hxxp://5[.]42[.]64[.]3/installer/setup/

Analysis

max time kernel
248s
max time network
228s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://5.42.64.3/installer/setup/

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
3808	soft.exe
1176	soft.exe
3844	soft.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	OpenWith.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\soft:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\soft(1):Zone.Identifier	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2356	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe
Token: SeDebugPrivilege	4900	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe

Suspicious use of SetWindowsHookEx 61 IoCs

pid	Process
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
4900	firefox.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe
2356	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 3536 wrote to memory of 4900	3536	firefox.exe	26
PID 4900 wrote to memory of 2012	4900	firefox.exe	86
PID 4900 wrote to memory of 2012	4900	firefox.exe	86
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 4820	4900	firefox.exe	87
PID 4900 wrote to memory of 2580	4900	firefox.exe	88
PID 4900 wrote to memory of 2580	4900	firefox.exe	88
PID 4900 wrote to memory of 2580	4900	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://5.42.64.3/installer/setup/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://5.42.64.3/installer/setup/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.0.850130173\900328860" -parentBuildID 20221007134813 -prefsHandle 1800 -prefMapHandle 1840 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {457159a4-d370-4c43-9099-3a5ee22dae66} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 1960 292988d9b58 gpu
    3⤵
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.1.796330080\1576450931" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 21487 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f0c1d9b-4c95-48ad-8130-ed7de463ecb8} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 2384 292983e6e58 socket
    3⤵
    PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.2.2094632707\509983593" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 3068 -prefsLen 21590 -prefMapSize 233414 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b84a7a0a-2722-466f-ad16-b351bf6397e6} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 3276 2929c650c58 tab
    3⤵
    PID:2580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.3.170681166\192422672" -childID 2 -isForBrowser -prefsHandle 3548 -prefMapHandle 3564 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13c1a1aa-59aa-44b3-8e2f-fb0cfa67e691} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 3764 2929aba4e58 tab
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.5.1802586478\374184822" -childID 4 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1a33820-0afe-4620-98e9-ddf790600178} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 5156 2929eacb858 tab
    3⤵
    PID:448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.4.1636153802\957359672" -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 5044 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {991ed807-5672-4a52-bc6b-2225eebbd343} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 5064 2929e556758 tab
    3⤵
    PID:3244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4900.6.434004664\11098210" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5176 -prefsLen 26222 -prefMapSize 233414 -jsInitHandle 1132 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fb7721d-b9f8-4c03-b824-fc469fe51364} 4900 "\\.\pipe\gecko-crash-server-pipe.4900" 5220 2929eac8b58 tab
    3⤵
    PID:3500

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1836

C:\Users\Admin\Downloads\soft.exe
"C:\Users\Admin\Downloads\soft.exe"
1⤵
- Executes dropped EXE
PID:3808

C:\Users\Admin\Downloads\soft.exe
"C:\Users\Admin\Downloads\soft.exe"
1⤵
- Executes dropped EXE
PID:1176

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2356
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\soft
  2⤵
  PID:1656

C:\Users\Admin\Downloads\soft.exe
"C:\Users\Admin\Downloads\soft.exe"
1⤵
- Executes dropped EXE
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\doomed\6803

Filesize
1KB

MD5
83c869e5771db0a6079341ef65b5f496

SHA1
68b084191def70c5f00bea81767b980e58e08101

SHA256
089f89a4ede75547d28beaa60925a97f64eb4f726287cd15899cafe293a9de35

SHA512
794675d0f06953f0197bd42be11aa504a6d072563bcd6e73c180bcbbff5533568e2522145ab1a92b8df28b5b8b9f8f806eea7a9d4ab3e7e2d2f8cb0c634a9a03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
453aa99693ae1f9ffdef1fcb32fb716f

SHA1
552ea68df9a79b4b226e329b3bf1ad46cfaeb0a6

SHA256
e42d0fe98267e692ebfbbe1e508b365a762ba0cf86a9ce3ce5d09a2ad30d3788

SHA512
6775e9363a89be8929419bb293069b1ddb6ced4500acfadae6291f163248a4a5f4479e84697dd31d93feaabc43cef6846dc6fc756ea6333fc8ab467a78a0b6e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
2275360337565464dacdbf1d89e559ae

SHA1
ea5fa131f5bf5d9b79bf1597d36211c1b090af6c

SHA256
7026d4538be9d9fb7a03766fc9d27d0d9c8d60fa213962153358eb354b8f1a56

SHA512
9a3ae6542b54fd92d58114601fb965c71f55eec4019974bdd9858f2e8764534ee61f40d0ad64badfe2508c009bc6d55e73532662b94b96951e270a7086630635

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
fd83887117222df01bded685b0510fa4

SHA1
ea4fb7541dc6cda7e4abcd5e42af2e1dbe65a9d9

SHA256
9e611d754856579bc093e039c925c363edc365ecce6fc50c51a385f42279ffbc

SHA512
db00002f9203e431c337338f8a29a01d232f853db4436da247194fe42a56aed0a41b73d7d6b5b2959438b723a767320c1e047aff2a50ad28aaa6c6458a9ea25d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f9a3b0dd7badc0c46a5f8fdd045a3e16

SHA1
b13492dd1f179c405b9b22a0f1f206b17f7f57a8

SHA256
e3af41d5df0f6fb2d1359c80906b8a3d9023b96e8dcb2c9ce027ba5e7acfeb91

SHA512
c3b8df4532acdfe409dd234c123a88f742692548db260df9b825ad2d5a6ccb91f1484802bc017f29a40cc4993d6b85490d561bc5a2ce4ddc74a680788c9429e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\8a6c6ae7-49a8-46db-9408-bd5d7e0291a6

Filesize
11KB

MD5
03cf6f498064a61bc44970ada5285ff0

SHA1
8c6fcc9df10a93d7632a483c69a9525d6911d19a

SHA256
fdb0970bcd149b24bd2a5b4a18754e28df74317a124c305154a4f3cdb8165ee0

SHA512
17da510abcdb213a95caf7073bfea957ad3824281cfaba11fa6579d5ce0a5881f32046d708dad3d4e7a0d4622d37756b010cd54d6ea4f61ecb2e2ecfeda9a0a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\ee6223bb-a24a-49c4-8732-930a9cccce43

Filesize
746B

MD5
2a8228db75a0afceee578042418a7b10

SHA1
18346419bf43dbc64ffd43dc980901c875eace66

SHA256
538d2c0c4d4804d55a24931e973022ad740954c9f13388008f3c758948b92d31

SHA512
befad10d0fab7b8370e4fdc0a7a3efd167f3e362193860ec2802b6db1c8d5c61cfd97733e78d3d3bd5d20523a23a5ffe4e4f4cb1defa563e2feba3a057ffc005

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
7KB

MD5
5ef335ede5d275e075a35cfe0c6f011e

SHA1
59df8811c645e39e8b51f8016e960d7b079269e0

SHA256
4f964e208c9557d7fabe2f91fed4f5131280b23f46c9890d5ee07f0e046c7a03

SHA512
9d7e5d4952546a17c43efada844b30d5732586cf63cf55b86a17cf5a1aa5feeb49cc1eaeee85ea358a6eaf719373749cd107eab867bf8c356715646ca0f38cba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
9KB

MD5
08fe1785a94c01e657bc5b447496b8d4

SHA1
921ecd4060e7a0207486c096b5d8638745bd6ac1

SHA256
71485bc7ffc88a91f0a1bee8de676d706c2aecaf61674eae8cd50030525464cf

SHA512
b54e8a5c32f3186aaba07aff3c9aa5fc8b5baf9106c65bea6d9359ff804ef85f197e14ddd3c615303533927966852ea0b275fd57785a37942c174b6ef2f778a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
10KB

MD5
060cbc1c36773ee5ae65f3df05b30f5f

SHA1
789fea982a1f55bfa3d857523aa6d325717b2a23

SHA256
a17ba65d69d2fbabe96c95214e39fdc4ce18665fcc576d8a569cb5587e1bf668

SHA512
b485be3f3d308c638bd6020bcea328977eaa9bb9c86acfdd735c1004c567641aa55900278489178f422f42725b625e408492f981d3d99a76f35aa23a963acd9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
4KB

MD5
5bbaaf92b6df564283c01a35e3d33072

SHA1
a2e98afdfff56917e597e8225c59d7829e71a7cc

SHA256
cfa9006a0ec5c87731a759c766f0d8e3cc5cd208aed9fb9bf3eea85c1d9b2ca4

SHA512
ae36b93c3b22079c5f7ff63671910e658ac6367f18fb462b8c9acdf68c9791b7d1822764b077e5bd49b479d6c8b2be865a611c49bb1b8ed866eca163f4d25191

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
5KB

MD5
977eef2da423107221041099bba53262

SHA1
3a7e83f91e362c28a4422dba538d3d3f295e43ca

SHA256
bce293e316dd3344e8bc15708eb8b02a7664eb9fef3bbee754b9aab1e25c76a1

SHA512
fad301fc54153c06fd0b4bbb576bd6ea2008eb67cab47b3eb54dfce1f00c1f7d2ef6b9941f0db030fe1a8df834380298463e8418498d11675a924f2466610a08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
6KB

MD5
7a69b38fab38b00e28bf4df7506093b0

SHA1
424cf00587b9fe6387651a52b6718c3a1b2ae7db

SHA256
8d4c35adc122e99b3c08da16a3d7c54acdd5865de78228f6d5231b10da5f5174

SHA512
0f2b30b939f7e83e8335dbb06ac36bcd188d67f09b9820bceb8e0d0bc3d8f49ba733a400cd4d0d77f0548f1f6a927f2f8cdbf4322c5c274096ee2d5d93289361

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b21cd3ab737cf19f81d467850d193eeb

SHA1
7cf132ef8ecc21611eaa90bbdef651387a1c84b6

SHA256
3be9fed8fdb22f7e67b606311102e34b90d4cf6e558ab200b8a78a6ca7317d79

SHA512
fcbebf0012664b4c22cb873b697a3e4ca975668959316b99b4a50152d7dc5a6d112cf5b4dec138ccd844e1a788b77dd263d1f1893ff212961a3eb8002aae8ff7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
52415b24d67852e8aeca692ee519aa59

SHA1
61c9ec263ab19a4b3dc701803821fddfe65080fa

SHA256
92d63d3425c9816d226621c146690af1be7d818be7fe29392ecf0e3421eefd9a

SHA512
9a13daee2a7d92198fb97c6dd4da0dfad8ab22961ddcd4e96faecb277fd8774d9d4b9571f1143583d1b6d7b40675dcded4fdf1f5aa3f0738028740ddc82be355

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5c621ff555d3acf8c0441dad76f382ca

SHA1
18bf8064c2c248e7e3dd6ef623e2d4e27fcd815a

SHA256
e18f9d054675fbb795c9f8c7d00a3a43b7cbb881e847ce94c17b6c7ec374ea2a

SHA512
a71e62cf567b09997644d73d08543bd11734b4f9226466570cdf38186ec1e543b7c7b2014e8702b86520850fd8ddbfea0a05afdd0172d74a0819f51e2b08f689

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3757b329c479e8af8d11b17723e250fa

SHA1
2b4fd468e154844fe42f67a20e01013dc0ee029e

SHA256
26cb96a8e202aab824f9f756c27408d9a5228d2da06df29d7c74d380c350f5fb

SHA512
14422450800bae6865697d9a5f63ec9b92b9475737230a0ed8cea379a802583e7d2c8300b63919fe20533207c8aefa203629a233f68913e0cd32161c6639c813

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
54a4be4a44855397c40a6345fd051bd7

SHA1
a5e2d5cb5a49d3b11e98ce22b5bc7404435566fd

SHA256
311fc0cfbc0ceb4e913ace7d5079283e4cbf1c5a3abd3b780abb87cd93dc4207

SHA512
d06e72071b780ecacde5a65d795277f76d9e69626a714749de5e4e9f3db495f20ca82f03aa72b407833ee487e919e69e57824995344aa8afe55ecbbc80728f42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
35113154597ecbec3aa154e32479db02

SHA1
e32685b3769d5582dcc55661a0b4ebe36464e776

SHA256
55f57c7ec49791ed987ab258f639d7d797b4beb34d1bc9c4c6d39f23ae5bdf6a

SHA512
ea9b97f7b28b8c5c12d1bc7c65d13b1b71b835181d552d04e51578ce3e26842b028bb3405b58d7b4159fc8f8a03fb06dcae321a04289e96be8abb5d355d9bb29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
c2af4ae61a09ffb4d3172b22d7a68d3b

SHA1
03997e00e29dc5a664de8a19367683a5373a4d41

SHA256
47ceaabae1dc328b2ab590ffd70422d9529b99aff2ec8c4eb1f9cada28f165b5

SHA512
f1622d1dd0b25d25ae121fb90dec527ac99b0774b794342011e0505914723ce8a5ea93247c43d8d59e3b208eb02a0c99e49c43d969c76729cd4710a527a83ef5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1e551f77e9ba8e4e72070809d81a6ef7

SHA1
02a60a5f8c406cc1083629b267239e7a5e955d46

SHA256
48c4e44407894516c4d7264e4ff9fca0d500dc7479d24e9fdd39794931f719f0

SHA512
5143b0228e927de946a58b7b39b42df89d64c0b9fe5d7b640b3944674fb52e2045c91fe6a42f8083f5f011c28ead0e3ba9f49d1da8165afe611b4f3e01d8e354

Download Submit
C:\Users\Admin\Downloads\soft

Filesize
1.2MB

MD5
0151e006443174af2f2ea167eb3317fe

SHA1
4867584b2bb6a5d5b9082a5a1b5d2d571eed7ce2

SHA256
af722c86835a47bbb5913361b0cedd00288aa23edd04709460902e4cc04be497

SHA512
f8ab571eece442e2c50574420165cb5beeeced3d8561b645c7f771fd28d499fb77bede7c49be1777ee6edf57f86efb6f43614415aa69837cfc1620cca9211d7b

Download Submit
C:\Users\Admin\Downloads\soft.exe

Filesize
342KB

MD5
ff448ebe11d51f4a16437a6dea9afbf6

SHA1
22fe542c84f9cbb9856eba812888e30371ffb34c

SHA256
2783b72d465cc010906d4410b2cb24bf9d57f0406efdaa528098ffac1de0572c

SHA512
5c831da76b1c2b7e618cfed97520def145be659b2b829d5bb8bc214727a504e9cf9b6e264c4d23eeb2fa814060aa5341c7ce56e96e44a8d7153e4377c006d7f5

Download Submit
C:\Users\Admin\Downloads\soft.exe

Filesize
640KB

MD5
99dad2f664348e3625eda545e91544cb

SHA1
90b2d74f78509ee377673939141cb57f843f10bd

SHA256
015c9fac2a0dfa30a0ed3969013d48b45d58c2f382946ef8e4ada20269eb31f7

SHA512
64b4fd62b0071670faef4238dedf627b154ee80afae0e026688669097b53df4d8f7fd5d767a8d6e7bc977f4cb824d0b2de8ca33da4d1c33fcc54f4d3ce6e5dac

Download Submit
C:\Users\Admin\Downloads\soft.uKFyo1Gb.part

Filesize
3KB

MD5
3d70450077c2ee3412016b1e30506785

SHA1
5565b57cb3ed9e5c999abc2fc10388c37f6cbd19

SHA256
b7063d8cb23c3807b20bfbbc0f1cfa577e4aa58894b64c9d897db10b1fc144e2

SHA512
34575e170eea48c8ba7f3b87041292e121ac89451a6daa40a8c29d6ac9848c132a36d01a8f4dd89152eaf2e8818780f55d60bb260f60f136d185f012701d0ceb

Download Submit
memory/1176-2126-0x00007FFE2AE70000-0x00007FFE2B931000-memory.dmp

Filesize
10.8MB

Download
memory/1176-2124-0x00007FFE2AE70000-0x00007FFE2B931000-memory.dmp

Filesize
10.8MB

Download
memory/1176-2125-0x000002705BD00000-0x000002705BD10000-memory.dmp

Filesize
64KB

Download
memory/3808-2122-0x00007FFE2AE70000-0x00007FFE2B931000-memory.dmp

Filesize
10.8MB

Download
memory/3808-2120-0x00007FFE2AE70000-0x00007FFE2B931000-memory.dmp

Filesize
10.8MB

Download
memory/3808-2121-0x0000022D7A850000-0x0000022D7A860000-memory.dmp

Filesize
64KB

Download
memory/3808-2119-0x0000022D78280000-0x0000022D783B2000-memory.dmp

Filesize
1.2MB

Download
memory/3844-2241-0x0000024BEA710000-0x0000024BEA720000-memory.dmp

Filesize
64KB

Download
memory/3844-2240-0x00007FFE2AF20000-0x00007FFE2B9E1000-memory.dmp

Filesize
10.8MB

Download
memory/3844-2242-0x00007FFE2AF20000-0x00007FFE2B9E1000-memory.dmp

Filesize
10.8MB

Download