d92009cbe36f66362272a2b3ea7820bd337381a62575405080094fd1a981f0ab

Analysis

max time kernel
1516s
max time network
1595s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/04/2024, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

plpscripts aim assistv1.2/lib/__pycache__/aimbot.cpython-310.pyc
Size

7KB
MD5

99a2d6ec3e9b99e4da07150b814cd45f
SHA1

e4dca32b5b7c51260f35551b245bf7e49f67aca7
SHA256

724fbfa8917425f25cc9f8e52e44320a4aa62cd488f77d28006f92740d43d496
SHA512

ac6ffa0c1065e6a1a5d54e9d021fddb7bc6df84bf3a6da11862aadf07818ba9d7e1a75b376d56b82aa98b162afdd82af8698ff9ec56082512174152f3ff0f7ff
SSDEEP

192:dqiPM7OYPbrPOoSAyBD5YHtzv8mQLIh6HSIB067e5UfwM8hcTn0m9PG28UJL:dHM7OYHPOoSASi/kRxfwM/XPZDL

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Memoxide-by-WilliamPatch692-and-TBSVEHD584-main.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeDebugPrivilege	4368	firefox.exe
Token: 33	1844	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1844	AUDIODG.EXE
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeDebugPrivilege	4368	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4700	OpenWith.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4872 wrote to memory of 4368	4872	firefox.exe	78
PID 4368 wrote to memory of 4536	4368	firefox.exe	79
PID 4368 wrote to memory of 4536	4368	firefox.exe	79
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 4660	4368	firefox.exe	80
PID 4368 wrote to memory of 3892	4368	firefox.exe	81
PID 4368 wrote to memory of 3892	4368	firefox.exe	81
PID 4368 wrote to memory of 3892	4368	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\plpscripts aim assistv1.2\lib\__pycache__\aimbot.cpython-310.pyc"
1⤵
- Modifies registry class
PID:216

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.0.151893200\82937709" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ace55ef-e4ce-420d-98a5-928beafe89a8} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 1780 262306ee258 gpu
    3⤵
    PID:4536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.1.958866020\215044241" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d894aa90-593e-4fad-a00d-31f40f05f684} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 2136 2621e370158 socket
    3⤵
    PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.2.1058111109\1294796198" -childID 1 -isForBrowser -prefsHandle 2848 -prefMapHandle 2708 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f727ec3-ca62-420d-bfac-79ba4a6c5eea} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 2916 26234a9a058 tab
    3⤵
    PID:3892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.3.305647414\1608106054" -childID 2 -isForBrowser -prefsHandle 3440 -prefMapHandle 2616 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3597075b-b930-4d1b-9ff8-7ebedde3a08e} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 3460 2621e362258 tab
    3⤵
    PID:4288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.4.862948501\1861101481" -childID 3 -isForBrowser -prefsHandle 3928 -prefMapHandle 3948 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c1b1794-3549-4d1c-a6b8-3ecb04090d5a} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 3976 26235ebcd58 tab
    3⤵
    PID:892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.5.961509953\331245680" -childID 4 -isForBrowser -prefsHandle 4712 -prefMapHandle 4720 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebc1862c-a243-45ac-8eaf-ed772e1a4a86} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 4724 26236be8b58 tab
    3⤵
    PID:216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.6.1687800359\1808757831" -childID 5 -isForBrowser -prefsHandle 4880 -prefMapHandle 4884 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {22e381f0-f3bc-4234-b8ca-1c0950310bdd} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 4872 26236d76758 tab
    3⤵
    PID:4892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.7.2099569301\128041459" -childID 6 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {949d0275-33da-4ea8-9696-aead0646e9dc} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 4844 26236d77958 tab
    3⤵
    PID:1480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.8.1705748727\1204435315" -parentBuildID 20221007134813 -prefsHandle 5516 -prefMapHandle 5524 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b067cbe5-9d43-438e-a325-c731e0762644} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 5544 26238921058 rdd
    3⤵
    PID:1172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.9.649918337\1515908399" -childID 7 -isForBrowser -prefsHandle 5832 -prefMapHandle 5816 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88373f9d-a1bb-4969-9579-78419570041a} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 5828 262390b1258 tab
    3⤵
    PID:4144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.10.1268629877\1060221831" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 4092 -prefMapHandle 4088 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {13acb6f7-c7f5-4bca-8eb3-e2cad53104c1} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 4080 2623371e858 utility
    3⤵
    PID:668

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4276

C:\Users\Admin\Downloads\Memoxide-by-WilliamPatch692-and-TBSVEHD584-main\Memoxide-by-WilliamPatch692-and-TBSVEHD584-main\Memoxide-safety.exe
"C:\Users\Admin\Downloads\Memoxide-by-WilliamPatch692-and-TBSVEHD584-main\Memoxide-by-WilliamPatch692-and-TBSVEHD584-main\Memoxide-safety.exe"
1⤵
PID:2388

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\13165

Filesize
50KB

MD5
f7a68868a35d53c77cedd0a762c42809

SHA1
d07e366f64655dda2712cd5b6c77ddb5efe8debe

SHA256
fd0878afa8bb23c988ce9e4b84c50ffe0d940bab6bf4e393176c5c77cb7d5c99

SHA512
3003f31dd835dab8284cca106d53aca0d21edf5d6f76cc43bc7fa7fc84fcd5482c36548ce57c95711f04c7d7e55729b06d074aeb99be9f2d6bd7054c16a60829

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\18382

Filesize
9KB

MD5
393fe0bad941591dcf67ec20689ab64a

SHA1
7bc9f224bbce40a5377631195b77fc4ec58818c8

SHA256
332644bc4056767f7731504de96a37a12b61bd72f0cfac7b4568345d47002ddf

SHA512
c696f75cacc969f5bdfaf59a3150ae0dee89f5c8d74a08b0e887e4a6f928e6489bebc91e539fd78d77e602ce38c816ea004ff90b2066d52dfc2fe058b3c70164

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
91f9189a18904430948a1c7e2d34b6fc

SHA1
251263842576062accc7a503fde378c44f76d862

SHA256
495223436fbfba688e6f3fc229dbabd14de08d47a7e5af562686a77f8600d482

SHA512
38a56bc70b63e239208454fe37ccb1ad9850124173fef10544c8613361f5d4f3e842fb2200c14d71827a359fac810d2e5b7bc3fd3fc429c82f55310a1cdcccab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\bookmarkbackups\bookmarks-2024-04-08_11_ScpUM-Ibb5LR1l4-7-Og+g==.jsonlz4

Filesize
950B

MD5
708d579bb783ed9e58c4e87173aa5028

SHA1
54dcdeb367c15a06aa620df1559de185668992a5

SHA256
3f7fa0f3a61236b17951ef95bd63347281c40abbbcce937e8fc787d31c8faa28

SHA512
1c7f8b921e5f32d67b1150e24092ab800ca4939993832cc46f43638bdcce380da1e74b44aa2f368a74e5ae29b76ca1e3a20b837517a4f0464b7af53098772e95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
cf5211eb3c22bc02fd5afac5531d89d4

SHA1
c865b96d8ccd2510b5eba4a6501aaa3d456fd355

SHA256
31cd595357edaf5ec24c6f75a75b9b55d9f69c3ee921c78494e6a4284345b222

SHA512
bd424174576e263d24604a49810bc2673ab7a7afc835bb9d0eed4e6ee88119f42e74dd6940b8612f0c12838311a9756e3a236e5f438da474cdf8389b87ada39a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\2000376f-4f56-4c66-952a-0fbf639120fc

Filesize
746B

MD5
4d5c2b7f85f89054c858812260e83c99

SHA1
c43fa470843ab8a961b76aea73227efcd6691cc3

SHA256
3fb5f1a6406f47bbdb77bb148208e3a2d6266278b10975eb09ccfacbdb62b5d9

SHA512
7305a2fd1005bbd500cbe2c7a84afc09a93d16eda960afa955c0e2053c2c6fab4f94442a9b8460483dae06c229688e5af340e6a3a854550649660f9f7df14eed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\4c800e92-385b-4795-9bae-791ba6508a4f

Filesize
10KB

MD5
8da3aadc1bf6a7416438a4d16a46e6f4

SHA1
93aefd650e95b8453cad8c63024aaa205b9aaa8f

SHA256
c89187ea36851c6536e550d57f48a628e4cf6a9176cd33aa39ef2533a8a53d5c

SHA512
26b6d0f56bf51336d72cff21d18364d2e9cb92409adef0b56cb3f556120135f31aa8f247f7996a0e210d55f80736f114bef93b49af88d2eb9f92c4f79f835136

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
b53aca38a9764a56061f681b9fe281c2

SHA1
183395e2f750233f6229306be84e235f1dafc362

SHA256
9c09c42341af1d4cf8a48830498da1b8cf6d60abbb3fe77225e6f4df574e65fb

SHA512
ef193145ddb2b569c0f34f06e23d27ff475c8cd46b13e1d3766b058a1bbfb21a4454d2fb7b1930d98104fef29cf09de1bfe1bf56da0e8e547cf1ce7337e154c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
9aeb9a97788baa122a7b32f35e2e0f9a

SHA1
856f9b204aa82eab63f24be25de3f96e20528dee

SHA256
1e6d01325f7bfee52c865125cc1fb51b0ab29cafa189caa58c775c660faa0ea2

SHA512
63b7b7d06bd43a01fff9389050c0a0d0186d7ddfa4e70d493da5858ed39ab2d44807acd315e38228dc1836588a6366859bbd78c57c2399e08b4bbcdde90a1733

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
7KB

MD5
fcd4ac3b7031978eb682e45d5dd5c546

SHA1
e81dbdfd44f211873ccdf3d6c3b6575b7c740ecd

SHA256
c0433014e86df5cb9358bee2c3c1bb08b282dee9d4973d3808e81577de644338

SHA512
0444d2c528bb35a54f6efe753099c34f4532c7ba31c91545d841956023cd227eb8baa0e453f7a6294dde1a75b8599d84b64adb735e5e44af1fad8752abf8a480

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
40a05dba0893743ba9ed6dd1d8abdaae

SHA1
cb3d914311149eb97a64029d1cd3784a21d032a8

SHA256
33ea72d42f2acb4ae0353852a7063a1384886cbecbf4ae1a70311fe57c7b2bf8

SHA512
a6ab0076fa416d88f9964e4785d560e2e062b7e422d41966101155e4b54e89a52db5dd1abdda1cef68425c9049cea04a5a6a73058617c127b26a56534132da0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

Filesize
7KB

MD5
141e6ff642ae7d4aedf78038f2fa8f82

SHA1
8c8495f822d633be0e2e55cc33875207b164ce23

SHA256
15751b992473436f7831edb59e47704163f559d0d78e43a52d699b29137d1885

SHA512
ea942ea19af023c21c4df726512ec3b14584046f9c8d9490a5e3cb7ea16b0c4b950701cf67300db85fdecaec95fe8e4f89b6d393f6d7f28cf2250e94e5634561

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

Filesize
7KB

MD5
a502f26677dcf2c9ed18c59b10d8b327

SHA1
54acf62bef43a63ea5fe76b67e77cdba68723c00

SHA256
995a95f90f1c642a9bac0eb4020b6391c84410a6cebc809eaa23d82c897eab85

SHA512
00e70bf9e9fa3cd8c379dd951c146034583c7c25979177c9906c34f8d0411aaefd3abb87e88a92270ad642af8980bd28be406cf62140e5660611f242cbd6d888

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

Filesize
7KB

MD5
c43e715a19cc7b02964499415361531e

SHA1
25e20edf6cef4e6fd326673076ed8ddf4337e764

SHA256
231e6c935d28358269246a8bf5ba398f3c76372199932ba5f4f16363dc85d1f2

SHA512
de817d36f653a34dcbfa843f81cd20387120d013f95e568b7409ea4e2dba7f04f138f13bab54cd244bfd17d5fc7648e641d51ec1b661bba9a2c67708ad0d8b19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
2ad446b8dbea8fa300219c839aef541d

SHA1
07b7e18a706d2f6193d6436494ed49361fa4863c

SHA256
867900b14af31f8740fd37bf0db29d4825d97efe0de58208798db5e74b860555

SHA512
cecfd16d91552eb6832207b0074030563a9a3078dd226db41848d51ed75f991e2640670aab3d809ba5e8f6ef4f4cf985fb3caed7383e8f824f9b19ce408c7f26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
2b25f4dc15a26592777685f1dffbc57d

SHA1
35e35d8c4155c01d0ccfde5d3041d0e044f4b512

SHA256
72c735498fe58efcbb7acfc95ecc8f21a7063b200c8b74f44310ad9cc5ff9274

SHA512
5472619318f967b2009868f17d45c0a2c1deddb9b4e1af935f9c65c07d0a38a9aa3e1c9c215ae05d7f8c17d2fd906c5d26a2087c838e167c2972841238d96545

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
0e80f694ea3029fdea4681c8474312e3

SHA1
6c796f78dc9880a9529d29d4588f738c3a9714cd

SHA256
541fb31ec3fcf3fc3f66941a1d0a9d5bb81711a00c6c90c20fbe9e8258ea8b34

SHA512
7b844081168c5b0e073111426dfadbf19c6548d9ee55e61253634caef4485c8dfea1e523622648d1d1a7f3645fafbc4482fcebc72d202e7b8bc191e8187f06ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
bfa0c89426f024e129ffef22ac5dfcc5

SHA1
438b4000dc3b96ded582fe12b9706893293b2339

SHA256
91f84200b4c5747aed8937c80ac331dc2913bf1f164b9cb4d66624fd45f2cf5e

SHA512
03268a4ec6f4a25a84cab7467b00e458e5de28a55d2f1d1a1c9a6dd9a21e0df359d86a7bddce3033e1e6bab26d817b8c393bb3e243658e7d676deca14d7cee23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\targeting.snapshot.json

Filesize
3KB

MD5
a3533eb2f3183302113cb3fb6ed86258

SHA1
20666f52f299e621ab93e8a55021c9ecb7c8e838

SHA256
900be38ee60623931105e5c5ca79210daeb373fabaf0b9f6b837297c5aab313b

SHA512
62f50631bdcfb8eadd12d213e64c1f63b10b1f4ad6d1290ba2b8d95e189d0cf6d5d3fa0c0fdb993f53944ceccf359afc2dabb6ae8f5ad8e1c4785c669e113f81

Download Submit
C:\Users\Admin\Downloads\Memoxide-by-WilliamPatch692-and-TBSVEHD584-main.5Tga0O84.zip.part

Filesize
3.8MB

MD5
e2c42fc2f83d239c4ada481837fa53d2

SHA1
a9b488e2ed70826606e406270174444a29005aa6

SHA256
761beed909fefc31b2373fd16d6ccfe7de01801dad72dffe985c8b95b879163d

SHA512
8b411857f5b2667e0dc5dfa462e8517ef279b3c813bc39e0e87cdf5a28909c8e017d240cac17046b6f53313886aa114f4054e643ab4a2ae9954a7add5c36c5b3

Download Submit