eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

Analysis

max time kernel
1737s
max time network
1729s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
14-03-2024 14:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zbxl.zip
Size

43.8MB
MD5

da596c5fa1bfe53dc6ef777e810c2e7d
SHA1

dc756fddd264eaadcc0c8e8576d11259bbe1c150
SHA256

eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744
SHA512

bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3
SSDEEP

196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3281913400-1494313570-2321515684-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\zbxl.zip:Zone.Identifier	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
868	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe
Token: SeDebugPrivilege	816	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
816	firefox.exe
816	firefox.exe
816	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe
816	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 4288 wrote to memory of 816	4288	firefox.exe	82
PID 816 wrote to memory of 696	816	firefox.exe	83
PID 816 wrote to memory of 696	816	firefox.exe	83
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 424	816	firefox.exe	84
PID 816 wrote to memory of 2148	816	firefox.exe	85
PID 816 wrote to memory of 2148	816	firefox.exe	85
PID 816 wrote to memory of 2148	816	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\zbxl.zip
1⤵
PID:2772

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log
1⤵
- Opens file in notepad (likely ransom note)
PID:868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.0.1548179797\1288384142" -parentBuildID 20221007134813 -prefsHandle 1624 -prefMapHandle 1600 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd2b80c-3f9a-4ab2-a909-8ec912184080} 816 "\\.\pipe\gecko-crash-server-pipe.816" 1704 243048d5758 gpu
    3⤵
    PID:696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.1.239933063\1420880163" -parentBuildID 20221007134813 -prefsHandle 2096 -prefMapHandle 2092 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18557f4d-904c-4962-8d1f-d279935bb1bc} 816 "\\.\pipe\gecko-crash-server-pipe.816" 2108 243047f9858 socket
    3⤵
    PID:424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.2.2020696092\1171601989" -childID 1 -isForBrowser -prefsHandle 2752 -prefMapHandle 2872 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50f67c55-1d8e-4f1e-8ef3-4936ed596d5e} 816 "\\.\pipe\gecko-crash-server-pipe.816" 2764 24309499158 tab
    3⤵
    PID:2148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.3.909747481\1312078073" -childID 2 -isForBrowser -prefsHandle 3484 -prefMapHandle 3480 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {341f6e44-444f-4b96-b579-67207f86bff3} 816 "\\.\pipe\gecko-crash-server-pipe.816" 3492 24307c1ce58 tab
    3⤵
    PID:1944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.4.825690302\1776676420" -childID 3 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {860147e1-09c7-4db5-8033-aabb5b492e15} 816 "\\.\pipe\gecko-crash-server-pipe.816" 4132 2430afb7258 tab
    3⤵
    PID:988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.5.1289240193\895353591" -childID 4 -isForBrowser -prefsHandle 4908 -prefMapHandle 4904 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d55cb75-06a3-4235-a9e6-454d5fb9ff8d} 816 "\\.\pipe\gecko-crash-server-pipe.816" 4920 2430afb4e58 tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.6.219194962\889246254" -childID 5 -isForBrowser -prefsHandle 5072 -prefMapHandle 5076 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c99201f3-3e9d-46a8-8169-20c4b48bf34b} 816 "\\.\pipe\gecko-crash-server-pipe.816" 5060 2430b970258 tab
    3⤵
    PID:2960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="816.7.133597685\92112035" -childID 6 -isForBrowser -prefsHandle 5252 -prefMapHandle 5256 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1236 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {731baf7c-0d6b-47a5-b037-9473c842eac0} 816 "\\.\pipe\gecko-crash-server-pipe.816" 5336 2430b970858 tab
    3⤵
    PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cswg9rdm.default-release\cache2\doomed\20638

Filesize
9KB

MD5
3412162e495e6daa3d814bfcf59adca5

SHA1
9f9749fd16b3215575884a40f40d0b4d405fa45c

SHA256
c6488edc61efaae220694caccb5e29a1f42805ce522621050b135277356c0af0

SHA512
b51fb6c791b7e70734c2c77e754fec02fa8adbf91669205631e1e0f0970ee1a9501acb6e55e0693b69d8c63552925cdd3fac51e803bf8ade147c17295125001b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cswg9rdm.default-release\cache2\entries\A72798DEF4F924983D5A0DB82D383C613B515FF2

Filesize
13KB

MD5
b2ff58b1f3d0a1e0f809bb7e1b2cba10

SHA1
bfe193dd44c7d38589f45c2c7bb4e1886483aa16

SHA256
56e99f6580a9b90c812835058300ae4195b90f131c754fa83d08bedf49ba2397

SHA512
3c57b335913ed550b7707849d6935b07dff51647c86e706c5cb8eb4f6dbf090a0abb17481e5ffc1f5691dcd33578ebf6ab15070edac98ccc6e7eae45e5212775

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cswg9rdm.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
3fd2cf18a2f54523f51633013c05382a

SHA1
8f08466303af8d252596da7113ccef8b6bccd824

SHA256
fdd782ad55476fc9f355bac9cf61f1e8c899d0e5918280e60551b40c8074a69c

SHA512
03be4e840ac70e492085525660ba5638606a2abf2535864f15736ef4264ccaeeb97ac43a1d2f1f9915a69254dd4a38c29dabed2b291b04946f3ff65d4ea94656

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
b6d08df3d1cb097a5cbd5b2a856e618e

SHA1
4ed5c00af059cd82a7ab3ea29303612126d69902

SHA256
45fd0f837f5d24a823637301a8c454d63dd6c85d3b8ab3fcd140dacf40de5504

SHA512
3d3418905cf1890fc1d058f0a08e349272a1ce3407294d710179393ac767e8901f73d8141d23450e5b36c8fd93ac60cb364f202b133ff2e83b521448ac1b2793

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\bookmarkbackups\bookmarks-2024-03-14_11_zny9BuTasRZZm6Iynynjqg==.jsonlz4

Filesize
948B

MD5
ae98d0b399a17fb6d21c01af1c6bc75d

SHA1
f7f13037e4ad2a13755e56b6f34f60a112ace201

SHA256
2e2cec97ad6991610cca2e9fac3aea166d9d7c490be0da762e88ab3348d6b72b

SHA512
5ed03252cb2b60fddae9c6cc79d30890dd13161514b92ec9130223883d03033bfdc98e7e9f0bd5dd2609a9c3d04cb62cf5b72ec58da39c0a0be4cf8ae6295841

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\broadcast-listeners.json

Filesize
216B

MD5
fb33a3275c432a6e8764a58f39c86176

SHA1
c933b4240a8cd77af6605016081d9d215031d001

SHA256
c0cbc0d020f8c937a48f0b397f5a03e7ff764ab13ad0c519bdaff2ef85877f72

SHA512
be9e82476b0f5c66b38d43807a474032f42b75d25d5cc858d6a9d1662e9dd3d315c5f2d6f1f511d245bf766a53518c6cbc5d3852886f05abd57eefa1b6c2ce39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b1ded76e9940e20a4b8c3ed8386b5c0a

SHA1
a73d7d2fa0a687a40839b82582919b5a4b2cf63f

SHA256
61bedd68b06385bf5640f827c63a6cef122d162307440b9263bb8e853d2f1c94

SHA512
83911052e283c762b6607224ab2a73875ad30ed48a97eaee289d649d1a539d63284399e80061db9ae6c563044fda75099c090a6c946635237eab7fbdc4d22e94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\89d99e6d-2ad9-443c-86df-ec831e7929ad

Filesize
746B

MD5
c6529091dd3db6df523f55df052a1b9d

SHA1
b545d9105f622e4c43db66b435a7430349f15513

SHA256
40297e1106b3763c61070d5aad63daa0422b0e03f6e0e2781dacabcefec6ef05

SHA512
f7cb8d261f75727f487cb61aa7b6ea8e4deb905bc109b8bd9a111dedbdc5c03c84369424afea484455c27114bd829d8fd556300bd34d1e3e9e1af2e19988fe19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\datareporting\glean\pending_pings\b2b65f8f-e3b5-4c34-ac9f-458ed35b6268

Filesize
11KB

MD5
de15981398bd7c1ca48b9f9de7c22df3

SHA1
7a5d3c35e6f64b424be43d6585bc23f13afb13a5

SHA256
7cb2d6a294a7d1ad9b31c774110f7a69c1b194127fc0a821cac6f82533a35c11

SHA512
f2a933a1cab14fee3eb91f2498f87053b175c321595f7dfda6494b64fad9d6c8de26404035dc57bc9b952370f8207c21722800df749f29d3652d0c93e49f9e3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\downloads.json

Filesize
614B

MD5
8003fe8700b5b732aabd519fb186cda1

SHA1
b2d6eef05afd2e5122540f2772c886d642827587

SHA256
ac31a39634ad46435bc38f639e69c0d6844fb452dd7a90c98f9f10e0e43dd243

SHA512
8dd2409e135fe3ab933b63cba94ffae07d67a4a07624af3f5b04eb2115beaf970cf8b1d244c75fbd0911685ef3495f06203de524b46d59c76147a428c89d7347

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\extensions.json.tmp

Filesize
34KB

MD5
f923fd164367cc2ac075db804ad12089

SHA1
c60825ac3635fc83858d081a7f5b2421d0f6ac77

SHA256
e898c4b0689858a48495228b78c08eeb42b0e391b2d05b5405cdeda80a6b900a

SHA512
a209fcc7a01bcb6dfaf8b1190cc39163c6fac43861ed187adff747e399f9f2e9cd9e74b8049726d38348ea7dd9713e2223539defb3df6ee2ef639c1c06cc67ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js

Filesize
6KB

MD5
eba80e9be6e2f85e48a59f23b4863266

SHA1
0383485c5b359b52fa462874b4936bdfdbc21b13

SHA256
94fcae2e786c20fbb097cac8a4187218778a3ea2e083db00a01dc248b250f60b

SHA512
d596ebbb1650b569679c1fad31b7f28621cf313db056d4b802e7c895b35c75bbd5817f2773aca16b2ead5ddc49c890b6b412e37e469a1f3f7bc84c0a589d0858

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js

Filesize
10KB

MD5
8ceaad8e17b105ec9e6b6bb605745876

SHA1
5e79f253e1ee6af25647f2a211ce7ebc80f10f32

SHA256
425c8eb793ff143e174926d67dc3e2360e0ec9aff27a12e339354578d53dd0fb

SHA512
fe0d0e6075fb2a84a478a7528e1f5043f583be40e23987aa8a2e2293f32b741401ec9c0283124c359a7d45d2fc9977f2625c2a42089578c22183e3fb41a0cf5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js

Filesize
10KB

MD5
1be3b6dc62c6513ef47492fa4b8ff231

SHA1
bc93e3bbb17b40e6202593e7e1df6fa1b0cbdaef

SHA256
f137686a83d41dd5b9a7fa3854b40d8140d7a02381e7ca7d3d394798ceacc499

SHA512
bf229e2e9bf675061f23a503ef0d83b9cc312ace0fe0e8fb0143b5c9ad3b25b181eae8e20e9d95417f21d728750df60f8ce884db88b9cbd737b366430baa4be7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs-1.js

Filesize
7KB

MD5
62286a7ddf3e12d91578c2f261c92ee5

SHA1
9bbc4ced3f7776df88b41ffd769dd1e6dda37498

SHA256
368004715d5064e239e8b2e69459105dbfce15aac568d5febadca8e61e26a9b8

SHA512
c09a7a8c3ead45452abe1197a8036926e50058d9a10ec9c46f55615520c62c2f81c39a051be045f2ce8f2700cf83ee7eb690e8af399444c1b76a99cd3fdd602a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\prefs.js

Filesize
10KB

MD5
8082734da5d2eecb2751b8063e35a34d

SHA1
a9c2cd4eb7988672421e992b16f0c49e0cd06fdb

SHA256
4f3dbe4cf44820bede54400aa1719b2e4191f723e0584ff5daa69a78c8706ec6

SHA512
2a7b6b6a162c19c9650fe6b6d638256fe236bddf9836ca597d5f405ed91083ec2de6b47543503f02732d2b97469f258eb2776b3f9655a5998b4f21c607131218

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
88c9ec6ea3219b858d52d4f7781c5ce5

SHA1
a6795ff541d3ed6a46f05338a60bb65919ffcb77

SHA256
6a26a62b15d2462ebc8d53876a6f5914e51f057922538f34c2a6c1dce01f0896

SHA512
c987c359833221fc54dfad58f898e35f967c3e3b575b12797e93cdfdfd60d75d1476cc1c49465b4eb97164e6c83e0baed0c2c4a91b2bac6b9e44d518752b86a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
377f6cbfe76dfc91f9e06bd68d7f03f8

SHA1
aa6da11b320389dd23820d71d6538ebb1f4adaa4

SHA256
8833710b8a46435c2e47d15727ac465c3643b1a1a09bc35c6197777a2f8a18c9

SHA512
bc5ebfced1e7422c7018e880353f28735efe3dca1304681280d5a6a3b5d244c31799de20095a0dc750e57f845123145a49f8c6ded78823ca78281726e3c08758

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.9MB

MD5
97503691a3f4c595f4b9db02e6ac54dc

SHA1
58db2e5b88ba1454c8c9fa12fe37fdf195344171

SHA256
4a0d91d49a8315419b620146ba6acde899d0574a6596c462647ddd3cb70f5ae1

SHA512
f3ed4e5ef02a84a5376a3870330c87df060b2b234a69e6122a9dd717afef55884762b889212771056f79a7ad66be4eedc0d0ed90fd66f3302a4bc684a6ab75d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\targeting.snapshot.json

Filesize
3KB

MD5
d72cbb720301b575d3bdeae3ee8da25d

SHA1
012d897ad4bc7feded1517efbda723bbe1b7621e

SHA256
53a92e68ddb2bbdae44e6a6246e2ababcd60621aaffc1a1eca2423416ad46741

SHA512
6c7b95e2b22cf50aa0bbe1053aa885a3ba297a2070122b2ef4738abd161ff0243925f4e2388a66ce084db7fcde5e87da9542a6b46dfb226d4c7f7cac11d3a920

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cswg9rdm.default-release\xulstore.json

Filesize
286B

MD5
8b1d6a28df3512d618bb094976f24805

SHA1
39c4cf53c1c4cd98efdbd7596c7613a5ba710506

SHA256
859da1ace9c53c44b17781f80afc281982af867af3031fcc258aba07989d4b7d

SHA512
4cb6da5c4878eb576b30765c3a0f894d9086834ec8f4077b96d9260ca7a45cecd1931ee43717349689011c30f7dfc37bf54fd122b45db239f7c3b20365eb7ae4

Download Submit
C:\Users\Admin\Downloads\zbxl.UqkWap6s.zip.part

Filesize
7KB

MD5
5587f104ac27fa1d92907f262e56600e

SHA1
be6113f6a06884a9d461429f12f9474cfdde530c

SHA256
27a926a721ff2312ca809d9bd9ff6192f4c3d57b65e93d0671fa1088d8adab36

SHA512
f6768c0770c436670dd5089d6b587190e9c7ccc16bd87ff6152764201f1eff363836548115cd010eb3091f2cff6ace0b3599b79eb215d047e6f21641b5ffe952

Download Submit