hxxps://content[.]money2020[.]com/m2020-comms-unsubscribe[.]html

Resubmissions

09/01/2024, 01:52

240109-cantsabbbj 1

09/01/2024, 01:34

240109-bzefzaaehk 1

Analysis

max time kernel
1171s
max time network
1173s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://content.money2020.com/m2020-comms-unsubscribe.html

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeManageVolumePrivilege	5992	svchost.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe
Token: SeDebugPrivilege	1264	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1264	firefox.exe
1264	firefox.exe
1264	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1264	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 988 wrote to memory of 1264	988	firefox.exe	14
PID 1264 wrote to memory of 2060	1264	firefox.exe	19
PID 1264 wrote to memory of 2060	1264	firefox.exe	19
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 4424	1264	firefox.exe	20
PID 1264 wrote to memory of 3528	1264	firefox.exe	24
PID 1264 wrote to memory of 3528	1264	firefox.exe	24
PID 1264 wrote to memory of 3528	1264	firefox.exe	24

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://content.money2020.com/m2020-comms-unsubscribe.html
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1264
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1264.0.760923536\1470634016" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2b12a96-7d48-4535-a57e-7939929eb80d} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" 1964 1a9c4df7158 gpu
  2⤵
  PID:2060
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1264.1.731035365\1052870670" -parentBuildID 20221007134813 -prefsHandle 2376 -prefMapHandle 2372 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01abf2b8-278b-4212-b74b-c5cf15042984} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" 2388 1a9b8372b58 socket
  2⤵
  PID:4424
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1264.2.1319186574\1105925077" -childID 1 -isForBrowser -prefsHandle 3100 -prefMapHandle 3096 -prefsLen 21590 -prefMapSize 233414 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {676529d0-9761-4031-b614-d219ca2aeafc} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" 3112 1a9c4d60058 tab
  2⤵
  PID:3528
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1264.3.1017912374\462947425" -childID 2 -isForBrowser -prefsHandle 3900 -prefMapHandle 3896 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ca857cc-d9f0-4e43-8dae-0c2ea80ebc84} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" 3904 1a9c9908d58 tab
  2⤵
  PID:5040
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1264.6.261082063\809047790" -childID 5 -isForBrowser -prefsHandle 5328 -prefMapHandle 5332 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba21cda6-47aa-480f-aaa2-49a2efa600ae} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" 5316 1a9cae2db58 tab
  2⤵
  PID:2244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1264.5.1928223952\1655606644" -childID 4 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d21d83cf-f5ba-403d-9a13-24368bc46990} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" 5124 1a9cae2d258 tab
  2⤵
  PID:2228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1264.4.925467156\2043356839" -childID 3 -isForBrowser -prefsHandle 4944 -prefMapHandle 4900 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ba6afd9-5ec5-44e2-bd46-d24aac901e92} 1264 "\\.\pipe\gecko-crash-server-pipe.1264" 4984 1a9cae2ae58 tab
  2⤵
  PID:4316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://content.money2020.com/m2020-comms-unsubscribe.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:988

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1280

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712

Filesize
13KB

MD5
edecbb1b4a521da30df7c98cd2e2dcb9

SHA1
b5bb7f2110dab9d0c47975d02fcaf591fabcc801

SHA256
d5859c36389a1f26cde42e641d16298318de1fae780a0a4fce3c1b0ee5162dab

SHA512
b0d7fbc939dabfca1184017210dbd2687c8583773ae80230b7bd1a9f1e14c09433dc9ba6877299f883de36cbec7a91f39fb125531f29c39ff91de492b7267f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.1MB

MD5
fb8f03ec8837b3217766487e9d757898

SHA1
696403c2493e7d019c64e551e65a70b84836a37e

SHA256
1417b73a9beba38cfaf77a45fe615af3001e2c77947b7ec172ff5c3fc82d190c

SHA512
1cd5648025472584c4ca019f44a5f68561556e22bb6451b80e0645078938e2aa5e84ace4a1ab10f1d6485d71f0497b761341a7e9e97824a63ff099c758c32a16

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
27534da2d306e0d792a15e16ac55aa39

SHA1
8c1b86307ac5412a93f55fbd60052f85e2b45aa2

SHA256
9278f05be98ce3f0515d956ae1c6887a78b6c0fa99c6ed76734311953b6aacfa

SHA512
67ca9442bc92a01e2b6902f2bfed1548d13a18e02ce0894a35ffd81631d21ac433214e90c402b7ca930533301a6718b0407a8f462c7a76e31f3946f12650102a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
8650f6cb75ff216ba3e38c9f4038035f

SHA1
15fb17fef3e5e8bc55c4175bdb9d39eb76b37be5

SHA256
cfc195448b15ffba5ecee9eab288cbb5fe6a89c7da63d54049f2cb96f4418122

SHA512
641e00d37e72b8984d9ce120e8d34df69349c4ef9e9163855363c7b815c1359607e21ac08ef92a956073180bf34538866cf54f59bace451748672cfbd72ea0c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\SiteSecurityServiceState.txt

Filesize
372B

MD5
3029799388d7c6575d527c5d76c072dd

SHA1
cc733f46f27eba79e956b2b6b9e29cd0cd8e1172

SHA256
8ddff831624cf9fc8bce977c9deacbf2f2ada3887014b4b2f4a705e688bdea46

SHA512
cefbcd40ad4dd3c9e4023217c4385ef12df39db121f325db90f0a1d40227fe680ba247aa4e2025e01ca1b8d659fbe6907e7d81f627441dd63a45f890596d9d23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\bookmarkbackups\bookmarks-2024-01-09_11_grVx-X3BxQbeKq7ztIKxWA==.jsonlz4

Filesize
944B

MD5
4ad200329f3da1d8db160df28c5bc015

SHA1
b5341199cb262ea6d4331510c006de7f52c77df8

SHA256
c12d2c1d66817b3ac755e4bc5102fd0c5a7f4c22d7933a6c58aec819c4c893a8

SHA512
fa6773333791df6db465816546ea37fd245537856286717c64d42b233d8403c72e19368a2626bee70ee74d46630fd008be298019817dd7d8405088c012033509

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\broadcast-listeners.json

Filesize
216B

MD5
73ecbdab5d4d21e31d04ae8cc58e1887

SHA1
400021060552168613ed06f36b1e73d3e263ff7c

SHA256
72e9137b936d8c06934ab44497fa83aec3271cd28c39d5d94a17a209dfa2e0df

SHA512
9de88910fa9a9487ea62888a91ae0815efd0f28aa391093e09180770b1467d1090343ad0ad526c3723cfda8b0cc5452451090052bb64ece26a896c1f5377ab9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
3b06cd6703bfecc179fe114decfeeb9c

SHA1
076d4e0115444069effa38ff67b22b7b8620117d

SHA256
b06e3cdfb0f3dde4b8d94b241933e8fc04b6014b16dc54464b79ffb4d905f4c6

SHA512
af52e00ebdb0da0db502f26f36bc2734f1c6c7da8672320f76299763d62796c71e6f0845c98b91757cd142ba15e152dd46b2b50f30d15a731ca38eea8a8aa6d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\8c581502-603f-4961-91b0-e3e9ffd00ffc

Filesize
734B

MD5
c52f7b1b8025ceeab5ff0ada20e5b656

SHA1
ead518503d9812abad536f4409c2f4ef094da14a

SHA256
143912ea865d5a25451b7574a9374df09029c13884974ee50de58121cb2855f6

SHA512
83c00728edafc2771869970d924de99006d985fb207536d7058cfd384e0ff693c2481ed408fd8c9546636dc17d6de504949b3ad14cdac1685e63e2d6adcbe02e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
381KB

MD5
4ad4cbfbec69ea8fd9b65936461e95e7

SHA1
5d8eaccd237ffa44b913aef9e59a0367edbbca9f

SHA256
6bc84c8e253a3a944980204e4c879fdad32c1535cfeb1d9046a2eb40643a458d

SHA512
ed67e091c1cde35f3ac2318bb2fc028bd95ce7d37885af4d3315d6326b320e48ad8edff1ba6aa8df059993512c72a4918fa2de3aeecf5f245581dd8292471440

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
893KB

MD5
53c73e6c70ba8ebac201e58df0372a49

SHA1
c4200bf819dfdf0b516850a90dc0792c199e946f

SHA256
b1c5ed56d5ce1bff506f572a8c5423a8065f4ad01555ed373ff1493f3b2a1332

SHA512
5533a79ae48752d7746f60bb66a23733852a478cea3a67a5cadd9e77bf1b465b54ab6fba52a429dc88f5ba570ff35a4630cc62b43b451b7dbbc9abacc6ba3d2f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
6KB

MD5
ab3648dcea4711225c58d556bc0706cb

SHA1
a1c86ca1da88a65c3cc7eecda517108208458584

SHA256
07022ab9302aa10b664f04f660cf43ee965668a0237a03ecb53f083dea59594c

SHA512
b2725db5bb410e1358e467af3473c840a1edcea5696d391069943257254d9f81ea1ec7a9e939de97c1886a8c811ea015f866fd86277c97affe2950e1ebd49c95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
10KB

MD5
68785f9b531398cc044ad03928bf6bca

SHA1
053ba0fc5f5aac1b9d6fd50b5c22a2d9a8da7cbc

SHA256
a4fd6800003a0109dfdaedc1d4c389b8ec0479606156a0c9c162163a6fa392e6

SHA512
1e64d441ec861f45c73823be513b7ab3722325adaa929936df575957199cd5c1b4bb1f6bcebc385690090f5b838c735c20f35b18295873f4a5148b23185696fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5617f5921ecb27b349c3fd757951aa1d

SHA1
ad1fdd2d330ffeb086151b2fde2a2edee909e0e5

SHA256
51e7a3867ffab85ba7d3785c4d256018e19b8785451e26a8d9deb5659380eb06

SHA512
e9c5b606839813b64a10f5e01739dc41ef1e096d22b0e3fa0a17b1c0951181cd261d7813653ec08739e9b53858afc5904be93997e8c632086a344e5413216052

Download Submit
memory/5992-2105-0x0000025E45B90000-0x0000025E45B91000-memory.dmp

Filesize
4KB

Download
memory/5992-2089-0x0000025E3D840000-0x0000025E3D850000-memory.dmp

Filesize
64KB

Download
memory/5992-2108-0x0000025E45BC0000-0x0000025E45BC1000-memory.dmp

Filesize
4KB

Download
memory/5992-2109-0x0000025E45CD0000-0x0000025E45CD1000-memory.dmp

Filesize
4KB

Download
memory/5992-2107-0x0000025E45BC0000-0x0000025E45BC1000-memory.dmp

Filesize
4KB

Download
memory/5992-2073-0x0000025E3D740000-0x0000025E3D750000-memory.dmp

Filesize
64KB

Download