hxxps://play[.]pokemonshowdown[.]com/audio/cries/

Resubmissions

24/02/2024, 19:26

240224-x5p1jscd26 1

24/02/2024, 19:25

240224-x47h7scc84 1

Analysis

max time kernel
1533s
max time network
1545s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
24/02/2024, 19:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://play.pokemonshowdown.com/audio/cries/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160263616-143223877-1356318919-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe
Token: SeDebugPrivilege	1636	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1636	firefox.exe
1636	firefox.exe
1636	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1636	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 3772 wrote to memory of 1636	3772	firefox.exe	77
PID 1636 wrote to memory of 3996	1636	firefox.exe	78
PID 1636 wrote to memory of 3996	1636	firefox.exe	78
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 3812	1636	firefox.exe	79
PID 1636 wrote to memory of 2400	1636	firefox.exe	80
PID 1636 wrote to memory of 2400	1636	firefox.exe	80
PID 1636 wrote to memory of 2400	1636	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://play.pokemonshowdown.com/audio/cries/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://play.pokemonshowdown.com/audio/cries/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.0.1897176905\2145825664" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bb2cbf6-e22b-4c91-8fb6-c91b94d11e59} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 1840 18e87ce2e58 gpu
    3⤵
    PID:3996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.1.238330781\1486644559" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4678b6fc-0b9e-4a7e-b53e-83a25d6443d3} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 2236 18e87c03558 socket
    3⤵
    PID:3812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.2.2060739578\126988117" -childID 1 -isForBrowser -prefsHandle 3528 -prefMapHandle 3524 -prefsLen 21601 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f14a0d8-d3e9-4f06-b532-1b2dda237798} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 3540 18e87c62358 tab
    3⤵
    PID:2400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.3.1729224780\1392500198" -childID 2 -isForBrowser -prefsHandle 3840 -prefMapHandle 3836 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b64e779d-2df5-4b48-8f10-404af9b30d17} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 3852 18e8e241358 tab
    3⤵
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.5.889698401\748955423" -childID 4 -isForBrowser -prefsHandle 4664 -prefMapHandle 4652 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f51a29b-5fa0-45db-843b-c138dcd71c89} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 4700 18e8f160a58 tab
    3⤵
    PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.6.1504336668\1443645693" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 4640 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88538673-d0f6-46e8-a8d9-aeef98a00430} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 4892 18e8f161058 tab
    3⤵
    PID:4640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1636.4.85616567\630081124" -childID 3 -isForBrowser -prefsHandle 4640 -prefMapHandle 4636 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1224 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18b8c554-18ff-4f44-b7ab-be0e4c4cfea1} 1636 "\\.\pipe\gecko-crash-server-pipe.1636" 4660 18e8f15f258 tab
    3⤵
    PID:4164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\cache2\doomed\12869

Filesize
9KB

MD5
04b7ec775d0cdf65ec7971b81459e01e

SHA1
e6dacc3a67a6ff826dd08ec854d203e87eac5c20

SHA256
19643c2b1b8f88a40e33dbad2b2ac4d9393cadfdae3e8d0f7dac68d1bae13483

SHA512
fef50df4ba6370f8329ed5d5da131e3f650517bb39a47ba999526e8119c5485b2331437d3521b815ffb44753a984e2e25c67cc6827d5822221dcefb154389c4e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
87b7114a5f42023c7c75beb7779c15f4

SHA1
d039a3e310ee72575d470899de3e907862edaa40

SHA256
a54af35d3393267746f86b9c2a0aee23829debc0965a220f09aeaffe6dd21382

SHA512
99761901e9e85167188c5d85c0e789fd5ae9a6df483126ab8849b13b6a64cc09061f10a9ae40767f96ca3a584bda57f2fdc47506fa73cccfc772f4e3398c14fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
3d4f6f1e0044cf574aae2b6bd5dc7225

SHA1
d4a392b1b7f12cbf70782f8072b26048d9654a3f

SHA256
1295a806e8d45b8c127754cd30cc3a60d6fcf7524521ea63493d91471635d005

SHA512
9832daa1d5ee3f3f98e3af630f69ee5ad97c41a40cf4de62f66b106e1b281a252ab7466f909f9ee5a8edf3b4f38274b099164d8d7d4618f6b9ef1eb9de554c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
cf7e297d44341b6d6d33d20bc195f2ba

SHA1
1bc54aac1de22f93edefd0282e8a1232cf049a33

SHA256
bb5a86d5fcfe60d6ea238f5e7d94be34347a221cd33ce7ae38ca7dc7c115dcbb

SHA512
54674a1a6e5dce945b687f47e301c4972dc0aa625ebbaf1bdea1615db7824f9f9dfaf427dbe3741f9b8fc8e194cd27938d50b558ac71ca705059a8a338cc9748

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
c7a9bfb4b56d54dafef33109236c48aa

SHA1
626294a379a5f7971e6edd84b44af00d3cea4bf5

SHA256
471c78098549cc3ac27f5b9d4f9d50dc9e08d639c93943d0d66880f27b126284

SHA512
e0c01526877b868d88e88f7873caf5baeddf201eea7c8fb836c5fc43b0070b532c8b3186a15298554d034ed927ef6594dc74e620e3621dee094a872dc586212a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\bookmarkbackups\bookmarks-2024-02-24_11_intSAoBbH7Ut2pnioJPyiQ==.jsonlz4

Filesize
946B

MD5
7af57dbf12ebd51c6b376ff31f83501f

SHA1
177442ec696e74a5863d78239dbe34819f48b881

SHA256
020cb26d0ff3ed6d21a4302c72e921426338f0fff87747cc8b582e04a4060eaa

SHA512
76d2f231e085ae4e1b90b77dcffc5cd14de32219a76fc3dbb9811357877f2a1261c32d4a501ed1e81b6d2f6c4dc7281d976ef1ee725ea630414c4061f04b5b6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\broadcast-listeners.json

Filesize
216B

MD5
5bf38997c94d3cb62a01d18aa0e06a62

SHA1
73bf73f25f80c09ece468cc5da493bce74f3af61

SHA256
cab3af57a443ed9e4ca47db2c5117d99ba2b7fdc98fe5528c57d22a12b982678

SHA512
e4b97af0e284d4399300224f0ee936aa4378f4b29f744b439c35277d6c64c80ac8a950c32a058dae45624b232d1664f134bd816498e4ac74dce5eb25ac5dbdb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
5b0c353f2eb6830149336cff9254af3e

SHA1
b0ef177fe13cb309432710610ea86450b5ca72d4

SHA256
e74680542093cbd327096ca7b1a63cdd5fce0c69bd8be8766cd131ec672e168c

SHA512
e768741b012529d88174320e4731ecdf3fc78ae9af3818b3682f38d7d8b4b76d5d7a9c8ba87687f8f2e4e62c564917a8fffc50e77791f033f2d4bc789322b753

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
91396252c1338e9e87bde4fef81d84ab

SHA1
23045f61962f118eb6c4ea88a94c850a6032b5cc

SHA256
c8b167192e858ed6353e96e63f2ea090ff364cad69ab083bc4b8d8d20fa762d8

SHA512
82c01ab650a91e861e4db717f170df60e81977ceab21efff8607863e9060aedd20e27659e3e51f61d88ed1bd36ccacdbcef52509adc181dd99a43d8041c53502

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\datareporting\glean\pending_pings\cc50d620-efd6-41e9-b093-5bf2fbc3859f

Filesize
12KB

MD5
3cf677a546854ffcc90fc64e40ad57c1

SHA1
14485cb9c42a5e4f673445403cf20ce4172284b7

SHA256
7ef8722e0d428e5bf5d215d0dabe4d3b85f972f65cb9b91569d417db7b5a8c6b

SHA512
ed56f60b5b6a73929ddb3ba2f3f71ca3ddaad2560393290d37e9583ca8abb3ea92d9a36bc8c8e1ddab37cb8ce6946496684907e6951f882481d080cb0655ea84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\datareporting\glean\pending_pings\fae4b93c-e661-4277-9b95-dc393d535d98

Filesize
746B

MD5
79206ab80cdfafa5e0ab090192359c83

SHA1
5bcc0d0bc02fc1559907b80b95f604d0fb79d98d

SHA256
86db82e01f6a9b4208839cb2ff56f3b916c2f01e8ac11aabaf5e9bd1a03a29a4

SHA512
02a368d4b93db247c89503722107e603c16b54ffdce7d1d87333ce5c2a6785c93664ca43ad191cea2bf71599aab5b924c09f1c8fa2fee18474cc70c475ebabff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\extensions.json.tmp

Filesize
34KB

MD5
537a2f99ca106488ee167a3bb5022383

SHA1
1a620db1a34d52d81c11639eb46f617dbfb51e2e

SHA256
9055f0afd02c7ce84857c0ea74c425a292981a634cb9671a4ca1726ba6a00e0f

SHA512
a578cf55706569448eefc48311f4142204d7571f4aacfd112dcffc4e66a14652244e06f6f61a09acd78323393b7631c4d8bd6da41b9b838dd39b09cfaefa5057

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\prefs-1.js

Filesize
10KB

MD5
55709a619145d41750183fe319c40082

SHA1
3dd8144e6925929c63f5aff3ef5ef072163d2256

SHA256
68aebc452b2c036ce31bcbe11e74bc126b630e54ea4a9fb960993dc8711d3953

SHA512
e5d98c3b8a5576046114594ea112bed309ee645d23485d01d9a74d8cf9c13f1ae65a66ff36f38ca665c2163f9b60c43cade2933a8208ca5d69d54f8edb77f653

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\prefs-1.js

Filesize
10KB

MD5
5e93bfd2823a01ce9b5d3a546a2d868e

SHA1
de93f8afe33feef3db14d7aa48fa4cd3f1cf9372

SHA256
198ef7a5bf1583c68611d08d6eb56d4a31b55e19c904402d3f5b99145e86025a

SHA512
94292dfde135fd745eef7e3f514a77de33bc56c799f7cfbca360f7516d3a3038bc259babdbaf28328f91bb74a2a26bfe9e6d8129670057d919ef63bba2fba9a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\prefs-1.js

Filesize
6KB

MD5
848fa1d48fffe7b9f6bdc16e2ca75fd8

SHA1
cd46c31005e02f4b48b3326f13668e12ae8c80de

SHA256
e1a8a385190cc4a87a4474647c45e21d7dc55fd63c71fd7d57527dcb0a47af74

SHA512
f71a3c5975cb09ce841a4a5791ef5736534243054e944456d7bbb7f598aab0ff05e0a1cb71a9d360e16a3bac591606d54d3ef3c64455fcbc674cb67d1ec33333

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\prefs-1.js

Filesize
7KB

MD5
27c92044ca6dcdfe5fed0f25eed6481b

SHA1
ed60c8af31b8785dfe950cd08ba326d986832653

SHA256
96cbb662ff64aeb6f75efbff314dda9e24a45cbd111d909bd0a194d598bd0d5e

SHA512
56fe808a54b935758860864ec61de69243f190d26a571b65df6864904a4a1855820ecbb363eecc0aace3f8a1e2a442637073f761f733bc98a81c174c4c6b155d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\prefs-1.js

Filesize
6KB

MD5
e41afdcdd7b1cbfc8fa758f9fa346de4

SHA1
ea811e7c67f7bd601adc8bd1140c3ea61fa1e9c7

SHA256
f8b61717115fb362308ac6446c3554c016537c7af2203a450c313b766850041e

SHA512
3707ed33c24213b28a957d522ef17b9590a5221305e3d5bca2f845b14ea86668aed0f7795f35af505e4b8687bcd854286db3458ef5d28922634b162ba11a2c8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\prefs-1.js

Filesize
10KB

MD5
d5dfa193b40d924a24229d65edc07394

SHA1
fabfd975cbcb080c77033ee57a6cf1468cf1cd34

SHA256
1c558195b668c6f973b337398703345a81814cc5107bbf977eaa3cf2a2a1a88b

SHA512
e42e5f57701a5562b5b01c06f1a76615b943ad951482b8d070e72d51511af59d93c03ae735dca19b43e837f5b5cc992a1b55b5c450cf4a8b79e734e3adf89a8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
52KB

MD5
89b07ff7f5fc2416958d25c0a388f829

SHA1
abf020c422cee461eea7f0fb23ff5184ccd5b3e2

SHA256
eb2ee3b85f6d1b80e6241e5127ae2f0cdfaaf5474bd7cb7e9c1f95d13acd5f54

SHA512
cd26b92dead691f5864a0b8d95baf2c5ec5c4647817a02bb0ddb1bcc50488f3dffbecf822cc4cde0684ed51d922cc501654d105770028a2578f171fc7547c1e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
52KB

MD5
89dda384f05244a89f5dd51f1ca6dade

SHA1
386c94e80975ad184d203316fef9e3a0af91a181

SHA256
53caceff6e6aff7847a22005b8e24256736e7dce62c60b289f3d78027eb0e8ef

SHA512
fd386b52aeebb30ac0a06f87bd4e83c321ed010d16a43c80dd4e5ac638abee0339277d357ef714b5ae0efe180221bc7f4e281f8c140e1bab737983e7edec8bf5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
6875b87874c29de04c2280f539c55fb9

SHA1
b08589b739663b6ad1c2d0e743e9013ff81dca1c

SHA256
df824c626bd87986b15043d7f362fe2d05e76d349f6a5abe2e8b01dcb86aa1de

SHA512
633633fb37bf19173b849bc385c4cc9b0b0f190e44e14da6b2f52a6de3ac4ccd8ef2f3d8771d3ac73fccf13f3d687ef8a8a87037800574e6e732f50b7bfd54b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zqw1vh9p.default-release\targeting.snapshot.json

Filesize
3KB

MD5
f14ee669f1a71a7291ae5b6a3f034ccd

SHA1
21b06b40248acee6d989469902889a1f4a404d83

SHA256
740cea5a542459ff457870d37527a647868fab51847c814947a3aebd644331ca

SHA512
ec38f4e45aa088b1520ef22e2cc0c924e03cae4bbad335e58b32ac88c98c94c8ead411583a7f951a2b0400a724687dfe6e7d92f71250ce52497331d662bca18a

Download Submit