4ae53d3a40921e4f57444c489fa1b38fe91a2e907feda17630450fc97a7cd7b1

Analysis

max time kernel
451s
max time network
521s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
26/12/2023, 01:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MINI KeyBoard.exe
Size

212KB
MD5

1a6f2e8b118d586578026dda3c072000
SHA1

f0304adad4599a027bd4c789a0d62fc15c20bdef
SHA256

4ae53d3a40921e4f57444c489fa1b38fe91a2e907feda17630450fc97a7cd7b1
SHA512

8542345d80f1d601f40f38d20d287528fda35cdf4465cb71f1d57e5637c8ab3ca85f69e5b9f41b1c71684d1cd0b58fcf297a9b05d34a4941d43da3f634e1b74a
SSDEEP

3072:xFGK8Gi/YpnOVjKRAPW9MLy5oUle3QhazcNfEtGr02v5bk1uHgxqDWwf/Ypi7EV9:HGmR0YJ0yBcyryuSd0QrV/+rN

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1748	1536	WerFault.exe	79

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4264	firefox.exe
Token: SeDebugPrivilege	4264	firefox.exe
Token: SeDebugPrivilege	4264	firefox.exe
Token: SeDebugPrivilege	4264	firefox.exe
Token: SeDebugPrivilege	4264	firefox.exe
Token: SeDebugPrivilege	4264	firefox.exe
Token: SeDebugPrivilege	4264	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4264	firefox.exe
4264	firefox.exe
4264	firefox.exe
4264	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4264	firefox.exe
4264	firefox.exe
4264	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4264	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 2452 wrote to memory of 4264	2452	firefox.exe	89
PID 4264 wrote to memory of 1084	4264	firefox.exe	90
PID 4264 wrote to memory of 1084	4264	firefox.exe	90
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 4208	4264	firefox.exe	91
PID 4264 wrote to memory of 1332	4264	firefox.exe	92
PID 4264 wrote to memory of 1332	4264	firefox.exe	92
PID 4264 wrote to memory of 1332	4264	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MINI KeyBoard.exe
"C:\Users\Admin\AppData\Local\Temp\MINI KeyBoard.exe"
1⤵
PID:1536
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 856
  2⤵
  - Program crash
  PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 1536 -ip 1536
1⤵
PID:1188

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:728

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.0.1441461768\1233968493" -parentBuildID 20221007134813 -prefsHandle 1780 -prefMapHandle 1768 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {60a02fd3-1b64-44e2-8485-a2201ba5cea0} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 1872 1c489904758 gpu
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.1.2136968009\944948145" -parentBuildID 20221007134813 -prefsHandle 2240 -prefMapHandle 2236 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d29fda5-828d-4a03-a3a8-0ddd8ccc89ba} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 2248 1c4fef0a258 socket
    3⤵
    PID:4208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.2.1847264267\158335395" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3100 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c88ddae9-ae37-44b5-b135-862ca959ebd5} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 3268 1c48d6a1b58 tab
    3⤵
    PID:1332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.3.859794166\2112239378" -childID 2 -isForBrowser -prefsHandle 3700 -prefMapHandle 3696 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3dec9f7-dd0d-4795-8cfc-3b6a87a72b10} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 3708 1c48d7c5d58 tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.4.2085085748\749109290" -childID 3 -isForBrowser -prefsHandle 4068 -prefMapHandle 4064 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f196025-204e-4ef3-9811-8663571505e3} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 3696 1c48f106558 tab
    3⤵
    PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.5.106063680\356088596" -childID 4 -isForBrowser -prefsHandle 5044 -prefMapHandle 5040 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8deadf07-fa6f-4480-a9da-e9f640877511} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 5056 1c48e155558 tab
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.7.1189064623\1254402493" -childID 6 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ee3c5ca-3f88-4349-953f-0d3abc4d8b64} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 5368 1c4902f7e58 tab
    3⤵
    PID:2976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.6.1253716072\1339903149" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e660fb8-ede7-46ee-9206-713cac374644} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 5176 1c48faecb58 tab
    3⤵
    PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4264.8.1470784685\1985457551" -childID 7 -isForBrowser -prefsHandle 4848 -prefMapHandle 4696 -prefsLen 26548 -prefMapSize 233444 -jsInitHandle 1340 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1791eb7-5f35-492e-9bdf-227b0db10979} 4264 "\\.\pipe\gecko-crash-server-pipe.4264" 3028 1c491176858 tab
    3⤵
    PID:5076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.3MB

MD5
ce33f04efbd34a0413f936b927b423de

SHA1
dbc5773cc298a23890c7ab97864dbea749e5e3b4

SHA256
c2e9906f6e9e2432d7ac0e00e14bc54ac6336270fa8b8c2d80e92db60dc41f88

SHA512
1f552098e83ffbcc3f08c6f59e96d5d7dcd387aa240ea3e9aeebb1a8fd664c1862613d2a6c55abf89662b1f67ad8764f8e3e822f0768bd27a5bcb657b8746ff1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
df44a8f41c33a8412ea255c25d59e24e

SHA1
e657f4ca5788b5f14c57f1a1d82c79a7e2126883

SHA256
ccbe053adc36d4f63e4decb0751ea7403f5448d34fd372331366b0c6cea04e51

SHA512
38f4c74b2cb795b001587064a1d44b117a9b864af4785431940c434da312409d9f3b82f63f376be25dff9a9b4205ba308810dd535539644e172af1a5d5806137

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\bookmarkbackups\bookmarks-2023-12-26_11_MW5Vs5J0bGQJmd-+ENDVrw==.jsonlz4

Filesize
938B

MD5
1b087e2145fa1d31e0dd297c81ac69da

SHA1
2692afb5242944f3fbab7df89b8fa5394b43e906

SHA256
d2e2769c3e2dc442ae7ec05087d3bd8c5e786e2e1aab10faa8086fbd1aa4d38d

SHA512
271c677cbd73434970a17f0665804ab26eba06ac0a777f30e499da53861256b75247a6997085c7629be726df69c89d2b8b94034c2753a136be481158572f78d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
5f8653fe164d788633976f79d9da0839

SHA1
4926d55a793da0b27b83406f310a86c76515cddd

SHA256
00cfc08da55a9ccf973a5ccc20dfeaf37d79800961e905a3b5b7171c518c7013

SHA512
d109f37e86fbe034ce9bb8a09297876342d7f256c8ecbcc8725b54418567e753dbd7a060d9765c53a84d299b566ec3ae833a39b0e6eb08cd9ad3afb9ec8b8c27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\pending_pings\9e2c7a34-32d3-4ee6-a369-73872999acfd

Filesize
734B

MD5
bb2ff3a01878a133e4b46dd60d2d2049

SHA1
62a4afa363b481c284640e1a072c4507e9edc9d1

SHA256
0837a62ed8461c4168fdc584634de7d763e404e277a409f1a02a6e5d2c5de554

SHA512
207f2ccdc690d5490a45c4c91a1c737d830c5a1a5f80e4e54e014df470e2e56d47699698bb7002524ae103c72a1d21a8c3abdacdae99c5651082c934c51f38c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
351KB

MD5
567de2843df073a9d0b9abaa9d189ff9

SHA1
981e8e723934e8596dd30cda7c8b79253c57f5ee

SHA256
d3b2ce972d33fe80d4fb2305efa175361b5e71adb11ab0fa9ec053275909be07

SHA512
60f9003c9e9d3f765286efe4671544e9457b1b893e2aafe46bef06a309502ae7332350ad4b5f5592ba352b9f8096c3163b4231296cc328979c9877a6c1f60ea1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\prefs-1.js

Filesize
6KB

MD5
3c80feabffc17ff7ef280fb8c3febe99

SHA1
5d910142d5c1b69f0f935e79c5fb4773f5f41f41

SHA256
62face5fb22bfddd7c986e50d03c7d586712ed5f3cc0c1ddcdef439bd141e288

SHA512
0d96c2a1ae554203008ae22cd7b2475f86cc06065409b79424f3421fbe80c360d0e50054be1d8e4d95c40f7c621df5e536aacedfa2528832b145a885f4422063

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\prefs-1.js

Filesize
7KB

MD5
a4b70a2b5c82ca00dd9f7df00df0a8ed

SHA1
4fcb1559f46240df4c771c2892da15dd3a4f5113

SHA256
abea1b6b2412a7e7c644dabeba6a488494985e717d32b06277d50f02cf9ad9bb

SHA512
f3771c31e3e23efe766143a006acd64263a8cce0d31457b7016be5d234322359550f992d5d23c816957c93cb4964762a62be4c0e229f642f7dc72d137829822a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\prefs-1.js

Filesize
6KB

MD5
a2beae3eaa48355cb21dafbb0eb9ec4b

SHA1
099dda9d2980e2a2e40468fe0869d56ef04272f2

SHA256
474f38db836889e3993ff69ac4749338f6e3794e58383289a89197795a9b45b3

SHA512
a5e230c0a1a84c1695ccb5dd8882e8f48a87433983d44639ae3c71fc13798893f8841fc865f591ff7979ac9e3f66b255de7554c302128530cff45c77fa2f5c23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\prefs-1.js

Filesize
6KB

MD5
6851aa64e428eace71d33d7fb7cd6fc8

SHA1
dc303ac11781f76332052f9e97a61a28b4f27b14

SHA256
c7bbfa81ef352dfafc1a79edf5bd3c87d818e3963c5fef0840cd3dda1f5758c5

SHA512
a2975e336296145f4f832b7b239aaa89f9d3fa4d9af19b15c1bd90265b9f2e21924e9305d7aac1c3009afde72a31f1de58fdb8f8aaf9a51fd6f5e1ee77bf619a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\prefs.js

Filesize
6KB

MD5
885d72daa267a4aaf69bb2697baa4837

SHA1
39107a90aecea516becc529729d6ffd44db0d863

SHA256
d249f6d1e16cca70a6c5b6ba3e9610a13c9c1bd24fb4ff560b61fa467d3e1ed6

SHA512
16e2274f1647a5a552b8d6ae472a020d0099c3ea617e141e0f2549e21e40002d7ce93881978422c66fd6de508eb6bac813808e0f5edc533d8f27fb1e9f8d83d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
c4f264f3c570508604b25667d60d48d8

SHA1
0d2bdce8777eee8f6cc1ee5a2ee40c8744761c01

SHA256
96f67e1eb6a33b53583e81c7847d6aa86841d7137fd855402f26be940f8cfe1b

SHA512
56f4212dde6755685b86638f2a44234d75d9383afdbffff32b0412a0f193bee62ebf05a5112737bb757dd9daa574556a0108ba80e47dfae629116d1e471fa6fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
34ad6688861b3e2ad878f84e494f4a08

SHA1
ff86b1243146154c9f15ab5bd34bf83d35e2b31c

SHA256
d04403e212e2f3035659195b2feb952159488d6c6ee8a2cea937bff94dfd0b14

SHA512
4ff8a9072b28860f9eca6750ccd7b62533a943dadf84458a6e97523f6f875a8eef7af174b38d2c59e9524c443175ffee0c6866cc546ba387ec0ac78d95c67d52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f3feb1c79482c21cf367393dbccf7b98

SHA1
dd7ab98071b603a7dd9f1f23f698a4a14fb83d3c

SHA256
1131303ec105dbb528706bd6e05c626fd1b3b9079ec11780827b4912b9947941

SHA512
df770dfdd2d68198adcdd71912bc4f599f6b2c7bf49507c5accd7e9de79d57dc2e7428ba6b509094c229f5f72030cae0b60627ec16475a7f529e73335532032f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
dbfddd9ebb1731087881bafec0937c9b

SHA1
9d8f7c3f7ab3d119c08cd8d082a696a3f366314f

SHA256
a433658360078a45aca446366b25c3ed0fd8440ae48d93984e2d39267c1581ee

SHA512
29b8fd2f379b83fee2b45c25a50284456922873977c338feff63b2cfdc44643801bcb466333108a1657faaafab12c43d15bc9f0ddf4617be171bf0f1ee15ff33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8dd90907e51c42d8518fca36fbcce7b0

SHA1
305eaa74b2e2f3fc1236a984b4f35d472e8d6c30

SHA256
ebc4cb9d8129ec39460172a0cc4a54f0d43b7575f7e6b02227998e5da0bb350c

SHA512
10e7a2e3e0db4375227d06db3ba8e7c09c10ef8221624f025ef0124d8dca5e376ce67fea467abaede7698e5d7c15d50fdea10502a8e950a48608b98c1b8aef07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f00e1a09a09bf44780544d768a281c4a

SHA1
73efd3b9b71059c69651a937ebac5a5a5179da00

SHA256
63b0e99560881c042bd83179300072064ecdff60a47be74cf093cbfc6e456ccb

SHA512
84f9c763ec6d22152d5861eed5c2b50c2061c4db0301ee810a040e8d579be72dd76d52cdc4e88c2e2db89a6ff210576a66be6ec6af9adeaf2ad898cb5be9290d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b112ee738b02dc6d0b3214eb081f63bc

SHA1
174eaf2c0a3537c3b2ff24033c6f8bd9295afb4a

SHA256
8c36b76c5afa3e28355da21b8994fef337c789e9267bf1b215df9d22bc5b0d3e

SHA512
62d19e4b7de0c63f14840733d78c74e74f5e9c8a76947232b2f7a437c86e81831b225650d90223ea862cda94adec62f7e6515b9988b625c126cd23b9aa046ea9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
92f6736fbcb1538448ddfe5414365cf8

SHA1
6fe2a906d19cfe4ef57e55e87820306615879f08

SHA256
0d44dba08bef805f8694e96ee69464d2c9837117d1f03fc486912112da9ff198

SHA512
d58c01c28733a1f00f8b963b957061b984df4a946c7cd6852f48dc5da57f7e36d2288870d2b50a237e3e1025ae54821d7135d7b34b4b7eae04fa95c084abb334

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ccfd3427654512e4af5d08a9de6c63c6

SHA1
aee362aaf577814b500d745df70edb69f31c7a07

SHA256
d5ded61af65fb641e614f7113d51ca8d3e00afc7522a7463c71893d959fcb715

SHA512
dd1841929c49ec3b905cc612790dc49a6e0e07d533c47140b63f174e54ad834fc4fc73f92f8b202097726f8eeb7a2e18b785570fce92955140e3ac169eb05bba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
dc13ab4217179abc39d425b152367a2d

SHA1
d431b5e62befb8133eb7742650938a5a6ff7e088

SHA256
dbe6784316791476761eae2f215af7d8138bd95dc2130ce6dbd57e6d4b6ed513

SHA512
205cf7b998c4a5954c04ca79669720cd5c0fdcfbc663cb86703dbde1823262f874564b803642cc80d5445fc6bd94fb3ae282ff7f2606ec013b803ee09811e8e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d8fbdcd45140225d3a83ba8e55ce8f23

SHA1
9f2e1fe9be89959a02d98ddfd337421edb745303

SHA256
9acfae1c03dfdc2d6c884a90646ae261c3291cf98197f37860e8244d00bf9040

SHA512
6102aaaf09e7b82b5999948833c83ffffbab15f269562ed8a4bdfb00cc790280d4ea4b5aec77106714abe8a979ff68e61afe9bd45fd3884e055a94d6cfd638ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\targeting.snapshot.json

Filesize
3KB

MD5
1f9308b83656944f82815a96a3c5e614

SHA1
8e93c747091c63fb47c5c2a3895f2b2613fb230a

SHA256
79154f2805c54bf0a179d6cc1b654e9e9df7c4235eb21fb25a2017041da3fbaf

SHA512
f15c96f45c7435bdf9855e73626a863b9ee1d26ffc1ec6256355293d59024a0e095b6c4fc15bc03f3b8bc34ccf38021fa81a9d6f588d51f9c9930ea97d1611d9

Download Submit
memory/1536-0-0x00000000745F0000-0x0000000074DA1000-memory.dmp

Filesize
7.7MB

Download
memory/1536-4-0x00000000745F0000-0x0000000074DA1000-memory.dmp

Filesize
7.7MB

Download
memory/1536-3-0x0000000004CB0000-0x0000000004D42000-memory.dmp

Filesize
584KB

Download
memory/1536-2-0x0000000005260000-0x0000000005806000-memory.dmp

Filesize
5.6MB

Download
memory/1536-1-0x0000000000150000-0x000000000018A000-memory.dmp

Filesize
232KB

Download