9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
100s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (10).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2452	triage - Copy (10).exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4460	firefox.exe
Token: SeDebugPrivilege	4460	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
2452	triage - Copy (10).exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2452	triage - Copy (10).exe
4460	firefox.exe
4460	firefox.exe
4460	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4460	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4920 wrote to memory of 4460	4920	firefox.exe	89
PID 4460 wrote to memory of 396	4460	firefox.exe	90
PID 4460 wrote to memory of 396	4460	firefox.exe	90
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 2308	4460	firefox.exe	93
PID 4460 wrote to memory of 3352	4460	firefox.exe	94
PID 4460 wrote to memory of 3352	4460	firefox.exe	94
PID 4460 wrote to memory of 3352	4460	firefox.exe	94

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (10).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (10).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.0.1714887419\1866760790" -parentBuildID 20221007134813 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {246f9f7e-0d74-4367-a0b9-4b59692ee01f} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 1960 1967ebceb58 gpu
    3⤵
    PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.1.1532459460\803578658" -parentBuildID 20221007134813 -prefsHandle 2332 -prefMapHandle 2328 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2fb0a50c-e0d5-4379-aa20-1ae32b9eed04} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 2360 1967eafa558 socket
    3⤵
    PID:2308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.2.1000731019\32744014" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2924 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8d1ede7-97df-4787-9a2e-d192f5a6fb1e} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 1628 1967eb5e758 tab
    3⤵
    PID:3352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.3.1030914923\2084328307" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0d90ce9-5733-4f0a-a563-e103368a04d1} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 3568 19602f4f258 tab
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.4.63646504\1226078850" -childID 3 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f231ff75-e492-43e6-ba5f-33cfac41ba70} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 3860 19603dd5a58 tab
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.5.1807763975\2023039301" -childID 4 -isForBrowser -prefsHandle 5028 -prefMapHandle 5008 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7944649-d431-4a59-beac-e92429f6a9ca} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 5072 1960501e158 tab
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.6.376271751\899834557" -childID 5 -isForBrowser -prefsHandle 5216 -prefMapHandle 5220 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {398656b5-a354-497c-8594-1ff146e7cd9c} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 5208 1960501fc58 tab
    3⤵
    PID:3192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.7.1691102593\1938420486" -childID 6 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb3a7d4d-b7f3-4850-9368-c9df2a44e7d4} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 5400 19605020558 tab
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.8.1914616164\548846691" -childID 7 -isForBrowser -prefsHandle 5844 -prefMapHandle 5840 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db78d99c-d8af-4907-a946-4f3cef528e7c} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 5856 19601299158 tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.9.1503925717\1047799904" -childID 8 -isForBrowser -prefsHandle 6076 -prefMapHandle 6072 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8fcf75f-5030-41c7-818c-22b5d7f0b1fc} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 5996 19601299758 tab
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.10.786586019\1597510684" -childID 9 -isForBrowser -prefsHandle 5460 -prefMapHandle 6224 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40b0b0f-375a-4622-8be0-30a8b56b5715} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 6092 196065fc458 tab
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4460.11.1594943004\405617858" -childID 10 -isForBrowser -prefsHandle 3884 -prefMapHandle 3872 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4597cdef-c83c-4802-825e-cd1d133b68e5} 4460 "\\.\pipe\gecko-crash-server-pipe.4460" 3852 1960143af58 tab
    3⤵
    PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\11295

Filesize
49KB

MD5
f9c46f5a5a6078ee8387096ba071ab3c

SHA1
55662ab950034226b4c4bc2b6739a206577dc006

SHA256
d63fe9956b8c8037056816938d627e919ae43066d957231c903efdbd0d508bf1

SHA512
d4870f9d9de7f548a002626630e0bd2f513684cd437750ab7f7f80592b9ec0b4c60e911c6ad49247c8e08363c76ccdefc41c975c96d7ddf8f3b3d764f6c930ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\4027

Filesize
8KB

MD5
0030c4fcf3f46e002a1bd1e63e2a921a

SHA1
e380f80ab227cc94981bc34083cc99ce61a66b2c

SHA256
9ed7617d96b47fff656f8ce973687ee6116eded4c7a201ac1cfdbfa9d9260e17

SHA512
1bb13ba88ff38b3e5a20dd2ae4eec34b821b4cb827d20fba49093203ff6aa8e70a418b49209e21863c3afba29e45b5cccf559bfd890977163bd2b930282c8ee8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\459

Filesize
8KB

MD5
4540ded54a30ac517dc5b5e965f47632

SHA1
cad2346b55b9e1e972a17a2bc9d8bc8175c19835

SHA256
66487ac4a3a547bcb5036abceb35c96b5c33c30f37b8b0db3050df1bae639794

SHA512
62fd5e76360f59112b2608abb0297fc5862511fcc03fa208e2145d345c0e82efedcd508633ddbe9c95b160cdbb238104ad73ec2575688bcfbbb5bc0071add986

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\cache2\doomed\8164

Filesize
8KB

MD5
55a04691416b63f67e090c60bfa80c98

SHA1
6a8d60bfb2d70a773546cce475f74234efeb8b74

SHA256
96a9dac1b48fdbec7a3460637b5f01f4d349fa6a773d4953796c5f892c509056

SHA512
903f54c920b952c6afbe815d984b787973ca5110bac21ce2fd322593f76bedf3633dc14446561924e73b96a3f067c26dcd8f16180a1b85df4af92f1149400cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
80763cda150a322e7e790984826ba30e

SHA1
e125fdfe5cea59aa25b36b043f07de6a980e2860

SHA256
d2d76613f240fec6838a181fc01ab5d07ad8fcedd2100591b21140ce1a717e12

SHA512
fcb45142605462cadef9cb47abaf8b3ac33519f1fd7b4241c6a5245d91793583a5951404a42464580ed28f4b4e55e1c6d91d16cc2fd7ff77df01a9c5b759842e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\c0b38221-935b-41cc-a29b-df1e5f701698

Filesize
11KB

MD5
175d33e9aaf1fea3cf8a53dde603fb0c

SHA1
e5b1b1e2bf4fc5867b12e09c11dc4465b02f5ac2

SHA256
d4f57d85558d2e6a4ac0eff1d8201be15eadae065a35fa18b29b7f995b2ffb15

SHA512
8010b94e2d19ccd7f862037df694a4ed0e63660a63bf27909cf077e2a3fabff51aefcc1cc5ea020ead19f1fa0ba05533195942efcf27dc05a9c84e022995bcb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\f3d17b76-2229-497c-a9fd-b5c192f37116

Filesize
746B

MD5
64bee00cab2b9dd92c23bf4ca68e7f97

SHA1
f861fb54abe9115a2adf9512a12f35af7d66acc2

SHA256
9f93d0fa2112d45be9ad328fd28f6bfb07ab648a9d77db5a4e641a32c2b248af

SHA512
f895df2a7533df5d2a39e1b324d656f5d399fc9d1dcc8fd6006384cd807f0cfdde697d99821369305f0eab0b77d3c1c87d2f8820dd5adaa4525f5f0a4f48d439

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
7KB

MD5
ef3051f9abd7f5e43f1c4a2ece4bdb35

SHA1
daa069b69c0d04bb148e08416b340e71548ed51c

SHA256
d92ff295d022907ef651f4a01122faced75888a2ebf2f6737854fca5be5a0d95

SHA512
fa64253aef8417cdb569090d95355fdb71954bb952102a0a216b79a4901db7b453540366cb575aa371461646a52618dfc557a79152283814042c9efb61ca49b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
4c5950f26554757e3d307ce354d2914b

SHA1
1834ce84d89d827db20ba251e57aa826f947b387

SHA256
859e9c8df38e814b79a18fd4345429d792f03307c2874bc01491e7ae10c78dce

SHA512
3df9c29b7b619093413203c4b29784b9fadf0d3718ecd5843a52144ac646f675886d2f3a07f1d18ee16493c22cbb9a82bbb80b6e4a3b2c82db6650ca0c38a028

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
d2913ed8d3d142891e139b24eeb04899

SHA1
8fe9053eb9d2d72d285fbbda54253f82c5b65978

SHA256
9dbd07e35793fbb1bc527fd4ff36fe4af7bfbc9f47941a2f5416e14cfee5b130

SHA512
afcd4e0a96b928723624f6aa9c58297978b98d25b39a9a017af449fb11da68c15796000e20cbe63f3d1541ecefe01f20281b99156b551fd5c63922b1d29030b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
14114f4e1a5ab4ebd6ca3dbca785036f

SHA1
2d723e20400736d0f91bcabdf02194ca2cea1241

SHA256
b44c7c53d1c3da6fb69ff879dedfdbd9f4914de86145523a8b46fa2f05ef6eca

SHA512
5c6cda2a4019de0c404d2715b902a62c449b952c4dc9957054c48601eccfa8b6b0e4f9d97ba00fb5fff075571f1044f85190c282b66c4f534b091ee6448a9c42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
391a40a2c04c4523c8bad16f8b110bb4

SHA1
fd4a1a7f83f6e3e9c0e2c8b4c8f899ba9b756322

SHA256
882bf5f25acecbe443961359ba88fb615d0d900459d433ad77ef0042b52140bd

SHA512
fde72d555f583f744d56c39908ea709dc8f8a8742ed84ca8c5cfd3b80789302f63d543ba854f16d27e6a8cf42ee03727545120cc200d017d85b4d0b17e559f30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
eebb8eb5d7c9d43ffcbd4508da29c3d4

SHA1
ad76ce663028e9109443aa0f5b9c6db01580d4b9

SHA256
d3411f7e19aa9e3a9fa4cc727b75a05bcc98e2b612be5cef48f8a3eb2910aaa3

SHA512
482ce89c4b522fab99e03fec86b9b510a3921d02134606c3d9ddb20304fde6350f31a8fcba014f505f186ad0d0ad2b3baa09afe82dd032075408362c1aeb3e95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
dbea4995321bee0673af571ef4811058

SHA1
f644a2674eb42d43c1d6c14c3c06fcbb4803f1aa

SHA256
009631a43e498f0028b184c5c8064bdac22fd6d4424baca241dd67d3066cc74c

SHA512
cde33b593f73880e2df2541cc327cc5b9352431afd72a73ca6d38c2e8e28d4287f6af04e5c112a218add1799f05232951968cad4b5e78a6063ebac0fd51b07dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
a072d269f3512caaa9d79e8c4d58df13

SHA1
f42cdf3bd552205c5493f67120f391b4db3720d1

SHA256
1830653eea3d89f51ad14077ae3ad8f7b7e4f96bfa5086165815cd3a50521367

SHA512
a873e6aee179ddcfb49b3e7778c1e4a4bb34d3f4d023283892b199a65a1380dcd7ca51c9e8658282607cf9a94c7c51e83a39dcb7d9de3bc474fe9d38ba572f6a

Download Submit