135fc77c5f588f90e1e49d0a96070703cf4a6ca3714dbb5030719a40570e3c3e

Analysis

max time kernel
145s
max time network
147s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21-05-2024 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SolaraBETA.rar
Size

17.4MB
MD5

1c9deb468c25cd3113ec8a9780d8135b
SHA1

b5adae52a06077fafbf9dd975d8da10f05a97d2a
SHA256

135fc77c5f588f90e1e49d0a96070703cf4a6ca3714dbb5030719a40570e3c3e
SHA512

70caf62f094a6af7ed85fa7d897ae8fdba808004c5ed1ab1cca79453d1dc4840fbfd959da362d638d4e4617915e2aa7a76ef4d38edf9fb8e50485e97cbab1bfe
SSDEEP

393216:wlPnTYj+yKG4H3JGtfrrpwaZpB3VwaJ5rPBwU:Snm+yA5AfrrSabBl5J5rPaU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

2492 OpenWith.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	4776	firefox.exe
Token: SeDebugPrivilege	4776	firefox.exe
Token: SeDebugPrivilege	4776	firefox.exe
Token: SeDebugPrivilege	4776	firefox.exe
Token: SeDebugPrivilege	4776	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

firefox.exe

pid process

4776 firefox.exe
4776 firefox.exe
4776 firefox.exe
4776 firefox.exe
4776 firefox.exe
4776 firefox.exe
Suspicious use of SendNotifyMessage 5 IoCs

Processes:

firefox.exe

pid process

4776 firefox.exe
4776 firefox.exe
4776 firefox.exe
4776 firefox.exe
4776 firefox.exe

pid	process
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe

pid	process
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe
4776	firefox.exe

Suspicious use of SetWindowsHookEx 18 IoCs

Processes:

OpenWith.exefirefox.exe

pid	process
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
2492	OpenWith.exe
4776	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 824 wrote to memory of 4776	824	firefox.exe	firefox.exe
PID 4776 wrote to memory of 500	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 500	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 2940	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 1760	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 1760	4776	firefox.exe	firefox.exe
PID 4776 wrote to memory of 1760	4776	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\SolaraBETA.rar
1⤵
- Modifies registry class
PID:2196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.0.1448490788\435794710" -parentBuildID 20221007134813 -prefsHandle 1672 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae947762-4120-4a22-9826-2897566d6f42} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 1760 173c4dd7558 gpu
3⤵
PID:500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.1.65319409\886559513" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3bba5eeb-df60-4a3e-b23f-d7c8d67a4903} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 2116 173c493f258 socket
3⤵
PID:2940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.2.1654734521\996168220" -childID 1 -isForBrowser -prefsHandle 2712 -prefMapHandle 2828 -prefsLen 20866 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6503ca37-bac1-4f6d-b96c-3ae533406e59} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 2928 173c90ccc58 tab
3⤵
PID:1760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.3.948573246\1965476845" -childID 2 -isForBrowser -prefsHandle 3008 -prefMapHandle 3012 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47d9f531-d2d0-42bd-adb3-a8f1723deb6f} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 3368 173c7888658 tab
3⤵
PID:1040

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.4.1137090311\67905434" -childID 3 -isForBrowser -prefsHandle 3580 -prefMapHandle 3828 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84259b04-90c8-44b2-b51a-599770bc0818} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 4388 173c9f49958 tab
3⤵
PID:2720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.5.925059378\289866258" -childID 4 -isForBrowser -prefsHandle 4760 -prefMapHandle 4756 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd716c44-4ff2-409b-bea5-39a0caaf7027} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 4772 173c9f4a858 tab
3⤵
PID:3860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.6.88576776\1298271339" -childID 5 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e6f66c3-f1f0-4249-8214-1944696e3f6b} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 4812 173cb4c6d58 tab
3⤵
PID:32

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.7.749512643\1326603206" -childID 6 -isForBrowser -prefsHandle 5112 -prefMapHandle 5116 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c541df0-f765-43af-9c30-bc850c3f7c7c} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 5100 173cb4c7f58 tab
3⤵
PID:1432

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4776.8.952343312\1495787468" -childID 7 -isForBrowser -prefsHandle 5480 -prefMapHandle 5408 -prefsLen 26514 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {361fc037-da26-41ea-927d-40ce41e9f8a4} 4776 "\\.\pipe\gecko-crash-server-pipe.4776" 5492 173cd2c1e58 tab
3⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\15616

Filesize
9KB

MD5
60915364babd455223ede6685d34eeb4

SHA1
8b7c30654094059fe1d78c01092c1803b1a68939

SHA256
a81703eba269b016a0a834877e85600d017b9eb45e15b730591aaa31d3670580

SHA512
c842bd1f458149d722609f6fca227b4ce383f7056c709f8430d9976c10acd44f3e6f217a10908eabb636139f8c63d278a1b02e7fa9315ce86aa540cf6f53a2cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
e3ea1ec939ebb4b1b6c2f936fbe54e24

SHA1
e2ec220d8d48fa71940347f6ce7590b27de0448d

SHA256
bdd1a880f385005ca2d79c1c6e25c50a67030b6943063ad69d9547d063d6fc41

SHA512
3fd7a3c5ae8e67781ae22751bb0b53b53744379aebc3361dbc7d4fd08bd335c4a4e751f551f9b8143b8c573fb5388567e7fa84906baf46572626b2a37cc22cda

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\3b8276ff-3498-49fb-ab3f-3b6db80f315d

Filesize
746B

MD5
d06ded6e8e86866a8bdd7b581e56f6c5

SHA1
2c7314331c069b77b278d19e44992080e9313b3a

SHA256
7350fb241eba154e5bb2d39da3c813e87420e78d0a68599b281399e1bea614eb

SHA512
5342a9798f62beabdd10dbfa55e3827fc639417f0f29c325c4e9feb5e52a129ba4b15f994762d0a200c283dfef5febd08d745f4bc186e69c1624258402643c10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\4fc08d33-00e1-402e-8643-2af7aa12a188

Filesize
12KB

MD5
60332059f7dfda7a8b3d1dc0bb4244a9

SHA1
8a0950cfdcc5aa013a2284eeca9cd02f86014e9d

SHA256
5adeb9660cc03f2b91655d84180fad70d8e8b1206d8a4cbe29c2ff42fb82a1f1

SHA512
434c3f35604287e308aaa90285efce7cff9e1797171eade29641475f59453d650ef04ef99ab3ecd73ebcf7ffc1f4b7d2138a3d334c0de1439fa2273971f1ad00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
cf61458d731e2279c7cdc96ceb1e0ec5

SHA1
cc745216c075c85057cec1b4cc31ded8865e0b65

SHA256
58be858b7e23475e77e0ffb8a977865a14d2217f97ca125de459003956c52b61

SHA512
a6ab59975bfc26b6831335da79085801c6c736245d1ad2139025a39bf0c7a27666a63b106fdf519f40156b1f6904ac861193b26fc4a27ccab6f3dd5a08915fc9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
7KB

MD5
2ef1150a3f83c7ca9781b7fbb068b448

SHA1
b538ec6051fa4c09ffa63dd9d104ba7247316495

SHA256
4b15a6913e552679a30997343ce07f441af7571f85fa3159989c96436ef953ef

SHA512
94c53c7060ad5e63183013922847a13815bcc8834cfcb536d0bf934ea3b10034c7e576591ccc238f5757a2a933c40e0b96ee2d6e320a82bdfa7e3f26c92acb33

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
9ea54694be1061b36f14ece12c52307c

SHA1
6b80c6159dc8743c4dd4a599a050a23355e36634

SHA256
1885d03b009645566b7f8d8df53ac1b544eee4096164c2f00c12038730ceb71e

SHA512
e444e84a7d042c65659c59bc018a2c35be9976400b3720121353cd055e539f0718affb4ff4d8d6914cb183ff113d89f45daf811fa4276a119fb57826f4c09b19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
76067d2543a040115f790dc65c5d8c77

SHA1
247f95e1a223b587f17b39b7b6bb544fa6685ef2

SHA256
e83ca6a012d438bf9e3456eefaefd31aa050cb41d5594a5676f74786c8accf60

SHA512
6ea264c68894d7fb680c11168205c4fb9b0da977224c5fff419e8af6bad5ee80627fd36acb496a1d5bff08c210916235c5d297483b2b94361f5c2867c6892c63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e2c66397b867ccec001449c7ec294da6

SHA1
b68f1ea13db172219823f154740c09b301e761a1

SHA256
c80b9a53eb0abce721e19234ca8e5ad9ae92f6599308035ac8e469db6e20f19e

SHA512
9ad36c3d0075c46428ef7f6c3ac5ebcbbb6ad71c7935a84eaac6a70528c8813903461594c430832b36494665284b90b4cb5a6789307e5ca321ee9676bae9d461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
ef4fedbbfa905e80091c5279a2ea25ef

SHA1
a377e6666d488d68bf2a3fba0558a5e0e1e1e1e3

SHA256
0cd2bb5bc2fe17a28fa4ec79f9cf3dfb3b0fabb1c28229e98a75ba8f4ab853b3

SHA512
ea1b408b845f56a3e21e4a04b7a416b75fd2d6a74b37be4e1700336ea409b3eaf7666bf917018b25da7c16f90885c6ce7df4549bedc649f3dd7f22b64a87fd13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a9d131d1a79e6ab77f289d27234a5e09

SHA1
528225d851c00f82b190db2558044ad5cc5910b3

SHA256
d7cf13e8d6cd7178d042b7c12c46bee93725588e398515718cc516f5c7d7b1e5

SHA512
d470515b8a34cfcf4145bb1a06f24d386c5d5dc0875bac483c4c147d30c231a944768d4cdc75df459a9fde8e7693c5abcb193c1fc6bb264bfc6db9f0ad8b7eab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
731c0e733fe1e3123d366af7c8e578ae

SHA1
9756304ea773dd9cd96e5996dc79de2ed6a9ae9c

SHA256
8f426b4be5e3440fa14d37480f018b7dc3d1a547b0e91c2fbfc6e31d9054a359

SHA512
d29e0f2356a3226f64692b390c122d4d70f09f677d9f5d086f2babaeba6574d670171edb24ff52f928871ec489680f57910e21fac1ca8ec08783a07d21b1f427

Download Submit