00d6840d4a787aec41a04f1679324321686ba96ed9f4ba3e2026b400f1f7901b

Resubmissions

20-04-2024 18:28

240420-w4babsfb6s 4

20-04-2024 18:25

240420-w2ke8afa9z 1

Analysis

max time kernel
1587s
max time network
1589s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
20-04-2024 18:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

systemd-journald
Size

196KB
MD5

d283b51301e9fa41277fc65aa9ae2c47
SHA1

58858cd80e51b751e5936dbd3b3fd624845cab77
SHA256

00d6840d4a787aec41a04f1679324321686ba96ed9f4ba3e2026b400f1f7901b
SHA512

6a0d1480d0ffefd130a6f5e3bf9478e38142676e1a1ae7c74741fac447d3fceae08b02100df80e0f91e9d1ed0fff702c6f49b235f8c6ffc2de650491ec7db0ab
SSDEEP

3072:V+nJgnskJxqD8MPJSFqR2AhqtAOAFFwpfqALJ/gtoJzoLW8eJyBqjAB2tzCGgu:VOgsk1BIfkXpCAL1gtlW8e8Bqjntz0

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1660	firefox.exe
Token: SeDebugPrivilege	1660	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

1660 firefox.exe
1660 firefox.exe
1660 firefox.exe
1660 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1660 firefox.exe
1660 firefox.exe
1660 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

1660 firefox.exe
1660 firefox.exe
1660 firefox.exe
1660 firefox.exe

pid	process
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe

pid	process
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe

pid	process
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe
1660	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 2952 wrote to memory of 1660	2952	firefox.exe	firefox.exe
PID 1660 wrote to memory of 4376	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 4376	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 1264	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 2736	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 2736	1660	firefox.exe	firefox.exe
PID 1660 wrote to memory of 2736	1660	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\systemd-journald
1⤵
PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1660

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.0.162765935\633137243" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f5d3939-0a86-47c5-8e71-6b3031e82a58} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 1780 2106dbcf958 gpu
3⤵
PID:4376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.1.1556080303\384744149" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {660da3e8-8c9d-4248-ba5e-b624253360ab} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2124 2105b871c58 socket
3⤵
PID:1264

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.2.544779673\1255702504" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2892 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcdbfb58-5a4b-4802-9d20-94fb405b5779} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 2868 2106db5eb58 tab
3⤵
PID:2736

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.3.565705436\63817923" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48248d8a-bd8b-45b3-ad70-d8157c77cac2} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3472 2105b861358 tab
3⤵
PID:4228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.4.1727242915\199305193" -childID 3 -isForBrowser -prefsHandle 4112 -prefMapHandle 4108 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4950c327-0a5d-4a5a-9d94-a0783aad90b2} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 3616 210739d7658 tab
3⤵
PID:4444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.5.1647840833\562540127" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4856 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {23c95194-42c7-4398-8762-337656802329} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 4868 2105b82d258 tab
3⤵
PID:1980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.6.1844816608\1131803278" -childID 5 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {50dab89a-7d00-4c68-a78e-34b8f5f543a0} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 4976 21073fae958 tab
3⤵
PID:2884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1660.7.731192997\1940466013" -childID 6 -isForBrowser -prefsHandle 5180 -prefMapHandle 5184 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1296 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fe22464-32cd-4fad-b839-5262db21510e} 1660 "\\.\pipe\gecko-crash-server-pipe.1660" 5172 21073faf258 tab
3⤵
PID:1448

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C
Filesize
13KB

MD5
73d5efb2f69414ae9d3a8106828b0090

SHA1
8176d6b321d63556c5eee7e27d2e74911e9e67b7

SHA256
a02c6335d62628169488559655befb3e0eb46d835db2c7e4092c27d3b0d161b9

SHA512
7ad553df68658b3255b006b370deb63b64afa8d91f24c94b22fedb9b5cc082fccbfabcc39a7f6fbfd2ddb9654b2c0c1ed4c74f72ec86300d81c9f8ff7aea00bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
5KB

MD5
7e6857765a3bea2166bb0c37134bd282

SHA1
261bc016076627180b580c6ef0bba12e40e369b2

SHA256
21ad57c6d79c7411e7188b10975e555217dc62992aabea88f10bca6f04088a25

SHA512
5cea8ff4d8da461d5feae4462ff3705e12e22c57055d0c815cc3761111b9d020c7a869e0947b42f6e349ffe895a71f2c099fb4b3462dc35dfcf43c69c1ed9b88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
Filesize
372B

MD5
af00ee0debfd9d78f3c0a6ae6a059c7c

SHA1
08f526765715fca1918250f65f941f70cf5fc20a

SHA256
3973ac60810111c49401f0c34d00b0ef8bef196dc308ff9a58866e29e51fa140

SHA512
8e3acc6b34b816256686183fb13038289203039790901c1abb5257574d0b236db92d3e756340a4c39051f5619027d260bc244ebc487381773a899b8a6e7e8a88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-04-20_11_JYHA1IDH37kjW2ud4k03lA==.jsonlz4
Filesize
948B

MD5
7c618c5385632ed123b3929e89a9104a

SHA1
877eef304b5bca587c7f990c0b187b1fbe666e04

SHA256
0c052f029079668e4dc8f63800c6b2fd173fd97de4739e5a66d017df726f519c

SHA512
78e0c287f8367a1fb67e816d2ca7a675cf880d1a245ebc1f4633c52a54bd7fb8ba4564d7c07ceddd9f56c9efbaadb2da1ccc928f679645b3d91dcdac7c87d64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json
Filesize
216B

MD5
ea14032d411cd22a0bade1e83faf3b8e

SHA1
b98ffb7a98005a84b9d844ba88c9651d562ba163

SHA256
03f9c3a686401a33cc5399851c03efa85ab00b23a6e03c6756dbcd32e0217793

SHA512
30c4acff8cea9f2ed59b8785ab3e353eb50564c2d676b922188d3cdc487ddc02886132ecb47cb4110ad0a0379d0d0f46d159ef37a84cef48cd9401f049e6f3d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
77f01b4ff1f62d7064851b49d2564284

SHA1
4e8b38b9977d24ea1050e69c12e98cf6a375be13

SHA256
7b6523ecb1ec6436f181de54998c5295528b708a84a0686d2d46c467fe576332

SHA512
36639fe9859bb99d4f55b5c1d23c50602d93397acc17e0c1d6e9fdd3ee12be38a7f43cfb1b9207a86ce9524d96175405aefd9f07ed880a86051926d4e3ca3922

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\12e0cec6-222d-4e14-88e2-04237b02f4e1
Filesize
9KB

MD5
2b396b828cf6ce8a9ed3391abec635c5

SHA1
a83b700e57870fb241abeaf922022cc33528205e

SHA256
952d7cc2adcd6e14022e5c77e40bb2a42d617f8b8da9bcd19bcc1fbe4ad77f13

SHA512
ee47ccbd204c0f7e20426d0241b8378065e8db1c647db02af3f97a0320d2ec701445c79244629e469cc9f4cdfaa5cd090597204c62e586fcac60f6dc87c56dc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\18cab1c0-6a2c-4b64-b60f-d749e0b8dcd0
Filesize
746B

MD5
461bb07d49b7f22750d8b89bf9ccdcc4

SHA1
9c80101389e376366b54475386c1dd6bc834a253

SHA256
a61b78531beaf6f186b1a8bdafa2ee20f6427eb6147074df43ab6378768990da

SHA512
9b0fd82b009a77be58d844ab7fac03808b9790864b48de1d2be1b14f40464cb31005f907053bb6ec92320194cc392073b48fc4160394536cd1f06892aa44333d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp
Filesize
34KB

MD5
a90b92eb0ef5d08400ad21b143a4b510

SHA1
a9616b161537139d2bd477d327d96e9f1e092147

SHA256
95a77451a7715fbad2ab08264c0a18ecc1610db3f8eb6b2eba02fdf5fb380d75

SHA512
73a72ae3305a00646176f9ad40f1b1768bfe23714b7f3a4d436d650d482c8532b35248c25edd6b88cde80dcb88134380e01b405e3848001ae0fe5a89bbeb5cc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
10KB

MD5
5b43e1748be831d15bd609bed37a6648

SHA1
83b72427593233dfe6caba52b1957f4cd35a03e5

SHA256
5de9bb4fe32278b2c46c3cdf3cc8f9d147e5b149582c06b0eada207a041e3a31

SHA512
554db1c42b4e6f5c79338ca52a28395ba9ab62eb20824b6691ee4c59eef045d0e6d194e3f63585b464e17be1fe77b21a974265fdc379a4e67456e039e2ae9ba0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
10KB

MD5
5f6962c8f512895d259bd172f8e3ba80

SHA1
50ab1ae5e2beed09c9d125421d949a56d9492a36

SHA256
b97ad24256061edb77f924b421e4a77598871b9e65338f3fde6693e54f65bac7

SHA512
04c777363e059196e0e0d315e9f07fe558cb7ba6247503f951753356aa516560a940bba6cdf127e3c4f233a8b2a50e2d3796ff9232eadbd5a031b8c726a916ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
9KB

MD5
f7cd228ba182099910f337ddd8118e22

SHA1
ca3d1153050bc6f05d1babc2f92af63168c1dd4a

SHA256
99159f375f02f880db9d3cc6cf8b3d08ffd480b9b2264a0b4a6e091cdbdbb50c

SHA512
331d70f82b316182c398f9e2fe4e4abd3670a99dc3a2e8d0300d410b85c200cb8378cdee8b09c1cb699809f35f5921a2ee336d10cd84e7df947d40182e7d7ada

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
6KB

MD5
db7bcd3008be3477eb7c2dc9b1545306

SHA1
0b2a6f95cd7aa2e9681331afe0bbb11ea1591b55

SHA256
c86ec58ca5944cab189e3f7d9cf45fa5478b8dc9163f3fec3f0f4e8363e4ec5e

SHA512
077ba0f1e1f3918e8806abf9b703fea4806bbf99edb145a5cbb62cb49169df5f77f3a94e5abc935f4bd703f7158ffb4801f81efec29049beca094d7d2c45f85b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
dc9eefb006cdd5fdd5828eedbc0388c1

SHA1
2d0a6394fdb1e8134e87304e16173fd109d9ab6b

SHA256
b4905fef6528e008a4beb7d286bcb5b1bbdb6dbad95a237af6802bcdc81f945a

SHA512
22f1546b26074ce1b0848c8ed7d4d766b05f13ad63ce82777e38e172236e617b76b292f9d9aae3d38f497068547fa05530b05129b86fbdefc1a2efaeead111aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
45f87f47a262971fb17957be13aea213

SHA1
2982dff9a125b05fcfe61fb9f0b6bfb7369e90d2

SHA256
5cd4deb31121ff908b0be2734a11242e874351ec5f3ccab2e289a5a51f40566d

SHA512
5678f3be2a33966edbf4a1d110e588adde51201bda06b6ae14ed94313dc8813144e273100c131551d1ddec84b436d2e60de01cb11fbbf014f7d05b6927e1e504

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
7.7MB

MD5
2ed9b6803fb7548a6522de3b484c71cc

SHA1
2c39f4a3338f7663a9e5b7f72cfccb4c37cde45d

SHA256
32c91b15a4a6a3f45e2c70a50e892d75c15018d60ebbc85e90b7c3ecc42fa6d5

SHA512
73e2172f42c6dd31da3dce83c3ea6723ae55dfce7257e26cde81e3f893db4e0ce43211cf8a94cdcbc1d4a8d129310b816db454bfe124c31187ae69873caac4ca

Download Submit