6c280480e65e96de4faec2720d2b71e3ed8e6ec36969294ce8de73095ec6b5b2

Resubmissions

15/01/2024, 06:07

240115-gvsexsbga3 1

15/01/2024, 04:35

15/01/2024, 04:34

15/01/2024, 03:21

15/01/2024, 03:15

Analysis

max time kernel
511s
max time network
581s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2024, 04:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vRecording__57seconds__jtrustroyal121121.html
Size

2KB
MD5

3ed65ab4ab780cebfe0b73b096af95a3
SHA1

7f11fbdb1a6663323977415fa17cf974f81da0aa
SHA256

6c280480e65e96de4faec2720d2b71e3ed8e6ec36969294ce8de73095ec6b5b2
SHA512

9a65f4088f0579570a48c9025a7037e0640cb2590b03cfd408cec8b0e92dc7dcbd278851f8103c712140a822f0c158be1da6c95a5516f8f3b88a1c57367797be

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2398549320-3657759451-817663969-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4820	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 2736 wrote to memory of 4820	2736	firefox.exe	87
PID 4820 wrote to memory of 1744	4820	firefox.exe	88
PID 4820 wrote to memory of 1744	4820	firefox.exe	88
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 4544	4820	firefox.exe	89
PID 4820 wrote to memory of 2612	4820	firefox.exe	91
PID 4820 wrote to memory of 2612	4820	firefox.exe	91
PID 4820 wrote to memory of 2612	4820	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\vRecording__57seconds__jtrustroyal121121.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\vRecording__57seconds__jtrustroyal121121.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.0.1389529058\111746689" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb82af52-62dc-4a35-8541-f2b8f76abeb5} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 1960 17bb78d5a58 gpu
    3⤵
    PID:1744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.1.1767313712\1769921550" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9c4efaff-9bf5-4257-b535-4f82bb6f92bd} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 2384 17bb73e5658 socket
    3⤵
    PID:4544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.2.50859686\1037443501" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 3052 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ae62f8c-590a-457e-a0b9-51cb5a7cd9b1} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 3040 17bbb5ded58 tab
    3⤵
    PID:2612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.3.1121593229\1577947747" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db437f1e-e9c5-4c28-97dd-0c20daf1a238} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 3592 17bb9dd2858 tab
    3⤵
    PID:3772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.5.1587317932\614603940" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 5124 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9de47b43-648b-40bc-a5e9-a55cf1f9693c} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5000 17bbdad1158 tab
    3⤵
    PID:1048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.6.883011240\737182844" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0ea31ff-b3b8-421f-b23d-ff256089e91e} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 5400 17bbdad1458 tab
    3⤵
    PID:4636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.4.900106421\2113840006" -childID 3 -isForBrowser -prefsHandle 4968 -prefMapHandle 4948 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f1d6058-2ba0-4569-bc55-8bef7b81809a} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 4980 17bbd838958 tab
    3⤵
    PID:2920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4820.7.1705673070\757967419" -childID 6 -isForBrowser -prefsHandle 3540 -prefMapHandle 3252 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1120 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e4ce65d-ad74-4c77-bab5-5c917d1da44c} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" 3508 17bbdad2f58 tab
    3⤵
    PID:4932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\doomed\10226

Filesize
10KB

MD5
b4f019df19dbeaa4dcab921e1f66d38e

SHA1
8cdf0cd0a3a8e96f107f751fec7505f92bf2fc7b

SHA256
e6f418d7c26f1f4dd615317c137ce6960c2c97c3e97dfe01e2e4ff75659c7ca6

SHA512
de6d6fff80a9164542d361c3da9ede35a7e397c278f8b4c08860c3c4d309a5cfc519f6b53f42f5416417d321922513cfe03dafae03f176311c055cff20e5f53b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\doomed\25409

Filesize
10KB

MD5
113b24d6d3adaae3efcc332ec7145aac

SHA1
82e4863c95d73b71f0d1e15d6b80a0ac27c03ae1

SHA256
bd0dde5fa0cdbf5ec7f83c9145a5adc32a50e9162230f5e8d08ced4c7d73accc

SHA512
006f6a128f98d5e828b76de4cde2bd987de728aa6a0a1e48b7e99bdb339d6ae9bae72fa869cbd99ed827803839f622530fde7d3d158eb1689dd170e5bac8a5e9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\doomed\31852

Filesize
10KB

MD5
3d23f823ff6382038b0376bd46abe76a

SHA1
725661747e70f83ef8be26d54eb363bce61623e8

SHA256
9f0d407c5b1e2b3463fa9bf7cbb86d526fdebf118b079fcb19e4622c1664039e

SHA512
b8c3216ae44bf5a5986f24899c426f08cb221fda694b64d0428b1faa5f086c093e18284e5791ad80ec0df6ffc5aa1117344fae1a32df2836225ced84ce37b2bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\doomed\5289

Filesize
10KB

MD5
404b1a272b22c99b94dd3c1e3954d415

SHA1
9cf37ac35fe3f8bf4a77162e25e5eb9813da5140

SHA256
7e13fc676473d4768460fc2d77f22cf0549d98956f7d8b92e9ce3715ee244621

SHA512
60cb8726aeada589b1242f80f17e29d38924ee441b125f369eb353061a506d1fdfbaa74dadfbbe0bd3b1cee21de5998e5841e0798ab6015a73351f4acb894e24

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E

Filesize
13KB

MD5
e9f58333aa2a51b12dd04ff1f1ea499a

SHA1
b452040e3fbd6b3bfe35ef41732e384b6080e646

SHA256
2cf298c941ee052d9bd2ae1c7415dd07f9e425696a638406001076c445e2848f

SHA512
bfe886b118313b66fb182a74c31a5507f2badb0e7d2a801fc5f745078eb6192d84c97ce49f871effc63f6bab7f7dc598030dd7eb8a15fa57e50823b06f11084a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\stdidscq.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712

Filesize
13KB

MD5
a03b3c845efefdc447b38cf1786d3d3d

SHA1
66c95c32e55086f458adbdc814f4818f2051e600

SHA256
c8a8863afd942b838cf4d28a627e8ff82e46cc796569e5f1273119eb415fc759

SHA512
9379818eeca0ab0e575625ac5296adc62ddcd2143922aa71782d258c6062e8a5343e352507f9cb7c96ade58a4edeb746cb346ece473bbd5e56188d5bd0dbf3c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
275KB

MD5
443d8fcdf3882bcf59d609760e849ff8

SHA1
ce4660f99b1e4ef33f14ad48672303a018c3382b

SHA256
4778b29c2f2ca7893043913c7b7569d33ab6490c700a0aedd512d2d142b167da

SHA512
cf87a9a568590e54b4285c480e983ad12cfeb32ed4b775eae861517dce36d1369c2db7146f86c0b7bdaf738467317c726faddc86704da5a7a634e0aabc6509ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
71162d9a1321e0801be220b425148bd9

SHA1
6f9b01428166a6df9c2744c7039a8ea94fa8ff97

SHA256
183891c689cb42804a5b4bf171fdefd66dce503fe397a32337f75ce27569f94d

SHA512
335df7b28765a102d9f63210ccfcc4b38119b7af4f8563f09d1aedd6a1cef95eacd436cb655bda31f9bc2e5e6c2781c36881465b099210482b9cd05f8731e6af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\bookmarkbackups\bookmarks-2024-01-15_11_eAxAL8SpFfZxWj+8QWgDyg==.jsonlz4

Filesize
950B

MD5
6c53fd868850f42922d96824d8a5d8b9

SHA1
2f1a931c418593cc66c10c53d2a9fd52a76ad106

SHA256
4b24e064ccf3cae7a9fa10520afd392c7782d2ac2480825529e9c9d77b60d470

SHA512
65e938acd9cb2e7cb7d23be342a128154b3adf4fa56635c021ab3df4a9e65a5604c5e9dd645d950e060291ce69dc3bf5fa019c5aa77133a26a4e87cea73be3b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\broadcast-listeners.json

Filesize
216B

MD5
1583c5c058e41cb35860a22280b67056

SHA1
518b93b16e4df57c3d82344e95a27154394a9c15

SHA256
17c37fb983e4fb7d1d385420ad2ffa79d4560958dbbac82153e91bf91991411c

SHA512
8536021c75573d443b38976e03ed6f91c772d949c97fdc697a8a11005b20633d09ba3b960f75bb8dc94a3c63a0b3b2b446665cb2f7ab951eef956b4266b2491f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f405bfbda70dd332022a16262e405df3

SHA1
29b4197db4c2cb568512503a70dcec0cab9c9cdd

SHA256
df9fc225db69e993c2eab2778fb54bdcb56905efc5c92f7c7208a0d25ad1c273

SHA512
edc1fa68d3128dea4ef70ea419eecef915a34369f5c5bcf4d5284075e560ec2d6a58db309fa8ac5fbc1681edd1471003a2d30c7d04356761ffd96d7f05b3fd24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\07539dd9-dbef-4db7-a0db-50b8e17aabeb

Filesize
12KB

MD5
4156a0b012d41bd9f52f7cbdd05d563f

SHA1
5f4002da5689cd000e2933a0c539209427fa5805

SHA256
55d44d585911bd02fbe2a83073b0ce731041dff120de413e4f58dcefcca74922

SHA512
3bafd8805f5639904f367c5f694035b4954c09a8a7d9817d34e47846cce6b21e48e3f2a837e447c5c9f029157d5978732da49f7394b2b6ee4a05774a86c074a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\datareporting\glean\pending_pings\f17c00f8-e419-4910-88fd-5750d9d8d035

Filesize
746B

MD5
e2b5203b040b7b7ea5a5f391ed328e9c

SHA1
65f239ba47bcd33a3dbc0237eaab534738cdb9a8

SHA256
dec5f81b9308abaac0586ab8195242d0c78bc5bc560f31dac441dd2988687887

SHA512
5501915282ba311a27759b79fd6087cdd5855e512e3a341936cdf68e228be77c7a8a7ed72687fd5227663299197628006d09b38658e8d7442ea5f05c2a41ea49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
183KB

MD5
91b1b29b75b23e23ef201dc7b3c62324

SHA1
fdc0ceee7934a4819eaaaaa9c800dabe5f461e50

SHA256
aa50bc44f35815a8d3e5cc00934a979e9ca22ab2d6501d765c0c85e31fa4d14f

SHA512
9c10c1564fed03768c8df08040dd8cd477afb2c1ff69efbbc389be2e53867de56c905d2b6e907cc13f28da58b00fb555dce4395acf06917f8280e4c17a4adac4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
10KB

MD5
548c043175919e498fc0f7ab14582b7e

SHA1
d826353741d7c7a4601b40f38d5e5b515a53b20d

SHA256
a4a20ebf7db7c4f6114f94fc5af5d76ef4556fd807609cbe196a04de3db92bdd

SHA512
fe5b21e79834828c223607e299abf396baa76e1ae3ba531cd1eaf539a1cc129bb8a8206054b4e9dc507ce409bd177ec381a81d31a00df875c04d17f577b53494

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
9KB

MD5
12ee0b5976b1e0afecf9e8326c9c986c

SHA1
0265b5bd4ae3a6541fec1a99599bf3de1cbaaef5

SHA256
b72bd390aa88d85b3f2b509b75d5cc2b029d23dab658224ee99e0ebccfd41299

SHA512
1694560506ab3802922f000bfb021a06fac2bdc0547f000b5e6a7cbbdf3e2a61d3857f612140ee1c1db91b370539669896022008e6494ec9a7dc80b4ab7c3536

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
6KB

MD5
adf098b19ff30d7f39bdaa53461067c7

SHA1
c0f01bf63c7b3b5a594130da78776958358e6b85

SHA256
e9a5de5519f3e29bfa00990b246a3d67f66a49f668c350d3150aeb4efadf70a6

SHA512
b82d5b49b1aef7ced7b16eb7f87897131a4cb59525d91a8cae71d708bac305a4c62b9536ba07594bee826d1a54423fbfeed1e0c321690ee13444fa494b7d0747

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs-1.js

Filesize
6KB

MD5
98e4d9899bfc20252ce40bd8eb78eabf

SHA1
bca5de71a1aba16e512b9ba30cfe1d02dc93d3a1

SHA256
197cc7614336591cce81f496dceabafe27f97cc4a97494f02039d43a0e3d27f7

SHA512
47065fb8fbd74c9ca85aeec82995a0a4626030df344e653e58667e96bc901c0084f1c4f251d3411ca874d9e2da660e40dfce882f0acf181a0767725758fb274c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\prefs.js

Filesize
6KB

MD5
1ac5cf83f5c706694fc5302afe68c1f0

SHA1
5359be0c0c22c335fbfb69feeaa7582ae2479510

SHA256
31e0d627fc46b37f73f14f9ae86e5bcb4f08a9bcd6bf22f39778a5fbf9202ddf

SHA512
04a5269cf5f533ba7183c7dada23b1c0c2338da6500f704173289231bfcce087a0a8941f80b044ab33e344f0be70c5661fcf564685ff35dc2d5890de9338bc50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
4f0a009d5bb2941ebb2d8f17d3ffe200

SHA1
1d9c4a2b5028916fe123cbccbdbcf8570f88fd9c

SHA256
6638568eb24ed0869460081d86fd4bdd40817c0cb2e28707bfba5edd7ab1d0ca

SHA512
c759ceb6543a823f86a514910a77ed748981e1a40dc3f2ca50b4340bcf02f2829e57015c3ae5891e3b752abc020172814a0f4938dc2f6f9b5216e1a9c451b8b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
dab3e00530dee48ca05f47c89ed84ce5

SHA1
c67552faaaf3b55159afcdd041d94b1751ea799b

SHA256
3144d1929112fd5cade692d2de6288856ea2bd7345929be1da878c63cef579a7

SHA512
aba531c70056a6dd2cddf9c729482558c0af57d19fc9eb8e117b01a01ce93bbb0d9a7f09f68e5f5d4274da5968141d23f164bb183fbca6a8952dc87e579a9057

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
446KB

MD5
e1fae04748d60c6b4a5255eaf59a9bd6

SHA1
573b3bf72dca01e19633af32798522695a39de41

SHA256
5fc3b2353610d37971c6d04d12dc386e903ee9b51c90c930bfab4db968bf87f4

SHA512
fa588d414ff140c93d278470bcdc540503ec920fd76aa68e5f3cdbfdbe18dc749068512dd33acd3038a84814ee21e8873455b56168baf73c74f8a37178e54719

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\stdidscq.default-release\targeting.snapshot.json

Filesize
3KB

MD5
e5668b285dc5952e4b089fadf25c1338

SHA1
a22a2c1846def54b9c2331bc4f3f6a9fadaeadaf

SHA256
cb179f294db1e4432fd084fbe380ea947755c1204a8220f50599c619f9e81c73

SHA512
b212c8bffc4f6b2b0c4b56d3d605864fceb01e9b8c43b9084b5cdc4c0734c6f93f12aa81aa66cb9bc22eadaf6ccb9b4974fe7b5acc4ea6cdbc794def2524f5c1

Download Submit