93574ce2aec497d3e9fa72f07f2b7244d3b1af01828889d0e7b4503568af32f7

Analysis

max time kernel
1518s
max time network
1510s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1146933.jpg
Size

229KB
MD5

2e8cb8e61180985258fbc4c1ab638032
SHA1

4c299625d8ab9a93ed1aa7d37e3276a8bb182d14
SHA256

93574ce2aec497d3e9fa72f07f2b7244d3b1af01828889d0e7b4503568af32f7
SHA512

0da7373dcc1febbb03dc5bf90901eed887ba3389f0900dd2affda2416ef9b2425a7885899289a6087e649af0885759e33bfb40d1da79d3cd8be145181717eb0a
SSDEEP

6144:YpDNfRfHYFsDUAgP9mJjq0BesX21+fgIu7dyL:o5RfiRMzesG1+4x7G

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe
Token: SeDebugPrivilege	4424	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4424	firefox.exe
4424	firefox.exe
4424	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4424	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4848 wrote to memory of 4424	4848	firefox.exe	89
PID 4424 wrote to memory of 1748	4424	firefox.exe	90
PID 4424 wrote to memory of 1748	4424	firefox.exe	90
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 1532	4424	firefox.exe	91
PID 4424 wrote to memory of 3408	4424	firefox.exe	92
PID 4424 wrote to memory of 3408	4424	firefox.exe	92
PID 4424 wrote to memory of 3408	4424	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\1146933.jpg
1⤵
PID:3748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.0.883856637\1849213817" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {049c0f25-728f-44e8-9e69-3d400af9d0dc} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 1964 261706e7e58 gpu
    3⤵
    PID:1748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.1.1503074201\385799817" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b45154d4-58f5-45c4-be53-0f045c6aa2ec} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 2364 26163e70d58 socket
    3⤵
    PID:1532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.2.200983953\395282663" -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 3068 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9fc790e-6618-4804-bdf4-bd1564373d9f} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 3088 26170669558 tab
    3⤵
    PID:3408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.3.1382120840\538881839" -childID 2 -isForBrowser -prefsHandle 3564 -prefMapHandle 3560 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd6eb844-135f-446e-9b57-b28c4b33d010} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 3456 26163e62258 tab
    3⤵
    PID:3040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.4.697708339\758329949" -childID 3 -isForBrowser -prefsHandle 4384 -prefMapHandle 3848 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a5bb609-fdb4-48bb-b56e-c1ec03f1f649} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 4372 2617653d858 tab
    3⤵
    PID:4092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.7.639142271\260592304" -childID 6 -isForBrowser -prefsHandle 5480 -prefMapHandle 5484 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ca9b52-cf8c-4a46-9850-b1abc62ee512} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5472 261770a0058 tab
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.6.60697980\372650029" -childID 5 -isForBrowser -prefsHandle 5292 -prefMapHandle 5296 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c12473e5-4b24-4c07-84fe-bbf1493aa5dc} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5284 261770a0f58 tab
    3⤵
    PID:3772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.5.1530909356\1603936889" -childID 4 -isForBrowser -prefsHandle 5128 -prefMapHandle 5124 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b082eb6e-207d-4af8-8b96-08dd0ec5ad5f} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5156 261770a1858 tab
    3⤵
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.8.3758003\115779957" -childID 7 -isForBrowser -prefsHandle 5940 -prefMapHandle 5976 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7529bd8f-2c52-4dfd-a18d-9742d8fb9d92} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5980 26178dc0258 tab
    3⤵
    PID:3260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.9.1546195299\605995665" -childID 8 -isForBrowser -prefsHandle 5660 -prefMapHandle 5212 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28b13d5d-e785-476f-af21-dbb36d8fec60} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 5216 26176d41758 tab
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4424.10.1578263768\607549902" -childID 9 -isForBrowser -prefsHandle 4464 -prefMapHandle 4448 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1420 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f68a8595-10c7-44c7-8161-da305d244bc6} 4424 "\\.\pipe\gecko-crash-server-pipe.4424" 3384 26163e2f058 tab
    3⤵
    PID:3488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\doomed\13149

Filesize
9KB

MD5
ba07337043fb9a7e7c5effd4f92a94fa

SHA1
6945e8af4a8ae3845fa62af5bf3db0e1958f3ae9

SHA256
d4797d91138db6492e97492e91394e75ddd0c6f164e637b20eb962c94315f1c8

SHA512
b1204b9e358861b5447a60dc9c9aaf68c31e39c57b62f4c2f578f61b2a3f0a5085ff72110c7f8f0e488737cf3213130a755e412d8e9d4280dde3d16ff48afc3e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\entries\4EED77ABF2B13446DC47048EDC01C87DFC8AFFC2

Filesize
32KB

MD5
5d30f1c0394f4b5f2700a918d62c0460

SHA1
73d63fb59cc9340a71d19436a40b0268b9cd6782

SHA256
481d1ea6b6d18387139d557e1d05eec1def2f814bc2c4f9c307688df3a7e5f1d

SHA512
c8321a51a4c2b0be2579a711ebe4a957a09817c19cca7267af9cc480407496f456186771bcbff73ed0802d64bae4bcc5033ed632a6d3013669f5dc4b340cf26c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\g5azq69j.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
d0961119b8f014136d957c0bb65eef7e

SHA1
0787debd73570127452ab07aa6b9b3105deeaeb5

SHA256
3325e869853e1facf13817a0de16ac892c643071a04eac25b7e450be02708d7b

SHA512
06a6a407195095cf6235f3757dbea57868aaa1aebf1dc2f6a4222ba560a92b28ead389738e81aa9002c643e6f5ea913dedf332ef34d6ece1b0fa504e4a470df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
1f56bc1fdc64071a1fddb67773113498

SHA1
9c8120637b4880e67a21c3c22a95b31e33ee61a9

SHA256
56277fcfdac7f018302a17e7a22cb19a77cd221c7835a122faba642a554c13d0

SHA512
3e8748da68504378a5f15ebf08267e0001f16f4ce9e3ded37755f469a0eb7f7596cc3e4e6438335dc1b98f7c038cdec4221ce66fc4d69089f63fe8e883b6309e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\bookmarkbackups\bookmarks-2024-02-20_11_ciIxfDl7FJ-KOzubC1P9iw==.jsonlz4

Filesize
949B

MD5
10e29181d8a1cb6ed5fb00e844502310

SHA1
4e247271ed4f79044983204895fc0b184ddfef18

SHA256
236e77a1d7052dc2e0ead4e6cf0bb9659c2af3b9c5f966e63f27e2f299666b65

SHA512
b2e0c9950a5d921662adcb25012b9b9e43225519736d969f2f6b003beabe2f4d7ffb3fdbabb670656fb1af772db2452f3e95ebf8778914a6a5c863206560a4b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9987d20e616a9d7c26220328a7dd64f6

SHA1
ee82efab5376762e98a3a1b3177113592e1efba8

SHA256
b747a7b260081ffa665160781d8c0ebb863fbd5fda8215ada0813443b58a6638

SHA512
1cbad80428931bc7dff8af0c6f828b2bec48adfb0787a63c6dca944cf743ade15e82988bce1818f96fff8462d3a8679098075262b2b78f21dbc4440d47574ca9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\186f2f71-0b0d-412c-ac83-57baeced8bc8

Filesize
10KB

MD5
eeed5596c128ef34a62cbb5fd07d41e4

SHA1
601e6b84783a70ca3f2e855494002ef8f70879f3

SHA256
12181f39bda0b93f956bbf8eee959f42de66b80a6048eb6d37a4d6b8a92ea0ab

SHA512
4e25de006ee1c249701633c2bd40e08a9145918b37de8eb587b040fefa1d90dccd2f04da03affc2202276b02cee3071f9a9e7a8cec11dd5e26c2c437e3a88a70

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\datareporting\glean\pending_pings\4399e6c5-4c90-4f9b-b949-ee52426286a1

Filesize
746B

MD5
95218a7496e8db1d576624f8ba69bbd4

SHA1
9d614c5a365876fc62c15de3d6b503033b37ff8d

SHA256
eff2ca9b740ec815caf2f6b095301dcebf25e88ff2a66081544b587297285488

SHA512
0c1f3ed5b761bb915e443fef679a02214781ed5bba0d59cf102dc6f9453ae284cbb2fd0b63fe538ce7a4e414475bee4a6fcf91c5dd04118062ccd9fc0af19b21

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
7KB

MD5
e0dd32764626fdde0af04c8feda05e53

SHA1
0dbd62e6a34cbd4c0077de79e14d70b8f86c9dc3

SHA256
d4c9fc8f86473f05e367181142821efd1be41768582dfdd8ab17f84af6a07c86

SHA512
2c68ea8a59a7ed9469f1557f9748404420ceb3e40292806b48e3fb06093cfab9cc15d595b50b849039ddbda9eef5be4e549938ee96f34f38b7f999f646ec71ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
7KB

MD5
7daa3757d1cc0663899f5a525e230d21

SHA1
a3bdbd454d85606f7879c943af27eef352365862

SHA256
cff34111b9ee8245f38f82497ec1f1a4da98fd2a93c53bd48df698413ee15f26

SHA512
d9d5ca0ae4fa9034f27cf0441dd2f190ab3216cb00f48127d09c73231544bb895fd94d28ddbe6ed9eeb37e1983208595dcb51fddbeb236992febdebfc23c101b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
6KB

MD5
4ea5043bb7a8212909bb52e4f47d2155

SHA1
0b4a781ec788eccf1981b646514948453a5ad282

SHA256
41314d273bf2359664767363c8b296ea40c8c0681634a32c2eeb230e69f405c9

SHA512
73170caa9b222c62fdb85acf9b7964a412394c94a22762d73c2658457b03c04374e0b9c8eae528bc784b43c389d121bb87e758905d237ffef18eac583b8bbe48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs-1.js

Filesize
6KB

MD5
35705a7f836969b6d48d64961df862bc

SHA1
60cb6639ee861b499cf3f1ce611ed12b88146f94

SHA256
b1fdb1a24fe5fd85183c40b2928d349da7e9dcb3908e2ea25a0c457a2ecaa24a

SHA512
24c4923bcda45e6a160743a33d09e210c752fcdb0b235a7750cfaf3aa11a7634ac0b834d7f303e51bc691a9b9e3e96f470b5d9e94aaca54be2ab3118344b548e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js

Filesize
6KB

MD5
67e370c30ec9a859f64ce2b050758271

SHA1
b47641b721ec6d0802bef8f4e0f031c236330a18

SHA256
5126b10e779add2cb714074052b6ff3d6b4d28660e044dbcef0e418444086998

SHA512
a7781dc4db551bc65a55d8beea67daa8bb1ce63503590b828df4d207e2cbf53bf5889f7d5de1ae35106245a903c37fd9cac23bcbd3055d4dcfe8ef8c5e9b9765

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\prefs.js

Filesize
7KB

MD5
ebf9d778a0c78bd5625f412e00cf303e

SHA1
e741105e08df4d4490d8e2d6d42a7212451aff89

SHA256
58f0f4e8093effede7d3e078842b8d780e3438beed4d1d3b6ff7a66178acff3e

SHA512
bb798e764e15c2aefa1bd330b8b895a0dad7aa337bc003aded0e79ba9da6d6a541c796078706295135c0b72df9fee39dad94c2f5da0243b0b5fd3e5a13536bca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
b4ba74deb532e883a4add8ba96435a5b

SHA1
2a702aa9cefb5d3d932c47ab1ce8f6a8808a39be

SHA256
9a1046748404032422a72473113f9053405d4f9ebea42865a01607945b0f3a9a

SHA512
981933ad50aaaac1b51985f3bbede5b1f6da48c7e466c027e7c23901ab2c464bc0d8dd67f8c93e42ecd3bcf8d1457ca18fb24b3c1371a4bbd9fd878c0ef7df9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
143c42a202dfd041a4ccf481e796ce72

SHA1
da26795d39aa4d94e2df6cff1ae0ce9f10eab49e

SHA256
e4d201697fb764b640726271ca86794957ded1c01d08c401701d89fa58a0a899

SHA512
0f92b7a164be5f69332878df0dd28c01a7a25b7d8371d46e83d05e9bdbe35b95d1cec1f80886b7f4aebd199915bbd2c3268b2e9070bfa6cbacf1a6a784a3677e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
efb4e1cd8bee22ec9fd8cd83d7121422

SHA1
7b5b83e2112f6503a51d15abd4537a405486c930

SHA256
bcaa2c79db95194e817886b9926ad631f5e43844bdfa685d2ab89cb778a08436

SHA512
414e6352df3dedc1d203f9f082e62ebdeb6c4b3a84d2ff42f8feeafde03263e0c80eded91bcda62880900e206bd72ceae7a8daa939b6afbe13083ea188fec91f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
0ab15618916db72895655bf0a98cb5e9

SHA1
82cfd03fa5bdbf58c708eddb1421744752e5154c

SHA256
41b6c2bc235bdb8c7034606e15fddb2dac20286e93e4e292c9e6e36b02bbd4c0

SHA512
be4abe0e0986e5b937ff3d8d57babe232d48b6c4228924d23269062e28e669d65ed1c5a832b5ce010a97d0970919144aa517739c875238ebbdf8ff17ec3b040b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
c45991a2a4d6e3b185183fad2d955c9b

SHA1
a53e6982aec3212769051afa8e7544a7a45bef03

SHA256
693c897b2e6fab88878b23f8d72797246e082b2a41fddd1d6c2b8b1a2afd4216

SHA512
bdeb1eaab6e307c0a47bd6f17fb4b850fdfc008016a98bcc584ebf550e9209caf19c2011ddb476013af0a4780760f7170d16ad1ebe1673d6522aa1bc98ef9caf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
208KB

MD5
a894151f8a1085cd7123b70b2813caa7

SHA1
a6549adcb52b03f6ac046353be93ff26c9eb10f0

SHA256
2dbb2c76d0f14173b7f7c7ffe0954afe728cae8665b62cc353e206a4f52f3633

SHA512
f4417b20c687603dca239a506e0e0bf9438d1bd8a1d4f3eca518d68bd4e8acaa5b1df381ef1e1dc66f7e7bb5488bb7c684877d18bad0fc3739bd977fb39d3491

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
1ef7ba87efc43a51014169e3257b978f

SHA1
1fe3ae81cab6866424bed865e7210700f3de8711

SHA256
cb7c9fcba2bdc4880c9d9e91fb287bf3476bb72c321026ddd54de1ccb0d6470b

SHA512
4f984e9216efd32dc7fa4d850f610377e52f9c7b02c53905fb0233a531ecc8e0040ee97e8dffa39caf0322e2904d06d6632fa8bbc10758455ae51818eb81e266

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\g5azq69j.default-release\targeting.snapshot.json

Filesize
3KB

MD5
fdc6beae6cb7260e8733f87d23bd1464

SHA1
1105edfd01f3e1b36bf05a53d3d76665a930a7f6

SHA256
4586322fe0442447e923517360f35d898c44d81e932c20c884379573dc90f5a0

SHA512
ca5a0adb9e0355143e02303a24e5d971c3b40b52aa3957e47d2be42e417802d0bab3bb6f5c9dfa66a1e983a3b88d85f984f71766494143c12e104f618bd2d832

Download Submit