hxxp://x-ray[.]ca

Analysis

max time kernel
119s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://x-ray.ca

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1160	firefox.exe
Token: SeDebugPrivilege	1160	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1160	firefox.exe
1160	firefox.exe
1160	firefox.exe
1160	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1160	firefox.exe
1160	firefox.exe
1160	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1160	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 4732 wrote to memory of 1160	4732	firefox.exe	83
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3840	1160	firefox.exe	85
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86
PID 1160 wrote to memory of 3164	1160	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://x-ray.ca"
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://x-ray.ca
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.0.136846606\1442416365" -parentBuildID 20230214051806 -prefsHandle 1756 -prefMapHandle 1728 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {333ef3de-c2e1-4476-8de2-efa1844cb074} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 1836 27f5a022258 gpu
    3⤵
    PID:3840
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.1.553794629\590221527" -parentBuildID 20230214051806 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {554d7dc0-8d77-43db-87f8-e624011c90cb} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 2428 27f45d89658 socket
    3⤵
    PID:3164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.2.218167069\1224715179" -childID 1 -isForBrowser -prefsHandle 2984 -prefMapHandle 2872 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {786a6b30-8c1f-4a64-9b48-c40a33ef5a0d} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 2996 27f5d134e58 tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.3.1214843530\889077655" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee16eef1-3731-49b0-890d-51b2463a16df} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 3660 27f5ebc7e58 tab
    3⤵
    PID:2244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.4.142612130\1972169135" -childID 3 -isForBrowser -prefsHandle 5124 -prefMapHandle 5132 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e51e630-975b-487e-8389-4237e985f20a} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 5088 27f6002c258 tab
    3⤵
    PID:556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.5.460317767\2118516255" -childID 4 -isForBrowser -prefsHandle 3040 -prefMapHandle 3056 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ff7b365-5d5a-45ff-bf07-4be7d6466f64} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 5508 27f61367e58 tab
    3⤵
    PID:2360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.6.287511590\1452405986" -childID 5 -isForBrowser -prefsHandle 3088 -prefMapHandle 3100 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a7cb70a-1201-472b-9e97-ec70b8880ea8} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 5648 27f6139b558 tab
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.7.1373068494\1338323454" -childID 6 -isForBrowser -prefsHandle 3060 -prefMapHandle 3076 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d2dd05b-fbf1-4c57-b7d9-5825b2d5ec3c} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 5808 27f6139be58 tab
    3⤵
    PID:4524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.8.535755437\590207661" -childID 7 -isForBrowser -prefsHandle 6016 -prefMapHandle 6020 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1336 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7b70d96-51b6-488c-b07b-e0c0180b7d25} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 5960 27f60e88258 tab
    3⤵
    PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.9.13470027\715319593" -parentBuildID 20230214051806 -prefsHandle 5692 -prefMapHandle 5700 -prefsLen 27697 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3ae1041-97fb-491a-a675-d58ff522d8aa} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 5316 27f61e92758 rdd
    3⤵
    PID:1624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1160.10.1775446663\339976422" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 3100 -prefMapHandle 3088 -prefsLen 27697 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {352244cc-f77e-4c53-a35c-83829e12325c} 1160 "\\.\pipe\gecko-crash-server-pipe.1160" 5308 27f61e92a58 utility
    3⤵
    PID:996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
26KB

MD5
81f899430d00d4d382c3c0429fe718d3

SHA1
53275c01a0b1ae73ae8cd213b4a79bf8ea81c2e7

SHA256
0f8239d56af40a5af967e5740c1fb3afe5d5b67df849b0cc81ac1bca5ab68110

SHA512
5b02d0945ffb49309a3233847bbe13237fe415afa8cd063f2e4fb1c1ada945d5094c17f64ff87fb25212e5ceb873bcd39921a2d3de649f2bf0332d2e9e45b7ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\25450

Filesize
9KB

MD5
487627c9c09c6aafbe27ae2656c6b50a

SHA1
d2189c34460cc47eab709788f085be17760a23e1

SHA256
e4d5fb5e7babe71882f1ec9ca6b3128209c14617a015b529fd77f993fd28a091

SHA512
55f4fcf7129561ebe2d47b201d6e938a0284ada2c718a4601fff633043faca01551362830b8b5b2fe63ed2b5b5c6311c89a8a89f78ceacbbe44b86264dd2ae2d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\4622

Filesize
9KB

MD5
ad4683126d4f0c36c79ce85c1e5077e4

SHA1
0367e1b2d08088c03ab59b47291722b1e8af889e

SHA256
f329590e8a7d9720b0bded7c66a350aa76f522aafbc15967e5b0ab189d176963

SHA512
eea6f6bc748fd522e373779e8a4316a2548ff9085806ed17e2193db3ecf97efa33d6cc1c11ec733fa162ba6e7784b03a1656c84a5ce3d02c5ab517817959b1b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\6808

Filesize
79KB

MD5
083ee21c397dc3c4c8abce251938efeb

SHA1
4bae62b2fc6f2a7acd80005c74a7671a5f3bca76

SHA256
bcfb4e60d2d1b14f997865f0ce297ff7a5bc5cba754e089e003b86f7f5837baa

SHA512
f300bd402e2ee9af0ab767952117310409187baec9016b8c1d8764f29e342e7b11a8527b7d3550ba7a38ad11084d31da67d49f19596bb3e7458e955efe92cce3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\doomed\6955

Filesize
9KB

MD5
904688b464d50e6255b724e87ed58b02

SHA1
f23d4fe453a9ea81fbe5017e6de3c5e5dbf98c51

SHA256
662acb4701fe7b7f51d2f2c3067dfc2e21772868ac815a0480408107d9099f48

SHA512
45e38acaaf8f89433cdab26ed38b205b72a606bad008d7a129acc66b40b55617a7a010ebcef3fdc5c21226b6d11b8cbaa5d468813951baf4648edae13eb567c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\412143142D5CFF4BF443AD4A271A2BDD669CE254

Filesize
438KB

MD5
d35102db3f75a21a508390efd8a3ce30

SHA1
46a10256202b350d1d3039a52f0ab2b94f429314

SHA256
5f7d842970dc73ae1aa39adfa25ef600d2f53ec728fec73d3d6cbb42a5cbe36e

SHA512
ff82288a3f8b0dc60a526f37ce5cb9303f1cc875dd6afedc2f07a3ba3501942410b2b28480f465e81731ddebeedcbe05276bba2c1dcdaa89d0c400e7ff69e275

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\7D9121AE796B4E956B382D91286BB3193223063B

Filesize
69KB

MD5
70088071909ae138b287c22340af87c7

SHA1
3e213f81f8a22652de376267fe070ebbe030fab5

SHA256
dc08b10435c20ebaf964211a5e05980562f77ce6f7b53ab02dd7e16f2802c35f

SHA512
e66b24a0ca045c1d2cca551f2ff5596f23885057ed878d0dbb4a8ec6238def8409c2521049cc160911e8b03cb261c3e44d5a84eb02e4739932ebb7dcb2756b51

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\CA53FB3908F5C01C5FE5E994A1886DE56C2C383B

Filesize
635KB

MD5
ad41998d5a722507c12dcc793d821ffa

SHA1
d473e33d5126bdbed8e7d10b6cbfc3b1a69a67ae

SHA256
7b932931adbf9274b81338ba802900dcc1dce457e814e8a1b6fd1e27a17a3671

SHA512
9236094e5f76444bb778f1345e368ef9ef44d2a3e54c63b70c9acb36231091a44a2b98be62e99c50dcee759f3e9ad2ba43d1512613d44f408d7a4a5cbc5f2a20

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ntkangc5.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
18bf6abdae209f1c5ff41908c9db5eed

SHA1
67a451aa35e1d0a004da73db8c8597c6215664b9

SHA256
e1b1ba7a85077e0e1af3c2986b525dfefd401e656163a502b0f12b9977cdf838

SHA512
b98c913781a999bf0ee282f8403b4c01ef5c8f4aa2b83c9a87e0d8457a8dcbeb82473081b0f4bead86f2767977f8b9470d0d19d1ba081a9d56172ef721d5f957

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

Filesize
6KB

MD5
9e046e3df2b58d7c8e248480f0a8fcac

SHA1
68ef1053ac3d053af2132957ba9a59640b4e1206

SHA256
b480f670c708a570267a0e601faa1c61f7125c68a6f92c624d10b8dc4d85062f

SHA512
7b0df2bfeb8b6e8c3e1cf3b30529193f1f5753020a19af224058764ce20fab8161d02a00f9333124d356e3140fdd33792ebe8fe70736e36374cbd61de5202bcc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

Filesize
7KB

MD5
85d96de2efade9561b55a42827d3ed43

SHA1
580a6f15a6246cdb6b4addb2ffd91521419858f0

SHA256
b3bbc9ed9d13ba6c545fd9f86f29c5505a564078a62a0f3ad01badaf32182839

SHA512
d041677819de2f2de10cfecc1b292910a4de42c3ce62c4a7f1998ca04656f138c5d84d32b3accc171bc218736fb140dde2e502d66b90b45427b365db57a6cbba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs-1.js

Filesize
7KB

MD5
390f76051747db333fe9055d2708fd64

SHA1
058b4aec06c6ddc9243d4d501017d20f3c1e1f2b

SHA256
bd8e262b21779680290b02e49f7e5742e6edd55468eb557e3fd832dc39728c57

SHA512
286cd3a9349a43a02cba2c0ad225a16b3037caf26eba40d0ec35b8d2ec18179ef99e79f8e5f22ce2d945b13ca308ea6cb2733c5dd336ab4c1ce6e4ddc6de54f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js

Filesize
6KB

MD5
68a0a811a8cfd627dc6966a7faf325f8

SHA1
079421abcfee2dfc31da17ab00531ac1c2f483b8

SHA256
fc8a9d8a2c574c0d16e7c1632cf4e625ce4e37a6523679468afe2704b6a13f38

SHA512
4f67167cb6866a1228a77e3c9474e69ada3bc69d8303fb95c994598a844b1f09506284075d3a427eaff44cd76927d7bd3a82baffa9cb52767bca568ec28cf9ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\prefs.js

Filesize
6KB

MD5
b2545ca0349c57d77d1b60c4cb0887f2

SHA1
d4acbc489ea3135fdc41ca542e5ecc17fbb02e9c

SHA256
753c27d0a8a71f960f14005a38b9695103cfdd3cc8b99a716ca8d9dead7d58b0

SHA512
ad3e501a3cca5b47a9dbcd27925cd54fa8a300abd9c4fd8d844b480882ab6f473341df7c994e07e35ace164aa10d8a1c1ec24069d26e2a14fb32f5038a100b67

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
abb6b90871751d52691586faba39994d

SHA1
8351462b390ca4421bd95b6106fbb233eefa9bee

SHA256
df73d835f8b952ef21e3b2513f708ee010778655c765ec3a45e1575bf2571624

SHA512
5b4d5d5ff616c61ee61873b946a5f358facf4c306672ea872d2dd10e1c17360290de6b634eeee8993ecdbfc0a87c4a69fdcb9c8b95bd4be00bb23b7d1d4b6c18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ntkangc5.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
996d04bd5d89ee89d385e7270be030ca

SHA1
33d4af980a543a105365b4e7e68c84be81a9cd1d

SHA256
21a2d3ce9627d4adc813f532d6d96e0bb16206dc82942b25b7bd619c4e2cc110

SHA512
deebf7c8da8b1df26bacbee899b175f9c22101b03688f14cc1713fdcc88481e3e3e358d3ce5d161d8466923065359c2bfce4b28bac079b494538118a0734171f

Download Submit