Analysis
-
max time kernel
146s -
max time network
154s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
16/04/2024, 20:48
Static task
static1
Behavioral task
behavioral1
Sample
me1.jpg
Resource
win10-20240404-en
General
-
Target
me1.jpg
-
Size
31KB
-
MD5
2e136f23311164e5e766e178834a415c
-
SHA1
ffdd58d2dba319806e4c154b25b6dbc5ec88706d
-
SHA256
c64b68b60947e6d3c1b8555b3fb68150280c2985e1d33e8a267f9dba8a157a95
-
SHA512
e289dc07c8fab50fda5bd272a0e625fea42cb6a4677595b14b7d209eac34fae7ed3c9a37d5622a97aff8716bc5d9022630d892b683487b4a812e09bcfd73b0c8
-
SSDEEP
768:9HFthlKekWaPIQJzILx01X+k0/ntb8dbAAH8gGBkVwJO56:9XhlKAYKF0mntb8lqgGBZI56
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 3900 firefox.exe Token: SeDebugPrivilege 3900 firefox.exe Token: SeDebugPrivilege 3900 firefox.exe Token: SeDebugPrivilege 3900 firefox.exe Token: SeDebugPrivilege 3900 firefox.exe -
Suspicious use of FindShellTrayWindow 6 IoCs
pid Process 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe -
Suspicious use of SendNotifyMessage 5 IoCs
pid Process 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe 3900 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3356 wrote to memory of 3900 3356 firefox.exe 75 PID 3900 wrote to memory of 1532 3900 firefox.exe 76 PID 3900 wrote to memory of 1532 3900 firefox.exe 76 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 2820 3900 firefox.exe 77 PID 3900 wrote to memory of 3260 3900 firefox.exe 78 PID 3900 wrote to memory of 3260 3900 firefox.exe 78 PID 3900 wrote to memory of 3260 3900 firefox.exe 78 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\me1.jpg1⤵PID:2776
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3356 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3900 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.0.805828699\1995016959" -parentBuildID 20221007134813 -prefsHandle 1724 -prefMapHandle 1716 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad2086ff-71fb-4061-b221-fec8d25cfff2} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 1796 2847a8c5258 gpu3⤵PID:1532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.1.419133137\1000090652" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fddd7016-1dcd-4ce7-a694-bc7cef4b6c2b} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 2152 28468572b58 socket3⤵PID:2820
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.2.171758969\1779120575" -childID 1 -isForBrowser -prefsHandle 2628 -prefMapHandle 2796 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2dc3e4f-16d0-4254-a893-5caf65c55acd} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 2832 2847ebb2058 tab3⤵PID:3260
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.3.1606279645\371453131" -childID 2 -isForBrowser -prefsHandle 3588 -prefMapHandle 3584 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {874b7597-6436-4884-86e6-4610d6f36191} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 3600 28468562258 tab3⤵PID:5016
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.4.242487031\1888046405" -childID 3 -isForBrowser -prefsHandle 4392 -prefMapHandle 4388 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96abd488-cb2b-4d26-a430-4a3d04005ff4} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 4404 28480beb258 tab3⤵PID:484
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.5.78810822\915853290" -childID 4 -isForBrowser -prefsHandle 5112 -prefMapHandle 5108 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cbe7161-3c3c-401f-9ca4-46720481098e} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 5072 28480623858 tab3⤵PID:1668
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.6.1484966564\211175889" -childID 5 -isForBrowser -prefsHandle 4812 -prefMapHandle 4796 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64e85a77-6c1a-4be4-9a65-41adac27ed3a} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 4836 28481049a58 tab3⤵PID:2152
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.7.106435521\1476921672" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6d626f7-913f-4fff-8864-780dd1b773bf} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 5156 28481049d58 tab3⤵PID:5012
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.8.1886780756\1512591965" -childID 7 -isForBrowser -prefsHandle 5676 -prefMapHandle 5660 -prefsLen 29437 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d1e67e7-b4bf-49dc-afb2-d20bcb0b7e86} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 5664 28483a2b558 tab3⤵PID:3060
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3900.9.61849173\327138194" -childID 8 -isForBrowser -prefsHandle 1224 -prefMapHandle 5608 -prefsLen 29737 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ba8c2249-abd1-4bf5-9849-c670e7362d55} 3900 "\\.\pipe\gecko-crash-server-pipe.3900" 5972 2846856d058 tab3⤵PID:2888
-
-
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵PID:5420
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\2F7A2878AB268CAE28BBE1A8B967858889A9E450
Filesize210KB
MD57d94cbf610128c8c6d68731ca26a3b5c
SHA1886c8f05939d6693d32cac28376bb5325da60336
SHA25615605d7664b655559979bb3eff2fcad99ec5d4cac28d5726a01ff4e50d392a0a
SHA51294034f05d55fdc913e95cfc661abadb4a2240a3469a2ce9ffc7b87377f4736d766b343dbf6c9f95ddcce4283d6d1ac390f37ead21e5ec3afa7db9e2ff749b041
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize13KB
MD56af7bb02a510507fa1d9306de2bbbd53
SHA1270658c8e9395230013785f81e4b05e72bf53f43
SHA2561ac51ebcf11b144d0848cd212f0b9cf647d182435c64b1f160526cddf80624c1
SHA5120b4b17d255784ecb89059f2ffd2d5dcb3e04e9178eab9985db5ab0cf4afe1f8f1deea851ac25c80adba8240f765e30dcb0b419897e54b1737212dea5e6367f76
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\41eh5pdr.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
Filesize7KB
MD5c460716b62456449360b23cf5663f275
SHA106573a83d88286153066bae7062cc9300e567d92
SHA2560ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0
SHA512476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5b0f36ad32bea2cfcfc43b98d0e711c78
SHA15681a9669c24d78bb1d060565ab21ac49d4aae08
SHA2561d77f995e982b708f60aae8a77d0cbe1a4c4a199b28ef73e207a4ebf83159b02
SHA5128cc81ddb157859e861ae6fa6118735401cbc300d5d1a042dcd1635a7d4136a7cb7347a21e89e68609a5dc886576435101eca41b7ae47fd1085fe8b7919c92bdd
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\22deacf6-e8c2-4d19-9534-b9bb6a60145c
Filesize11KB
MD5c86417acbe879dad4a68b8238a13b49a
SHA1376df205053c3b37639c2bbf5646135915bdcaa3
SHA256f0055e718c184387ba22b3d5b6cd2870f7c340f6f0ce6ff696314b62636dd1c5
SHA51237a4aa57b4b4cdb83edf3b2b5c9fd6d7acc5dd0b3d80cc3d9ec583c3b75a0a74fcedcd203e4c5b3989a52623821646b41eba43f726c9726ee15825d86b0b4535
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\datareporting\glean\pending_pings\7884f54d-b040-412f-82db-b6b7d29da88c
Filesize746B
MD5a50d76835a0f6f519ef2f757c31f70eb
SHA15711bcf00e45c2cd29c94b38fb7a0e52562085e3
SHA256698a67a5c2eb3ac8dae3c9f8b895c358403ffabe21881de03437365b8161a2f3
SHA51266ea2ab5a2fdb9aaafab70a3f01c506d8cfa5407beaef0ede0ac6f922ef6278354084a34892fc663a02380b70495b7d24f7c89e9a35e603359f5ad148e6d36bc
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
9KB
MD5df7ff91ace1399a576bb7e58f7a46fe2
SHA115773795bd541d6e2a7eb0c4dd4a4e5b6873f253
SHA256bdba6c2754ad64893ac1c2a0b3311b2cfd8fc14efcc1892cdbac1ada169a0dac
SHA5120ab8ae61e05e56559dad9564188c7dc9ff127b04bf0b52a356cbb7aea9efe985ca533a04652fead33013046f5fa3e7e1c50300e782663baa7e05772b900abf17
-
Filesize
6KB
MD5fe53cae61576c07f1878fec0d0c7f9c7
SHA1ce0374c51a5e053f5cbccb37be010b5277a378ab
SHA2561f9bf206e83f98486fcda70ce0618280236a894105dd4fac92700fa4c730646f
SHA5129f21e86f968aac9c0bdd0d37c5e907faedd76f5114b11755ce6e77732db74b74d52759dafb08315847f1222894c5b070f26585cd49eb58a073b12a6a1ce1800c
-
Filesize
6KB
MD51f69cb43fb1ced538757738760f4ddd7
SHA1a7ef42dbad44dbe6456d1726747b780ad0369a8d
SHA256ed97434fbbe1781402eab8b70c5eb6231783ce0c5204360167c917ac0f61695b
SHA512874502bf54f3b97be7dded986ea8249c6bd1f0ccbc93b0d8f67793ce3c63cbb53f396f36ea167e22ed9c7fe4e4f27f0212b98b9beb31ea86307d0779bb340285
-
Filesize
6KB
MD5283312a1d3991a8dbe919f4e5dc380bd
SHA12f431d2ee74c96e476868740243e2fe1fc32e422
SHA256f9216ffd6a065ce21f013e5300e960ef2b7646e30655cde5c4729ecf2c4975c6
SHA512d7d7993d9762fe1dc3e46b4cfb87233e6c104292f021595736f3704dc752f326fb5e6613a551d1ab6a51f0c1f1951f60f09a6e46560352a647d9485674559d56
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD57c2ca4aeb7e830f30c5b7fb9aa51d1d6
SHA159c2a1f9f52e48b9b555c80b3d368afd784ff178
SHA256698384a5d8b28862f1e4611a8d195bb8e9d348dc125467b0e5bf4cde297051b8
SHA512fdf3e137ec77367f089ec6914719769114fefab0e3430468732e68d01304883771706e1cd670390eee6a1b54882c83c654bedf44e8917f0b1057ffae1c36b121
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD5f3b80c174309106c0afab9b75ea5c1a9
SHA14e5d3df05e39bcd85255b61aa02ae135b668b42b
SHA2569731e00f19cd1499c270a4d225378730b6c3201e065a6ac0f10c58bab5ca3ca8
SHA512ce6184269d483c5250ee22b78fb99575878f5d6bc440b1bdfd60030c85f7dff9033acdfe4debc1b073de81171676854258251772046d1f0b80fbe54971bee3ee
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5096ccaebc1a60f8d59e23d090d788563
SHA193c15355d84ee575efafbc27c1c1f33873596ff5
SHA256cd7a64991dd8f32b745af32ad40b32003cbb4eaed866b91cec6cc3bc6db4ca67
SHA512bb19b63db46ab719eba833c2656b0847aa66e65c6a55bf48795af868859eb1e7eb94d6c5dda0c452e9dc9430faf5ba0cb06e5f5dd06d3f065410ff5f92e24065
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD563d46257ed056cfba001bcceb58270ea
SHA147d4d78664514b9bdfdeff5865e782915a400bd6
SHA25675d4823e58561f81a302649f73028d3d3fedf257c7ce89830adb3b975e375866
SHA5120f99a711f5dfa64f2755fd21ce0decdcb0c5b9c0862454cc90af14d747dbcccb0b5672ff70a06821598449515761ce859be3a99a1a4c6d3bb0f8cbdfb59c8de0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD50edb304c1cc73e79b8e41569a4ac52f4
SHA1900bc2d7e25c357ae3edd80351f5ba963e8fcd85
SHA256abbb6b163d61dddcec3021ccf0d17fc72f4b58d9227a2ae542b6547a4fbcf2d1
SHA5124568cd980debb5502d3c628b6ead496c8658a2c92295a76e7cd6360d8044ec6ec774b000c84543afa25a8ce2dcb0c9755f04e1dd12efefa19fb3de2c6d28f076
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\41eh5pdr.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize7.9MB
MD5e2e3f857cfe82993b6c4d525bcc2264c
SHA1c105507199716819ed2ae1272229b4401a7c7442
SHA25657acc9b98a96eb7b7e7a2fe18375563c5b8d2a5ea33825c7ddb19730e0557712
SHA5127ac9233d10c5b4fccdbc9c7743c757dc4af4608c3d79045af709e2fa67c9d4e955b9215aa2929842681be52b17b3fae61198213971f51736b8a1e11be0da67bc
-
Filesize
25.3MB
MD50df081aa47e7159e585488a161a97466
SHA12dc9a592dbb208624aff11a57f97bea89a315973
SHA25620c578361911d7b0cf153b293b025970eca383a2c802e0df438ac254aaca165d
SHA5122e1b58add6a714281f2ddeb936069c0eb8ce24ae2e440941379c4273afd7f1a96b162d5b88211e8678804bad652e48c99a4993e0e0d0da4d1abd7550d397e836