4aab20889fea1250ebff86fd28bebdaa19cc310c496bcddcfdf2d3db56387a3c

Analysis

max time kernel
300s
max time network
227s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-02-2024 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LICENSES.chromium.html
Size

5.2MB
MD5

02ca1f89c7e4815b82bc8974bffcd183
SHA1

45bf8a20bad7953b7e16a74348fa034ff5844475
SHA256

fcbf6d29363d798b931f4fb0dc95b09c1a44c3ccaf79a9651ab280a8562e82b6
SHA512

024794b3303ff4ea5f3852c505e39e140113264d24e5dc14a365e8a1fb6f9a0683e72098f1923cca187c666b39a904fc18ac53645b8a25bd8a235cf01b661a60
SSDEEP

12288:/7etnqnVnMnBnunQ9RBvjYJEi400/Q599b769B9UOE6MwMGucMEbHDuX0YnpWQZs:sFEc5FeWSPPza8yUAmfQRkHmBa7pO

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service
T1102

Processes:

flow ioc

16 raw.githubusercontent.com
18 raw.githubusercontent.com
214 bitbucket.org
215 bitbucket.org
216 bitbucket.org
12 raw.githubusercontent.com

flow	ioc
16	raw.githubusercontent.com
18	raw.githubusercontent.com
214	bitbucket.org
215	bitbucket.org
216	bitbucket.org
12	raw.githubusercontent.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 3016 firefox.exe
Token: SeDebugPrivilege 3016 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3016 firefox.exe
3016 firefox.exe
3016 firefox.exe
3016 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3016 firefox.exe
3016 firefox.exe
3016 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	3016	firefox.exe
Token: SeDebugPrivilege	3016	firefox.exe

pid	process
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe

pid	process
3016	firefox.exe
3016	firefox.exe
3016	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 2904 wrote to memory of 3016	2904	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2720	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2720	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2720	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2540	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2816	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2816	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2816	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2816	3016	firefox.exe	firefox.exe
PID 3016 wrote to memory of 2816	3016	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\LICENSES.chromium.html
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3016.0.1970511239\1641945700" -parentBuildID 20221007134813 -prefsHandle 1268 -prefMapHandle 1204 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f1d0729-5bd7-44c9-bb4b-a50b80d1efaf} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" 1368 108d9e58 gpu
3⤵
PID:2720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3016.1.845878485\1772371281" -parentBuildID 20221007134813 -prefsHandle 1540 -prefMapHandle 1536 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aff4ac33-c666-4f7c-b801-b3502d242c3a} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" 1552 f5eb558 socket
3⤵
PID:2540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3016.2.1257688863\2146956774" -childID 1 -isForBrowser -prefsHandle 2008 -prefMapHandle 1884 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b59eadc1-e725-43c0-bd62-f6f2b4d74cc7} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" 1864 1a77eb58 tab
3⤵
PID:2816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3016.3.1793996945\533896132" -childID 2 -isForBrowser -prefsHandle 2424 -prefMapHandle 2416 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1745ef31-e705-4ccc-933c-60f9ed14ef71} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" 2444 e61958 tab
3⤵
PID:2160

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3016.4.1416125401\1188581681" -childID 3 -isForBrowser -prefsHandle 3792 -prefMapHandle 3496 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {77a013cc-e3c4-49f4-93f1-ca4b5cfd7977} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" 3804 108dc558 tab
3⤵
PID:1392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3016.5.27030895\1146806449" -childID 4 -isForBrowser -prefsHandle 3912 -prefMapHandle 3916 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfc382c6-ce30-4abf-b5b2-659204db1a6d} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" 3900 20339e58 tab
3⤵
PID:760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3016.6.412261382\1062902900" -childID 5 -isForBrowser -prefsHandle 4072 -prefMapHandle 4076 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 568 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {593bf9b0-32c6-4d77-974a-516535b941fb} 3016 "\\.\pipe\gecko-crash-server-pipe.3016" 4060 2033a758 tab
3⤵
PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
eac6a0dcad774e8cf24901b47c29c4c6

SHA1
038e62ec35a73c48ce5fd1f8146fd7e75af13c90

SHA256
d2fc45d0c2d835fea6fe030bbbb048f41929cb48de1e2e2052f3dc50859dbc02

SHA512
df5447c1bd64bc3cc3368755a2cda31c4595d882e7c8e89e1feea5d1d6f79e391de550daa092bf5ae6b893d2a65c6c241668b3bb6b64e1afcf18c36cfe4dfc72

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0rowjuc9.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
c6c0a9dea34fd6c898d98aa3d69c89a6

SHA1
fb652e1b8216c984cc54a714af15b50947fada38

SHA256
bfebac9fd85693005de21bc1f239c85b1f46dbdc416710306659ea5a770a7b72

SHA512
2c96f1df0e632e8444dc0278abf8ddf74fda4fc134e56c1be5bd46e822e39ae9fe5616553c6988bc5614198e39ed5832767ae090b3e3dffe4d4f696208c1f8e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
fd193f4a39542685f3f506a4c2001e94

SHA1
da9e04f63ec05e4d93bbbc75c4367636391fcca6

SHA256
5dfa4ca5af9fa5cc9a9047d57857c109982900d9ea34aa7b3f2b4db6b9fa1275

SHA512
2eae2c427b586ffeeada6e3256da3cb36fcc9b82d0efa2832dfc7066a4275db0ae0dc64c7ac8a4ebd6974d3c733d9d728e64fdef9175d54931d138a3418d44f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\bookmarkbackups\bookmarks-2024-02-26_11_JGLvmXDEq1qP6i79-t3V1w==.jsonlz4

Filesize
944B

MD5
7c927a55e7c41e2df325c633126a926d

SHA1
d8f6735382901d3859d33bd5a46d20412a6b764e

SHA256
c5ff6fb521712de73bfa401e03d5c95b2914e43c01c35fa20cae473deeb76da3

SHA512
5ade76050b6ac4993038c46ca5ac80b0ebaee29d5d1e4e0811b990429442413d50810a37f6e4c526779265aefc30561ea0b979ec0c3056fff9b2d86e9459a0fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\broadcast-listeners.json

Filesize
216B

MD5
4b8a8a7a619223c79e26fa39e12d752e

SHA1
49b54a8a8cf49fdaf795b46a9107a976d3b6417b

SHA256
57c230fa012c11e8c3e565dbaa8662f4d5116385daef5a3a3b9da44db3d2aabb

SHA512
3901be78a9077f45681ffb364c0060deec0abe34648c2823780639e7548e3b899625c68fff3e5065426dc21b980680612a05539da9f5e27f2319d2c58c6276b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e8e5c85d07bea7f6f047acb20aa8dfdd

SHA1
16cdc7e57634351e4988271e6161d4d85729120c

SHA256
ddc6deb3eb7b7e833abd1ce2f55975524231916b7acc7f0ffef33b9307f40ab4

SHA512
fc086a06b58fdb5ccaec9c3acaf156634b1cde22ba22e3694aecfafbe1db601535aaf19cc906d06a000938cc6e0a0d695ed90fb72b05afb3d1b65b67b6e79471

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\6b93956c-d970-4259-98e2-30549dd79446

Filesize
745B

MD5
407502f3c1cd67c32e288dfa11396ae1

SHA1
cc9503e2f296034155ff5e55d241d1da6054954b

SHA256
514e8f38a0eeceb3967910365b20884b794c8e4078b429c5fae6058e5816e22f

SHA512
aad6cb2f7563bcef0da33b84cc4c3555c582a226dce20e2532363950f9b7b502e12d0e6867a0eed151cabc7873c1a1c388996e55e596c7123a60851c86660ecc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\datareporting\glean\pending_pings\daa95325-4d3b-4445-b4e7-12b65ef51a7d

Filesize
12KB

MD5
e254d30442cdb546c26f16113201bc17

SHA1
0a1c7ee3da3581811782030b49ee98b503b12d08

SHA256
6e84ffc9bf79cc44073dd3cdf6b98728e0097b46b77e6dbcda715be05d8ef333

SHA512
07a1d5821d35c7f5cc6512a33dbf6471796dc000fcf650e78adf20b84014e166702839eb43dfae7fe25f97c6a374ce1f016bc47ab58406a36416ebbf13ccc10c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
9KB

MD5
42a59cf023a8630ce37a8896cebc5231

SHA1
30848d035f8546205e87ea8a6f15b62d60f95822

SHA256
ee109e959af9da42c91334d419df8b8254df4f066e946b0d6c7eeb7814a1b7a3

SHA512
571fbc0b674eb17eefaabbc7d406c84da8a223aa1234ad833e4863faa146dd9d1ac45b215bb5916500ef080ab7a6b6f5df6d2179b7d2a2473e98655204813b23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
7KB

MD5
8c339d1e2cf0750b08cee5766f4b87ec

SHA1
6665da51e3f69ebd749732d153cd621fb6809046

SHA256
b72349a560d45ea7611814cd658249c19d5f0efb8b157c16fcdb5a032ab585d6

SHA512
a0aecaf3dbe403a0a37d247190428a629432889702b4624581c524b0c69bb91eea08816efbf5decc52ea664fc91edadf2233df562303c226b24fc568bc364dc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\prefs-1.js

Filesize
10KB

MD5
4cd8fd8472abd989fbeda2c40e7305b1

SHA1
bddcc516cdd20620e898557d999239be827aa815

SHA256
552fd75dbe4e1ad05011a126ba55e4a6a579c1fe1123bd96c2efdda0beb35624

SHA512
6af7126784bf4acb197165721d7fcb2cd1583dc17d33f24164a3386d5908a18cead41a6fdd5e98bcc2bbec79874d1ab78508705520a4efa6a05c0f6fdb1c2813

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
94080847693eb2d67d8b8c4968323c5d

SHA1
abf776ed21cefc57242138217a9efc11fe8c2545

SHA256
b3cb76d3135ff00abc251c735806203715c4ffe466ba710e886c7fb2b3b1ec11

SHA512
f9b4b3c1d221d35d0a12623002fba376c2d388dd4d6992efcd129182c833d9b8b8367f286e717ac265d07109a61a4fa912e3c92c12a66be3c8279b2e42ff92fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.7MB

MD5
4988b1805ba821d96ab5b26c06502389

SHA1
56aa4ef228b8176d193c2dd86f23cebcb3597693

SHA256
2c033549d92f2529b2a5c743b477964291894f2ba4c5acf6ad7912ca5377c1b8

SHA512
de1f3b5fc5da591e5bb6b6779d066b8782e92e2b3e9febcd12cdb7f99de18433f2bc17b0e27ca6acf9f9833e9409fe9af1de040dac3807d88c2ea61f9b081475

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0rowjuc9.default-release\targeting.snapshot.json

Filesize
3KB

MD5
d950801c7ba8931ea873f074c31f64ee

SHA1
a79637c72e527b1e2d647db0819b54f606e67d50

SHA256
5810bcab839e45291ffd4c0cf2415d2f672f40c4f57711d2236cdf695c912ca1

SHA512
82d2b8e651fe8b1b3a99ff05f75aa467fae297e96d5ded4fbb44fbcc6af1dc79695acbe6425c8139a2ae7896c333e4aac69f0f20bb89940e2899beab13142c62

Download Submit