3fdc5210cbf84e65c893a5143edbdd0157d2e80776887ba7de619279675a3cb1

Resubmissions

08/05/2024, 16:02

240508-tg48sace4y 3

08/05/2024, 16:00

240508-tfvb7aeg97 8

08/05/2024, 15:57

240508-td9dbscc8s 3

Analysis

max time kernel
1515s
max time network
1587s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/05/2024, 16:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

batch.bat
Size

80B
MD5

109ddb1f24ba8029edf2f840edbe0092
SHA1

e2abcec9131334dd6f305c6fcb24bd2d60ca9547
SHA256

3fdc5210cbf84e65c893a5143edbdd0157d2e80776887ba7de619279675a3cb1
SHA512

436937e4d48c169a4ccbad28af2efaa215122f49db7938a530bc924afda36493789e6be88702cb7d3c3ad217b69527bcb148bebd29047ae3a89a5a798ae5f7c8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3080	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3580	firefox.exe
Token: SeDebugPrivilege	3580	firefox.exe
Token: SeDebugPrivilege	3580	firefox.exe
Token: SeDebugPrivilege	3580	firefox.exe
Token: SeDebugPrivilege	3580	firefox.exe
Token: SeDebugPrivilege	3580	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3580	firefox.exe
3580	firefox.exe
3580	firefox.exe
3580	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3580	firefox.exe
3580	firefox.exe
3580	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3580	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 420 wrote to memory of 3080	420	cmd.exe	75
PID 420 wrote to memory of 3080	420	cmd.exe	75
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3928 wrote to memory of 3580	3928	firefox.exe	78
PID 3580 wrote to memory of 3020	3580	firefox.exe	79
PID 3580 wrote to memory of 3020	3580	firefox.exe	79
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4920	3580	firefox.exe	80
PID 3580 wrote to memory of 4288	3580	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\batch.bat"
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:420
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\file.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3080

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3928
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.0.69459572\1173132227" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb99f041-ffd7-4bd2-a7a8-9d6e95499dd8} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 1780 2ae957d6758 gpu
    3⤵
    PID:3020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.1.901161867\2067942646" -parentBuildID 20221007134813 -prefsHandle 2108 -prefMapHandle 2104 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4212d141-11ba-4ab1-973b-bf428b37cb48} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 2132 2ae95630858 socket
    3⤵
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.2.1939621127\1547838363" -childID 1 -isForBrowser -prefsHandle 2772 -prefMapHandle 2908 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8be2b94-ada0-4bca-a1d0-f2706188377a} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 3068 2ae99d9b258 tab
    3⤵
    PID:4288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.3.1419417137\1789400029" -childID 2 -isForBrowser -prefsHandle 3448 -prefMapHandle 3440 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1eb840b-ee47-43c7-bc1d-118a648194e5} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 3460 2ae982efb58 tab
    3⤵
    PID:2504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.4.1246926060\1782564144" -childID 3 -isForBrowser -prefsHandle 4128 -prefMapHandle 4124 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee1a3706-fdf2-4ac4-bafd-f78ac965b2f7} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 4140 2ae9b4f5e58 tab
    3⤵
    PID:5088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.5.2053303900\219292746" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4788 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6deab36-0ab9-4e72-94cb-c1d86143c89a} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 4800 2ae9c3b2e58 tab
    3⤵
    PID:3912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.6.117968808\1810737625" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee942f35-3aa1-45ce-9b32-22ea362c22c9} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 5004 2ae9c3b2b58 tab
    3⤵
    PID:4336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3580.7.1028601540\1314166687" -childID 6 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cda72fb-ef44-4628-aae1-71da403acdd2} 3580 "\\.\pipe\gecko-crash-server-pipe.3580" 5140 2ae9c3b3158 tab
    3⤵
    PID:4572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\10904

Filesize
11KB

MD5
aeceb385bf4504d4511e2262a5542eb9

SHA1
392f6d0cf790681cbc6e3574039eed5cd457045b

SHA256
b1ed3f95ea04f38254fbfb30bf9dc6dcf2c6ca38a2c35b91e5b882d816dbd622

SHA512
0a34cb8b13263c878829cc2450061ae60d8a3b59fdcfa0ec21e2054129a296247f08dd08213882a72b25fd3204ae436c67974bebaa36ddc3c112f6a360a9170a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
56911ff3e8798996cfbf349b6114d5c7

SHA1
ac6d1c6df5523efbfc92d8abf4175f7c43e933ff

SHA256
bbcf4c930e11531c8efdd9a47dac5da14b7dda3058a242db4f18298916880303

SHA512
c8d4bdf49526c748c9c3486ff08b99dbb9c8ed95cba70c27502e7a308af399bd6a623408aeb425806292521fa98b1cba4add89e50e6bd3e9599ab27b2199a2e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.txt

Filesize
17B

MD5
907fef7464e3fcfce2ced1889d9be4b7

SHA1
4c9b22dfda932fe87cde75e8e59e79fcb1ab7dc1

SHA256
7d49895635f237fe77138875d3341e439ac9cfa34baa90516f5c121425c63cb2

SHA512
2cb41536eae439668727e054fc24749c35532e91ee041f614bd379a99f4e3dd0a842ab37fc209cba8915ab03dfa8c3a0c1f7e2d404388f622c8990682a27a626

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
360481a3df4a6b2db0a0d8781847c3d4

SHA1
4a5a5e3b0ba353e5d3fe19f91c85ab2e93e3590a

SHA256
8f70fb46a2cc5888a0f687175500ff013357dc2a70f99ff76a275201789467bd

SHA512
acf226bd716c889679960d430b48d91288c832dfa66c2c43152232e5141de6a8be1bbb012c5c08ef52a14703bfeb19cde5cc07053b26b500543f34a90f507ce9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-05-08_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4

Filesize
945B

MD5
5454384ec38638981ce5e67157b8f07d

SHA1
20da940d1b48d7c555b5f7d050fcc26b9fcaa217

SHA256
faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11

SHA512
5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json

Filesize
216B

MD5
648aa7b03c60696b8362208b5a9535d6

SHA1
a1874061150d269e1c9efd3da3f90fed54876379

SHA256
8a906ad3ffa4701640294e2903e5dabb6c5b7757c23f2812f86706626ee0f9ee

SHA512
aed9cdd9baf989c8ff51c2c30b9ca1a8c1cc29eb00ae41973be4a0a96cac0243684ca9cca8bb54ade4c7d8606d95426318b311bf68399a6b7bf79ad507c73927

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
fc96692dea272733825d5bac26a29842

SHA1
092818f4704eb63d2380f72bd7641e2fe5592eb9

SHA256
35f3b1b8108a8f17850ee1ecfaa112916c4c9dfae13f25d1f5c2e73294aa7416

SHA512
dff6681d13fa11c1984b62f1d0e9115b0b149f491d29b635532b8a4087077c5dc1c04077528fcccda529c36c11516ec3cf925fd72269978641951cf6a16d74ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\68db1d3b-107e-44e2-ae0d-acc9bdfda144

Filesize
746B

MD5
1ed827752ed513c1f093c695ba1fc7c6

SHA1
8d5c15ce346dead967054ecd4da6717234ad4a16

SHA256
7abab5d222054a8457bcfc8b3294cf9779bac18be5e73c20d842a5694bf694f1

SHA512
1c6380acf76db3578f3905b455256ed27734852fd4be22d691e43f9216fea8120dacf01cda791e29a12965a3c648f9e350ddbd8a42c688e5cc5b418d67885059

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\b502e68b-f0d0-43ee-a4fd-2aa88c95c78e

Filesize
12KB

MD5
6894742d339bf695aa43f40add45420b

SHA1
e496c18e8f92dc2290f1a43ad51d156ed682dc75

SHA256
b326c971c2361fb1e63711d1167904c040954c114cc49f978ef98649dc8dce89

SHA512
aece300050c4660456c73a630487d908ee707e995221c436514d84ff0412b900fe9e35372e889bd59329f5c7bacf55012476edb31f220eadc5f0b6b663f113e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\extensions.json.tmp

Filesize
34KB

MD5
5a7aeb959001e385367a9e24baabd158

SHA1
f9af7cd87f397728c04eb3448cdedc44421946bd

SHA256
0242df1fc3f9d535b2a59caf141c25f2a1d91843b988933070e86682b2d15df2

SHA512
77ba2e0e56eba85fe0b8936424e68704d5b186386ae9f12b0f1f4f7a9c2beea308ff5178c402f28ac61013317214a5a67dc7ebb698e735578dc35423c71b401b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
9KB

MD5
4405464cbefb6f18f276e106a06b1e42

SHA1
a194f7e704275ffa9b5a81cc8e3893200afd7170

SHA256
0d5598dbeb9b91cfea7e6eae53630616bb86eada47f2d3aa5d47aeacbd3df333

SHA512
bb95447f8debd7a3d073294a849d18a2753750ad6661f52f231cfa31806b8dc775764dfb48408765dd620dc707f9f3174303ce8429ef17553db46fb55ef1c561

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
10KB

MD5
39078517afdad9c9a7ad1dfccba78c8c

SHA1
a625663931f42f5d71a9b98a1b4dce132a99fa95

SHA256
6fbbc92e771db413d18197e9f129e016de50001b04429293138e1ef096bd50f9

SHA512
866958b9628f79daae940b2e059c90d2d9f1ef0b6e27025b979e20ad812cd32414d0cca5f97ae106823b0b1870834f137f1c6f39dd2251b1c813918691de2ad7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
8KB

MD5
f1e5dc73c541cc6b72541fc679666d07

SHA1
38c117d7f45a8f06881972867a198d307f605d0b

SHA256
f621417ba049156d80982e2ec3c391e5c3a078602b00a16b20400a2116208dd9

SHA512
9d71ed3a3cb79f602d9eafa22e9314c2cbcdfd241d5fc746a9a4930362a3ac0ec2bb199aa502fc74d2c899fe16f3a1dd8f91d4288921adeaaab114b61f0a586a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
9KB

MD5
7c037246d6316e126b0275939df0a1bc

SHA1
6067dc2fb5a59ccb0c21b73c6aa514f1b7be0445

SHA256
ba9bcd7299cb37b35c9b7e54acf97878fac67296e0a4e267a9b6225d3e3d7338

SHA512
8b86a2016a64f59d2aa9ed040c82650b09143e09b970dd5ede986ba79b57e7388f6e8d5c0db3be529e83bc5e3107b860f539b6db7840468559b00572f921b3c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
10KB

MD5
320574208499b3f3074bdb6cbbd0f8dd

SHA1
53047eaf431713869f9cfa296b3e72fd848e89e1

SHA256
5cd68064f359467ddb1bba935b3c0a60f910aa6d0cd2a7ea8e2346ab75fe9b13

SHA512
4467594711b0bcfae685f3db470f3e5005147be7aa678743a868090cf0b705c7bc9cee43dd26b370c28c09ec01875c1b16d6582954d608e80b79c117b5a7ac03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
7KB

MD5
4349041ac1009d0b6b2853f52a30ae06

SHA1
a8a5c44e25381e86b16d1b8cc59e9d147295470d

SHA256
d9d3e5a663070a3c52a32001d4de7bbb8434c16f7c7d12bd46cfef05a6b4f62e

SHA512
bc372c7c03b146e96b0b13e26c50e91202e7f08e1b94b5a9f3b3618b01e485aaa29720f571620c5f63dc06094f88b3c8a50f499db1ad3fcb2c3ba4884dab4d07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
2901a2126851ca2299ab5081e6d2d09b

SHA1
7d9a6751567aed47ffeefbe31d677caf57fb0799

SHA256
862e9f9f136dd0f26f80da7d9a78341d9a0bec2c2ec2c53c901091a9629fcad4

SHA512
4a0850bc8fe5d53b934eec343df0b796afb804d0e661a8cf87b12d18ed027578e19c71963d6766542780e52e96c4be339fd2daee422a6259b9e3fa7cdc37061f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.6MB

MD5
4b2f8331b96052f3a41f79256e0f0ac3

SHA1
e51c4e220967766e489bc1c3ca39ae6a15a10015

SHA256
cdfb086f0a329f9ad6c38436a1a808adaedb29c7eb115f78d02ec57f144e8e89

SHA512
4f5635341682555ebb05aab9460d115680cb35ad72ade551db66c5654ade17400d1644d7aec349cc3954c6246bc1c3234fbff941dfc291d34ca717f0c3b7b200

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json

Filesize
3KB

MD5
3ded766503254b09df630f2865ca9286

SHA1
17caf83e0e728d77323a86d0bfddda5628add419

SHA256
ca62eaa30a3b434d6ea6bcdc6104ec23b6e2509a72f65411b4a0f2688fa11256

SHA512
df8bd79668e94b1bf38b1b3cc0f1c8b379f4961d4828160109db2b16e3f52ebcd3395ac6bf95978b7ee1f1cfb71ad1c8dda6bd69c338735b206cd03756d411f4

Download Submit