761e037ee186880d5f7d1f112b839818056f160a9ba60c7fb8d23d926ac0621f

Resubmissions

22-08-2023 10:12

230822-l8yajsdb6v 10

22-08-2023 10:00

07-08-2023 18:52

07-08-2023 15:21

06-08-2023 21:06

06-08-2023 17:17

30-07-2023 17:41

Analysis

max time kernel
1531s
max time network
1577s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
06-08-2023 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RANSOMWARE-WANNACRY-2.0-master/README.md
Size

70B
MD5

39148bc21924851d9082b687dc69e2dc
SHA1

5d1e5490476227aa8877b87aad184031e19dc33a
SHA256

76a94c98df32a1d37cc7f1e2b86bdc524eda3fedcdb35e57de0dd56bd976142f
SHA512

2415bb9de017c086abf8315e4288a04d5eb6048af2637e75843778f24de6834154b68365794b6cbc09ef5da0fe96d5bfce20227bf3656d23b7f148fb60988041

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 3 IoCs

Processes:

firefox.execmd.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1766410430-2870137818-4067673745-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

4312 OpenWith.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

5056 firefox.exe
5056 firefox.exe
5056 firefox.exe
5056 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

5056 firefox.exe
5056 firefox.exe
5056 firefox.exe

pid	process
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

pid	process
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

Suspicious use of SetWindowsHookEx 24 IoCs

Processes:

OpenWith.exefirefox.exe

pid	process
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
4312	OpenWith.exe
5056	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 4312 wrote to memory of 3224	4312	OpenWith.exe	firefox.exe
PID 4312 wrote to memory of 3224	4312	OpenWith.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 3224 wrote to memory of 5056	3224	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4428	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4428	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 4000	5056	firefox.exe	firefox.exe
PID 5056 wrote to memory of 3172	5056	firefox.exe	firefox.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\RANSOMWARE-WANNACRY-2.0-master\README.md
1⤵
- Modifies registry class
PID:1632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\RANSOMWARE-WANNACRY-2.0-master\README.md"
2⤵
- Suspicious use of WriteProcessMemory
PID:3224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\RANSOMWARE-WANNACRY-2.0-master\README.md
3⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5056

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.0.605634954\1462604351" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1704 -prefsLen 20936 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a55a40ef-6a5b-4591-aebe-6871e479f2f7} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 1792 22e14f0a158 gpu
4⤵
PID:4428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.1.1662554420\1793188353" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21797 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f841e983-df93-4e94-811d-0615e26c79b3} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2168 22e13ce5258 socket
4⤵
PID:4000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.2.1892690624\1831903606" -childID 1 -isForBrowser -prefsHandle 2772 -prefMapHandle 2956 -prefsLen 21900 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4cd6efb-09e1-4968-b18c-d2441765ba90} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3112 22e18235458 tab
4⤵
PID:3172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.3.706940286\1344496278" -childID 2 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 26480 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8bf5ea3-4dbe-48e5-a585-6071811fede1} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3536 22e08e69a58 tab
4⤵
PID:4988

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.4.870891017\162093778" -childID 3 -isForBrowser -prefsHandle 4664 -prefMapHandle 4660 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48e18690-004c-4105-9453-e15f759916fb} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 4680 22e188b6558 tab
4⤵
PID:4488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.5.1967093551\477069365" -childID 4 -isForBrowser -prefsHandle 4816 -prefMapHandle 4820 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4dc46cd5-6499-4b25-8d95-cff1017fe842} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 4808 22e1a66e358 tab
4⤵
PID:4396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.6.1048801303\20479901" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26795 -prefMapSize 232675 -jsInitHandle 1248 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {090c73c3-92fa-46e8-b784-8ddb46cdee71} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5004 22e1bb58958 tab
4⤵
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\activity-stream.discovery_stream.json.tmp

Filesize
141KB

MD5
7e30272f189e72f99b384c0cbdec0735

SHA1
d296dc646c3b3e7c84d9d9b911fd97eeedea54f6

SHA256
38a7e36b6fb1397750de1248718f1992e7cf55fd9b0308746e098b58e6c2ab57

SHA512
65b5827c89b74a9a1767270a836fa731baca6c4e4f0ca9548b64f04c14a6abfd69197f2c89301de497abfdebabbca54f7640a4d6d0f81aa0a01569a6b596eeab

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\cache2\entries\70DBE5F90BD35EEC6D4A07D16DB46EC38E379124

Filesize
13KB

MD5
e857014868865289a2b9cbcc79f96a28

SHA1
0637060f76b997912fb5153314064deb6a6dc9ea

SHA256
85dff5d69032c81ec755566462afe7e55572e637aaafcbc71cd07b5fe9cc4c85

SHA512
0d4ba9d9bf62314d6c20e9f0fa618247ef599ba537bbfc318da076159263e68c241e254243a300051301acc61e3697dab8a597d680d60ce57828ffc2dbbd2bb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
c0690e18be9c4c09f934aba46fc0ee9c

SHA1
c7292579ba92aaf65c8fdff8906f6b9ba3349f2f

SHA256
95ade814821340378ac6a83ad03d55985de5e2633aee9d126bde1486687c4ca3

SHA512
34b55d5e3220a46174cdfcc4e9d33d81db7b12cc4a7c42cd5f7d46d12cb235717e8e4f28c276c0a6f914a428c17e1952bf57c282f9d73e3733579924ea26abda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
f24254bcaea50213bb4429af5c22d89e

SHA1
0d7c7b17a8473e51778939a21c43b306534ff2b4

SHA256
2b2dd7ae9214891359c6d2f9ba6f70ace68f13b3f6860893f9931f1fc485c096

SHA512
f737def202feb62f6785e47f58a1ddcc29766ddada1104c7d307f14a6c79c94f109c3735ace1ba2d89155c3e576cc1ec7915206e8f6a5e7a5a031618f8cd2f40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\bookmarkbackups\bookmarks-2023-07-03_11_qCPSTgKF7O9FuS2EwkSipw==.jsonlz4

Filesize
945B

MD5
64eb3f395d756ce1bdcab2e5e23c4a8c

SHA1
f69588d375177b3d3d3dcfda9dca5203ae77e155

SHA256
4f24bddf949982aa8b2b31680ded6b148fb2011137d2ecbaac74bd3cff989d2f

SHA512
9d285ec1f45847fec1e6b39fee2849ac5ba86d10bcb6ecad158f7176f2cfafadc534065aac5ec05ef4dc86572dfc97beed68ca067897eb53d6c3a96fb1444199

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\broadcast-listeners.json

Filesize
216B

MD5
b379e461bc20a7d1dccbd1efec9ac64e

SHA1
5833ba90b8cc20172a9d73568db45fa69cdab1e8

SHA256
483516af706b2191be418756f6c646290cf16412882b3fe74b5cd7ea652067f9

SHA512
7d617de753a4480e823e31952bdb55a990332238fe9ae95b809006d5e4762c1a2adc169cac48492fc9174b837d2f43f0ff73668df37d0625841b46f0f636f146

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js

Filesize
10KB

MD5
a58f5b952969c8291e69020a833f86ac

SHA1
3d32c0bdd010cb73a22bfbdff9e6f51d6016e063

SHA256
a59a6147e2660c71d3a217a759c2f4ba41c11f50eeed5550ec9ec6a97c82af0d

SHA512
aeee000c27b4069e2d2072abb25e1d8fa9a75c03b8d82313f6109a552094fd086d7f38ea3417fa60f5e6d275ebc4ca5e1d50a0fffe4e2be0b87e7f8cbabc0368

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js

Filesize
10KB

MD5
f1f731231ab576c07febd4cf7ce05790

SHA1
83e6975ab26ac52c3fbda9f4ae6a2f94d3b24cee

SHA256
5f8672e451e61122115a15086a7978961c1179ddb27f0a9eca22fd8a181dc240

SHA512
0e1d83ecc4475180824d2eb589409d6502161701544efd4d01e3ac993e8bd1f5b103d60a10fa4223fd7ebbf8419ab41114e7d646844618e9e718f1829399e98e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\prefs-1.js

Filesize
7KB

MD5
d2e61b5d35e06f31c7daac50c336b30e

SHA1
700f636abf09d39255582d63f6c5d463f931d0f7

SHA256
7fab04483c7f4176c38d66a9aaf878742d67d96279bc44096a41086df70c2366

SHA512
ea10806de6ddf0bd0178eb2733de6216e68bd179c20d164050e27fd79025ec8577f6fc0eb55aeb4f6cdaa1581b5c91d331f1ed924833ba614eb81f3f41fff087

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
780b273ad64469d387484b136d6f3653

SHA1
fceb5f2f69418e10ed3682f2be82bdff3a3efa02

SHA256
2b49dfd1f16e887747bfa1f2dbf1fb7e40c947f09e81493ee31a9ccf8b5391f5

SHA512
ff08c66b9e6d4a2953215bc714f3d32e3decadc211179192acded41dc9f6414fcd44efde52d5216a86b5bb05493578bf570b375fdc8a4905cd2f733d5ee5cd7f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
8.8MB

MD5
208c40d8254ab271a6650645e2573c67

SHA1
82522a9b953fedad7741dfb082e6726e813c5981

SHA256
5e9ce8714283e8258e74b08857cd6d0d0a25e4ca52add33e613aa547ebc66214

SHA512
129040598f545324e2818b14fe6345fe965329938700ffa2cc5ce74f1f192c48749c6b69c6fa05e795c1b92fc3d158fc7c8927b6ae72a09253b1dc4fa1ec6709

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
392KB

MD5
5491026cb1c1a005fb77549bacdbb2ec

SHA1
d540c9ca2ca5bc0e43803d8939a4fc2dfd2fcfa3

SHA256
e028c24ebecbd923558178f6bbbfd5795cc573aff12844e2e8a5c50d8e488e10

SHA512
8cf3a2f87a2076ed5693b8272360047097a0f93c9e5c9bafa23a21b237bc7a985e931070ad21c0c56ccd773649df4ad5d2f758a20ebbec5aece9d9d91aedf8cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1qi9pr8t.default-release\targeting.snapshot.json

Filesize
4KB

MD5
ba1ebdfafe182f33586b4a88044c6883

SHA1
688bad1fd4c864cea39af17ea45078a4e75df4a1

SHA256
fddb70101a16932fe11de192ef6e22759bab4303b6e523568e79124c97ea8a53

SHA512
9149a36f34b194a6899bec70042623d275716ec16a21ed1cd5362ded133215222d92cdd58bdb3b4bcb358f4af1d527f0ef42721324554357f897079226aef07c

Download Submit