9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Resubmissions

29/03/2024, 01:48

240329-b8d7kaed2w 3

29/03/2024, 01:34

240329-bzjqpaef29 3

Analysis

max time kernel
123s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (21).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4124	triage - Copy (21).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4644	firefox.exe
Token: SeDebugPrivilege	4644	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4124	triage - Copy (21).exe
4644	firefox.exe
4644	firefox.exe
4644	firefox.exe
4644	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
4124	triage - Copy (21).exe
4644	firefox.exe
4644	firefox.exe
4644	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4644	firefox.exe
4644	firefox.exe
4644	firefox.exe
4644	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 3932 wrote to memory of 4644	3932	firefox.exe	86
PID 4644 wrote to memory of 3084	4644	firefox.exe	87
PID 4644 wrote to memory of 3084	4644	firefox.exe	87
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3324	4644	firefox.exe	88
PID 4644 wrote to memory of 3044	4644	firefox.exe	89
PID 4644 wrote to memory of 3044	4644	firefox.exe	89
PID 4644 wrote to memory of 3044	4644	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (21).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (21).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.0.1037876228\1607625543" -parentBuildID 20221007134813 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94ae5375-da8c-4d2e-91e1-db9a60491727} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 1960 2016b20e158 gpu
    3⤵
    PID:3084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.1.616265197\1080479245" -parentBuildID 20221007134813 -prefsHandle 2348 -prefMapHandle 2344 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec7d553c-dcdc-4366-a2fd-64cd5e94c278} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 2360 20169c39b58 socket
    3⤵
    PID:3324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.2.515205365\513613987" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 1656 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d97a7111-88d1-473d-ba3a-85a2edb15707} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 3320 2016e238558 tab
    3⤵
    PID:3044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.3.2123338341\1430654054" -childID 2 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a7e935b-a729-4963-b720-235083f76461} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 3552 2015d85ee58 tab
    3⤵
    PID:3184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.4.1341760707\772973426" -childID 3 -isForBrowser -prefsHandle 4536 -prefMapHandle 4548 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f844e9e3-e1b2-4abf-b38b-b913a7e209e7} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 5028 2016e2f9558 tab
    3⤵
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.5.964896957\2129633464" -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 5172 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5370f46c-95c4-4c86-8f5f-64044c99cbda} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 5184 201700d2d58 tab
    3⤵
    PID:4340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.6.848139064\428177537" -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5392 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {537cad8b-04e3-48e7-840f-8959aa9a29c6} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 5380 201700d4b58 tab
    3⤵
    PID:3024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.7.1732025729\1578475356" -childID 6 -isForBrowser -prefsHandle 5152 -prefMapHandle 5156 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c806897-bd71-48f2-a446-05c2e9ab30af} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 4548 201712c0558 tab
    3⤵
    PID:3008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.8.1103369225\168541686" -parentBuildID 20221007134813 -prefsHandle 5880 -prefMapHandle 5872 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0725b0e0-0745-41bd-b86c-4b17ebc7b62f} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 5888 20171cd6a58 rdd
    3⤵
    PID:4032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.9.817172986\1969979778" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5912 -prefMapHandle 5924 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ccc0ef1-0cfc-4e21-98f7-3e2981dc5d09} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 6012 20171cd8e58 utility
    3⤵
    PID:2008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.10.1423559722\187338821" -childID 7 -isForBrowser -prefsHandle 6208 -prefMapHandle 6196 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58989610-aa5c-48a5-831c-b154cd577133} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 6216 20171fc3758 tab
    3⤵
    PID:2668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.11.1595926877\918059278" -childID 8 -isForBrowser -prefsHandle 3336 -prefMapHandle 3160 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7316c798-df49-4625-a63e-4e58be7ade4d} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 3580 20170341958 tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4644.12.980835798\1972092145" -childID 9 -isForBrowser -prefsHandle 10280 -prefMapHandle 10264 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1188 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {700f768b-5784-4e69-a88d-1cf40f929bed} 4644 "\\.\pipe\gecko-crash-server-pipe.4644" 10252 20172860758 tab
    3⤵
    PID:5636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\10063

Filesize
9KB

MD5
0624ddfbcc23422129bd5866560f77f3

SHA1
3c8b7abec618e4cdfb4b1c700aeb8163d91add6a

SHA256
0028338a39f365ba0c90a6f8b9b9ac671db7a3934397550cbcdf92a8228465bf

SHA512
d3234945b931e89ccd88f06d2e50bfe7785a95d1726f433784a747370c4145aa91cec63984813e5d170d19dec44957345e9a5b18ede252ece28d9e5c2433ff2b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\12207

Filesize
9KB

MD5
9b15bccd7be4ee8b8cff0d8a36146fca

SHA1
a1d858e5497ae0e48481ca1ac68e838fb59b8736

SHA256
00d1044d10db9c7efdc978de90cdc290078ab6d6a907c1632831c85a607f4bfd

SHA512
a372fd8bdd6d0e90a3ac294ac51ff13622019f070d2e177e060c673e95bf37744032ad1838f99d1ea6e8f5541e99f109e00cfdc9aa1fb199cc89fb7b49ea6e5c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\21845

Filesize
8KB

MD5
371486a3768fdd208246327110d35364

SHA1
d8956a354dddf3f46917d63dbedcd5f0a2dfa2ca

SHA256
6b30d10674fc78a782b79087cc8835479e74b3ad7180234a9e5a73b9c157f088

SHA512
46d456a46c3b39cd5c33f42b98d5a079c0b02087a481f827ab1f7b23a53c598895231c0c6520a678647cbabd19361eb417dc0590b2cc47191266aef10d387f42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\26118

Filesize
9KB

MD5
956bee51056e04d4a81344cb8065e660

SHA1
2578a1ace0677cf0ba643e9deb866ed3a44197f1

SHA256
ae31bd83c97094f8b1366e460025bd68ccd7f2301f8b8309610eb7e2b5bf0470

SHA512
a1a26b8a465e5ebed0d2d9ac27880bcb370b1b9a21ea23ee10000d26d6c011e9492b3b1a80eaddb50cd5d529a1a5cbd29a48ba57b79f92fe9330841ca5372595

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
6b4a66c5f8474bd42675494d4496a0a0

SHA1
eb76042e181a2d47dbe2ac72c8b434d05c9b990d

SHA256
8397758a4c4240ac4a51b0c6a07de9f5e6fd061c5bd0f2976374d4d0b0ff79b9

SHA512
9f2fa01951124898997a7e29594961eb64c115db5e2fb421551097bb1b3557a34b80e55ac5b165830bf2da0e9c3d77d4029ad8fe7fff1ec897596e0f2542136c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
95b74e426c3ea70041142bfa2cb0ad90

SHA1
a42b987a90c1238e1e8b20bf673349981884883a

SHA256
9963b144c032023a3dd56c2a7dd9e3bb05090e4c603c42f8f3f5304298a748fe

SHA512
687e339adbc9d91c11a85f23a052e92b553e224701ce3f5f82559386ecdf7fa8a2377984ff2b2a32b7df3af0920f274d6a381e3c60a43d82ee07afe32111d72a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\6e151972-03de-4737-b527-a7490b2c714e

Filesize
734B

MD5
dc75d43a0c1e5b7cd31e93038e9cff26

SHA1
753511362d445d2c77515986d4b6589dc27e87b0

SHA256
c6a3964adcdbd0828ef2377931dd3fc15e6e89b72bd0ab43eaaf5996458e2d44

SHA512
86e21be51da5886dc45d489b622d557057a031ae91a6b9605b3def26c33a5ea8b427a0eebbfdc9139e4ab496aca585a167161bfcf100985eb8fb8393e1f91b0f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
7KB

MD5
4fb4593cdf8a658c6e24a4960cc779c8

SHA1
1a4dda1c684c8485b729c56bc39f6bcc8be9a14a

SHA256
cb4d020f16c36854d6d4126a59a6168c8d61770d15081b269af2e84d9104b587

SHA512
720b9b1ddf77f9b9617762b12ea98886680de436769176cd5d8324f5ca13b2ca0567bc98e4651da377979dd48e764e89e3c1a236c9bead0a31497790c2d7316f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
569a1b27e071391e5e8b13b5a8943d91

SHA1
2528d92b37595defcbe66db5765edf01c572eb6f

SHA256
543c357ed543080db470ef347173968412e705562fa2157313a09cd75a0c8019

SHA512
608128f8dcd73a1d593e3c354598d22faf66bf3b4530d42a18d71bd247466b465fb7c8d8a652593c9e531945bc4c30f7f0bd53e60f7fafb7ad0629b088c61c29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js

Filesize
6KB

MD5
b92c25a99842789b005b61f7ce464564

SHA1
744a6993854c999d7d3ba06ace0b39bf35661ceb

SHA256
d2a41ad4c65c4cff3532b67d134508f30b9c09a81af774285b7f596deb560a8d

SHA512
905ab5d2bd30d49eb1577b82901a9b5b64a9add632f1cffe56d3766337bda7a5f569c575c1d35407d51ccaa3199ebeaa0d523e09755d41007ac55450066340ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
552a830812db32085b0d3a81b50a82a5

SHA1
a8726c3f71459ff852cf96f0ff6aaa05f42c0811

SHA256
01a85be128cc4c253d0b0ae1690cea323c4c016312d219a18b2e4cf0619c12d5

SHA512
b09d6226856a06827347c63b5d46679b43ba485f83cde6577dc89bd66ef35907b1634d943b349093680ff84bf3670bc0a41312dc5b510650ca1f146d08a26e7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
647a66cbe6b011f2321b92ef311cec9d

SHA1
3235f1c522825c83e0b6ac010e06c66a3114be1d

SHA256
8f0f2e415a86695bd758d7b8f45a3114efd405fc2af0d0f5af4f886f62cea4fa

SHA512
852be569ac76bd5795368b354a7aae0962c70e68df1c2ad80ca6df4c3fc690026d9647e19822b4ba272c3f91828b7d8f94bc67ef6b1e21fe09405ccb0cb67ebb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
02c7be1c6d8a73539031691a9e0d758d

SHA1
2d65a84cc8efccc61deaec40b0ef31e803f54a94

SHA256
0d7ae6e431880e1db035d1ca07c0be12e00041c3bb3d75c4d9ccb7c9f53216a9

SHA512
7373cac515d9c7bfcd020da0152b415386f9f35692a25156496d110c0f0e6cfccbac3a5337a6df5e36da1ac7e9dae214f599b1f58d63f04a22a8503e5a9f44c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
8c9afc9573891a197e5cd5b2a6deb447

SHA1
82ff44414e755396d5fb8b93868099a438c0a9ee

SHA256
d7a0b8c20fc884780e28c0e73274ffb3e08804199db9e8b9919a9bddb61fa22e

SHA512
c0b26245c5c4f17a74c94398687f87184ff01850357cca4268a2e162ea571209e1bd99b4d54f60f0798ba877b5d1180a3bd874a46eefb39efef0355ca5080a55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
782f5ab0f0f35b75dd82d8a4868149cf

SHA1
e61383b5e86a1bb28ea533029c70ea999864cb74

SHA256
4acccf28aa43333e4fef6d4af6f0673e235a1cb13cb53cac0b5dabb142231520

SHA512
f361c93ab89429ae5730ec85122e410419de7f56a36bd1813da69b4903628e543c4a672138b1864517e5c98f4ddd1f562f4b3ea9d9b5d0e9f80f5f5176bdfa26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
4e55ab2dfc44d86b18cd25447815bb63

SHA1
d43c61bf7d94ee4bbfe6d9f745f422efd1d7960e

SHA256
d10569aad8b4eb163f4afc1065328a3558af2faccdbe0f0deae01a1a5ff88efc

SHA512
52ebc369b242ae7ec5079d29139ab7ae149ef84122981b0eabfdb77227e75181412433ca05913d8b1a88b3bdded0aa79b64fe3eda9a8e4f909b216bdb4c514cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
feacfeaa6370d0dd460a0609e1e1435e

SHA1
1463da69f34d0efa56e61d9dd55ac1f435237b5b

SHA256
d57b87db93a487d521c52be8e0d599fcfb17e8012f6066c303f4e48e92c3f439

SHA512
61097d4419f67e7b364a5f0f3a248d801e0bbff2283ffce8cb89a5d43309145288c20ce1a6620217c81256db7da81de7d184a0c7eb769ea237902a5abbe5782b

Download Submit