hxxps://adobe-after-effects[.]download-windows[.]org/adobe-after-effects-x64

Resubmissions

06/04/2024, 14:19

240406-rnb5gacb8x 1

06/04/2024, 13:32

240406-qsyzcsca74 1

06/04/2024, 12:23

240406-pkz11sab5v 8

Analysis

max time kernel
1880s
max time network
1900s
platform
windows11-21h2_x64
resource
win11-20240319-en
resource tags

arch:x64arch:x86image:win11-20240319-enlocale:en-usos:windows11-21h2-x64system
submitted
06/04/2024, 14:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://adobe-after-effects.download-windows.org/adobe-after-effects-x64

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1233663403-1277323514-675434005-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Adobe_After_Effects_CC_2017_ru.iso:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe
Token: SeDebugPrivilege	4160	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe
4160	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4916 wrote to memory of 4160	4916	firefox.exe	79
PID 4160 wrote to memory of 3212	4160	firefox.exe	80
PID 4160 wrote to memory of 3212	4160	firefox.exe	80
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 3832	4160	firefox.exe	81
PID 4160 wrote to memory of 280	4160	firefox.exe	83
PID 4160 wrote to memory of 280	4160	firefox.exe	83
PID 4160 wrote to memory of 280	4160	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://adobe-after-effects.download-windows.org/adobe-after-effects-x64"
1⤵
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://adobe-after-effects.download-windows.org/adobe-after-effects-x64
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.0.198075486\1544522509" -parentBuildID 20221007134813 -prefsHandle 1804 -prefMapHandle 1796 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7834aa80-7f97-4f41-a16d-b393984a1729} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 1884 25794ddb458 gpu
    3⤵
    PID:3212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.1.1234015816\1795805076" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 2240 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a9f3f72-8132-42cc-ab07-0860398b0fc8} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 2280 25788a73e58 socket
    3⤵
    PID:3832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.2.1688646182\1034619385" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2864 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f7a9594-404c-4318-b110-9c67c5f6dd72} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 2840 257998ec258 tab
    3⤵
    PID:280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.3.1874601029\453921394" -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7516620c-7257-4e18-b486-7764b0a73f50} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 3676 25788a63b58 tab
    3⤵
    PID:3764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.4.1913497225\1024804236" -childID 3 -isForBrowser -prefsHandle 4940 -prefMapHandle 5052 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e55c38f-761d-4ecf-b234-878b338449f5} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5128 2579d51cc58 tab
    3⤵
    PID:2172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.5.752839968\345330169" -childID 4 -isForBrowser -prefsHandle 5248 -prefMapHandle 5252 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38f6574d-2234-4ea6-9779-e15a4c4a0738} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5288 2579d51b158 tab
    3⤵
    PID:1508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.6.437845137\2092264581" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1000 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {47cdca1f-b09f-45f4-8dbd-1cb2afcba47e} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5448 2579e78b258 tab
    3⤵
    PID:4832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4160.7.1071067045\636015214" -parentBuildID 20221007134813 -prefsHandle 5652 -prefMapHandle 5656 -prefsLen 26204 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d24931b4-c86b-408b-adfe-1028e9a33651} 4160 "\\.\pipe\gecko-crash-server-pipe.4160" 5888 2579db79758 rdd
    3⤵
    PID:1324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cts8v6xx.default-release\cache2\doomed\16011

Filesize
9KB

MD5
555f0c25ca4221b4160b45d4e022f3fb

SHA1
9baf3d1901ca79b029ba61c3f8f3b4c5252b82ea

SHA256
c5e0a8e3acc7b94ab662495804f7d3d78b5c121f1a0d7b4820d55d049f42677f

SHA512
23243a8636e16ce4761c7f5535d82a99d76bc39dd0047df0d23dc978dd0011fd735913f75213fcf82ecb39d0e05be0810b180ea26403cfd0df5de509d24d3120

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\cts8v6xx.default-release\cache2\doomed\3213

Filesize
9KB

MD5
baf53363de2f970b99953c09e6710692

SHA1
215126378e719907a2280cc2713335ce4e593b49

SHA256
3955b8b4eb5a81f726c7e52a43b019449691fcc6a6530d7fc3d4d6edaeaf2e7b

SHA512
53943a77d08794ff6d1ef78487622b2252a9378efb57230e35b7161d4336b1f476b1ca590b6880e4cc601a21a730035e9832a5d939c8a9783957c5046d582ee8

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
3fac81dd424c5e403313f04a4b8296c9

SHA1
eb8e681a79ec02e02e7130bc825d02ef4d31aee7

SHA256
4aaec9fa6e29c3b66b383e07218d07f29b5b2b21889e5b1d3de1cc5b5a684173

SHA512
ac68a2e556be202f4b5a720600d3436861e6ec78a18b12ad54a1f99c2a3b12fc2eaece4bafc63a2aebc368c99c1c15087efa6bce61a0b09ff9ef4f8dd43be27e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\SiteSecurityServiceState.txt

Filesize
372B

MD5
63d838fdc190c2ddef08e59b44d89360

SHA1
58dc8cba6f893fcf67c03ef2fef6f0973ca4fd67

SHA256
9d0f368797a3c29d3fcaf9ef8ba5f747fc92be4362c4fa2ed0b5f714dd1df80f

SHA512
18f0536155fb8f2eef8b43f43d8914109324f404be7d668fe252756c4be4d62a2653c708265f9f172cebb27f35d8741cd360d1c30f0c054795520e5fd545e0b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\bookmarkbackups\bookmarks-2024-04-06_11_zDIydbZctsQhv5GM+r4Tgw==.jsonlz4

Filesize
960B

MD5
4a8097cce85aa012aa159780e81dea8e

SHA1
b165a463b545670d5f0ed894d9078cfbb488b952

SHA256
885d86e38e9016083cb69e3dbcdd3c5d5cce07fa2d58554f4a3e791eff491989

SHA512
d2a7169427bcdcd219e6a5739a2b252c0ef9962d7be6ad2296df6dc76943a310a8b27b6110d91a2e9e8e7fc12347f67809f8a1f2c61e8797d712f1d4c2203b67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
0eaf2e64f841afe35cbca89b5d8933e7

SHA1
5843213824511bd052d05c0698ffaff21826ef00

SHA256
1b6c19ed43caf66ee79fa5312238443bce6a22f7f68ac464c09773d2745758d1

SHA512
95d19dc03b4051c8b4b80a00a6fbe1a7467dc329633c08b764e4ea55ebb5ef54cc478f1bb41687dd18e810e32e96136fcf5c1714f98e497fcb5c4f0216877eec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\datareporting\glean\pending_pings\2e7e9122-d580-414f-905d-2929a8c65748

Filesize
746B

MD5
2517d5a25de6b2f8b0862ca7219e321b

SHA1
a72aab103741ce098dbaabac968bed7966e5b097

SHA256
b3bb00e29f883d91c1f32d6d4a7f36d49a168b154253377f7bb2b34b132017c1

SHA512
cab1b4db58e0d1c14b2f8fb150105943666c677f6b82fafe89b26e2c87a41531b4ecf8465da08a066a4926b9a354b45101c9d911641721d85ab08ec1a4a99498

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\datareporting\glean\pending_pings\8edf2dfd-1d12-4edd-9731-c2c503d0b934

Filesize
10KB

MD5
7f6cf936c67298563b866d9d43c074bf

SHA1
2d6cfa3457c12ae63cf85124e41c197504d8d18b

SHA256
22003c7a85d23b089dbe66568734c9ed2b9d2480dde81d6cc7f0cf83c51515b2

SHA512
2ae2c9524ffcd7bd2bc04a42e458a4f93fd1bd50076ad2ff92eb4827296c3bccf2fb3ba46955dccac85139e8a3e94f13bd238a0cea63bdd10ebc4665feae94cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\downloads.json

Filesize
862B

MD5
a9f6250e65f0fb3003e9e61e82689ae0

SHA1
077f9f1a0f6e0708e42621f93f4d11ebda6a1452

SHA256
c5e5203775c69490a46e3ab52dbc87706755c86c2c1401e868263859759069dd

SHA512
1a9597925b3970efffb0261a2ec447c4962fd85eca051c85bcd16eb00214cb69bd2fc08ac922c09523950120d1433c36479e49830c582712a14c57572e2b792d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\prefs-1.js

Filesize
6KB

MD5
9e20c14fa0774a500767a6476c296cd5

SHA1
dab7f1aec370bec7bde4eb7f9eb69466fc83f850

SHA256
169f4dfa2ab063ed13c84c41469940cd24282bd97a4c5f2588e7d326286ea10c

SHA512
172d5c4bb0ac27c7a37694a6aebd255cb6944e364fa724dad68ac6cc718ad6e4899247ca908f42c25bd8d6c5c77e83f8225193c6b962d34e94f729355fece6dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\prefs-1.js

Filesize
7KB

MD5
3e4dcd33d3b6af1d2fe8dd9c366e2bbd

SHA1
7a2c63d86bb9cb5c44f9714445e1dc33d54cce3c

SHA256
46e9e18763d5bcd388c3b6d7673d8ca60bd58a6914d8d9fa038160f0718a43ea

SHA512
a3df0bc691ac337588e701f5e906ac76e4fa25a7a1795265ecb5733a75e8154bb525b9643ec2d007c3afa0bc991673b0de7caeac1661b5021853a3b4d918e5a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\prefs-1.js

Filesize
6KB

MD5
1797b5f9079a3088a6aef4cd8bf5a0d8

SHA1
6f610077d82bcb381c9b8310c284426f91b8c2dd

SHA256
d47fd7e7d268c15202fb897d48958e7353100ed0a9bc9a398201db665e8e08f6

SHA512
8b062d834c99b67b68d264408357ce1139d463c7c42aeba2891ea6f324134388dbefd5a797bf46f8299c1fc60936224ad32f07c0e16b255bccb39c634d928f9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\prefs-1.js

Filesize
7KB

MD5
2fe83cea997974f778dc33ddeed9c5e7

SHA1
7c9d1fbf3e83e5a720829c0ce399d1a68aa91933

SHA256
6fe5deea9f59ea83b094bdd2e44190a5ecf660d05455cad379bbe5c3d5d4a696

SHA512
e67895869b1da2539a7c7fa622dbe325b9167fe81e5bb2d08afa6093603d8621ac4361b34c92ee574c2b963ba8e00c9e071b9c28b30c028f0efd7925977d2d4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
23fd8db78731b32a90ebddb1503e2130

SHA1
7a30d39b262b3b945d33980cfe503f89d6a84800

SHA256
ee81d799ce47dc756f81ea02ac33ec9d53ddb0c6e66aeb47e8327114ba7dad9e

SHA512
0f2c57edd2199f1b90276b581855132c865ee52a42c1cc3a9613313d44c0a598692b1bb2a48aa1d04d7e675eae3b5ac053cca2f402b046b267a57aedc74ab86e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\targeting.snapshot.json

Filesize
3KB

MD5
821f489daf5c0993183c5b94a6b2b1f1

SHA1
0f5bb4cae67234fa0507b0163901a34c0f8c3658

SHA256
190105a20886c9891b143131c8ad1dc459ae28d0b9f6b4936189a5fd88c3dd86

SHA512
ae25be1dfa3be2c50be8b2014b8fcc6c576ba520e0fbed9e2c9a21b0e50c2cc3a59189e115ff993ac306e75dcffbcb2bef1a2d5919243ed6de489b98216b03fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\cts8v6xx.default-release\xulstore.json

Filesize
141B

MD5
25fc873aa166e7c5465159136f041595

SHA1
e11fa8f644b73846e4383209f971865497ecc2bb

SHA256
ea7a2b689566210886826381dbf78a269c7254e4b10e04ebc2de3d1957f26dbb

SHA512
510f2a3049921862ee371b6955bc466e8edc11f8e41c84f4c07bbde93281a9f9bfb756ba360cc84c2387b4c1760ec2bbf86fbc102060eb8d9aee869ba6286c57

Download Submit
C:\Users\Admin\Downloads\Adobe_After_Effects_CC_2017_ru.dZHqLMx1.iso.part

Filesize
31KB

MD5
a6bcbb3a160bf3aae8f13c7043be2ea5

SHA1
eab38553c976acb562aae37c5e345009b86463c0

SHA256
e5cce11415a8e0e9c567864170722790ebe3ba5fd53ae300a5cb02cb84b3f8a7

SHA512
b90ece8d73a806b71df87c33974dbd52e85209a5719bd20f15b7b86cd41cc298b35e322207005f13ec7c0352a36e51a5eab6085d5648a7182532147b1892c09a

Download Submit