8ed0c9391e135195769a6af53cb8160e9a28cc2d5afbe829a0a108219fb72b83

Resubmissions

29/03/2024, 01:18

240329-bn94hadf8x 3

29/03/2024, 01:17

240329-bnwacaec43 5

29/03/2024, 01:16

240329-bmzalsdf5v 3

Analysis

max time kernel
162s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/jasdasdasdasd - Copy (17).exe
Size

1.2MB
MD5

d56d4b12a8d0f7d4a5a94c2ebe246513
SHA1

95543e702e65b8fa2a115c9bbd30b2feab11f9c7
SHA256

f290fa5dc611042d27c5bb90f063ea2583053c273b0ff9bc0209533038410991
SHA512

516a94e244e8650ed5eb358c2cd781f0c827dca33db14534570f908d1dc52c83492d8f63fbf0578f15f0db1ee3eb5ed184fc3b784698464184604bec1bf2ac1e
SSDEEP

24576:LdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqBO:LdofGbSIQ177wZvYjiiRDXASat5RgsLN

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3036	jasdasdasdasd - Copy (17).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe
Token: SeDebugPrivilege	3240	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3036	jasdasdasdasd - Copy (17).exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3036	jasdasdasdasd - Copy (17).exe
3240	firefox.exe
3240	firefox.exe
3240	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3240	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3720 wrote to memory of 3240	3720	firefox.exe	93
PID 3240 wrote to memory of 5036	3240	firefox.exe	95
PID 3240 wrote to memory of 5036	3240	firefox.exe	95
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 4800	3240	firefox.exe	97
PID 3240 wrote to memory of 2724	3240	firefox.exe	98
PID 3240 wrote to memory of 2724	3240	firefox.exe	98
PID 3240 wrote to memory of 2724	3240	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\jasdasdasdasd - Copy (17).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\jasdasdasdasd - Copy (17).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3720
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.0.1428860135\173831707" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14215665-378b-4abc-a219-93b70d521458} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 1976 1a8b81daa58 gpu
    3⤵
    PID:5036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.1.632578145\1775448385" -parentBuildID 20221007134813 -prefsHandle 2364 -prefMapHandle 2352 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8f2c378-25f5-4078-8f79-72d19e91ab40} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 2376 1a8b7efa558 socket
    3⤵
    PID:4800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.2.2133765146\2066995655" -childID 1 -isForBrowser -prefsHandle 3132 -prefMapHandle 3128 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aaba0b40-aabf-4959-8a7e-22172683e0e2} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 3120 1a8bc190b58 tab
    3⤵
    PID:2724
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.3.1595862335\328986015" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16e3411e-229d-419f-8ee5-36cd8c345088} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 3552 1a8ab761f58 tab
    3⤵
    PID:4932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.4.325353596\1517847713" -childID 3 -isForBrowser -prefsHandle 3804 -prefMapHandle 3800 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb859ba3-2047-4f9d-ba01-7267d023850d} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 3816 1a8bc788258 tab
    3⤵
    PID:2136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.5.661449346\1855155457" -childID 4 -isForBrowser -prefsHandle 5072 -prefMapHandle 5048 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3ecc60e-9fe2-4edb-beba-9b4ab8f2d924} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5080 1a8be2c5958 tab
    3⤵
    PID:5080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.6.1884358625\1351963218" -childID 5 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a5470d7d-9bd5-4b34-a057-2846997d2601} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5200 1a8be4cee58 tab
    3⤵
    PID:3832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.7.2112577241\1783446455" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e9e55bd-65bb-463a-9e72-ab973387943e} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 5184 1a8beb1c558 tab
    3⤵
    PID:1576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.8.814865988\714730965" -childID 7 -isForBrowser -prefsHandle 5744 -prefMapHandle 5928 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe08dfb3-a668-42e5-998e-8caec3203ce2} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 1720 1a8b81dbf58 tab
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.9.178361467\709151224" -parentBuildID 20221007134813 -prefsHandle 3076 -prefMapHandle 3048 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f49cddc7-5699-4208-8a80-e0ecc11818fb} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 2832 1a8ba78d858 rdd
    3⤵
    PID:5636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.10.829580619\1072872582" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3508 -prefMapHandle 3500 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {01b81bc7-1cbf-4985-9e0f-b717d87e7920} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 4256 1a8bc121058 utility
    3⤵
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.11.1095044999\1666570972" -childID 8 -isForBrowser -prefsHandle 6224 -prefMapHandle 6220 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d68b0e8-dda0-47d5-b265-ae11bfb9b519} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 6232 1a8bf71cd58 tab
    3⤵
    PID:6076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.12.1823596090\1340095463" -childID 9 -isForBrowser -prefsHandle 4928 -prefMapHandle 5780 -prefsLen 26772 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec2ef0d6-9bf0-4e23-8d74-f195f0ac8b10} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 4232 1a8be4ce258 tab
    3⤵
    PID:2592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3240.13.1596907564\1458930264" -childID 10 -isForBrowser -prefsHandle 8512 -prefMapHandle 8500 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1184 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35150d85-8bd5-4a3f-bf2c-7dbe4074a465} 3240 "\\.\pipe\gecko-crash-server-pipe.3240" 8524 1a8c036fe58 tab
    3⤵
    PID:4140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\13797

Filesize
9KB

MD5
fa5cebf42dd113cd2eb5fb1acc9e26e1

SHA1
bb8f274e18bf624815d12042dc7aa2572c930679

SHA256
93e009354f1b88c7f03475e69d47ec66207a36f4af17fd334524bd8a5c178830

SHA512
72e721f9871abb824cbf4f92fb8a45273ef59b64964b3ea0e3939bae9ae76d35141cbfc0fc7375c1996bc48f9d814a3b633dfbb1d15038e2bac666c3e55750d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\17307

Filesize
9KB

MD5
a7946a846c30bea2643b6b9caa8fb308

SHA1
03a8d86ff036cf7d5b626b55eba57eb5dabcdcc2

SHA256
168933cf84885729ae4511d4dc0dc74723020be5b52d76ff6418c3af9d3fbf90

SHA512
0d72d958e0f6bff7d245d9718289868de595d645737342163951f97020a6881348e84e5d587efd444190f754625ce9e96c7286e0423961cb4e78bcd2c1674176

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\22000

Filesize
23KB

MD5
8c885fbfb212fda32989d761d38d6a49

SHA1
8971042074a951e4d89c48f421fc42724b5dec4e

SHA256
ccf0580bae4705921ea398179e03f6bc556aa0f6e313fde9be552c788a73aca1

SHA512
4918d3af216a9f689de33be9bded0e642e0c472ecea93b2d774c2e0c8f539a4baeb99011cc7ccf5bdeb31d4c40b34b58dfd8545c62aca2347d736d659dc546f4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
ef0056c7213f015ea7ec682fad9be984

SHA1
de863c06aa74c9a42c1129a3f5c42f0be218dcc6

SHA256
9ce52769c8035dbae305a24107a7f3f49fb64eb75f455326c9b663f596afe0ba

SHA512
ba135d04c340181daf87667dba3ac654679391c0b7ae488e790a461220411def3316736c3f13087299f86fc2fa2cc9dc3c5649b906e6e3a0e9fca1d10bcaf95c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
5bcde4022d216fd541747dd97faee2d2

SHA1
6ddf4816b62c7a8a5dddfdd651f103b1bbefe699

SHA256
911ccccba05a659d8a0989fd6f0f63daf4b02346e2e3aa35a892f028ec48dae6

SHA512
d71e2b10a604d7d1e444f3816657a24e7e17dd22c701401d4441084cd72f5870a6fa4b0c22548846ed0ace287bbdde1c9cc5139f20816f125027ba2be97a1d0b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\22df99a0-2323-4151-adb5-65d38b5311fc

Filesize
734B

MD5
40a381c1044ce2ffecdf44915546404c

SHA1
834bb73df929c74da3be92be043a470ff4f5865f

SHA256
c5b6005c209e7c609537bfb4e4559475088acc311be0f8b8827dd92c5bd191e7

SHA512
a82c71d01d8c943f4464ed9b5be4d0b344fb9f7ce0664e899d37f57a874b7d4b7cce997fca7a4bc18f0d033f25178bc6d967167edb0d4e291b5ce6b9b6f3a1d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
2052e008088e115c1c7c712b451dc069

SHA1
a1580a3af4b41c0932ed7e441c6bf2d96723157a

SHA256
d92c15d8d4d89c883407373a248d5f7fd2f1bd8f4b5604cf9637cdfdaae2f510

SHA512
4f3c91f646da5f7bf355f386f9b21fa2c77ce8c1fb55ab2ddbff85899d56f3f895734aaa63f43d188ed2e4dcf300a9291b89b581054f69d76e507a96d2290618

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
7KB

MD5
95ae13ada8a060fcc9f5cc7460ee9199

SHA1
0c582ffc8100b18171717d3c86dd810a17a50270

SHA256
e1598bd8e3ff03755e0c71e90087a440d3935d9b8a5bf083f70b41cb038d296d

SHA512
0675ee0c96198834635f25b10153015b28c3b88ec9a3d333f13530c0c2c49639144bbf33546e95d5591b7f8600bd6fbe0244c109c358a04b374794f58321d64a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9ed375c6eaa6e73ac9626711664aad24

SHA1
5ac9262f3723f79c9183437035630e1937e4227f

SHA256
385f958f0c23a9e15ec04c07ddf4e533dbf67765ddb9281ad8afd1caf1721afc

SHA512
551902206423a277b8cb3705bc99818db5834a7ce274aa35e0d75bebfabf9e14918338ef1f29cef87853946103f2bb6b7b8d33612b6f98b9a2a47989071dd9af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
cd469bfc5a4f1c7af701109f31f7f002

SHA1
1c225cb174d1b09f704e34159fadd162f82e7409

SHA256
93d529b1255c33cd2f8a395d1ff38da84d5761b45ef9b2c88b46866b3b875403

SHA512
f2c23e46ae6bc157ad844cafe4f01a59bfb8f36a9594305ea7d27374eddbaca4187e39741e109c6840daee422034356bfe1755afd87ff24d41eef3e88f4ea956

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2277a3f9d5f00ead118f9042ff92dace

SHA1
396e412dbdb90d3631c981eaa242612d81b5e0c5

SHA256
b0665b04f73db51f44770d6d3787f2085febf4d441ec0080ad1b72188260996f

SHA512
478969ca8f821811a9f9dfe09eb9c3a0f41de8cccda68d9155dd1a776d87f417ec8c1a9bbd79ce009c168738d818db8dce4cbc7fc2e9462bacc725df3c3dd765

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
12715a7e9bfd7a6067cffa23da34cdf3

SHA1
9c63ab36cd9dc6b55e00578a6384b8365db0e858

SHA256
83f44d93b3c53911aba3ee8920c354802cccd14ca280179f0784dead8fa02f3a

SHA512
9c8bfade68f227d135c39c06bc8d4b249263ddce331b9e98c2ced8abf9e8fd9f7eece01b0ef6a286e3eb871ba308196ff828d07bca301c033237cff4e80afc51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
02818223398d672f1477cc82fa697c58

SHA1
55514deec920b784d8f9b4b37470088ad3eabc6f

SHA256
2e283ed0bbe74d6fe34a5193859d5ca9145b18694cf9c686cee3336e3838c8cd

SHA512
75a1ae100ad02c9461b92fd30990d9503ec4604c1fe50031fe52b269a9e682730d81eaf006ca858e028b4d8e2c10469c87038590df111763ac8befff69d6f0cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
be4ea087e7cb37233d93eed9cb88ced1

SHA1
ba9622c8cc6c334bce84929561d47b37afa9f1b3

SHA256
e62dd802997ebffbf5b1ece7da002e0b28ea7616740694e9061bc1d8e1d08ba3

SHA512
04bff03afd1e1a3e9a37781cae7bdd3e23e324d4a56e8e9d5def5d295b1b72017d7cbcf7c5dfd9e12258e3159cc534a84baacc1aab89648eeda330b953dde745

Download Submit