805a9bd48a703a8dbc2fae48df473aadc380cf827d006ebab89ff98b8520c119

Analysis

max time kernel
166s
max time network
176s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
28/02/2024, 15:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-12-06 11.09.53 AM.png
Size

794B
MD5

3e9d5951f9be53ec6a57218a1dd3eab9
SHA1

2253299cb3d42ee4f47b6e78986272e16a868aaf
SHA256

805a9bd48a703a8dbc2fae48df473aadc380cf827d006ebab89ff98b8520c119
SHA512

2c6b4fab5f0b4c526113aacb6ca9fed1b9129a5c09d9e49775ab5ae2eb40743fce7d7c4b3f61196f703a7a928b9e196ada3e4bd95ed6c2f82cb12ba07add162e

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3084248216-1643706459-906455512-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe
Token: SeDebugPrivilege	2964	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2964	firefox.exe
2964	firefox.exe
2964	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2964	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 4944 wrote to memory of 2964	4944	firefox.exe	81
PID 2964 wrote to memory of 5024	2964	firefox.exe	82
PID 2964 wrote to memory of 5024	2964	firefox.exe	82
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 4048	2964	firefox.exe	83
PID 2964 wrote to memory of 2620	2964	firefox.exe	84
PID 2964 wrote to memory of 2620	2964	firefox.exe	84
PID 2964 wrote to memory of 2620	2964	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-12-06 11.09.53 AM.png"
1⤵
PID:1424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.0.1560863087\2083454992" -parentBuildID 20221007134813 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {719d58a3-3b7c-445e-974e-47c40238e1ac} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 1848 1824d5bab58 gpu
    3⤵
    PID:5024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.1.1943067261\1902264676" -parentBuildID 20221007134813 -prefsHandle 2208 -prefMapHandle 2204 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {92ce27df-b9cd-413c-88e1-2a5f1d12231b} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 2228 1824cd2f558 socket
    3⤵
    PID:4048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.2.1609622103\52013819" -childID 1 -isForBrowser -prefsHandle 2864 -prefMapHandle 2728 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {491b8a84-9553-4aa9-9b37-3443e84788a5} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 2944 182524fa858 tab
    3⤵
    PID:2620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.3.691379493\1020393346" -childID 2 -isForBrowser -prefsHandle 3436 -prefMapHandle 3424 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8eebac8-833d-4d7e-a33b-e62b8fa936fb} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3444 18241162e58 tab
    3⤵
    PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.4.953925163\1399799818" -childID 3 -isForBrowser -prefsHandle 4424 -prefMapHandle 4420 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61381307-32aa-4c8d-b23c-f7d005c1280d} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 4436 18253fd4458 tab
    3⤵
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.7.1322365136\573531345" -childID 6 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3542dcae-608d-42be-8b97-ab2ca09b3f1f} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5420 182555d5258 tab
    3⤵
    PID:1244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.6.1024874112\397215463" -childID 5 -isForBrowser -prefsHandle 5220 -prefMapHandle 5224 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0602646-2232-4a7a-8ffe-7a61325538a9} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5300 182545c6958 tab
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.5.1037127397\299877663" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 5064 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {409799d1-94f5-44e8-be9d-e9fbfa3d8cdf} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 3932 18252a80e58 tab
    3⤵
    PID:1140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.8.1298701419\344745364" -childID 7 -isForBrowser -prefsHandle 5816 -prefMapHandle 5820 -prefsLen 26283 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d674aed1-3529-4e7b-8017-3449cb96824c} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 5808 182563d1258 tab
    3⤵
    PID:5116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.9.2045812083\761114213" -childID 8 -isForBrowser -prefsHandle 2800 -prefMapHandle 4780 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d92c9043-8cb8-452c-88b0-8bd0e6501175} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 4676 18254a3cb58 tab
    3⤵
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.10.13293180\837991122" -childID 9 -isForBrowser -prefsHandle 6332 -prefMapHandle 6140 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64449ce2-af54-47cf-b15d-d63ac2a3ef1d} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 6320 18256c80c58 tab
    3⤵
    PID:2512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.11.533135498\261108673" -childID 10 -isForBrowser -prefsHandle 10564 -prefMapHandle 10584 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7c4461a-a462-4176-8282-caae302e7899} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 10556 182585c6158 tab
    3⤵
    PID:3740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.12.1246449774\451619040" -childID 11 -isForBrowser -prefsHandle 10336 -prefMapHandle 10412 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85ca1cb9-fc55-43ad-8f2a-a65643ce8388} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 10424 1824d3a9258 tab
    3⤵
    PID:3432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2964.13.1075552000\827948876" -childID 12 -isForBrowser -prefsHandle 10160 -prefMapHandle 10232 -prefsLen 27414 -prefMapSize 233444 -jsInitHandle 1200 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d928af70-84e9-4af2-ba5f-7140b7dfb7bf} 2964 "\\.\pipe\gecko-crash-server-pipe.2964" 10172 182566c1858 tab
    3⤵
    PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\cache2\doomed\15480

Filesize
8KB

MD5
14a9cdcdb9f73c94d45fc392645d94e7

SHA1
42440a9b8e41f41c9a985cd60dc174942c520cad

SHA256
73612ebb5b6f85ca462444dbcbb98058880f6e2fcea8bfa33d6de3e21c49839b

SHA512
b8257600724f7e79fdc50cfd44a5eddfd5d8642722aca4854e3f316aa20f257d164e1b8ac26d452cb5ddc3d8008a29b6dd01f013a3185811be2044b5aa9f11e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\cache2\doomed\20062

Filesize
9KB

MD5
a5d43f4712a4ff88ae10d4b0e2b5e675

SHA1
61f958c6c1c74bc11ab2c122be6bf7abb92e9a8e

SHA256
61ae1cb559a65f152679641aef73bace32e398d5bc12221f6f8c76b8f2580ac1

SHA512
f113064023b25856f9a5a4f5ac872bf6fbe0e008662924c2e3c4c1476bdbff736f99e79e6c9a7fb30e57c284555c2f7122be2b6aa333376ab552206502637dfe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\cache2\entries\36B8717C907BE4718A327F208F0CFF34DEF6659F

Filesize
204KB

MD5
7dc1e09211cfe6d39a4c4059d2b8b362

SHA1
8a2694d4072ab2595cad1f777ce7c0423ac58936

SHA256
d47920024600275ed6a0d186bcffffbb5b6671d73a25025cd0f420aa5a1e397d

SHA512
40e579edd81e15291aed30f68729168f22ede635119f79daf829db5d119e63bdd83c6687842353eb449de992bd70ad43dddb0c695aa8c4ec5c3108ef28648742

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\cache2\entries\F00B93210B16E1974708916A91673B090923206D

Filesize
152KB

MD5
0fa5ff793e2dd812afaefd02eaf130dc

SHA1
6e0f61ff9d74dcb7a49af1c1f4c399d489208036

SHA256
2f21eaed0cd7a3752f120b2745572537167b6959ce3388e985dc6efade1aafd4

SHA512
173b154f7cd068321c508dbe9964e2fc88708ea1aa44df36da551ba6ec8979bb4696368ab5f2302d74a821dbbf7c7ce4cb5a662711d697b2dc73c64b65ddf2f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
87dadf035dda0ffad5966e6d2a226e21

SHA1
d6c5172ea70c1845b8e178ad5981f9276a11b13c

SHA256
449cefd5571ab44d19c2e43c87638233ac6448e8dd2e13c8edebce9e1595d9c9

SHA512
36c225acfad0bbc8a9c2ae4b0199189a3bffbf17e9fa425699b1a766f5d993079a9df725ef84b34de69c80f316c93f30dbd63c63b527e6825577136df12480f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\datareporting\glean\pending_pings\8166dbbf-c5bc-4360-8fca-a2808a743c10

Filesize
746B

MD5
1f0f1477226438d96fe4dee964a50062

SHA1
3dc99b25fae595ed92cc50844b117c2d4c83015c

SHA256
cc1ca1e69b04efc0d7c3d2c4087e2e1df7db998a215c43416235d654f45bc6a1

SHA512
58c831c74e9eee5c8bec4432c9e355c5dae6380512de9d5fdad1130e6ba540d8f395d8a72bba8c3561ad1494ac75058ac4decd9b7ecb6b8a6eb26dbdec80a7ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\datareporting\glean\pending_pings\d04e8161-3fa8-469c-b6bb-2befd62a9b66

Filesize
11KB

MD5
be0a8ed108ba08dc9c8eb2bb8ead57b8

SHA1
45a4f0bb33e74aecf6a6fec835539e9cba2b9b75

SHA256
e7bece4174482391699b9cccb6d9372a0eaa78927fccd35628887620221c2df8

SHA512
88bdb56905ed4400e6a0073fa9226d436ad00663b93e9162eb5ba0181fe622b296af541f8d40c3793b4169c3e1b619e33b33c61170b88ffc03b8b6b583a655aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs-1.js

Filesize
7KB

MD5
d969f90622a9582302faea14b839887b

SHA1
96a686e03266453fd4eba7721345b1aeb16bc59d

SHA256
5df33eebc12ff30d6b3ce248156543f770f2c21fead8100281e37d5a9adf27e4

SHA512
3eaf2eb7a07829fb1572161a8762c024f357f05a5151c33b91e34c3e5df302bca55d7e3c27876f86bafc03c3f095571a92a6e9d6b822308525373e657d604a8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs-1.js

Filesize
6KB

MD5
ca54df645e456495ab63a4ab8afb5adf

SHA1
ee1299351569986a74b73972b68b3bf949e3c2ab

SHA256
bdfa89ea28b551c3f3733d0c18b518747e98dff9602aa2a95f1d18e3fc4229f8

SHA512
cb0129ec0be79c27f905f0f1f6632cb9191b850689394961fd7dd6464432a22b72acb14b9ff6f6d785ef6dd1dd0f54e1433abe5a36ebf9251a67d80e7b485801

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\prefs-1.js

Filesize
6KB

MD5
13aeef681298a8bb28297bb886fbfeb7

SHA1
8854964d6b56cb364ca706dd1c4ecf5e07d42487

SHA256
868db37eedc2724c9fdb232a966369d96cdff01f0a5303e60ccd8363e4945d77

SHA512
ff9087a9d1cc8b4a32ebdb6cde206f0c7239d904f63306b9e85ec6e7977d04c122e90cc58c8129f3f0fda698969cdaac74c51d3e466bbfa7711d9b51632fa2a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f5f0ccf1924576990b7fe6b2e03ebd2c

SHA1
8b76e6b6f0c3a7e2486ef5f666d8806b2ab220b0

SHA256
46e2f766bfa157e640f089c7a782b655809e09dd6a9e979fd77fdf088e0497f3

SHA512
f9585871436aba281d59ce354e8af9cbddef18bdbdcd2c298f12c62290421193ce6c6c59f94fd8897c73011c6f32bd85e7701f1206b8677571d5596e721f5f5a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
84a0091993cecced9d37d934692432b6

SHA1
d052ebd803cd1a7e277be04448f294ebbd8e7e5b

SHA256
35ca62d8278fdcf9228053642b741ac8c44642fda4c17a1e580f9eb254802a0d

SHA512
690aaf007742f7094a7d7c9d095cec1f53c272379993cd70006aee8cd1cecbc8b914413fe8c0ffebc50ca57c0338dc34b2bec41b5b3271d2def213e670c183da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
538b2fd7573626d3cc51de8787441e8b

SHA1
392e09d194e5d22e52cff3fef253f6c0608ccb67

SHA256
862be9307db7fbe7440886a6e1a9eceade2373a483401a1dff88cced06db3a19

SHA512
33a15ad0da4fe62014605eb81bf37c80f5b20a0b529f4be6965ea59b296f7b3a65bd9968337811cdbd69ae1e78b7ff4be73324378d4b4e88c414fc34ff8fe5e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
9a0c3c8744d59fb3e0aeaf226a4be2c8

SHA1
6dc4927ee942fce7fd690430b26c2ce7219daabf

SHA256
73c5e546f21e8dbd7ec471ca79c3ff77bc4df873082d4fa52e26d0fca62b1fee

SHA512
41181984a18d9b01fd2d86163e49a5906694019e7f2cec822134ce092dabe8877ff04546c7939967219ece4e2ac22540e37440e684d64a21c2c8a1e40c3c7a53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
31d6c7f7372f7a2348314d422c452d47

SHA1
862564ad5b9aada282a7096fa65bd512a06c2d7e

SHA256
f95dfe9c797dc6308e9a273d20e46c02233a39d53156e19d26ef4554941466e2

SHA512
92ef0287f3540917c28e34e607cc1cf77786bba7bbb9b14bed7f4bbf01d1e7d88aa8537d254d8f543613cef93031855cf9f5ac3b49dee42c79e4c72d644d5ac2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f8d2d38a50620aeda65e314d29b3e1ab

SHA1
bee23f1adbce8f04c8399fb1663dc095fbf66029

SHA256
4c4b1755724f5381ae53c752defaf2cf3098cc80f51a093a2a99a281ca7c59c4

SHA512
c9a69e7e9ac4137dd8b5c7ae53f27e8edaed0d48f786dc8946e8d2c6f9c2747e84b5eab51a8bd693ffcb939f79095d8b40e01667b054f09d66d54941f55f39cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
53a52a64a2247ec9fee55332e95859e8

SHA1
4af317ab9dbed5c44d1acf7c83c30084e618fe1e

SHA256
c41bda4c496d2b33d6392f88d1bca4c7f627dd9e331ffeb6a6b1a18862fcdf54

SHA512
3ccc5aac9f65eee533ea99a40f6e38cb5ece56793603720bde5dd7732fec72286c48703f38f509e778e57ba5fc52f150985ec8699e303225be8798102f4a2947

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
55a7bd76aef9d12f9a035d021cd663b4

SHA1
bca7cb45dcdc64aa725bb35c06ba9f84d034b618

SHA256
3430c1077358ea78d039c260b9cc737df89872601ec78fb75f104f6c5ec0f3a0

SHA512
8b99797bd14f158ec6aa424a92a709382f6f9036299dacc9d7f2ed9cd849dfea95e175dda4898ce4880c4e6710b90712c12e79e33b12736d37cd29d73c580d60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\storage\default\https+++replit.com\cache\morgue\134\{3cefed64-94be-4b8f-9918-709e2c14b286}.final

Filesize
1KB

MD5
c174656c1bcd50750a0b90122885ec8f

SHA1
b775d15757e2018510eb98113b2981f28a4d0ca2

SHA256
45849fb8c62a7083990ef56510fcfe651d673acaf370a92521c2d8dac4ad8529

SHA512
fe0cde7140b0871b72f7c5eea73c3e3bf8d942b209b8ec8572936160f0e63857c37b9acda26a77fbf6ddd764799887789e4c96581d33214dbcbd1db545109e93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vkmkrhdv.default-release\storage\default\https+++replit.com\idb\3619099707vealluiddoamt-es-cbir.sqlite

Filesize
48KB

MD5
9fc0791e040b524d5a4e82c154cafe6e

SHA1
7be2606a8b23f7027e8c62bd25212ad3c4b6dea8

SHA256
d90801385791449a986b66bec603f737eb368f18a72ab67df643317c76e8a85a

SHA512
90f22c06df70cb8eaf6e0c5bcd29b936b05c7bfae11b6cdc882da20c31ba1025e04378046236b747386254e2a900d895ee82c2a9ef5223a45d9253cc80607756

Download Submit