da8d2ffc4d4b86eecad3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\broadcast-listeners.json
Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\prefs-1.js
Filesize
6KB

MD5
caeab7678225a0d0f03371a8f7bf6f7c

SHA1
6ff7d0c3e33cbfae2e4febf8a23a73ecd2178d7a

SHA256
fdc18a84c1a22bccdaf4bbdcbb7985435fc760d504b57aae217996e8136f8218

SHA512
aa15e21920b150a6ca198bb8d92025b4d064d52ea5682901ee36312141702b0ef40e1e2cad45123f0f264b7c39a5f0c459301c2e7a6f43c62833ab2737afa8a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\prefs-1.js
Filesize
7KB

MD5
9d4904b8dcc0de3fd9b90dc7d04b5217

SHA1
c610c6ab8d5cd97d309b91e8dec0636c5affcc89

SHA256
de7525bd7f4ebb408ac95bc9803f5fc65a175baf02be383d16bd682d69e88cea

SHA512
5a5b65310c03da77b7cf913a3352c4ca46c7fe79b13ea12f0a8a3d0be5bc3733f2a7adb6edaf72bee423b8c1165a773399297e6f7b8f9b44b38573fbba1a720b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\prefs-1.js
Filesize
7KB

MD5
c8ff40ced76d1e4850a4c59c71983d75

SHA1
295d6dba2d44fff4320970cc4cf3526737ef4f7f

SHA256
5bba6d36b9ac8b71dc706905a2d74cce4ee3be4691ab109a0c60a9df2595e9cc

SHA512
52856f5d99089b36713de3f31c480c6c7c0971926fdd2441086a7155f7d700c619b64c7c5de7f867dbb8b55971f9b598aca6aaf076e08d3202dda65e1bb53293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\prefs-1.js
Filesize
8KB

MD5
88c7849ad5205bec08fd9aa665970d5e

SHA1
66bf7abd370eec193238950e6af0aa958d62e145

SHA256
3186e4618b9c110f54ca59c0e296e781fc830bf454d3f2e01dba1fea988eed91

SHA512
fdcde69d37354d2d1627b0fc5be0f266a5e28d8e78b9da1cfaca57140ac8e46fb1e084500d1b79f1d316eac308a4cadd9eafe8c97a0c37eaf137903b791ba3eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\search.json.mozlz4
Filesize
296B

MD5
033eb0645837c8b618a593f7b9a72642

SHA1
cf4c2e7ccaa275ee47cdd945a7bd1f8b57c61172

SHA256
3409fd08295094b37673d748a0374cf0afaecf1671188b2ed012626cad67a582

SHA512
27dd0743306b0845c06b3be3e3ae2f515777dced4bbf91a4864bb95c5873e2d6351d99be36d4762a2ba8262130c6d139db3f4f5272afb8717e02b09c1e39c2b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
4KB

MD5
730edbf6f967b9527582cc349246e3dc

SHA1
fdee87bf2860bbd163cc106248834242ba034616

SHA256
17a9a47072ca6a821e5854d9379e441e8c3e88c68803c470532fb4a0b58a93d4

SHA512
13157c61e041249aa73740d918155502330f5a05204d5855bddf6d410578fad0451fcfc256ada37b560e832b703cb0b9ba23368881be38a8c99503981c6e2c05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
2a541484e1213a6e4b1024dc659b2cbf

SHA1
fcaf19b3f53a03cd0edc149af40ed1a6d5386a1c

SHA256
e3e41140a2e1bb4455c8fec7cc497dc4c76878834cab0ba92c7f5e8cc247bb5e

SHA512
cba68fd85100d665aae38611e216d28d62cbee34145c82485ecbe27ace85079727a47c9785dfd5a599f409f43ac890b178b2ca956f9546f8d60c19355843d5d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tsy7k28m.default-release\targeting.snapshot.json
Filesize
4KB

MD5
ae3b29f11c7729d9331d43a85fe7c813

SHA1
bd0f0cc7256595f3f44b70d55dba50ee24e92905

SHA256
d68517e8c2b5d1394664caf5bf1f5a8b32e787a7d3b8b0ac6f1dcdbbe277c528

SHA512
b9bfe8fab72dd51b38470b933f7607b55f1356e964a369b41773a42d8224dd3545b038f23b010e32c0834de1e12c102fe1c8f4d81d80aa103c9293b202d51630

Download Submit