hxxps://github[.]com/Floorp-Projects/Floorp/releases/download/v11[.]10[.]2/floorp-stub[.]installer[.]exe

Analysis

max time kernel
1682s
max time network
1505s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 17:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Floorp-Projects/Floorp/releases/download/v11.10.2/floorp-stub.installer.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1712835645-2080934712-2142796781-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\floorp-stub.installer.exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4672	firefox.exe
Token: SeDebugPrivilege	4672	firefox.exe
Token: SeDebugPrivilege	4672	firefox.exe
Token: SeDebugPrivilege	4672	firefox.exe
Token: SeDebugPrivilege	4672	firefox.exe
Token: SeDebugPrivilege	4672	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe
4672	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 2880 wrote to memory of 4672	2880	firefox.exe	68
PID 4672 wrote to memory of 4600	4672	firefox.exe	89
PID 4672 wrote to memory of 4600	4672	firefox.exe	89
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 3644	4672	firefox.exe	90
PID 4672 wrote to memory of 2500	4672	firefox.exe	92
PID 4672 wrote to memory of 2500	4672	firefox.exe	92
PID 4672 wrote to memory of 2500	4672	firefox.exe	92

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Floorp-Projects/Floorp/releases/download/v11.10.2/floorp-stub.installer.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Floorp-Projects/Floorp/releases/download/v11.10.2/floorp-stub.installer.exe
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4672.0.306624025\57032386" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2107ee5-6392-4ff6-9245-ce148bbcc691} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" 1936 22868205c58 gpu
    3⤵
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4672.1.442626301\131322251" -parentBuildID 20221007134813 -prefsHandle 2396 -prefMapHandle 2392 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f001f3d-3647-4f51-8588-e56704f5574a} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" 2408 22866ffcc58 socket
    3⤵
    PID:3644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4672.2.1736023069\650380859" -childID 1 -isForBrowser -prefsHandle 3028 -prefMapHandle 2972 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da3c3207-2be4-4f7f-b48f-adfa9a6725ce} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" 2996 22867060958 tab
    3⤵
    PID:2500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4672.3.2063964166\1712532034" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f5a4309-582a-4d71-99a0-6cda68b4d5c9} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" 3616 2285346ae58 tab
    3⤵
    PID:4000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4672.6.1059562919\592826051" -childID 5 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7ddeb7d-c8be-4d75-a783-9367a8d9301d} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" 5304 2286d794658 tab
    3⤵
    PID:1348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4672.5.1635530807\753509898" -childID 4 -isForBrowser -prefsHandle 5116 -prefMapHandle 4996 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2853b75c-2957-472c-ae91-5133016016a3} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" 5104 2286d792258 tab
    3⤵
    PID:4864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4672.4.1439797460\527002543" -childID 3 -isForBrowser -prefsHandle 4952 -prefMapHandle 4968 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1056 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4630d23e-f654-47ee-9eed-ba5fbbaa265d} 4672 "\\.\pipe\gecko-crash-server-pipe.4672" 4976 2286d1cdb58 tab
    3⤵
    PID:2584

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\30533

Filesize
9KB

MD5
0e8e288920c64df8ee89fff512a5618b

SHA1
d06b9e5dad09bfbb317b856ff4c12c1a61ce8d99

SHA256
3e8e0daeb13ff00998592bbc96a2a7a44894dd3897351dce010d1265cf990dd0

SHA512
79e03323b0c12c36c570e4c82d4057dfec65f414eef6fe5ee65c04b7996c8c372960656a0a6eda804ed8a7dd8e5936521441ba85e8cda19018428a6d09e7092d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\doomed\4011

Filesize
9KB

MD5
e71a899bdf13860aca5b98267d899d06

SHA1
85fbf7c2a16c5f5e4aa53ee5decb22e53396a485

SHA256
a5ad0e64fd819daddffa803e45c6709200d98f4271a856a35ff8b1eec39f0c72

SHA512
3bb9deff50ee57c991aec17240d709c8b3e40d9139d52563604e4267550a63a72d574639927ca5a3d5492a8576dd904662b27457e5b9c4124c0ea89c13d78b8a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
43bf445259a6c21ee6cc61fb073c10eb

SHA1
3b7fba07eab2f703b676a0ba4a7c3baf64f71ab8

SHA256
c3dd11564d60335e9dc426b4d85ebfb3f3bdc914bd34e1f4ae2e436be70cfa3a

SHA512
978ad482cbd2a6d030427e1f2823a624840cba74123c7ccd5a187775e9a8f1faaba0751b0620ed57e682003cd6b6528816267a33d4c39a754eb8945141318748

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\kvnvyogb.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
d87ff12c460225b0eab7292fe897ee93

SHA1
1cfff79c3c6a88e937a722e79d5ff5d4d95a2d5a

SHA256
05e7ae9eb3ce14ebc343876c2ee981eadaedf35215a100a800aae6dc7d6955bf

SHA512
ffcbc64f39b99b734f0e3926be299ebe6a1080b6b7aab404b231c228570c2f4b9649e26817b942c11391d2bb0b50a504ebccf5331075704de4eab4272e5ac9b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
2.4MB

MD5
5827ab794f9f5b7d2190b24965b16ac8

SHA1
508cf35928b8590facaa8d1f92d4d9647caadddc

SHA256
5aa8ed4bc7ff79f7b32f40a58f89365a98368731da49d48d300d6274d8686757

SHA512
eedf6d507b5611d7d0f0991572ccb63092169e5f5ae38b7eca76db55067802805153edde6239ec5d67de4114788f1e72f92c1bd0897aecd21818c5e4cce245f7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
30f0d46719cee5a2d9de1a1bc9930bc9

SHA1
d51b774fa0ae8234128d8bb2a91693e503e58c96

SHA256
0b3d27df2e8d345380ca47d1f4a71f7985e754c1938864fc0add565324dc7d06

SHA512
5321eb32f9658b479f2b13eb324e884ebfead167f19130c77c5b12d58a05d019023d733004cc3fee71160f91123d8597ec62caf0c4efc9931b38f84ba38d1f1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\bookmarkbackups\bookmarks-2024-02-24_11_yGso89ZhjiFQzec63Sgphg==.jsonlz4

Filesize
947B

MD5
70bd74227ce43aa7457075fdd890a524

SHA1
94c002c2a1efb3f8bbcc5a0e02f26b229aadec67

SHA256
22c7362db229e91520fe221004c8a931e59bd84337e311ab9016514e62cb6c6b

SHA512
bca2d60de3774e0aefee4cd90106f269b37676a1890684792bf3113afa27d5f6a6ec7bbafa43970e792cfd25bd4a9eca24ca8c037aefceb5bbb368507611d6a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\broadcast-listeners.json

Filesize
216B

MD5
a95c93a130fad2eedeec9dd45c22a579

SHA1
ad44a7bed61a7992a5c36196618a6dda895f7ca2

SHA256
8d6f509ff45e69f59c0d89eff7fa5d0cea42d4306adca28229d18862dc8919a8

SHA512
f69d74c37412bacfe8a5c3f87233776ab0a330e9d748ab44716f0d283442cb95f27642aeb3c6e78205402892da6bc1777dd76c16294714b58421d883aabfe07a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2a8dcadafc0f0acc016ae7729b6c5f49

SHA1
3ed3e4adb56e242acd0d21f84e3c35d0656b65fd

SHA256
11cb95936b084eaa0727bb2840efb6d3358698fc3afcc116900f4b4a73a5a917

SHA512
675b96c17dde452f14939bab2408cdc5e754a4095cc5a0d0c3b12fcddf9081c610e0b82843f01a5149ecf6ef6c448c87d0bf26a825cb2158520ded471c8a6051

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\pending_pings\3d5ed1c0-6a36-4afd-be67-de1810602c06

Filesize
10KB

MD5
7d95c7da0b4caacfd9bd8f6cbffa9a94

SHA1
1375ae1d689d3d01ddd7a0c7d10a0f56aedb07ce

SHA256
b91a82030736d9c017ae8302df0d12f4479599d87c342ea65be0ecae2c9be15a

SHA512
05c5db74c35846d747e5d81e42494059f1f5e30a7b0cf2f5ae1324415c2aae732161ca833fbc9ac5606cb059bc9550405e97859487c698213bbd88d7c8ae5e36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\datareporting\glean\pending_pings\9080a142-8abe-4803-98b9-83282b8ddf26

Filesize
746B

MD5
0129d7cc723691426287399fd3c9f1f3

SHA1
62ee56f994d34d3469331d5569b9af615e15f651

SHA256
30ef064f77ad8132e7a692d707c5f4ab0779c69a6b242f72d407255fa9825327

SHA512
ee9287c2858e9ed210985a56cab8e7ebeb95cee7a9089eb851402cb5f01c8b7470534cb8d5066e6ace01d6ac556cf3b8d323735a1f144e9135dfd8557d869b44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\extensions.json.tmp

Filesize
34KB

MD5
33553d843145405b139d3f22e8ae248e

SHA1
0dfd331be78922a85bd71d94c76ef27f06c30ce2

SHA256
790dfcbfa2062c32e86d27d3ffaa95b282f9d04db313d10a3674f881dacfac26

SHA512
6d3e939b2f4d7d47d47bddb6f60a41998cfc10e531002f40e821b24a708afa81c5512fd425d4a3aec76323d29699acb04e7756e0d31547cf2092ac594cb81bc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
1.4MB

MD5
a0ceb0126c628071e72ab41409f7f2fa

SHA1
fb9aca1d1df2b87edac4cb694926f0359e7820e7

SHA256
e64500899dfd6d9c4c280ef4c30ff83e8b6f2da6dbb30c73a532a18df7d223b0

SHA512
6246f05fed51cc94c13ddbddfc05ef07d7039b383f789899ad9f143a2695a7f41d3625e428ddad28eba7064654fab7ccccecf07b28243e7f1277516d72f3983e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

Filesize
9KB

MD5
ff49f73354c17fd0ba2a06cc6ba9d85a

SHA1
70eea8b977f728022f98182c46625dfcec1cfdc3

SHA256
fc9f15ab4684ca32d711295a0bf3329269b0f0efb90b860d0d369e8bc5a0c500

SHA512
ae1b7d4d8634e7dd748682ee9bf16bbaf23f4819c8d879625ca7369f615c8a82f001b3bdda5fbc330bab76b7a4201ccf3bbecf0185343f9a7f284b6e84ff0842

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

Filesize
7KB

MD5
fa69ec33bc84b36fca117d2600123191

SHA1
8efaa65d8f90b408ef9dac80939ae1ca887acda4

SHA256
01cdd8d90783f0e19221815d1601c156519d957eebad388442014d449c39053d

SHA512
f87491303993f11df9ca2db88b7e54631acfa4715711ae058d0b474d08ef667be58358961a42969dcc667c6ef4f686140f9bafc0af7abffd7167bb0e2ee64a3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

Filesize
10KB

MD5
e73d33ded3a74e9318c0a0522f9d5aac

SHA1
a38efda5af5d240210ee573d8bac5f4a492a90f2

SHA256
4f35aea5d9a4ce0990f1a3285518b164289503668643fb102852fe77f754f37f

SHA512
f0505e1cb4ef640d70f9bf20562c699a02ca746c7b1880e3cd37a0f3980f8feda1528e14d70df22a296c9d5c78d01d8f878fe23d84d4d9ac62448c93e01dea96

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs-1.js

Filesize
10KB

MD5
a582f2ae3453625776ee8fbae71f74cd

SHA1
8475c2683f04b0728a6fa82a1bbf93f0c804d9f7

SHA256
f7b12591ece22740b6a7da85c74d62fa2e993f245b004bf66b5316327d326890

SHA512
a288b727517f7040dd1fccc6467682dc18135bdddd14803dc5496b57a1b37ab65e2cec8dc211453e2bd5296c8f902da834344f7c0486386f614872b92dc60d6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs.js

Filesize
10KB

MD5
8767c3eb3fa51c1c086c8d10523422e3

SHA1
09b632891625ae6fa8c25dc530f65451c8ec3834

SHA256
ed1285c9e7c385fe8320a47d09aaa7299465e5dbd54c16b4d76fbc07e4941222

SHA512
f48c711d265af41117571c45bfa1e27f5acb1b4c67cf63aab3a6e416ef527a6970161ecd1aca01e15ab394a538815ab6b090760ff2ce1cfe0dde2b973244f452

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\prefs.js

Filesize
10KB

MD5
ab8e16eb8eecb9db61035c16d2f4a99f

SHA1
d9768b7418b210089e9603ae6f6acb288f3304ed

SHA256
640d34047d0c0faa6b76414f9a14d207c8d4f65190cc33ef9812089cdbe9fa2c

SHA512
5198e04f6dc9aefab7f80fe8d96d54351442a11dcf67f8d8b35c19c4c1025bc9733533dd39db6f7cb61d2988d0c4d8560dbe6fe818da4e0a82b152d3a55754a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
993B

MD5
c7eebc26a47245aebb9026f6c85b1274

SHA1
abfea6f8d27cef536737bebeb947d3ae3619ecc6

SHA256
dff72c1e7b0bcb3fec2b455bb20d643a45368de67f667dd5b4d708bdc988b646

SHA512
a3b61b458269b8e4f81f2eb5a7e123a52351466bd7f3aaf17e1a31938d7ff3346597b05290cb537c90ce5d10072ae953f1697fe71e8670701218fa9367cd1a06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
990B

MD5
5bd6dfeaf10acf5f7d9dcb3c4b0c49f4

SHA1
c272e039b7ebdb61eba295a1e38cd89b1fb03d26

SHA256
fb00dfa97109a68c703e60cb33c5507e4ace5b613043b18f349ecb13532911cf

SHA512
f48b0f457c5f41f041237a1db92a1e178fadb271418cc055e8741d324693287040b1016c247f7bf13b135f2e5950efaf5622848f362eae713a94ed86fb43bf8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\kvnvyogb.default-release\targeting.snapshot.json

Filesize
3KB

MD5
05bc3fb524e2485f2873ab610c8cd8ee

SHA1
8dd54b2ff82168ae2d0a014117eb4608e762668d

SHA256
33c386377129b3293b6771b37168a760c8e47eff40d3ade2c76d5404014e45f3

SHA512
8adceaabf91a65daeb0b0ed9e21caf58b88776b837bd2201ac271274c10fdf4eb2e5cbf341ead2614104f029a4d69e43db4f8646fbd6f6f80ae726f602c068d7

Download Submit
C:\Users\Admin\Downloads\floorp-stub.JoiYVlXD.installer.exe.part

Filesize
17KB

MD5
4b17fbe9799a2a74710b2aae2cc31b17

SHA1
efa345650d15c611835b5f0633252872a9fbfb94

SHA256
d81c274280108d9eba4aa5ee5211345233c89c46a05c05f73542407bc5d260b7

SHA512
3855d1e221dd105621991c8a1b1a7fa3eff367745fac4b8b7045c7d433f2dc0f1da830e4be40b5a47d04af26f7ba0a4b31cc6f7dc02461b0e3b352f51e61a709

Download Submit