9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
160s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (18).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3908	triage - Copy (18).exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe
Token: SeDebugPrivilege	1324	firefox.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3908	triage - Copy (18).exe
1324	firefox.exe
1324	firefox.exe
1324	firefox.exe
1324	firefox.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
3908	triage - Copy (18).exe
1324	firefox.exe
1324	firefox.exe
1324	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1324	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 508 wrote to memory of 1324	508	firefox.exe	97
PID 1324 wrote to memory of 2272	1324	firefox.exe	98
PID 1324 wrote to memory of 2272	1324	firefox.exe	98
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 3200	1324	firefox.exe	99
PID 1324 wrote to memory of 5108	1324	firefox.exe	100
PID 1324 wrote to memory of 5108	1324	firefox.exe	100
PID 1324 wrote to memory of 5108	1324	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (18).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (18).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3908

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:508
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.0.1208296163\1859673527" -parentBuildID 20221007134813 -prefsHandle 1800 -prefMapHandle 1788 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de7a15a3-860f-4db0-8b12-0df2b2403677} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 1964 1b6ff6f5e58 gpu
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.1.1761046535\1717853594" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3acfc8c-1b91-4c9c-ba54-c7e0d68d57ed} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 2364 1b6ff230e58 socket
    3⤵
    PID:3200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.2.957096663\1493589171" -childID 1 -isForBrowser -prefsHandle 3020 -prefMapHandle 2936 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83b359c0-54c1-4bf4-8cef-513c629a7fa1} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 3000 1b686181b58 tab
    3⤵
    PID:5108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.3.176916212\1413717396" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8356d05-21f7-4536-99df-bb5b46caea49} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 3580 1b6867a0058 tab
    3⤵
    PID:4032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.4.1274597840\131988371" -childID 3 -isForBrowser -prefsHandle 4672 -prefMapHandle 4668 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91c6c33f-183b-45d2-ab46-ffb84102bb8f} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 4684 1b687dc6b58 tab
    3⤵
    PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.5.2048086835\1038654794" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5108 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2be5225-e949-48d7-87a9-a0daf1d2d967} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5048 1b68837c158 tab
    3⤵
    PID:876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.6.1993180650\1984657520" -childID 5 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b678891-526e-45a5-b88e-66b6ef3ab482} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5228 1b688730658 tab
    3⤵
    PID:4824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.7.881990337\1414871997" -childID 6 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62c85c51-b0b0-4349-b3cd-7155bfaee820} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5420 1b688730058 tab
    3⤵
    PID:948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.8.1811191425\1158824077" -childID 7 -isForBrowser -prefsHandle 5788 -prefMapHandle 5784 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9a407cd-e8bc-4e14-a4f2-8221f50c9d00} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5760 1b687d35158 tab
    3⤵
    PID:5712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.9.1880831848\50170039" -parentBuildID 20221007134813 -prefsHandle 5964 -prefMapHandle 5988 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef54aa85-0483-41b2-8197-16ce5337da16} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5976 1b6851bbe58 rdd
    3⤵
    PID:5856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.10.1872805579\1037711889" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6136 -prefMapHandle 6132 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {825b3606-2253-48e7-862b-07e810477fd6} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5832 1b6851bca58 utility
    3⤵
    PID:5884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.11.486775093\1115743857" -childID 8 -isForBrowser -prefsHandle 6472 -prefMapHandle 6468 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aa8631b-878a-4cd1-be31-223a515480c4} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 6444 1b689ab3f58 tab
    3⤵
    PID:4276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.12.328655063\247767395" -childID 9 -isForBrowser -prefsHandle 10096 -prefMapHandle 6428 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d005d5ef-9137-43b9-a8e1-afceb013aa22} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 9820 1b689d9a858 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1324.13.1428518487\1863441690" -childID 10 -isForBrowser -prefsHandle 5704 -prefMapHandle 5216 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3fd2715d-d79e-477e-876c-db47aa97e900} 1324 "\\.\pipe\gecko-crash-server-pipe.1324" 5696 1b6851bdf58 tab
    3⤵
    PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1424 --field-trial-handle=2180,i,12780723798465539942,12010519452607841069,262144 --variations-seed-version /prefetch:8
1⤵
PID:5612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\52D6DE9CB6806448C8C808EA8977B9006B2E8A5D

Filesize
10KB

MD5
667de87289f7aca62a06b217d8d9bacc

SHA1
32165c6fcc5c9935ff79604d3e1dd69786bfba1f

SHA256
00bc8338e36f8c7992c86441943f3e90b0ef5e42a9c670408e95ab67387753fb

SHA512
f4453b9ecf98777f7bb7a1de7aa2bfb493a6c294487a1912b478ba01963b23426f7b89a816a4bf0b6581de7198cfa1c3d27dd5bb58e1f82b7a53ba042bc19799

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
c4963463a0667354d0fbb9c05f83a9d4

SHA1
08e30d27fc68d6fed2e4da92561606368738a622

SHA256
7c255461e99047154ea10d1fb5e19d360c9c7c4e0a7896d916278554854aaa85

SHA512
8d1b73c7a7651601773a29b44601414b93187f583a2cb8dba1d5b37707ef0d4898ccfeebe4e3c5ca8027c1755fab33549f6496a04bcc7b75a09f37a5d63f3268

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
80d89c80a05633799ec5870ab141ce76

SHA1
27265dc258d7daebcda20899a8696cc2dc3a3694

SHA256
c5488b76421db187869cba23f191432f20b8b010360b77b05c84a951c055c7cd

SHA512
11df53866d65fe5b3cf011027c11f81af6a1e2543bf322597e27c8c61800fa8fd549fc79158fdf031fd8a0666e9255579fedb37cd17e8d3627c2d38d52462164

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\0b5466af-34cd-4a03-a3b0-1174133b86dc

Filesize
11KB

MD5
9fc124f542988c8ff86f7e1b76d22ea6

SHA1
70768b6a14067dcdde6e8153bdc1ef682f8e69bb

SHA256
d2cdf820f15f5ebd3707a74e415be21dd83002efcd578afb2777f48d7c6f5457

SHA512
e29e1bdee2ff648e5fd22e7e04c55bb952225e20decdc67647d0e2ece76aa7a43a8834487f06293f090125dcab84b9db0a5cbb03f104fc4dd6ecc548210645a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\4af82822-3165-41da-940d-e44a5a4c1632

Filesize
746B

MD5
3dd701a6d48601619a8c3a750d7f016c

SHA1
92de03450e8ebac94366be7796715264d6b1be09

SHA256
050fb7a8926ffb6a4e9440c142f63896e912db0763a408560ca2fd8759f7ee31

SHA512
80abfeb1c57e4286d2dae7aba940131eaef0ebabc210c172be96d30b192fad34fae1c2efa826e65fad1ef269d8e62f2be4cdce347d2bbfa3c3ec677f45119cd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
e8c94e3686b744f4860ed54d02de13db

SHA1
bc254e057926b71af0d87b104908043c68114e2c

SHA256
f902fb3a5c9148035c86aa263b36495bfddcb2e3884b369cd3fc095ab07c7d8c

SHA512
0fd20a8ea45b9bda9fc3b53ae9eb2da1482a2eca6fa0582862d893137075b9c8cf2c5b74bbeff32275b0f33f207265e40bea4bce9dad42716d5a09e3f8619ba6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
16e52ae791525ef49f7c21570cb1bfbb

SHA1
78a85b277299cfc233904e7c0d46052ef6881e2b

SHA256
fba9c08746777eb01debfaeac15273bb6210f3c0d044c94311d1ccf937f5d76c

SHA512
b18b8930a8e8c85dad67d43414e7042289ba7260ed270b578424ca6616480539efc612019825f31c704f918d7c5bcf8c44a89ce7b9c43b1d6d2987da0f56db9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
0a7f01aa04723d4f1e57560295fb1409

SHA1
6f69706f893fb40934f95ec79901b6b05808ee52

SHA256
2f57dcb16e53d51dd2d2d446871c337659f0d7b70da6d895024e30368c94c5f1

SHA512
3b7ddc392000705ac6013c494371f4bc802e81bebe13c7bf41d25f3c13e425b5c0bda61baf558861183aae427cce6691465f8b2802bd2675ab930c5edbf89dba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
92d985baebc6447c2fddd355e569c460

SHA1
7abfc2788c53248471fe5234c50c0151b2aa021e

SHA256
65b97986462363af3d5810000fe7d19d42aafc5800cc364a543406877169ec39

SHA512
e1be00bed361d15931378835bb98342be999be7ebf0896c97fa5cc014f3a95a35fc76170711c52b59b9203dbb79df849fb03d3afffa83f91d217211d4763ec79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
3a1470901e1f5b50e363732746c853a7

SHA1
f4261c04f959b039983f8b3131bc4902adeda1a5

SHA256
1af7193cf613ad2bec17b2ff15c9881479628f5ce5d44edffe852d61223b9599

SHA512
a6dddbc8af03f1875a21fde7a213f315d1d7d5fe659c0d13330f7971a5c48fd3a5f14f07f637c10a59a341fc2d6929206f3b992f0c1295660e7a62644fee9d40

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
2a59675243f1ea8335c444d32e67e01c

SHA1
0deccf4f4b225c537edae8b2d95ef1e5323beaa7

SHA256
dda6ec9467cd8f89b7aa31d92d552dfb747c6fb42117ae9ad5d075ca60360097

SHA512
4634d87ebd56e9d2d88be74254c639ecbe836e783fc99b6b1ebed2baa3213743234b62d484806f2804fa95267ca6ab3059e613ae4f3608a10ece0da969ae1462

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
70087c0314f635a9b68976034b77977d

SHA1
c2f9deafed1db35b3673daf47288106dfbfe9c03

SHA256
18cea6197e489c8f7a017d964936a75e3e47095fa5bb00c9de13faed67e94843

SHA512
d7d14b41cb87238cb418d31873c10db13e2e00c735b2b94b37aedb875950d28a70d0e39e3a83fe0756af8199295195a836da6dbf9adbb9fde01f734971445f6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
9112fe11304b56c0dfb5337cb525f9f6

SHA1
643f1f7c6da731cf209224d3047125df8b6c2e64

SHA256
bf1056949359f5e478ddd524060098c2ba0fa540504d9c32c00af8b2e905d90c

SHA512
845ea18d2ce62ca2b782fc11e16ec7c24724d8640c8c0b86bb1e3e59314852f308ff1c2303baf078ea7c9bd957069f8cca8e466a0f9ab9c9415260af66afed24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
f116f732238e4918d49184af3b7b5fa0

SHA1
ba771ab7f8238913a10cf67dbf84305c65eddcf6

SHA256
dd2e9025200500be2d14424f3b85b9f4129ce27c9f1eb406f1b7256e699c3bf0

SHA512
6e0f62c26b58e916ab831b2cc6f16e1019dd9af529d18547a6767a362acde242cd717efebddf7b8b8145e98c59718dfa1ee88d36843729b0430104e348422d63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
2ecde39a2e52e31e97bcd48afb940d23

SHA1
02ac1adb6221cb2369f4836a787178247752cdcd

SHA256
976f94eca13f1209f00c7f27fe7f363c01aefa8db4540ec4e5f2f413413a767d

SHA512
79a59310dc5232c11e58de408b7e249fc24152c7ea062143672a843866ff4707a8c7967adfbd522e77c99b456c074e8624ddbc0ac1137006f14dad3adefe92b6

Download Submit