hxxp://google[.]com

Analysis

max time kernel
1512s
max time network
1503s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
12-02-2024 20:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-334598701-2770630493-3015612279-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1636	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1804 wrote to memory of 1636	1804	firefox.exe	68
PID 1636 wrote to memory of 644	1636	firefox.exe	79
PID 1636 wrote to memory of 644	1636	firefox.exe	79
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 424	1636	firefox.exe	80
PID 1636 wrote to memory of 3844	1636	firefox.exe	81
PID 1636 wrote to memory of 3844	1636	firefox.exe	81
PID 1636 wrote to memory of 3844	1636	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://google.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://google.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.0.251117371\480436875" -parentBuildID 20221007134813 -prefsHandle 1796 -prefMapHandle 1788 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d732c1-bc96-4a9e-bba6-5a862f9f4f2d} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 1888 22447fd8858 gpu
    3⤵
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.1.1214141869\1348415779" -parentBuildID 20221007134813 -prefsHandle 2284 -prefMapHandle 2280 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2e190b1-c072-4b1b-b062-95bca2b6b310} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 2296 2243bbe3158 socket
    3⤵
    PID:424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.2.951090099\1279886442" -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 2808 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b277ac1-ecc4-40aa-b4c0-f93cd2b958ea} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 2880 2244cee1958 tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.3.293302782\1061295449" -childID 2 -isForBrowser -prefsHandle 3512 -prefMapHandle 3508 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0140f226-30c5-4e62-af76-cae5054701c9} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 3524 2244e00b158 tab
    3⤵
    PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.6.1792443601\104103856" -childID 5 -isForBrowser -prefsHandle 5412 -prefMapHandle 5416 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63eaa2fb-5119-4b38-9552-172734a6ef07} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5404 2244f750a58 tab
    3⤵
    PID:4800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.5.542209709\1899618534" -childID 4 -isForBrowser -prefsHandle 5224 -prefMapHandle 5228 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {288cae43-90f5-4e6f-bc3b-06e37f9f0ebe} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5216 2244f751958 tab
    3⤵
    PID:1588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.4.381628102\1058825360" -childID 3 -isForBrowser -prefsHandle 5080 -prefMapHandle 5076 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03ab28ac-031a-4129-9133-3a57d61f4ad6} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5088 2244f752b58 tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.7.1734974124\370631679" -childID 6 -isForBrowser -prefsHandle 5464 -prefMapHandle 5440 -prefsLen 26379 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {246ad62f-4180-4a80-9140-1eec069c13d1} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5436 2245085b258 tab
    3⤵
    PID:4912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.8.144036315\628869739" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5828 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ea2dbf2-fde6-44d3-bbd8-dda540471941} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 5440 2243bb30258 tab
    3⤵
    PID:3068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.9.74176042\325331493" -childID 8 -isForBrowser -prefsHandle 3024 -prefMapHandle 3064 -prefsLen 26458 -prefMapSize 233444 -jsInitHandle 1064 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a1090b8-133f-4aee-a685-a22eedec777c} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 2948 224504cf758 tab
    3⤵
    PID:1808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\12240

Filesize
10KB

MD5
b84db9d01788d73b786a4018860a7353

SHA1
8274e1da38332106750ee66047eff45dc3331479

SHA256
edd3fd290ce0d9b893db59550b12a321a498f7d47269277f224c4bfdb5d3073e

SHA512
a31ff9cfc87fafed41bd6ca7beee8b16528a8cc7d4755749026dec844250e528a7da53a4ba80fe2f91f50a3254c69e456d9f4eaffb6b87015f765a1813bd7706

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\doomed\8329

Filesize
10KB

MD5
ea86aa1ef892aefeb66390127449f7e5

SHA1
708e26fea359dbf95364dd7c8dc3bdbd16a5912c

SHA256
d3e8d97fec975eb431d11c81f684def2c0c354a33a92ecc1f64a4bee21c15f27

SHA512
f5e5d49e36d9c03126ae07a9092ca67bb167e5bef364c2b4de0f4ea983b2c20c0964378564b1fc764835ae1dda44c77058e8f47ba6aa5db5f5299bbd20ca9154

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dqzncde8.default-release\cache2\entries\32631362D45BF3A2CB3CD7A0326298C4FE5A620E

Filesize
204KB

MD5
8af0c0f1413608eb35d553a71a0203e4

SHA1
d4660b245203f01ed58f35a8b362e79ee7f595d9

SHA256
49720f8d10f54a40f7534402d0e948b692e1b16b5b4a4eca3a189ce0f8122809

SHA512
7b03e1376b3566af5509b47d2770b3462d8dbf432cd3f5f88eb12c9cb0ebcb43661d242f7415242ad22000419224bca998d0edf394f2cbd41beed45de5f3ec99

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
76a60b8b4589c6e73f913b322642248e

SHA1
5f6cab77d960dc050a6da36f9416ff3f98610de1

SHA256
6f366ec971a4acdba0756a1e740531cb0cc82a45ebe9c3353ec49c7c3b5b6a7b

SHA512
c1742560a355a6d07a696e74fb32c373b9a8493590f1075723f1201e9d9ef3357743e6a0a5459110164d79a0113a2cd87cef2f7ade519de000cc4262909ac9a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\SiteSecurityServiceState.txt

Filesize
455B

MD5
de083b1ec233566d9b41ec4c2e9e131b

SHA1
1bff615757eebc22a3966fd3d1973103533283b1

SHA256
119d5bdb6586ad0779e296d7f4966e6c0eb3e65b734e39eb528e7d4cd55aa0ed

SHA512
4a1eb9412a4363211bad903fc80dabd29e653e65686d4f8601b558dbec5ea00aadc663bed0212b235895b0763a36204b9885f056ec2fdc61a7ff285c21bb53a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\bookmarkbackups\bookmarks-2024-02-12_11_zumuf5BEecglHtr+JgNPRg==.jsonlz4

Filesize
941B

MD5
a15899d0f3d98d49a19b5c537e680c6f

SHA1
824710cff0de63d9c0b6e64c39087cb8fc0db682

SHA256
003efcfc372a27f8a19308a4bcb002fad394da8df2eaa60138c6d7325eaf3bfe

SHA512
555b9dcb71b7b69ec0a89dfb2a67e9a2b7b271c9d8594ed4c4eedf9721464a9cd123e3706a2081b80b656dde6183680a459c1232729e22e8067d3b99478c4165

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
7aed09aba7abe8e298f41430812d50e2

SHA1
3945a2a2e5ee0c1056a0b232d51511c20fb39c7e

SHA256
e7fd04da3621af32c42759bda006472bc3ad183b62ff959dee87414e212b87cc

SHA512
d41b24a6f5ed55af6b836c45e5bdb1df8dad40c79f82aa9bcf61f350372ada5b24355553447de3113c5024c6a601015ac3f6b36690b58f35b90310256dfa00a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\pending_pings\a8673896-6d28-4255-a559-109fafe7ede7

Filesize
10KB

MD5
0e29b21bf97231d05858e0b575a925fc

SHA1
a8c0fcb5b16d8a9c4bd0b934da25ef58787ccba4

SHA256
ce356b16559be809c8d3e8d95e9e023071bedc7893b65796deeabba6d61702ed

SHA512
df8034d4932b1856a9f23a4eeb3e1eef3be03c8df0f21df4d36420c98e1895e2473f629d44f875b6983de4f06b83a4fbcfe9554886ce0a71380ff85f65eea72f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\datareporting\glean\pending_pings\deb6cb40-aed5-456d-a6e3-e65c868ba646

Filesize
746B

MD5
6b560768ece1e4e83b707851f05bf866

SHA1
c5d688752f312a041be48ad669f588486a3657f7

SHA256
cb79fd936b199d5e63f8b59022f188ab86992a04b4c4f2972d8bc58a91131b0b

SHA512
af4cb1713dfadf0361e0818de2d5610141081d4644496a099be029f0fde24e9100ba62e18145987fe222039050e42ffe01bbc6af47b44252f60b32b058dd15f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
6KB

MD5
c2ab087dbb8163b52662d16058727217

SHA1
5de4d83ae9be7346467a63832ac08b95e4087397

SHA256
51b804244953256a585ed5b3b118dfd9415a16b55e94bdef352a73aaa62e887e

SHA512
b4b386036e4e5f5f703f159515273185f18adb48fb4c9c3bdce393c3ee8c8d4885e4d6fc4ba66097d6862fe096649d06945620573876fd12a05a401b5f1438ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
5b1849c9b90e53597549190fa6a00355

SHA1
45e0da67e52c20263f22c313105597824129e811

SHA256
cffc3967a51f4629b24b5f3ac199456377151e40bc146ad76d9cc920088a9fab

SHA512
bcb794046e4cff33ea0f274a2e40fa74e90d54bd0aebd3de081014c06a59599655bb6b3fa23fefa052c06089a204b92333985bc87468afc8ae221aca0e63b97d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\prefs-1.js

Filesize
7KB

MD5
54883a881d620fec9558feb11bf064f3

SHA1
e0c0c59ad120e9dd14dbd533b722efe8eea5701c

SHA256
60bc9aef80d1235b383edae29bb18ad3ee5f579a1113a60f6528be68a1d8fe56

SHA512
13b741d610d98dee8f3c05c5c6abb1df2ca0aef6057c0c1b30a420bc7b9913f7d344d510078cd7b8e2c96d97755f45989e75aefe3a4e05b27254bfa95dda98a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8bab2745fa57e6a10833798629dbbca9

SHA1
bbafb2db9783f961ae3abf497bc0268ff9e53196

SHA256
9309d797b9845e0bb690eb0e22cd4badeaff2c853c9d3a8acc10510a09bd51de

SHA512
6c00aabe27ceb315f272b4402263e607e274be8ed346016969029637de93a70786d3aef1f6443ca161c7a06e3045a5a7f6fec56dbf1f2538f766e00b72b8c2a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
4b7a38639001147eaf4c1e8d19d72891

SHA1
9e112753ebd83a2711402f2d4b4c1b2ef6c6abd1

SHA256
4a349762ead01c46e76c94142e314d0950f6ed335e24f8f5aee6572e61df59cb

SHA512
d371aefa4dae2241888f3004464d1067b2c17d79bcc8edffa36e01a9894062cc6101139f0d1f4b374c36ff7e9c899a848ee6097f2f34382ed0f0b5125edb5645

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
988B

MD5
81c9a5d6062027fafe2f1176949a6135

SHA1
31008910c425a229d069a765b1c5f9c8da04c4f4

SHA256
72bcdafe361c4f0b2938b736e8b8f2e6851092fb303d8d26f92aaa8522a6164d

SHA512
a0344cf8e3a9a0724a93691803238109a2ba8f71772e0ace242d419afcd2fa53bdca0472169c520cb13366be28494d371b51a23f6a113d674b7e80486f6db1a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
67d18fc11c5caa36f5808c97c22bf7d6

SHA1
02d09afee124946698bbd8db827f5602b002cb02

SHA256
8f6b300fc7dd097aadec0527b223868ed2dc5bfc233a2af43e8f3c0b56dcf41c

SHA512
42222c2ca76881691730f194faa1c9d151d5c4e6c82e951557fe381a5fcfcfee339674e265010c5b58e1135f0fe925df4dfc46dde62dcd1c3e4ef726efe5a923

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6c2e2e7abaa0f8d07558c6313cc70d24

SHA1
5b3ad09dbdde11766382b9199577ca778f293667

SHA256
5271c346ade5f0356b2ace0e479dcc318ad9f70644a7414a2e5e0ba51ec36071

SHA512
9146495f882daa81ec056631f34a3587679bb77096b84810a915250819412069af467bea9d37eed7b8f6f5fa809f9b8b02d38d9d9e55ac20bf7f778b084ef026

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
8c170d5ba915644a4b225b4263c45eb7

SHA1
57ecf3f82fbf1934b10d536e986f6526bda582c6

SHA256
ed22ed783b341424ea2a4545150a521d3ef68a76c1dc92fdc4dc2dec2fd67634

SHA512
c6ed447dc6e33f826b639825858148eaac7079fdf9dc2b59c24aa02ee040635416796461eeb4d88babc6dd5137c3990551ab7f950c3268ee09d5bafcf6b0aca0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dqzncde8.default-release\targeting.snapshot.json

Filesize
3KB

MD5
14797e233c64ed35e73b6555a95d2d9f

SHA1
f6e25ced324b74b2cd6ec397432577db879d2b69

SHA256
eef75383686d273fffa37e1aef5536d30744df3d5ae3850c9e988c1c4aa5cc1a

SHA512
2287c6e261fe0362c1b7c890bff020e8202b608ff2c5db28f7ff2f54e94056a4ba0c339c1afb36375b1cdd4a8242c0b74ab427d71150df315c1363d7ba5108f7

Download Submit