d91cdac3797e2a31b224e443c1ab3efe9a2564c0a2a2f99967167d9eca364c0d

Analysis

max time kernel
1559s
max time network
1560s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

20KB
MD5

40f9ba533787ccc5d0886ef555237dd0
SHA1

96c76aa22f95578fcd7e1aa9c86df5d89523107d
SHA256

d91cdac3797e2a31b224e443c1ab3efe9a2564c0a2a2f99967167d9eca364c0d
SHA512

2fb777ec7100054ec207812c7d1a2f4764c8193935d08271f037b4a636ff5067b58dae2916e6f0c1a4d2f4a93e8ca6e6c2e847b49cbe566511786329147ff434
SSDEEP

384:rh6GiDpmReVoOs42i9ylKeGMwU8HhhbIC0kA7Wo2paWhOwob06+bIJCgMmV6:rQhBVoOs42myI1MaBhbrivWhOwob0MJO

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs

Web Service

T1102

Processes:

flow	ioc
99	discord.com
100	discord.com
103	discord.com
105	discord.com
55	drive.google.com
97	discord.com
106	discord.com
50	drive.google.com
102	discord.com
58	drive.google.com
98	discord.com
104	discord.com
107	discord.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 2944 firefox.exe
Token: SeDebugPrivilege 2944 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

2944 firefox.exe
2944 firefox.exe
2944 firefox.exe
2944 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

2944 firefox.exe
2944 firefox.exe
2944 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-481678230-3773327859-3495911762-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	2944	firefox.exe
Token: SeDebugPrivilege	2944	firefox.exe

pid	process
2944	firefox.exe
2944	firefox.exe
2944	firefox.exe
2944	firefox.exe

pid	process
2944	firefox.exe
2944	firefox.exe
2944	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2256 wrote to memory of 2944	2256	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2656	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2656	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2656	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2812	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2332	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2332	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2332	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2332	2944	firefox.exe	firefox.exe
PID 2944 wrote to memory of 2332	2944	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.0.733286800\1986061476" -parentBuildID 20221007134813 -prefsHandle 1248 -prefMapHandle 1240 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab617fbb-3177-4e9f-963a-e6a9df004a1e} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 1352 43c4f58 gpu
3⤵
PID:2656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.1.2081889332\1981263591" -parentBuildID 20221007134813 -prefsHandle 1536 -prefMapHandle 1532 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {acd7d39c-7308-4c21-b718-d442c4f1a921} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 1548 40eb258 socket
3⤵
PID:2812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.2.1826235348\1732975950" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e7f13ea-ba34-46e1-bdb3-1f5e50cb0599} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 2096 192afe58 tab
3⤵
PID:2332

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.3.775938158\56857790" -childID 2 -isForBrowser -prefsHandle 2496 -prefMapHandle 2492 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7754981a-6f43-4db4-a304-f623efc9561e} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 2508 1c0d6558 tab
3⤵
PID:2448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.4.131001067\1421907375" -childID 3 -isForBrowser -prefsHandle 3696 -prefMapHandle 3736 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a72ad7e-0e05-43f0-a1a1-8aa8fdea31ae} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3756 1e468b58 tab
3⤵
PID:1824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.5.900547694\1998165166" -childID 4 -isForBrowser -prefsHandle 3864 -prefMapHandle 3868 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6a83944-20d5-4b49-b154-82c37802fa30} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3852 1e990558 tab
3⤵
PID:904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.6.1280624279\370169895" -childID 5 -isForBrowser -prefsHandle 4028 -prefMapHandle 4032 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bb5f91e-3e66-4496-810d-d6fc3503eaa7} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 4016 1e990858 tab
3⤵
PID:920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.7.892150463\370587381" -childID 6 -isForBrowser -prefsHandle 3696 -prefMapHandle 1140 -prefsLen 26531 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b09a4ff-666a-468a-b811-b791d181a635} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 4100 d30258 tab
3⤵
PID:2060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.8.510809662\1161854939" -childID 7 -isForBrowser -prefsHandle 1856 -prefMapHandle 1944 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {977478b9-4b3e-4691-9992-f3970826208a} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 1868 ff44558 tab
3⤵
PID:352

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.9.1750853795\400882750" -childID 8 -isForBrowser -prefsHandle 3844 -prefMapHandle 3772 -prefsLen 26796 -prefMapSize 233444 -jsInitHandle 592 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d90a8e3f-1bdc-477a-9e45-01868f5cabe5} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 3984 21146258 tab
3⤵
PID:1668

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2944.10.1702861189\2025135163" -parentBuildID 20221007134813 -prefsHandle 4384 -prefMapHandle 4400 -prefsLen 26796 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a787fbf-c53b-4afd-9d51-470acde103cc} 2944 "\\.\pipe\gecko-crash-server-pipe.2944" 4392 d64b58 rdd
3⤵
PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ty9peokp.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
6a39782c29906e372f43d571d9d2c6ed

SHA1
fe94666c8c4b86e8c7cdcc3cfe2663909294b29c

SHA256
e14a252ace4f89abd50db05ac0c47380ea4b2cb404283ed2fb3fb7f5d27a58bf

SHA512
e9374bd48d27e4db1f57c44aba14ddf6cffec3e92e1d7eedda9a3463d11ddb158502a745fd82002658b659dfbb5a6777494c09c349a2d5f6b54ea61684f8e39f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ty9peokp.default-release\cache2\doomed\27562

Filesize
11KB

MD5
1cbb618710edbce4ec6ca0e3c66c12bd

SHA1
5f6e9928802b92adff3d0cb633b0609dafbcf8cf

SHA256
eeb6ef3d12059bae437dc4219b45a08a50a25d9861f52db90e36f99f14c9c4f9

SHA512
438e1c9dbbd2743c42eb303bb975ede010ffcf3303a8668a31e354e382c7e61492d2c7b9a7b5f57261c543f29103d1ed33fb329db8b0cbfe407edf0c38e6b0aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
bafd8ac5e13aa17a4984f49e656b6abe

SHA1
2fb484b1c7663669626081c1750fcccb7a3e1869

SHA256
31d3c216c18f89fb9bc0886ca29f30b9437a31f94ddfc50d6a80ea4e0ef3bdb8

SHA512
87db7b61e0da0cfa0bc7e774092f98877a758d38c54dbb1464c45e39b4a379a91cc2bda8ada328441270f5be286dcca88b86d2845c50c70a29fb8cce90589d10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\bookmarkbackups\bookmarks-2024-05-22_11_XFMTpcVzRE2otKSPvcP91A==.jsonlz4

Filesize
953B

MD5
25326fe9a484cfa2c0fb7daa04595899

SHA1
63bd3a1791b112ec4d00c2c7d97a8d40fbcb3902

SHA256
7496587881103987755ea8dcdb9b211dae5c936f6ae5027deb9c3bcaf63691c7

SHA512
6bfd2f156cb14414fb199c2acc3e534d1f07f960c9769c2878bcb14ccd8f127879f33c727a541232e601b1cf5173d4b10b86c86db036c17f69849fe7417f1463

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
287c76af170e44b659a376b45ba7b6f5

SHA1
ccdffc48a782560cf1eb61fc2ad6d08a4d845cb4

SHA256
21c199b4d8adbaf7d02ffe41fafd89dd078cd2e6c716edec5fda32fc6b89291f

SHA512
089e56f436637089fe0624724b405e425ca8ff9d5f1130344cc6a6bbae7f40942ad4c29fca6808c093de6287b3fc90c822cc0145945d6c26fa46f37f2c1021fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\datareporting\glean\pending_pings\0296c776-4797-4bea-a65f-568a23fa99ac

Filesize
733B

MD5
fbb45ae7cc12f0d44e3efae803c8664b

SHA1
c2a07e90acc3e33329a2508e43c63969cfd657f7

SHA256
d898d6beea0cd7d2e6f3a1af722531e2c46d1001fd78c26817ecf5f4aa1390e5

SHA512
b12ab94fa7b6ebeb622499196e44ae98d4df10f5b2e45fb78c46768162666185182762600ecdea900e620b0b847fa5f196aeda6d855a92400d603e6b8a276052

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\prefs-1.js

Filesize
7KB

MD5
2b90317ff1f6c44ba6d8c963c3b12592

SHA1
f04ed49d581748ab9d9016f950bc3de550821e6d

SHA256
160f9cb35e62d5493a23c62458023b3b402f6f7a8e867280f5e51d0b9ed1e3c2

SHA512
ecef877cb110777faead98518c65494f12304cf55027abd9728c995a11dd5dc3214c40724a08aa1e37f2eb332a1c2a263767e8c3bfe3455652916303d2592250

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\prefs-1.js

Filesize
6KB

MD5
9b5eaf403322e3efa7807dc05e2bffea

SHA1
204a56c4b00abb5c0d40de4a9eba11175275bd74

SHA256
374e5047dfa9e61a545c4797b0781650759ba196d46bbdc0bd56a5541bceddf7

SHA512
45592171ed862e8128e7214b1143c57f5380c73c0026b86da75dcd963cfb3a21d815c9d5a433156b812c16daf8876df7552f5d7ecbf72b270d3a3e79b6804053

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\prefs-1.js

Filesize
7KB

MD5
359b0e4aab1c6d34be76044d81db2ace

SHA1
2b3e980dc403fa52e7fcbf52070b10d1926790dc

SHA256
d40a378ea1e13a53f8688a6ad3ad2f2840a4776adadc07f657958932db55f3fe

SHA512
4154f94e333a0d1908d70359e082f76e93d6a6874d8e9dd74e4ad5a66a731595a3f23c267e61a6acdbca0626747f00d6663dcc6044eaf45b2c0fca1dcfd65e54

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\prefs-1.js

Filesize
6KB

MD5
7d404bbc3d3fd28b673b74994345a11e

SHA1
17e41ff4ccda456cf00492ad40fafc695da24900

SHA256
d5bf119969cc1855aaa4ff2198d55c6c3c263d3693716ebadd2bc35a96611fc1

SHA512
b4e1452ecae51a2bfb179bc8c42536e4238e3f6fc4e393bf30c7560cf747f5ec839f40196c7a30e8f527e85c73b8b5ba7c3ce3fcb34a15dce6872a86f436a955

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
f2f6fb7e79df4b7faf80d95b336319c0

SHA1
46dd514f8d04874b9958390cf9b07374baa47e3e

SHA256
a71a1b46deb09a35d501fdb1e5c60bc7291efc571f5fb4556bf9276b5cab3537

SHA512
1cf0048ca1a8ebddd6f13cace423bc71bd8d9e3e90c2c86c3bbeba84e2b81474307d5e3f745dc0b9c1a9a1e43232d9806ed6caaf4adebd8ec11b95ccdaea725e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e4947906baafb4854b46bcefc35027f8

SHA1
c3ddf17cbe69e9e51420e615aeb8d9709393095f

SHA256
525e7516cf22a788430e4e3ca80dbdbd950867bc469dedead164f90a744b724e

SHA512
b62a7f6484da9504233aa27b9df90c09d695bc2aa3f2de8151ae722005ec138d05dfe054e0125e936b87037f0db8cda140a5d401e9703e333ce78325bee45f47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
19KB

MD5
1cca26b113a7c2e3744079ceb95c0edf

SHA1
9869493350d3ddfa6c9f3f5afe23c2808fbc6afb

SHA256
15cf9b192c6c7bbe4e9785fd3a47ef02e6dd0fa3014ef621c844c71b0327b8bf

SHA512
3ba2d727621f15b079d9ae39e33ff92d73855ec7bf8b640335801bde524a4419fd022003a16ae2462b4c92cc03ab90afbed69ac28fca9c6fa04bcb65e0d574d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5331b3b35e80606e313150dd247ce1ad

SHA1
77b948aa85706fd175c2ca060bb359933ce9e838

SHA256
c0a63d5077ef6555b6baa455941bd95a32955016ef6e32d9a7847a12da1fc7bd

SHA512
4009efdbb03428afe4a631dd7391d9fe7addad35548160872db992dfecc84c6a7a01a138417bd919915d8db8a9a76f49be3d5ecb626d3aad0bc483cb3834d9ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
d0ca0e405d08b2ad12658d67ed6b9dc9

SHA1
a62540800ba6bf75d5e72f38219389d1a1968986

SHA256
35a9ae5fff7b33b3075fede10a3c3135584716f7e9a35c5f9142aa8a7e8e7980

SHA512
6abc38d6635383a134153797283fccb38e34507113ab9b9b9ac23d68f84b9eec1afb3d68ffbdec9cb46cbe46028859536d1bf1dd8fcfe783b81f09d4fb9bc02a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ty9peokp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
3aea1a1bf7d3d78cf45ebbc261aef674

SHA1
ff09b6a92b0383ca8a7d3a741796bfe448f555c5

SHA256
e1db96f03a8f0d8481688751a67e07349ea1dd6ad79cce359611d754be323118

SHA512
4cc2109a93a2491540dbc8c0826664987e168a99df9c12961611156c00d3b2e6e279ba67bff95e21375af2f78874e59680ea947af8b7f4e8c5266ed70dda36d7

Download Submit
\??\PIPE\samr

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit