986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e

max time kernel
137s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wave.png
Size

10KB
MD5

57bd5782b784673f8e3ebd06f95bdf38
SHA1

1f55e36180024eb5c8fc066a855287898e6b077a
SHA256

986eb45b5d5c04fee9e2bfcbbc15b968870e40feda870eb949ef10c2b7b73c1e
SHA512

9f807db1571b942467f61b2d9a7ef11882036f64a6e1347ede55523deb9da193ec8255be0819e16cac65595f67f05bbf80320c9d46c4e1bf944b34dd000ffe51
SSDEEP

192:sD2HxgUkULWcH4F4/XZ/g4t688FPhzBfZIYeLhl+1/RNqeyFgbCBQJGSz/2Niq:sDXEicYF4/XZ/HT8FPhzMHNQdql0CBQ2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3224	firefox.exe
Token: SeDebugPrivilege	3224	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3224	firefox.exe
3224	firefox.exe
3224	firefox.exe
3224	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3224	firefox.exe
3224	firefox.exe
3224	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3224	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 4812 wrote to memory of 3224	4812	firefox.exe	96
PID 3224 wrote to memory of 1776	3224	firefox.exe	97
PID 3224 wrote to memory of 1776	3224	firefox.exe	97
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 3136	3224	firefox.exe	98
PID 3224 wrote to memory of 1304	3224	firefox.exe	99
PID 3224 wrote to memory of 1304	3224	firefox.exe	99
PID 3224 wrote to memory of 1304	3224	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\wave.png
1⤵
PID:1568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4812
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.0.459043901\122813305" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {40c7f530-8ee2-4248-b5d4-fbf65b8f16d8} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 1964 1a413fcae58 gpu
    3⤵
    PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.1.1203539716\1974537451" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c168716f-3c07-44a1-85e7-d5b0ba8c9d5a} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 2364 1a407572558 socket
    3⤵
    PID:3136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.2.1441860007\1687543684" -childID 1 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d00bf971-386a-4978-9e56-1d484dc676c3} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 3168 1a417eb5058 tab
    3⤵
    PID:1304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.3.307850321\1565119268" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 1060 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bed822fc-7581-4e54-8ecc-8c7207dcdb24} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 3652 1a407562b58 tab
    3⤵
    PID:4364
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.4.846252186\962500299" -childID 3 -isForBrowser -prefsHandle 4388 -prefMapHandle 4384 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {470f32b4-076d-4146-8ff8-381637f3a941} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 4416 1a419206b58 tab
    3⤵
    PID:1884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.5.1674947583\1310192983" -childID 4 -isForBrowser -prefsHandle 5080 -prefMapHandle 5036 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060b4b87-984f-4f5a-947e-317d1bf56bcf} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 5084 1a40752d858 tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.7.1052413469\446809456" -childID 6 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97c2f608-fef2-476d-81da-9c0f1b2c23fa} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 5428 1a41a316d58 tab
    3⤵
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.6.124560682\275169734" -childID 5 -isForBrowser -prefsHandle 5244 -prefMapHandle 5248 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ec50cbb-7483-4790-b2ca-6e29ac3faf73} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 5236 1a41a1c7f58 tab
    3⤵
    PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.8.325066266\1034964022" -childID 7 -isForBrowser -prefsHandle 5916 -prefMapHandle 5912 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb854c51-8e62-491d-93bd-827b1e5050a7} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 5924 1a41bfb7e58 tab
    3⤵
    PID:5228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.9.214781965\388684371" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 2820 -prefsLen 27337 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {172439d4-4345-4271-805d-90b700fe374e} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 4628 1a41c5e2b58 rdd
    3⤵
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3224.10.405474200\170011041" -childID 8 -isForBrowser -prefsHandle 5076 -prefMapHandle 4644 -prefsLen 27337 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2dd5fa94-945a-446a-b4dc-870a94497104} 3224 "\\.\pipe\gecko-crash-server-pipe.3224" 5728 1a41a19b858 tab
    3⤵
    PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\cache2\doomed\20782

Filesize
10KB

MD5
3de2d130caafa5908c6fac6da87281e6

SHA1
ce163a3aa4de3b229190619b1bc10eaa41c6858e

SHA256
7999398ddf65e5a0c1ad8489722fba1b034dd7aceb4a32e7fd73e62e1160c1ec

SHA512
424672bcce001571ee40820d52d04706dd2a92bb0192caf20a0e9944161c1d411a213c4e60cc830b6a569604dae92a7e1e8ac0516010dfc9f94bb8a70bb0ab37

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.3MB

MD5
e39a7bf63ee48035ed8086da8e62bb3e

SHA1
ab67a641ba9ef6f3ac7e2afad73a6cad29d3f103

SHA256
cc9c02ad44edf22815e98674564cb385662fb86e1e9062c149d9708ceea55478

SHA512
89ece853147e80dad134c832cbd5c91d4c82dcf75ec760a8501b6d82877b1a795775f9257d07f92267b883a9854c5d887d20f44fdcdffe49ba33e67e43c61264

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
16bb03be9e6e972f30e62d27a8eb1248

SHA1
0c9139bc9599164ee1d52ecaca066e0876717bec

SHA256
606c09c0a95e7962f2a3f828c1d353b1904b0c542ed5ab78a413344a9af1fce1

SHA512
37611a5965bf6b1ed824a2734eeaedec8376c98d466ed3a854c8b69c5956b60a574147fc7dc6c8770bbbd6a4aad2b55b9860f7eb3ead04050030c77bba246db0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\47005d32-c54e-43a8-b1e2-0a1745c7a56c

Filesize
746B

MD5
94a7648a5865304a3f417aa7d5e5217e

SHA1
bf1d414a7531ff0d1036ec814bb38cf619b03fee

SHA256
69b9dbce4008c61e4cd0a18d3f29d646c74ff0463712d9d2ef067a4300791f24

SHA512
18b368ecf0bc5de31c9c43e3cd159c216c447455362512c82f86f5a5e9a2e8e43f7070fb93fcc5aa225f333f60d462ad416bb512091b9a2ec1a3ce55a0c83f35

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\datareporting\glean\pending_pings\a5e8eb18-814a-4c3c-b950-6a69ee3b4be4

Filesize
11KB

MD5
b7af08df8f317e746fd0d2bc5590a0e8

SHA1
df4eb22474405ef1c2fbf3bdaa55bd6024cae5cc

SHA256
d1eeaf0eb97e83b68e08303bcd4110254598c74cf784b6b272f795e5c5278183

SHA512
a861e2d0336cf5053b4d038f8daeb06fcb48adafdc2d1773f883bae2c6fba9f1eee6d3740dfb120a1dd6318da610f9523500ae2eda9c7d02d43a54cb37fb362e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
926KB

MD5
0fc7e9394d8b19865aae6a614a2f5669

SHA1
afeae206995e67689f59d6baab024aa9efa4b1b3

SHA256
df185ead31a4f54c2ff0e343ece7492828384a99fa98de8b2b948cc790268879

SHA512
ceae824f2ebe23c7779d7696246e2482b3395352c0a8b2f5a5b61cddf583964558da89c315833afd970f619a24e47a53396dcbabb01f574600fe701029d9fa4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
6KB

MD5
5469039a57311165307d7ab22ce04f2b

SHA1
e4f1fbe6f10bae90f5b1d32715cdd48da1c1a3e5

SHA256
2148d12c4aae8d7a7ae6ddc7f9a0d2f7dfb642bb7c3eaf4993e008a396cc9cb2

SHA512
8218856987896a6e2b4f46b854d43b4197af4e2d7cb9d95b1275a5d400a4c76a07dcc41dbefe071e0fcf8ed803a1d43848ccf9cc036713d7c04f93058296969f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
7KB

MD5
3763724210719bbb4d490358cc8cae05

SHA1
468f0e2b017318de0cbafc13289dace31bf1d4e6

SHA256
0fb153c713e5e49bf051c463fa6b659ead0f0dee00407b58c27de213c50d5b6d

SHA512
d5a74b44cfb883024f2a5989d5805b470bda7b898cb7129338a9015a9c54e74665223277982dd0db0bc5066287c9ec2d5ea04eba0ed8a7b24cef4b0a45b7fb4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\prefs-1.js

Filesize
6KB

MD5
5e201c36e2646ce7e2a0c4b2a3d69b42

SHA1
88a9e4daa75d7ef2694a472d52c95bdf6652eb91

SHA256
ddc89b2345efb7ac1323d1f5dd56526bad000e3c05cfb79541667e9ffcc4a858

SHA512
b408fe3e2c1d5e014fa64901cb8622663bcdf16e0abf5d711829450a2ac4ef4686b74d3a82ef96f0e79e559d8b9416c67d64e2c00272387018280606534ba780

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e827f4aa2ca84d19fb39ce0ef7c7d53e

SHA1
9fc28f0a11c8482088219b227a21864fecd6e232

SHA256
8d0730f4bc5eb81379880fd9777f2914a478951160801d644a50971471a55325

SHA512
f3fbc030473a4b49e53f73b91992e9b4a7523fe486c4576773679e976d22232460e8148e80ae6108253c8b36adc37440f91d5f6ab58947136a602da2f51aced7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
a46456f480b367e66e38b9714267945b

SHA1
58bc4b8b97ce6283d4178e5dd2ffd3234c22e587

SHA256
d361bf9bda893f38f10f2b6455fc1cd4a55799ac7a04fe55987dc7c7ac89ec1f

SHA512
9b952f2d11abf7c23c6be2c6f49ac4442910f6c20ab4ccb15e8b46f80353c533c4e34ff065b2c0fbf0bc7c40a358b86154868f53593ebedb221b04bb637cc481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
afae75a6b86189131d304947db1350c6

SHA1
5a42414be4cbd000068cfe198fffbc3ef436794c

SHA256
d81b82da62000dbb001aed8ec6ace0687bd9f3a1a3ead35204ff3f186729c9fa

SHA512
19f9b8248198a2a9d44af88be6a14e1f4e84b5671d5bce1de4a27fb6d0af75908416296c53b339c61ff03056835b2d53452d3cf5bb3a6befd37a1a8312ce067d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
37df898d742d74e5a7e60beccf541f57

SHA1
bea6e5485c17086dd2425bdccc21b395677fda82

SHA256
33772a145fe6f0c6a37a4e124284972ac7c00467207ea014d7ac7bd90c4b0422

SHA512
55f2617d67aa8c672ea90fe7af3ca2afe96b39851447fb8cc1ae00953787702f5db1f1ddc58344b692a8251d2268789b6c644acd357154b77379731b2bc09ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
cd5290810c57b597dd49d4d2c687e2e1

SHA1
79ab073790b86d52612c10c52044334d06d4bc57

SHA256
0cd89091faf070ac10ed973cc8324c398b48531f02b102eaee37e70f29255475

SHA512
b6407ee44af28bcf942b626e23e5d5036c4bb53c52381b722adab605318683a91ffbdd4bf3a32d4cbad6e203f81a512c4fea73f5d3e5832184b6fa7ddaf51659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a68ca98b5e5db8f9c6ad1f26bdcbc943

SHA1
859be5263bd7a002597b77596f33873489a5903a

SHA256
a786430d8c75c404c9ae78045ae8e1dfc54b7752069c8472c69216014d7912a0

SHA512
599ac947852fd12e8c4dda0cbeb1ad7adf24e42c467c03ec4defeb4b52dd0f906e0547a4c5150115e3931d2b55be404e28a1edb9d88487f8812049b81c33a057

Download Submit

Resubmissions

Analysis