6c280480e65e96de4faec2720d2b71e3ed8e6ec36969294ce8de73095ec6b5b2

Resubmissions

15-01-2024 06:07

240115-gvsexsbga3 1

15-01-2024 04:35

15-01-2024 04:34

15-01-2024 03:21

15-01-2024 03:15

Analysis

max time kernel
577s
max time network
597s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 03:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vRecording__57seconds__jtrustroyal121121.html
Size

2KB
MD5

3ed65ab4ab780cebfe0b73b096af95a3
SHA1

7f11fbdb1a6663323977415fa17cf974f81da0aa
SHA256

6c280480e65e96de4faec2720d2b71e3ed8e6ec36969294ce8de73095ec6b5b2
SHA512

9a65f4088f0579570a48c9025a7037e0640cb2590b03cfd408cec8b0e92dc7dcbd278851f8103c712140a822f0c158be1da6c95a5516f8f3b88a1c57367797be

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-996941297-2279405024-2328152752-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe
Token: SeDebugPrivilege	5012	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5012	firefox.exe
5012	firefox.exe
5012	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5012	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 4152 wrote to memory of 5012	4152	firefox.exe	85
PID 5012 wrote to memory of 564	5012	firefox.exe	86
PID 5012 wrote to memory of 564	5012	firefox.exe	86
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 888	5012	firefox.exe	87
PID 5012 wrote to memory of 5004	5012	firefox.exe	88
PID 5012 wrote to memory of 5004	5012	firefox.exe	88
PID 5012 wrote to memory of 5004	5012	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\vRecording__57seconds__jtrustroyal121121.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\vRecording__57seconds__jtrustroyal121121.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.0.1551526345\1263608339" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5fcc158-43e3-41d9-a450-24bb84f29be1} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 1992 27da7ad8458 gpu
    3⤵
    PID:564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.1.1960185882\1999901569" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f0a70d8-e053-4eed-a00d-59b2a0b5bff4} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 2400 27da7a03258 socket
    3⤵
    PID:888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.2.1250087120\1975113815" -childID 1 -isForBrowser -prefsHandle 3244 -prefMapHandle 3272 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe5cb1b9-5f6c-4bb6-873f-5cb16211eeb4} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 3256 27dabddf658 tab
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.3.1121041337\1830708862" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f5f22e1-64be-42f6-a9b9-7e06ab29018d} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 3660 27d9b261658 tab
    3⤵
    PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.4.1434955440\1339192035" -childID 3 -isForBrowser -prefsHandle 4924 -prefMapHandle 5064 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4160e791-486d-424d-884e-0e16ee9856df} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5080 27dac29a058 tab
    3⤵
    PID:4428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.6.1487871289\1807467496" -childID 5 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cc5ca895-20cf-428a-a469-3f6a0af0e186} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5404 27dae2d5b58 tab
    3⤵
    PID:4440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.5.650131901\1213448682" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c99fd33c-ef24-4dd2-a46c-e10c11947749} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 5216 27dae0be558 tab
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5012.7.1837387886\2034387520" -childID 6 -isForBrowser -prefsHandle 5628 -prefMapHandle 3276 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2373b7a2-f860-4812-92b1-095650925569} 5012 "\\.\pipe\gecko-crash-server-pipe.5012" 4820 27dae0bfd58 tab
    3⤵
    PID:3724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\doomed\144

Filesize
10KB

MD5
60325578f6e46a94863868802dcdd76f

SHA1
03e6e8d0a4d292f26bebd86d0c48ef85634b07d5

SHA256
c133a34ba45bd389ba0de6691bd36e3976bfd71a5f0f6641911bc62169ee1409

SHA512
126c7235f5d6dfee0b50d1752a7d3900cc457d737c1847f8328612e19fc56ee436b43b1caa1cbdb14aa07022168657a7a0147610e4aaa07447fdbbe18a8d8ce2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\doomed\27862

Filesize
10KB

MD5
236a050b13f1ed9a558e049c5213cc0d

SHA1
cd7200a2f2980ddb480107f3c95aa0a45f4fa46a

SHA256
a93b7efaf181823bec853d77cefd94a57e2c35a625808a2cd66a0d0cefb682f6

SHA512
2833720eecb2c6385910a91207d1f62908bdff3fef37f2ed8050c9ca3bc9c384bba65d57f97d66926f9b1c3866c9bd3cacaa1114f376ef956bc43e0faa6fb944

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\doomed\9704

Filesize
10KB

MD5
4040e1b9e993e5a2e664b561867f0bf4

SHA1
bad38893f0175086a0971cf201bfa2534119688a

SHA256
29f28b585eec448b68b6c1a23a086f73e2a546d2112107a82d396603208e2e94

SHA512
e60b6e8a63e6c0eadc0d8a0de369bc2d70cc69113d76de65549631ea2974048c86419d45e8b5e6e8f60e3663c8a32331273bd739e36a27dafad14546a8b826a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E

Filesize
13KB

MD5
53fa4e2e1e939461e43fdf828a82f30a

SHA1
6aa8d8eacb331bc7e02d0272fdbe922b12018216

SHA256
58416c7848a069ebbb4cac912428970051f447dee081711e6f1f095f9fa61c0f

SHA512
f051986f728187377fd063b60fd401fccab770369526c111090c713a88fcad5e472b3a203f0504b1be78d093042f0c9ef777cc464cdbb405247a8a5e906e6b62

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eypn1lcs.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712

Filesize
13KB

MD5
d7da50ee1da47de3c3768fc668588a3c

SHA1
493cd024cc9cd7f61643c4636ed7cf6f6104dcff

SHA256
07902ab994be9c7fe1f0f60c4dea0d8251e56a0a7c7320281ae3e19229ab085e

SHA512
b412d2bc69fd9d8ac334ae77f28e559d223006b9d9c2a78616e569455cd36b0093251f7c250d28c799f0ae6ca387228969ca9b0bd43a45e22fdb0c533e968cbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
5.4MB

MD5
a93d464c6767782338b548d428700996

SHA1
801a7cfa48265f26aa793d3e4ae0ffa63ad209c6

SHA256
2a40d8145c3e4e71653bffb995ff59ec7ff89069febf684e9b14918d17c392be

SHA512
89c30e32bad9c1445be8a9b098c49abcb1f332e33079203e0295998ecae8ba9a85172ed32eb37de75ef25f7d799f4f891c2f8a358951e1f5f8b8cca3e8400dfe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
00deca8c907634253dee41c68961992a

SHA1
2cf52c2115c8d82ef83fd580080b24e59f3c99b1

SHA256
0c01484a6480833ce9d9448876a77f2eda95627e50c67c8e53768166e2e711ff

SHA512
5e7357482355b05af57739ccef5e605b56152de44e87ae677b787036204c6264b50d2b299d08ca12d5075ab351625afd265c1ab59b6dcff28f7ef11988e89650

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\bookmarkbackups\bookmarks-2024-01-15_11_jfbOt0IhtVuGCSfHt2yVXQ==.jsonlz4

Filesize
956B

MD5
d2340429bb466d77e29ba4f370ae2fbd

SHA1
f6c9e2e7536a2087d76d95169d1d74921fa5b4e7

SHA256
a1a096deb370bcf0c31601ce79b48ec93bcbe1dd13ae94ef1425a403d00aeed2

SHA512
c772476b0611623ebb20a81ea950b65a97f41f7bf9f7205d5ae4a86e40e3a48b39de65e5d6c834a0c51b091c3feeb877780f41460a1c8514ff93f31fb3515e6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\broadcast-listeners.json

Filesize
216B

MD5
1583c5c058e41cb35860a22280b67056

SHA1
518b93b16e4df57c3d82344e95a27154394a9c15

SHA256
17c37fb983e4fb7d1d385420ad2ffa79d4560958dbbac82153e91bf91991411c

SHA512
8536021c75573d443b38976e03ed6f91c772d949c97fdc697a8a11005b20633d09ba3b960f75bb8dc94a3c63a0b3b2b446665cb2f7ab951eef956b4266b2491f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
e2aefe54aeedd811b47e25a5884a1833

SHA1
cda9cc862e6f1bb4948cfe6775d60345c8235aef

SHA256
cc6c6ba295cdb73de6bcf6a3cd5661e8d1448ed1e2728ae8387993551e244df4

SHA512
7e92e89c1ebede9a58ea15b16321c2f1ed7bef58e837f1c016f2db584acd42a5390a20a0c9e22e15f57667045f5c91392e6ccebb869b5bdc266c78a663420854

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\datareporting\glean\pending_pings\f87c0a83-3313-45ea-b21a-6a1badc9e954

Filesize
734B

MD5
f9ad7a5bd2f810156fec2977f788f935

SHA1
c92991843c61193bbf4cf1e67c2e434ac330df01

SHA256
9cbc257ebd1cf6ae31525883c413c43e8f7d0ac024c9fbb7daa31062893c6fe0

SHA512
785a3b1b07d5f8982365a584e919b5271460e1065d02949e7a297ef6dc637e98836f4f3191c16814e7489cd18196f6f94a1cf7c2dfcdabd847284ce853ac6e1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
4.2MB

MD5
4777351e8e5a3788256c6fd362c87632

SHA1
d54a1b428225aef7d310127fa225e55f8fad327f

SHA256
7884376f90cb2e5ff865bb6354a2e4d228f9758a602f8d699db31a763b997015

SHA512
84265f9a8423b6de2349a784aabea16bce33d1caf5608836a72d151d4245ad981e018fa1a6873e29e4737ead1560a73b7f49735955ee0248b2ecd8a953c939f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js

Filesize
10KB

MD5
03d0d0c806fff5ee6524f75aa5aa022c

SHA1
737aa5d9f136985a4f715dafcfc05785fc660dc3

SHA256
06462c7d610455cd77426ac42ae0cc14c3f47af344b253080f93e66a44f39fb7

SHA512
af160984c182069e5ab4e9f2f1c949a1622b55d3330817e96fd73c59d59e3dfa73d6d740490d3ed5a19fc794c9b1a5140086f59950223c6fa6c1291b6516859f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js

Filesize
9KB

MD5
46ec05b4a934cb22fb6f83e095692ce3

SHA1
bf0a33600e25f226873694a214e04bfda912d441

SHA256
6f6ab1f0d779a1d728339a5f72fbcd4e20088371bae4162af47ecbdfa580f8ae

SHA512
8a17cd21d7d76910beccc7c679f4515e7a9788d9c9d0536e5822a265414138b10241a062d3330ecc013e200febbd81b1208da889f4d1b4f3924af653dc3fab60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js

Filesize
6KB

MD5
6df77b994f058b6aead2bd7998fc0dbe

SHA1
a9ddd41647203d33514be6ad11be0c35b3aa7393

SHA256
f84549892dc404345fc40762c37239dbc41b1faa3da45e1a822f8688a6ccf895

SHA512
c5db470bcb83be07a5b32a5fcafebfaa2d1813a8e813ede2f6b60eb36bdea7cc8bf23ea439601d97eedb7c7625a5a63be84869c8e4dc87d83d5abb23c262aa03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\prefs-1.js

Filesize
6KB

MD5
beb991aaf179b084a29a25f986b1d503

SHA1
db3331b18ee0eb2897c2e94f441ffdfcd3fae32f

SHA256
3ba5321b39be42a04c4d355169a8ebb1581630676c75d26c8deb7d661f8045ce

SHA512
717d3ed4352e54fce9110b22c369fe706a6864c4c0301feae541b2567d057e2c376b89409c828dc406050a7eb537f77f04980f7ec5bac8f15dc5136cce1b2461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
b8602a7817163964d876d0559fb5ca91

SHA1
21253dd448f15d0341af3c8e235e610baa9ced99

SHA256
b6ede155ae920bd686be6cfbe9d3646a0f4e9627f1f974d9e06a5c73abd1b2f4

SHA512
6aceab72be4e137c3fad0eef13391f075a152df15fc561d69b0b8bf48050cfde2b492a5329314176e8f19cc1e8702e791e0731e1511ea631168b0bcbf5e66bf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1b8e5bd98c758c1fb984217f4c49842f

SHA1
44bedbc9d92dbfef9c744ccf001fd42cc454e6c1

SHA256
c88aa121669d8a0d50b1d349b9f1934a6cef7767e0cbe07210d8baef5563841c

SHA512
b80960e1ba1dab193a136f156787a0ae67bc975fccd536dbd241499a34620228e7a4461ca2c795cec134a600cde16cef23361d702b1659f24c448c8578344888

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
a45f2c2ca0164566bdd593317033d41c

SHA1
ad3f8f532c02b7b5b6a57469f19d2e3bbcd23cb2

SHA256
cac94b4bc46671ce32df829ffc208d1d2fa09fce04c5a800c325691b71ae98f2

SHA512
75e8bb36088445213636abc1b8e7d258650956c697f121efa4efc8a50ce7a12b858e35d2356f533de386044100bb88ca0dcdc9df2781ae2aa749586bc600ebf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eypn1lcs.default-release\targeting.snapshot.json

Filesize
3KB

MD5
ca1b4c50b1845407eff22ae50637133d

SHA1
e76a8e2f3463e14cd7fdff6ca44b35868d2bd60d

SHA256
89465faf50ed13996a411b8582a08a36d927401296e6671e9b1a32cd8ac3e824

SHA512
c013283ce7d15ef7527f8aa747d45f3eb46699c7676716e14c160ac38324292b1a58891abc6a23dfb578806ad01933ddf7c0f5e7bef075a41219b935b894e9e3

Download Submit