679392445dca5cc2c6efebd287ccc3eb354eab142972fe829b7511bafd08a3ad

Analysis

max time kernel
1744s
max time network
1507s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.2MB
MD5

df37c89638c65db9a4518b88e79350be
SHA1

6b9ba9fba54fb3aa1b938de218f549078924ac50
SHA256

dbd18fe7c6e72eeb81680fabef9b6c0262d1d2d1aa679b3b221d9d9ced509463
SHA512

93dd6df08fc0bfaf3e6a690943c090aefe66c5e9995392bebd510c5b6260533b1522dc529b8328dfe862192e1357e9e98d1cdd95117c08c76be3ab565c6eea67
SSDEEP

12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZb:sPM95FCWStQj6ERs/mfMl6H0skDpS

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeManageVolumePrivilege	1132	svchost.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5048	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 1612 wrote to memory of 5048	1612	firefox.exe	86
PID 5048 wrote to memory of 2232	5048	firefox.exe	87
PID 5048 wrote to memory of 2232	5048	firefox.exe	87
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4896	5048	firefox.exe	88
PID 5048 wrote to memory of 4400	5048	firefox.exe	91
PID 5048 wrote to memory of 4400	5048	firefox.exe	91
PID 5048 wrote to memory of 4400	5048	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.0.1158005525\1697563733" -parentBuildID 20221007134813 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {220efd77-b9b7-4ddf-986b-6dcf32fe57f1} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 2012 18317cd6458 gpu
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.1.711721939\1381478635" -parentBuildID 20221007134813 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {947a8b02-0b88-4c73-9bff-54b3c69b826f} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 2436 1830b46fe58 socket
    3⤵
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.2.674046337\422611646" -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ded5e5fb-499a-4d35-88d0-1a36c3da9c20} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 3276 1831beda358 tab
    3⤵
    PID:4400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.3.1554929154\364189596" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae963e7f-4205-448e-b29a-30ddb5c42817} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 3576 1830b468a58 tab
    3⤵
    PID:2520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.4.559440937\1825519176" -childID 3 -isForBrowser -prefsHandle 4932 -prefMapHandle 4952 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d3893c7-e54a-4c6c-9840-0512942b2f11} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 4960 1831de55f58 tab
    3⤵
    PID:676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.6.1639975767\1086379890" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff1f8aa0-41b8-4675-8d10-bd6d9de0f0f9} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 5200 1831de53b58 tab
    3⤵
    PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.5.621986811\590111696" -childID 4 -isForBrowser -prefsHandle 4960 -prefMapHandle 4972 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1408 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3ea53df-4edd-4f75-b6b3-817737f5900f} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 4868 1831de54158 tab
    3⤵
    PID:4336

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4944

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\doomed\5084

Filesize
10KB

MD5
3ae901b14c5f613c8bfc90907bedc638

SHA1
17a0aeb9787bbbb42a7862461a1b6554a051ef32

SHA256
c9726da1bf5cab7960f26c7a908bd2f747b14b216ecb01b93b38c62f4e8eee4e

SHA512
fe84aca3885d9a798ae523b427f38a5722c027eafdb5d88c92db23ecf75dddeb814f764f470758d3e292858810ad29809c1af33ad485fa2862ce895f7f5432c3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\doomed\5123

Filesize
10KB

MD5
c92fb489b1644926d65b4330144f4cf7

SHA1
bd34c7a928a8b592cd5cf213a20899305ec9c083

SHA256
0e3d9e80d70b91b95fcca03de9996793c159eceaa1fcde5a9b50783b3e652fd2

SHA512
a4affaee15d08fcc0b7fabca77295dac3a6c7a50474c856b11bcaa86790eb837ab21f145b649fcfcd7f07ab749a9f72be93ac420fdf3c846824a93d63c2299e3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E

Filesize
13KB

MD5
cd4db54ff75e667cb27f6e71018b2081

SHA1
036173bae99f0f42911d22497dfc0fa40d3a1762

SHA256
73a4c2fa571cac49107caeae18619cc2c05f169d3663125c918fe9d0b1af6b01

SHA512
8aa71ae3b71f9f7cd8d4a4c08bb239d437140bb0eff9fbf93853d9dd3f1152e4beba576c91fb84c4cdb9f2a117eb52b1aeed577ec2d39f451554ea03e024f9bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.2MB

MD5
927dc9514e6e3227f0fcbfa6e978923a

SHA1
85e1cb452ab2397f571867dc5744ab8a905e6cab

SHA256
33dbe1cba1c2819be7931c674c2d2ad1e4e0910092acf720d4c69150568a66c6

SHA512
eaa9ad12e9362057b5c24221d8ee1832b1c6679d5b368d9ff8dccf94c4b679587f6d1e0c75ca48da1914b28a35783696962da9d9b757c2bbbaed1a1d6297c526

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
5028c0ce5e39dfc17c50821cffeada5d

SHA1
13e6ea1b24f5dbe3aae824d52ae0d70c714efc5c

SHA256
3946081b57c040ec3b9c6727c6b6a8172634d3bb72dd513f940db0c64038a4b6

SHA512
961956ef4cca92a12c8648d50a1102da9261e7b1ecdd6007e441cb88a0070df2136e4c349d7c5c690c0c7515064b39f1b97a5daaaf993600f6a6f0d929eeb61f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\bookmarkbackups\bookmarks-2024-01-23_11_ciIxfDl7FJ-KOzubC1P9iw==.jsonlz4

Filesize
949B

MD5
10e29181d8a1cb6ed5fb00e844502310

SHA1
4e247271ed4f79044983204895fc0b184ddfef18

SHA256
236e77a1d7052dc2e0ead4e6cf0bb9659c2af3b9c5f966e63f27e2f299666b65

SHA512
b2e0c9950a5d921662adcb25012b9b9e43225519736d969f2f6b003beabe2f4d7ffb3fdbabb670656fb1af772db2452f3e95ebf8778914a6a5c863206560a4b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\broadcast-listeners.json

Filesize
216B

MD5
ec04d212314aed1f1c44a39a8a0b6700

SHA1
af77ee8be4c4bebf89ac3db3a0c8acf933483c4a

SHA256
93c14e8530f58f51c75034826787d48a20444187bc297fbe1a77dd01ef4fef45

SHA512
e9d5726664afaf4fb8a81658383b8e4e1cba61581bcc9b6cb69aae73906679b0b9c81c9324ba025b0dcd24dae126cd3354ba89342dad544e7f3915751dee51c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
8a64d70bf3dec88d3a6bc8a71c5c1fca

SHA1
0556dee8f6715acab2914b2af84d8b51d4cca0c1

SHA256
3fa839e0b7642556dda659f2dc48a92e2d0c3dbf307e837a906cba56c8803ed4

SHA512
7217ac7eb5eb559c4e6948a0421850d4ebe60d78c1187374989e94dfe13333c3744557d5dfc50dfa1e3ec44dcc0f926d22a28cf4d0c4e6a9e9b93340f7bed183

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\b66e02e9-fbd1-4094-af24-efedf13b4643

Filesize
734B

MD5
2a958c563a254f5dfca31c378e4707b4

SHA1
11045a7455d80392d6e77e35372b9b66d540d1e8

SHA256
22c32f59cc967b9e2ea4256bac0ba0819d370f71ee3b1729d4869ab12cc9a509

SHA512
11739ce40dbb325376cfb46deb44e5b12cdfd6f27577158a819698d10d9ca3d856a8f28ea6208a9999b1801126f0dc79ef04ba40b61ab7abeb4dc03942535c71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
1.5MB

MD5
4db84e546bfe2d6944ff5bb4e75fc6f7

SHA1
29a3c499386b822c898c680cd8021c23b1c37112

SHA256
29dc7f67beb1b6e5ef43e6c4cb9cbfb47e0ca148d1b5390ec8b4395fbf29f28b

SHA512
7c51b61573ff810e970b64f029f6b44e01711a59238421aa6acd08329be8381b0a611687b44bc709ba69354bbf35d5d91d1cca7dff4fe402189d41f9b14dc13d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
10KB

MD5
ba5b29fbd485206280107c8185654afa

SHA1
9ac2ef61844eff389502baf55fb363253b39e81a

SHA256
6d926c41583f951411b57c9785c9e9380386794334341e8a9df46b305cd5bca6

SHA512
0b18225dc56db110bce1a17f9274d78862e6657b8f355b4af9a88bd0ddfa2daf3cf58a8d1a87ff2bc9d70929c69ad33a7f773e38a71266f8f5184b87d54c5b5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
9KB

MD5
6582861f58e57960a089336abb54f510

SHA1
dc0ec684798e81360b41a01ab4c49258a96f297a

SHA256
fc0b8f28b50e37b23ac2ef5e6b2474e052b0f7c9abd052793f9507a286f77fa2

SHA512
b5a41f0c78e785cb363b36b4f127d45811c56bd76cb4ee5db01e53cc18631513af641175f3439e1dc3467a719df21bfd0e472e77773adf7a774a6321525010c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
7KB

MD5
7efc8229d07184c690f4124d59d6bb1a

SHA1
8189690848aeaff5cc7607dc7debe57f3dff951f

SHA256
13ccc9d2b96d8bf9575dbcb5cefcb88b380e7e16475c9038dc95b6ff4980ff5d

SHA512
b69f5530500ba74c9af5669d1858ba1646294be9a8f4a7a49138eecc77102970aa45f5e61d7cad5c9cd4233088869c22cdd7a8c20d498faca862b6283cbe11b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
445bf302dd72340ee15810a9ac72fe8e

SHA1
f4addebbc05e8e22276110fb3a2595091bd17ec7

SHA256
b6129d6483cf5836f40e9695d7190c979e2506b5e59f93a887f6f8ca7579f8ec

SHA512
5d9211327448041d68859c3a33f296b1502c27afebf64ebf66f9534233b41b4bd1c2c75ba393684e61674f1df9d983b58eca597d83eda5b7610da0fa1394e932

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
e3f4144fd423a92ab06b6692fdd8fc08

SHA1
fc4a77eb6a878bd3ecdb85f95a6f9d4ca22e15ca

SHA256
7e38851fbf1b49dc3ea1d9b479e09f18c29b661e360665c914ac2d9e65de35fd

SHA512
e17f856a9b39af2ca42b46ec80e4801a93ca1b015665c7f942b1a2751272754bc94b01fc09f1bef87fa270d89ee4cde5868a5c9440840e0b260d40662f73e473

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\targeting.snapshot.json

Filesize
3KB

MD5
0ff46409aaa1346fbc49069d6daa9903

SHA1
0b618640db2b11ab32288703f515fa1fb0944080

SHA256
cf2e8163bea405a466809b61ee9872d76061dfcc89e1c33b24109d8c2e465721

SHA512
7b30ed8570a4f56b5eb5fb16587bda885ee295bc8d3f2ae550d2cc83cba85184c321f1ba4476edea322beeb6fc2b0682363a631ac54022910ed2f59d62201a37

Download Submit
memory/1132-2097-0x0000022DCCD40000-0x0000022DCCD50000-memory.dmp

Filesize
64KB

Download
memory/1132-2113-0x0000022DCCE40000-0x0000022DCCE50000-memory.dmp

Filesize
64KB

Download
memory/1132-2129-0x0000022DD5180000-0x0000022DD5181000-memory.dmp

Filesize
4KB

Download
memory/1132-2131-0x0000022DD51B0000-0x0000022DD51B1000-memory.dmp

Filesize
4KB

Download
memory/1132-2132-0x0000022DD51B0000-0x0000022DD51B1000-memory.dmp

Filesize
4KB

Download
memory/1132-2133-0x0000022DD52C0000-0x0000022DD52C1000-memory.dmp

Filesize
4KB

Download