hxxp://ssurl[.]kr/1Y6

Analysis

max time kernel
147s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ssurl.kr/1Y6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3818056530-936619650-3554021955-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2080	firefox.exe
Token: SeDebugPrivilege	2080	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2080	firefox.exe
2080	firefox.exe
2080	firefox.exe
2080	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2080	firefox.exe
2080	firefox.exe
2080	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 1708 wrote to memory of 2080	1708	firefox.exe	14
PID 2080 wrote to memory of 2904	2080	firefox.exe	16
PID 2080 wrote to memory of 2904	2080	firefox.exe	16
PID 2080 wrote to memory of 2904	2080	firefox.exe	16
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2632	2080	firefox.exe	20
PID 2080 wrote to memory of 2968	2080	firefox.exe	24
PID 2080 wrote to memory of 2968	2080	firefox.exe	24
PID 2080 wrote to memory of 2968	2080	firefox.exe	24
PID 2080 wrote to memory of 2968	2080	firefox.exe	24
PID 2080 wrote to memory of 2968	2080	firefox.exe	24

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://ssurl.kr/1Y6
1⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.0.67412540\1795749155" -parentBuildID 20221007134813 -prefsHandle 1228 -prefMapHandle 1220 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {17174e79-a751-4fbe-9b14-044ed5c018bc} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 1292 114d7258 gpu
  2⤵
  PID:2904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.1.390394805\1769606176" -parentBuildID 20221007134813 -prefsHandle 1496 -prefMapHandle 1492 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e10db5e2-1a71-44dd-baf5-7696c186615a} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 1508 e70a58 socket
  2⤵
  PID:2632
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.2.1578873659\913220837" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 21713 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c09bbfc-d55f-4e78-948c-bbb651aa1a5b} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 2096 1b6c3c58 tab
  2⤵
  PID:2968
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.3.755297106\1642511706" -childID 2 -isForBrowser -prefsHandle 2816 -prefMapHandle 2812 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f8a6a61-9c92-434b-9197-6d6f5d016924} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 2828 1db53b58 tab
  2⤵
  PID:1536
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.5.525426046\999301521" -childID 4 -isForBrowser -prefsHandle 3776 -prefMapHandle 3780 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f6a8720-3791-4d59-a980-d629c9ebee5a} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3764 1f4fc158 tab
  2⤵
  PID:1628
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.6.1088145897\284410798" -childID 5 -isForBrowser -prefsHandle 3932 -prefMapHandle 3936 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee3458f6-a7ab-49e9-a0de-2479732a05ca} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3920 1f4fca58 tab
  2⤵
  PID:612
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.4.27162486\879144463" -childID 3 -isForBrowser -prefsHandle 3640 -prefMapHandle 3628 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7256815-aabb-4c49-b30d-ba004080e43c} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3620 114d6058 tab
  2⤵
  PID:1340
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.7.995440542\459327716" -childID 6 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 26251 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a342122-2df9-4c16-99c1-a27cca0807dd} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3808 21e31c58 tab
  2⤵
  PID:2428
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.8.1313441268\469823137" -childID 7 -isForBrowser -prefsHandle 4316 -prefMapHandle 2668 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25a48f60-c2c2-4d20-9596-4423844bcda8} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 4332 1a367158 tab
  2⤵
  PID:1048
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.9.114528679\273363803" -childID 8 -isForBrowser -prefsHandle 4456 -prefMapHandle 4460 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdfb1c5d-c460-4f70-8e14-774cabb64c2c} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 4440 1a366b58 tab
  2⤵
  PID:1552
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.10.216945909\1088169623" -childID 9 -isForBrowser -prefsHandle 4628 -prefMapHandle 4632 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {830355b6-4a9f-4a8d-bafc-2183dd6726d0} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 4616 1a367758 tab
  2⤵
  PID:1752
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.11.2055347405\1642025686" -childID 10 -isForBrowser -prefsHandle 3460 -prefMapHandle 2368 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2507192c-9dd0-4748-a68f-35a4c7b6c249} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3496 e63858 tab
  2⤵
  PID:2664
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.12.142629970\1659080236" -childID 11 -isForBrowser -prefsHandle 3872 -prefMapHandle 3868 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95603692-05dc-4768-815d-8dfb2f564d97} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 3760 22871658 tab
  2⤵
  PID:864
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.14.486396588\553679834" -childID 13 -isForBrowser -prefsHandle 4744 -prefMapHandle 4752 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04093674-c67f-4667-ab01-dd43ee57260c} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 4728 1a368058 tab
  2⤵
  PID:848
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2080.13.35617748\1480211648" -childID 12 -isForBrowser -prefsHandle 4712 -prefMapHandle 4352 -prefsLen 27382 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e74f9053-9de9-45e1-8036-bd683d2330e1} 2080 "\\.\pipe\gecko-crash-server-pipe.2080" 4764 15584758 tab
  2⤵
  PID:1996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://ssurl.kr/1Y6"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\doomed\14025

Filesize
10KB

MD5
7221f568d5896c424f4d700e9001ba23

SHA1
22f5a9b6d68898f47deb7431a21993da861e9885

SHA256
862cda003d32200c82596d7193f1b9136e9139df4a10ffc7497a254db7610ba5

SHA512
c1b3d7a18e25861e6c6056c5e73a00fb3a2637dc140afe96f538cd718524bba455c10c1405d864dea01b27eeecca1acc9e6ea8ff78815bf203828489060aed90

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\doomed\1579

Filesize
10KB

MD5
14640892bf6c21f576a930c4254971fe

SHA1
4858bc6c32f82700708c873b6c551d4e3992dd24

SHA256
db387c2cd24449e67086d46f20e9afe093aaef3020fe2f5cc2759079df9138c0

SHA512
2e8e3d63f028b176f375ce7ffdcd4cef0ad01b431c8856adc27bb68a182f036e7faa302c361edba3aa8a12da1f7afd28db78e3981285c15b0dcec7cf4e638e07

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\doomed\29722

Filesize
10KB

MD5
52387f5e466f9f78984fa10f74dbeb12

SHA1
0e8ac29103f3ba26a73d33462b306d9a11247967

SHA256
8ce9fe235a6c5e87b3dba671f6e40b9aea5c0a005e4420c92fb33fc9905ed9d4

SHA512
c636dfb87004cc0a44e87859e1e9a4e656c7822d84650f200b88e0e529ac56e26760e5ffe4000677719fd4b3f2fe03ef75ef7effd396f3494b6e7536a93a1d22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\doomed\5607

Filesize
7KB

MD5
da54d06bdab70f956ddeddbe6711e7ab

SHA1
36ed44325e96f4a548254f3b77e05c8c1af59f9f

SHA256
8b0d482716816990a8d42f0c1e6792c3acc225f7796a0f930cecffda823e6e2f

SHA512
db757237f0f064fdc5c805a4c5696935562589f503f2e0653b5c38bbe342faa82b8d9c875a09880d05fa1769b5abcaa107bbd8b2cf1cfbf02d38006450d0f7ff

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x7a5o34y.default-release\cache2\doomed\5676

Filesize
21KB

MD5
7609cf4ea3ce161198e888a0ebf5f382

SHA1
6496433cbad5773196508236bc92f89eb40dea1a

SHA256
faea0ce9d4895368583d9f2e90fb6f1b4170d9c479a4c20cbe3f8a19122860f1

SHA512
8fe90647daa2b9e561028e7338bf95594d6079d00f2636b65b5e3a38a779f30079265208e0cf5f133d94dcd2447d5ffb43bd7f60da8fa3f0a914bfd3824fe98c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.6MB

MD5
5cb201d4994bff4921aa6ec48f0cd188

SHA1
43c854a8ad9b6d4e4144ea3f80161bd55510beac

SHA256
accea71e63780e2393c75ae2b2edfe5f3dfaa6a35cceffe4768519d81a410bbf

SHA512
4b7857f49f6dab98223ab085777669c354ff73d627501fedd86df93153cf543c439406ff4fa929ec0bdc2b3dfcd0211d835f4d06dfeb1124841ea390e787f1da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e857f127221d4c4ee21eba4a3786290b

SHA1
30de5c6a72cbeae44fb5e1e2ce6e8b2d8b444c1f

SHA256
9df9361013084cd636447a97645b281da2209a233ee92eb34022dbdb2c3b87bb

SHA512
f3cde4283f5a4be8b36b238d8189f88ede0c7349a0c9ad313c94905350d422099ffcb7e71058019419d7c5e7f16db787d45b51e70f875aad8cf50bf38eb5b840

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\1668299e-5cf2-41ba-9867-4493b01f5cf1

Filesize
745B

MD5
b248e025cf180d6fb91463adb4d0ca8e

SHA1
40ff6131b164dcd3e23235af09fa22453f450190

SHA256
0194237db7aa04a497dd4a372a05edf6d409ec1cbfa9aebc58c18578d144a67e

SHA512
9b9f9be8f828ba33df14963920ad01b9499b6a596fd4f0bb5acdd617c812e1606035c6f0f11f9dc6f733a876941e0263daf92309a397edde0c1a72b85338bda2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\datareporting\glean\pending_pings\efc0742c-f5e3-4c44-9b11-0d479e7c3859

Filesize
12KB

MD5
01f22a524e62df41f58afa17968a248a

SHA1
0de214f860869a75cf0c83fc6d69b125f0df3b15

SHA256
309dc9bc3b428b46293156682a88b2efe89f590ec00199de15bb00a64dbbf210

SHA512
bc95226b835ba5e93d0193985200811d23bd8ca4edec03d5a24d856b9c7ad11b7c5f2cbe26823d89df7e47033d67f82fc003dabc1dd5ee5da8d6a407bdfe4f5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
1.7MB

MD5
f8b447257d6fb905ceda155ea376cc2b

SHA1
2f6782c735f6fd34f1c416bf301165fca1b5f064

SHA256
141b21bea68daa3f59fad6b3c240d235a58a0004135c5a2ad86678b846fda91f

SHA512
d4c5baf5a2cbaa972e02f8c668a52200448a92e96633ce7382ab6c7d460670ea9e129dc5c3d8c38340890bef286b2a9601f08a2b5f9df3e214cc0b597bf4a2e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

Filesize
6KB

MD5
7b3a1dfc255b83b8f8314fa30ef492b4

SHA1
8f45897669ed017e661381df7e0573d50d46bf41

SHA256
0e302e7a0ae759c100744f9886c7dca45662f3c9d8dc211cdf64c4236d4f0a72

SHA512
6d3dc262c09ba2e934e711977975093aa427524bb3f6006174cc393b2921553d880f1b21483befe3568ec97beedbefb2c20f8a77f2caa3e47a7edd190f32e027

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\prefs-1.js

Filesize
6KB

MD5
106a12f51adb3222cabfa7a31ebf7389

SHA1
3d7e290c218748c7f2f4d6596f62d1d30bac9e1e

SHA256
00665817d2b63c5d25ba48033911806a301b0cdc693d2139eac8c790faa2d25c

SHA512
7a5ea23e448a9f76902f3fa64134b9e7586c480154c0f5a5de9ce2a153216e5ebb9ce25df7009c0997c2d8b125f535c5813b0440c12bd9d53f8ee6e9f9ae67d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
7e4c23f5b3a090b039f50cbbd086e579

SHA1
1dff6093164fff9d1f6f5e8ae6489a023f1b4311

SHA256
19d90c264f82274dab75e21904ef13d03cad1232bba087c93cf02116fe3d2b23

SHA512
22aaf31fdd4feddb215a19cb4bada84ff290ad721ca9f4f20dc0e64d234346e93b947618e28d4451da0dce14a4e1d229e85c83df236f6e855007f67297b0b403

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
26KB

MD5
706fa4378682cc91ebaa298d9090185c

SHA1
d782d904f16a408a51d2b0982d7e52877d8b33d7

SHA256
0c4ff2f6787cdfc9a92f4b5a81198072bcec257043b8502914316e1a412e5c47

SHA512
63934c63da646c387c9f23c64272d629b964b78a421e52904e83c5cbb00deae53e1f3e8d440e9816f1c1a5c9fdc426f382fca48ab0e7de924e1e3143fa876eae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
10cd24ab4fdbb428419e5a488c7a08b9

SHA1
8e47d5d7960acc27d7573b9e57db4cf4f8407d00

SHA256
628c9240ac44ca2ed7a4f38161dc1e3d689ad6d3b7d9c2111c02e9f568b24f29

SHA512
fdf179edb5021d0f81ea3edc7ebbec9529215870744d639b4a38849c12ea39fa2fefc8431a21f207aa59f84ea8ea27259b8c3731ccc8703e2632803c22015ee5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
62c10994bc77e2f515b6148060b8b979

SHA1
789f2874d2cdcbbe13a7efeb8c480819e25ff53f

SHA256
67c9ca6b2ead545a276a48b99b68c17f2873868198fa361622040bfc101e7a02

SHA512
b66ace8bf256eb3f2f0f686a08aabdf75f0de6129a9969978d21915ae816610fdead70766166bdbb143e0d3f8001659ca4627af4eec9d29f3f2da9fa67e8d5a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x7a5o34y.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
8c5f2925eceb9cf756a64a267294241c

SHA1
0cc733e5c20361b11524e7d317bc89d4c170f2c3

SHA256
e5e44e8b06346332a544e751339ee7637400767b46ad5ef23b1cf3d4aae663c3

SHA512
2e838af0ed850b37cc7160a826695d2ca9db297f0f1d8032b8224208bbdcfe059e6a9be9a997dd2a76a6f349c220181223ad7cfbe2ddbd2852525a8f8aaaa58b

Download Submit