hxxps://new[.]express[.]adobe[.]com/webpage/bsRwMy9PidOaD

Analysis

max time kernel
287s
max time network
304s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 17:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://new.express.adobe.com/webpage/bsRwMy9PidOaD

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2652	firefox.exe
Token: SeDebugPrivilege	2652	firefox.exe
Token: SeDebugPrivilege	2652	firefox.exe
Token: SeDebugPrivilege	2652	firefox.exe
Token: SeDebugPrivilege	2652	firefox.exe
Token: SeDebugPrivilege	2652	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2652	firefox.exe
2652	firefox.exe
2652	firefox.exe
2652	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2652	firefox.exe
2652	firefox.exe
2652	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2652	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 4744 wrote to memory of 2652	4744	firefox.exe	88
PID 2652 wrote to memory of 1492	2652	firefox.exe	89
PID 2652 wrote to memory of 1492	2652	firefox.exe	89
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 832	2652	firefox.exe	90
PID 2652 wrote to memory of 984	2652	firefox.exe	91
PID 2652 wrote to memory of 984	2652	firefox.exe	91
PID 2652 wrote to memory of 984	2652	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://new.express.adobe.com/webpage/bsRwMy9PidOaD"
1⤵
- Suspicious use of WriteProcessMemory
PID:4744
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://new.express.adobe.com/webpage/bsRwMy9PidOaD
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.0.1819403037\1373070795" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b98677b1-8b01-4652-9bd0-d3a70a32707e} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 1976 2252e605358 gpu
    3⤵
    PID:1492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.1.374284442\2091510665" -parentBuildID 20221007134813 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4980dce3-9951-4a4a-a01e-19e85d2eafa5} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 2392 2252d3f0a58 socket
    3⤵
    PID:832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.2.1019025275\1110923204" -childID 1 -isForBrowser -prefsHandle 2888 -prefMapHandle 3132 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5df31c5f-e307-441b-9077-17364688730c} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 3232 225314d7758 tab
    3⤵
    PID:984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.3.622041449\475566925" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7379c2a-6218-4aae-9de4-5ed0f260ed5d} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 3652 22519868b58 tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.4.1632195089\975971845" -childID 3 -isForBrowser -prefsHandle 4844 -prefMapHandle 4852 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd15e825-f0d6-492c-a851-9808a9cc3c2c} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 4836 22533851858 tab
    3⤵
    PID:1876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.5.1331637098\1500203150" -childID 4 -isForBrowser -prefsHandle 4836 -prefMapHandle 5020 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c90a2dc0-ab34-4085-b535-3bca2c688596} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 5060 22533852758 tab
    3⤵
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.6.492445689\1469109674" -childID 5 -isForBrowser -prefsHandle 5232 -prefMapHandle 5236 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87f8cf1c-d171-4004-ae83-386ea7625952} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 5224 22533852d58 tab
    3⤵
    PID:1936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2652.7.24021098\1406679151" -childID 6 -isForBrowser -prefsHandle 2916 -prefMapHandle 3320 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1124 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b491d987-6c1a-4352-9a64-d87c5c173223} 2652 "\\.\pipe\gecko-crash-server-pipe.2652" 2992 22535325e58 tab
    3⤵
    PID:3284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\037778A55E1B7E9BED3390289866D09402D6C913

Filesize
9KB

MD5
2cd8cf8d0e7b10af5b2f3007eddb014a

SHA1
46d4f17deb6edd41bbf5f85594c2f7efb1e1dcf2

SHA256
2b9f6f6cf83547c8f2de41407311c56b041e9d37b10d0fdc320b42d8990b57ed

SHA512
4386284a48cc75cc31d3469c596817030e596e1296d5df33476d200072fd32e8ab5884ba336f1f1923c6f5b49b02704f1679d771b21ee64f1471209700d19b88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
28af59e81ed164b69536ba8581829c09

SHA1
15db9e1af89211945a1206ebc0c6d9d7efc2739b

SHA256
c9ffab05970a0aca1102e7a2542efc560a655fef89413719a3e226265abf8c28

SHA512
51be6161f03046b18300102df87c9aaa24e32a96067874610d58e4d230c6ca0c50c0c0cf5c736971d7962d0c32ed5c9edc1998619845f15985925711220525bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\384A4DF3F41EB300F4922C6E183F6FF548985639

Filesize
664B

MD5
59387624cbe33420dde12fa528e8121d

SHA1
5e1bef5016a150be895985130653adef03961ec0

SHA256
a6a6581b558bfd9832d53f46b1381b9d13514e585b8a5611daea5a44be6659fc

SHA512
05c732cea0ed3f5e67e679c478566032938a4f9578c371d7b6886fccaa16bbe923210ae51198ad71c10ab55f6bfea921bce885474267a9561fbe43fbf1f26bbb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
9KB

MD5
a0c96160786613c951722b47bc5226b4

SHA1
fe87dca231f9dc584a884e88436415f058516c52

SHA256
ae500320755f9f2953cc2563e944c7e3189bfbac42006d9f0adf65c37a64adda

SHA512
92947b6f299fe61d2113fc5d5e3f7fee2fc48d8edd85c3950368804219c22aa619ef77ca2937bcac5468e23400bfc9ea04302a07e4af965cf668e611099a83aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\739171EAEEDED01350EB50D8BF97AFB46709EE7F

Filesize
32KB

MD5
e1409e06aa029e3ff2efcd812a1f4a46

SHA1
3b2aeb4e1805a4d0289f85c86a2152c84461270d

SHA256
25a131ac612b0c9b959a14a457e758a70be39e6c2103d8684f7aac3d9204c85b

SHA512
1c6aa47009f65b2c7e1357654c2d26b6a0356f0f21373687de12c161d46c912db67aa68fe776ec30d6e7e1919d86032b63d4d70fe10a5d816b4da87a25e9d867

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
17fee5e78a5cefe7b4c5cd6976985b08

SHA1
f37821adb7be1215e6571f3831588f5655194e86

SHA256
5649b9bb0d0e1acaa0611747ebb9be28d8a2aa0a6b84cadece3379fe38ab07d3

SHA512
a7a2262e6903728bbdecab956eab1feaa974721ae3b5ad2e45e0adc77e7c5d3096c1072e311773369047c590ffb931e2b610078053d4ff4b3312fb8d1e4bca6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\tooqwtv0.default-release\cache2\entries\F210D48319A1879FD1C5213FA010C613B99BA085

Filesize
11KB

MD5
f6e15899c2ccde997d5c7a19c1ea0d29

SHA1
9c359fe83a2e1156a9ea8904ef71b211737995a3

SHA256
a90e8735f7d2367e535a4e0f0b4aa2053802e79ebb1500ee460d8ee1140e6747

SHA512
94a6b028e24aa55315b2cf70832552149799c87cc54fa306b0c6c23c1f04b63177b504461a9a166dca65629cf8ccacd502ba09ab2ce0924d8b024743f6ed9d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
192KB

MD5
c955289df76472ae34db11512b927f1d

SHA1
2eaaa1c0532b87010d4f3966a95b9442c8d3e9a1

SHA256
2ae3b0c4fbcdb3a70eac5febfd9d62f337398ff3856c4e426b28909fc2123477

SHA512
d6a7bc6092f5aef8b126baa1100859b794dabacecfc684b5fbcc1ada35c8befcc3bd406219f0a6c1193b1d84e6c8087a5dd78ba1c0d109ed36bbc6348db917eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
31df65646e0d39eaba57b39abd4d3958

SHA1
24430b27680c27787fba67e25a6e0436977ee2f6

SHA256
793e084833d69f84e5ed051c945df4a72f827b70e3f5428cc7bde2b3604f007c

SHA512
f758d47a7a7a3118da9acab4b2cb2990d68f6020b025750746443882caff818c7eedc55f4fceba20ba90756d275e5f85bb31f31229c8542e3084c5bf4061fa94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\bookmarkbackups\bookmarks-2024-03-10_11_On4adEV8LjsYAjzz80SXKg==.jsonlz4

Filesize
959B

MD5
37375636be451071fb1d8edd4c6e3a40

SHA1
b807ce38b0c67bde46135ecaadba87a3ecefd90e

SHA256
7f36bf8be367c23da0467084ae48db1e119199dddf94017b66995a49fe4e882d

SHA512
d5525f1ad568eea67c6cadb9d6801d6311ead2b502237177bc9ea0aa3d21c836971968e71d380df789467097beab8c06fc41ffe93ea47e448e4fe0d311d3e37f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
8d9ae9cb008d37e98b297da86f585185

SHA1
b1d5212394c78bf20d52caa907bd8d81573d2727

SHA256
565f0e55af7176075011feedbaa0512fb5c8edc8001618e48f3a1eb76b238128

SHA512
94150976c63682099c1c0f52cbb80e3fdaf4da58a192bd554f018c728e361f876b68bff355619c85459ccc9f393764f6fbb1f310beb4170419b5d3430646074f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\8821f739-31d1-4d52-b663-a125c32842b4

Filesize
11KB

MD5
31e8b962cd78bde0594674dee7589176

SHA1
9bc79cf373d1c8f8242530c8d34fafbc0e4c7500

SHA256
6b513e4b26e225e09f58112b9af632480a9dee0f3cae843b518fc84b186e36c9

SHA512
e90e1d81477b7d4e988b5b01022d327871da46a1f61c48c5efb24cec20c51a12e1cbf348561d6b6c405f23edf52232795a165effe86449fa6cc77dfe818bc1bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\datareporting\glean\pending_pings\f666760a-0d91-45df-8d0c-09bbcd3ed4af

Filesize
746B

MD5
8ef8c458f35759646e8b08a32bd9a218

SHA1
da1481a01f0ac7e96f6c674adfefd2251af488b5

SHA256
783b1ed5e2252b72d4d81719fafcca02f1fce7c83ee423984e6dd614e7de34f7

SHA512
332458261cf9fe1e749265cfb755e22c4a487bcd1ba92cf77ab3758cf1562d365df6e48735999fe3da54bb9bc33276b5bd418e11fe284ee2c29da3d954fa1ef3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.0MB

MD5
63dde56b345137674e7a4e687ef08b27

SHA1
5abb5cd04be1aee4d35104a0e61fb3bf5ac78d29

SHA256
a6c302e7222297008e18197f0f6054782f49c83f389f8816813df28c8ca92f7d

SHA512
4055512a2b296482cb4784024ac86af9123131528ba2b47c38bddcda876e135b09c5cd62c6e5d4eadb43a55826af3a03bc84afbe09b9b54f393d0f4add6f1293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js

Filesize
6KB

MD5
2fc7665b5b92ad624369cf3fa411e412

SHA1
fb8cc0c443a75ad0df46b5977a7a71856424ad1d

SHA256
1de59cd2f6159d95f09a0c5321601db50e122a67e2c8f57b631787cd7def05c8

SHA512
ee6ea76edfae49a93ce1dfb4e7d128d3715e5a97e038fa8f5647e1f3912a34eed7bcb6b2a0cddc2fd7387ec39619002e2152f7219f874dfc460d305d3ca1f2ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js

Filesize
6KB

MD5
e111f4ca373aafd2ee434ea8fc21c465

SHA1
854e806d7113947f2892d260c25f265e2448fdd9

SHA256
688a6536dd168379595561a739e07199e6a88f1ebf33c925632a119b5a5b139a

SHA512
8543e5409a1b23017ae449db98ba06b7f5ee19698d7afd5cf15cd604732c97764b93631127a60929257321e956ca9901a0efa41517cc01836311e7b26e090df4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\prefs-1.js

Filesize
7KB

MD5
4d686d09829b7e30aee0d3f8cc82a325

SHA1
2945c7010d2a57dd25994a3d57498b4464cd81f9

SHA256
73b999d170e4d4f0cfefbce84efbaba65388833eba8dfb4e7e98538fec777bfa

SHA512
2a9b49adc46aac3056e0be65cc29b72936edacb8d10cafe213daeffb0d050519c28337530ffe4ea59b942566b3b36db36fc49f842b9ac24f47e7869bdcdc2ef5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
220d6bb815a250934c77aa8d851d7541

SHA1
c5b6a23cbe84b2ff3ed58bda6ca3e14282d631ee

SHA256
89af04efd4367bc32744b2298282b4b83bc068c2d4350efbf0f106271ead7a4c

SHA512
5d94f248348495925f4f6e57a086b21db7d158389b010ebdafab880de7be47817b11c4a09545061390ccb6c584dd22b7ba2c20537f2aa01d068eae040ccd5ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
ca456ec8b0a0dc314afb313d60c454b1

SHA1
9cf50c869e93dc34c8851e991a2d11c6c6a7f40c

SHA256
a038dad758e259c051bff51ca14de2cbfe2f15f2dcc4ca80896e9605f750d5a7

SHA512
0e85aea45ec1c252fcd05cf782fb96b582aa0dd8f3cebec203650644358d1c51f074a88806079421561801b4419df99c7c150aa2c7dcb13173fdb8dd400cfda1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
1fb28937c4f8a92d0a6574705e593c25

SHA1
e4d4956b2ed5ed578a051eb686e5e9436e4ee782

SHA256
319eb27f212c87e01338114e6e8c9870b32ebc9f56dcdd3739929b7d309bf48b

SHA512
a53533f04b7e06bc384ebfff8825529f69eeef6c7e69a4142083e389e6b7dc900d19fd16bdd35f6205e16fe3fb6b511c20cf44cbb116d29bcc380e52abc391b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\storage\default\https+++new.express.adobe.com\idb\3736195190OnrogiatniidzneerRTlh.sqlite

Filesize
48KB

MD5
974bb14c41e2c6627b53bf9fd7255fa9

SHA1
e5a7e13127667a963c8d49ceba432633b111f9dc

SHA256
fc3e762d77781a10b06666b30b0172ef291d59d4bcc6dadef3136864fa5555d5

SHA512
ae470dd75c9cd331694adc52bb148fa01ae7148e7111bdc4bfb2c9908732594e848bffa6f18e4c439066d42072d80622aa371a73e2c5c65977a16bbb04a00a32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\tooqwtv0.default-release\targeting.snapshot.json

Filesize
3KB

MD5
35f1cd599b36e862ead27f3cada065cb

SHA1
f9e5ca55fb0020e0089e19b80863108a112aafbd

SHA256
eadc2cd73397103be70173350d41acbcf4882e4bd81960a02de081a8c5e2906c

SHA512
ffe93f6ee95c555a9cab19133d18d5788ddd5d6c9d57a2561225ad1699e907e8a02bec543d0e2a9eb0e1a95b9fc0b80596b05593a3f7039d51a651c711a028d4

Download Submit