hxxps://gofile[.]io/d/bLjssM

Analysis

max time kernel
1514s
max time network
1519s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 16:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gofile.io/d/bLjssM

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3544	firefox.exe
Token: SeDebugPrivilege	3544	firefox.exe
Token: SeDebugPrivilege	3544	firefox.exe
Token: SeDebugPrivilege	3544	firefox.exe
Token: SeDebugPrivilege	3544	firefox.exe
Token: SeDebugPrivilege	3544	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3544	firefox.exe
3544	firefox.exe
3544	firefox.exe
3544	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3544	firefox.exe
3544	firefox.exe
3544	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3544	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 1440 wrote to memory of 3544	1440	firefox.exe	58
PID 3544 wrote to memory of 4664	3544	firefox.exe	84
PID 3544 wrote to memory of 4664	3544	firefox.exe	84
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 3488	3544	firefox.exe	85
PID 3544 wrote to memory of 5060	3544	firefox.exe	86
PID 3544 wrote to memory of 5060	3544	firefox.exe	86
PID 3544 wrote to memory of 5060	3544	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://gofile.io/d/bLjssM"
1⤵
- Suspicious use of WriteProcessMemory
PID:1440
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://gofile.io/d/bLjssM
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.0.942089627\1613216035" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff3c1071-668e-409d-aa3e-528306075e2d} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 1944 170f63d8458 gpu
    3⤵
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.1.2043474096\919161793" -parentBuildID 20221007134813 -prefsHandle 2344 -prefMapHandle 2336 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc3ccfe0-156d-4944-a99a-db3a797ab7bb} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 2368 170f62f9558 socket
    3⤵
    PID:3488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.2.2060296480\2146906021" -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 3064 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d394ed81-6c93-460d-bedb-40898ae3d862} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 3164 170fa3c3958 tab
    3⤵
    PID:5060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.3.1650492798\1156142416" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 3616 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7ab1a4e-2648-441d-b371-58bc3dfcfdbb} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 3632 170e9b2d858 tab
    3⤵
    PID:2268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.4.1599231312\1558871615" -childID 3 -isForBrowser -prefsHandle 5020 -prefMapHandle 5048 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e7046a6-bfa2-4f40-a0e2-9b6aea344bd8} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 5128 170fd292658 tab
    3⤵
    PID:1984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.6.1338445855\1090674750" -childID 5 -isForBrowser -prefsHandle 5400 -prefMapHandle 5380 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaff9f1d-c073-47e9-bfc2-4e3db02d8388} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 5408 170fd292f58 tab
    3⤵
    PID:2288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.5.436460658\1528406919" -childID 4 -isForBrowser -prefsHandle 4888 -prefMapHandle 4920 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {06134942-687a-4e1b-959c-5bed619e5e69} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 4932 170fd290b58 tab
    3⤵
    PID:1800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3544.7.406796954\1733899183" -childID 6 -isForBrowser -prefsHandle 5272 -prefMapHandle 5432 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1212 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8a62fef-80df-48bc-8480-0d630b354726} 3544 "\\.\pipe\gecko-crash-server-pipe.3544" 5408 170fd80da58 tab
    3⤵
    PID:4528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mlil8stk.default-release\cache2\doomed\25159

Filesize
9KB

MD5
23484fad99167f454ad0f696fb06bf36

SHA1
5f5e0366197c9a483ec77c04e41878ee8259b29b

SHA256
10b2dffe20950d4eb58ab3af5c303d4bc82863c4f5adbe5fdf8947d16ac9f9a0

SHA512
d25cb4c4e5d4c1c8ac761930c7ecb1b244a7c07da0509b2110013064ee14f23e483373e4e93bd0791796284850f03d0762b7e71f32a6d3102ca6601216c406c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
1.1MB

MD5
69b227684829586c4eee5a4d14bdc22a

SHA1
a32e8d71e893ecb5ef8bd38118925123b3d9fe79

SHA256
fb8867aafb2923700bd83b0427ccb981ef71831460050cefddc28d226c195be4

SHA512
876172f9c145718510a359e54ff002e332c00f3507856d754b26035b614a63fdb0ef6c7aaa1ad869d7591b8f1a430421ca6a338262163fb0bc0c77a37d7ab0f9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
e83126dd7a75ba5bdc586d9c68c2152c

SHA1
dd8e533597b9c65a120ba5a1a27caa2cd833d8cc

SHA256
840f458985d1ca3f567b370303c126bd98783e1a5a33676c67b8c7478cbfe532

SHA512
939ddb722932decc8ed312746ec5735a3ddfa8c85bd3f28348aa6da29d9fe7ab08eb043da2de60cdd4995cb35530874b0950468bca1e6a0efc3ec43d1a688ce6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\SiteSecurityServiceState.txt

Filesize
530B

MD5
c0c97d473671266bf2c83b17cf0acade

SHA1
5ef1a6327c5884d06750d1adbafe9fbfd6c0c520

SHA256
e527f0e0829aa79731593b76308cfc8cc68829269e1993597506210dfcd24ce3

SHA512
57cdddfc704a8f37ed711c518db331d1a9cfdee92a5ba8988846cc8d89e4dc47042bace141313a7a5edadb74c68198be4e67c23aa44a7f33e8ce53c02121b0f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\bookmarkbackups\bookmarks-2024-02-19_11_XufqHvbL7LRBLhXq7Iylnw==.jsonlz4

Filesize
948B

MD5
cb74667bd984e4a80830ba9ccf5d2a33

SHA1
56670fabdf8c9edc0c5db25a4f70db1e02514e02

SHA256
2fd2868bf1e1404ed504f10778d1f6805b67abfc8f0c05588eb75ad961328000

SHA512
56fa4d2504bf58e397326d5db5a5f7a18e8bd2bce3839a28f03618d1987933228391188629422fbb4a0461cadecaeef0ecb2df34664b6e21dfbaea6faf15f35d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
0ff770c937d5f02863bd5ccf2c39e355

SHA1
ab408062a182b8251d7873b7146fd5bf297c7e51

SHA256
ec4c079aeb02c044428af87f46419c39899a20d27d8bb7c8dee6983c5098a763

SHA512
4f365880e2e26d885033a61519600e3106b584b8eafbf3967c136609c99f97ba94fa788ecbc0c3bfab576c89e4b6de302c6e175d1cff02a122b03953d96fa70a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\pending_pings\7012a2e4-998b-4475-be15-6f92b0bedd2a

Filesize
11KB

MD5
d6295d319fccc775fdfce47bb8751462

SHA1
03706042c18154be912c31fbd0195e8b00cdea96

SHA256
caee637ad643133cd3eac8c242eb75791cde2df0240fc5135ebe78d802d1de85

SHA512
54dcb72dcf6e344cc11cce92a72a599ca29940a51666acc5a14d64867bfdeb6500bac01c53bc78e4ccb3eff8626a5ce8f2c593af9634f0e64fbe7c9e6970e23d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\pending_pings\accf88a4-9815-47b4-851e-d119da71e7c0

Filesize
746B

MD5
201d029a2191fe37f4006cc5a25a3118

SHA1
69837c0d8fb0cfe029465f1dbbf3ec96e4421dc6

SHA256
b01d04fa667e2bb5188590f84659d2602c79b14e3311e22bd4dd5ce34ed848fd

SHA512
f6ca24417530c659c3744f338a0493a01be8486ed46220ba263000f70906125d40d471e0d66309456de77029080dc9ef22f9ae2b4c482adbf8e2faad86940255

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js

Filesize
7KB

MD5
6cd0e6fb3ee28b8e11bbda38f7fb277d

SHA1
bac0753bfedced3c0e7a39fde52673e42f31e173

SHA256
b768d65f2179430ad8c3ec9a5ef5c18695af3d6126c58a084077aeb20543a027

SHA512
1c18cbca4d14791ab883403adee69ce75a06412aa694cd1c1c48a146bbdff3de8e2f7b3e1df535ce92814bff9c9706043701f6536a37b2ab8d238e30c85d40ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js

Filesize
6KB

MD5
c5169c3187e589f24ac74885eb095c1a

SHA1
ac1d99c10a3004169c091dc991dbf0838de5b1c4

SHA256
57108ec2933db6ed40615ab0c6168bb98f19a30985208299701a476f4dc13883

SHA512
0f83a4619eed30463506b470f6c35dae2acf95bcd40b39d61a9ee64910e3cea69f82ff2be850485fa1bf897ac274fa83713db35a77d60a486a6faa753f5457cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js

Filesize
7KB

MD5
297cedd2ad9b4c0f38b5404cd529e604

SHA1
0103d03d7c2696e9e7e3bff3d34c238590c72a9e

SHA256
0a320bb34ee20175e6ca32a0753d6418efce125e6e74149aa389bdfa9ffddcb2

SHA512
2b52dc80a0f5d4f6254e2bc40d988baa48b50472da0248fd9cabe9f8bd130f32336b7d64be2499f27059d8d57db733e7f34f1ae17bf9a7471fed683fa62161bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
0f9bfc7a45d96d1bac8e5f4aaebf1a97

SHA1
85791478949c068e64a8eb8f34b14576512fceec

SHA256
fb6a0c41d9064d250ea028a2b69f4e15aec597bb861d6bc60ead6553bc39902b

SHA512
7b2d2d91eabd9408679585bd344b26070e0b76b95abb9e1ced21ee40694e64cce96f136109185c3d5ec17e8a23fe0b859c90bdaea5840a80829f82cb7e3dba09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
6b6ccca88565c2aeaae23023111a9f01

SHA1
35ef66516991237940a6f8ce59e1185a2fe599b6

SHA256
41df8f93a547a9289737081dab4e97d67aac06673efa6215a683031d2ac0c1b0

SHA512
4fb05cc41b05f714097966ff0bfca6302dec3b23fbae5f0fe586b0bb8d67070c5f9e59ad6e811a5798b44fcacd39bd77367516e3e42bfa2bd3b61a274e0bca78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
03453e5754db2c433d108d72954d0fb1

SHA1
f518556c329a8b0437100507745e800c29c588c7

SHA256
1b89a0aaa36aae19cffb747bb77803b0c923b9021d05cebe3317afe0921f3b86

SHA512
c590e3527c64aeca468874dc50dc31d3466d95dacf9cdf7f98ac151a622186f2a470d9d62c4499beed98dc1886fd51dca24272b49b1a185dc955e507065df36d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\targeting.snapshot.json

Filesize
3KB

MD5
3e1e5859556cf62d814a3ce3de91d605

SHA1
1e251372ff364516a9e6e123164f4fe182a88942

SHA256
3cdd511b75f179ae814da7f5cabcdb47cced9aca2dd5565e09ba800354485ff2

SHA512
8565165dba290440812ba867f462b5e6e232d6486ed170434891ed22ea27e9ad285b60205fb7d3635d8f436627a60cb202b19eecdb86e83bdd8f68308c251a05

Download Submit