a006780eaa964db773f59beb548e46c940c1149d81d669623a893fa2392eb60b

Analysis

max time kernel
385s
max time network
384s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
24-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

210KB
MD5

88640c72699bee92f118866b28c8f84a
SHA1

920f274676c57c8e7fbd7b4bb013f85aa01b00d2
SHA256

a006780eaa964db773f59beb548e46c940c1149d81d669623a893fa2392eb60b
SHA512

0d4c970e7c613525439b63c7b6b1b87347f82c5b644d177bc1ee17a3e803c8c3e7657c9dcf6b9c92b4d9167385cb9d9549b97bbe3579c907de2889ac0b4f8f83
SSDEEP

1536:Wx0JWYERkVvSkbvXL2U/7jE18z/M7ObmVvR7HJ6pH1HJw2:w0JWYERkVvSkbvbGzSmhR7pS1pz

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe
Token: SeDebugPrivilege	1796	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe
1796	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1352 wrote to memory of 1796	1352	firefox.exe	78
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1320	1796	firefox.exe	79
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80
PID 1796 wrote to memory of 1424	1796	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\sample.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\sample.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.0.571967774\2034970871" -parentBuildID 20230214051806 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4138fd97-6f8b-4af4-855c-38c9b75b4f17} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 1868 23ff570e358 gpu
    3⤵
    PID:1320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.1.1655904791\773055290" -parentBuildID 20230214051806 -prefsHandle 2396 -prefMapHandle 2384 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {731160fe-e6de-4388-9ca0-dc52f1eff177} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 2424 23fe8887258 socket
    3⤵
    PID:1424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.2.2084658076\1882923239" -childID 1 -isForBrowser -prefsHandle 2952 -prefMapHandle 2948 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e779c8cf-eaa6-4a88-9dc5-628d88f90f62} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 2964 23ff8616e58 tab
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.3.660660165\2011391265" -childID 2 -isForBrowser -prefsHandle 3568 -prefMapHandle 3564 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f267fdb1-1c0a-4b80-bca3-81879637d9d2} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 3580 23ffaffde58 tab
    3⤵
    PID:1368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.4.273332619\210692001" -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5292 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39e1d205-b847-402e-9151-8b7e6e6e3caa} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5312 23ffd66ed58 tab
    3⤵
    PID:2452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.5.666491812\2107917577" -childID 4 -isForBrowser -prefsHandle 5316 -prefMapHandle 5304 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1b77fcd-679a-4af9-b235-a5d00aa28213} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5336 23ffd66f058 tab
    3⤵
    PID:1488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.6.1248186625\1386026987" -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5720 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07503d82-f1b8-4d1e-8fb4-c15003e80ee5} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5732 23ffd670258 tab
    3⤵
    PID:2412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.7.535455738\620926091" -childID 6 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {87c80e4a-92e0-4b92-a058-657badeb7bca} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 3560 23ffc791558 tab
    3⤵
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.8.1053506174\100856307" -childID 7 -isForBrowser -prefsHandle 5332 -prefMapHandle 5232 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb743614-39d9-4028-9166-67c4fa639c36} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5856 23ffae50158 tab
    3⤵
    PID:2616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.9.1064631642\867395205" -childID 8 -isForBrowser -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32a84e0a-f7d9-4572-b339-c5ee9a73c97e} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5096 23ff7651c58 tab
    3⤵
    PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.10.705201510\174939185" -childID 9 -isForBrowser -prefsHandle 5444 -prefMapHandle 1588 -prefsLen 27960 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db43d65-7d01-4fe9-a6e3-eedc3e9b27af} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 5540 23ffcb33e58 tab
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.11.170079793\1685782980" -childID 10 -isForBrowser -prefsHandle 4492 -prefMapHandle 4884 -prefsLen 31317 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd7732cb-2248-4e81-a111-1b279f493ec1} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 9416 23ff7650a58 tab
    3⤵
    PID:2020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.12.247243081\353465043" -childID 11 -isForBrowser -prefsHandle 4808 -prefMapHandle 9884 -prefsLen 31317 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11a97297-e6c2-4c08-a507-a1a985a9dd42} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 4812 23ffae5ca58 tab
    3⤵
    PID:1132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.13.706241656\260275199" -childID 12 -isForBrowser -prefsHandle 9800 -prefMapHandle 9792 -prefsLen 31317 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff50cdf9-80b2-45b8-9f85-87c9c6128a47} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 4260 23ffae4fe58 tab
    3⤵
    PID:1696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1796.14.550747779\24444248" -childID 13 -isForBrowser -prefsHandle 4704 -prefMapHandle 9984 -prefsLen 31317 -prefMapSize 235121 -jsInitHandle 1220 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7fd55d8f-e517-4843-a46e-dd690030d993} 1796 "\\.\pipe\gecko-crash-server-pipe.1796" 9080 23ffae50a58 tab
    3⤵
    PID:2916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
ca2de0d2c70245e73a855205497f7232

SHA1
51ec6489ef440b661026814872abfce7957ac7f6

SHA256
c2952d48909eafc178570054d62fef83185ddae76b35475fd329a56fcbe669bc

SHA512
6d5de7c9faae842bfc64a6395ac98e8788e18d709fd138fd5115a1ce48e80b7c7bddde09a7f0e445e76824f0cfd720fed818d54bf9453a7d4ae878d03b0f33a0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\11930

Filesize
2KB

MD5
ce2b949b5d7a0ded1d581be1db35fc08

SHA1
96eafcfc41c23200f53ce1e42c0f622c385e4641

SHA256
3d47aa7499480560f070e4392705610137032148edd15742265415c566afb874

SHA512
e177d49a093bc7de125e642fa25697e31846cf55e6c9f0308631ff2fd1a8dfb4298edeb91f08b17dd330ddcd80f27f6585a3fd94ee1c3080d95afb30124a2ce0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\doomed\30735

Filesize
2KB

MD5
56f79cef3d04f512386204510b55fd7d

SHA1
2b88e5befd8f4e34f43421b1ae24e0f47fe31812

SHA256
4c849c0beafbc26d7e158809a060191017c324879dc19dfacbae3861075db505

SHA512
a253ba428afa280da2b442653f42b92d179830dec08d296594205b7b7201b08f7a9600fb02585bc0a723cd0f9ad5e05a40855ce7d2f4434be953ef560f3266f9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649

Filesize
13KB

MD5
9574da64c4b94d03615fdd26b56c7c65

SHA1
2af400c6757a9426573a61ee8d651bca9f1d73b1

SHA256
ea4af820d925fd83d87b1deaf65c6f01060cca6ebe9b7ef54a08c620bd3a5987

SHA512
bf2d67b5b0ba4520a212ce7fdd6f5396c885864822c6b50c008cb2182bae0c87439f16ee0c7ca0647273670e18d24c51288497ff3bfa011090ab7140a937f662

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\thumbnails\96b0480747025d00da41f3f4248f138f.png

Filesize
66KB

MD5
fffc5e718931d70dea284a834ea07465

SHA1
8ecae060dca54d4e15bb67066b1488921e9cd212

SHA256
09d6916306ff81e1ae3260d3d40282e66fbd969e29a529918c82a73808fe424c

SHA512
e991b9cd76d6f881420f82ea792bdab203da46e01b747309bfb8fcaa2c96390ae301ed999feb6e06a59e228c0efe5a8f1351aa1c73d988d4afe94f6ac0a1bfe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
a5ed6a3289f1834e28442cf1687a0f1b

SHA1
61e3522a6fdeb19808ecaad842eb5a9592db51a7

SHA256
53bef09dfe1f10259c1c34a64e5e378d6d0f1c5feeb2ba089402c53c2301c3f0

SHA512
74b005227ae6cdafb0e3e834151fc11c3371b228537e27594836b5982cb1490fcb207cc29328a082f38e65a3bc23a03fd62635d975aed69c77f1fe65412a1e45

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
5cabeee421675f4a9a2a5cd174c08062

SHA1
226a9c2003a72ae46f1ce8ab70d889e255660756

SHA256
45fd990b72a31c23c039c3957bd78f337940bdf68bb91c53c34e3b57a1679b00

SHA512
9d2f2cf7448f1d22bd038ec6bbe16035f5b76ae2d9c753215f870468fd237aa7d32fa0f998b8be1ef4c3778f2d506004d15e559a00482c97d9454db53239c879

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

Filesize
9KB

MD5
91374e3a28684842fbc7cf10d3544932

SHA1
0702109cbdc4385ce51b56b6379c86de62f50626

SHA256
6280bacc8c12c6cf78021648bf632f76445b94b3d5cc49f6fbf7dfee8d7acd22

SHA512
5b776e70edd90170437eb57f3871f579bb2b430ea264463b70449af639b6a74c73ac6a5104608106ae9cf3c8715c32eaeda81da6e04908a611dd93e46eba2835

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

Filesize
10KB

MD5
ec5fefb05f3f2a8fd142b0c727fe45fa

SHA1
4615e871797bd4d29a4e838598819e446336fdc5

SHA256
042600d68233904b206ee16607999b688fa8731425b2a39b62421adba7e1d192

SHA512
b3161a23af56bc98a19d97d8e87f6feb31f9150f6ebc07da6b4fef2d704aeac9d39df1bdc40db9c170b44301ab2aafb52591685c9e4e6744eac49536dcccbb15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

Filesize
6KB

MD5
e880680fe007554acc1b523af0a99196

SHA1
71520653d944f04c9883a4d5b7fd579dc082ee41

SHA256
6b653ff89bb6e6162d52736625eb8d24339593fa1bfdaacfa8e57a7a98d70726

SHA512
5da73691f7f0be159f881fecb7382a8b990e57019a7da44c73983890911f841d4a094502835a2d4d05b7f76297b65b9282447003a7d4c34ca26c109165f7febd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

Filesize
7KB

MD5
956f0d98640a5f7b61e0d446cf9123ba

SHA1
09c4c20fce3de8760c6499785f3e1260ae513163

SHA256
2c7865d9ca0ac5792768bec6fdb6288d8d04b9ec1527ce27068821e53b4072ce

SHA512
1de1231f0c1123e015a0f043a79de567e50648b7f40347b7cb411159157436891c7ac1b296a4a9f1d6e90dab3866d0fa257e71bcf3bd3d90a04a86766378d04c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs.js

Filesize
7KB

MD5
d4bfb2010e2042408fa013a0d4469ca2

SHA1
7de240de9f70b167a842f1d51f839815c51197e5

SHA256
721e494cc70c4cfe74ad2b985d55af0140de40732c3f8122db8193df68194cac

SHA512
47e38ee45863906d74590c27a39c0460c27d1a046cd1fe0fc61f0b69cf5624dbf019a37abf3ba70be15981ff6d25e86da967d3af8dff125719c9939f0e0d8b3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
b4f3dd3461fb24f0017dc84edf51bd81

SHA1
1a2a5188abdc8e6ed6b56864735e198c0ab1c450

SHA256
4034e545dedd2c022b8148eac10e501ad3c08a2b989e81b662675a33f0ab5798

SHA512
1e732602ab0271d39e049041883b7b62aab84bc942f33a0ba8ffb110aca338fbc65321e5494096b231ee1c63da1f542c56c8a70c0c51eac3fca88d7114ab6b0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
579dac218b082ee3258f6d53810cb054

SHA1
903739a403c372092e92dd3776869decad84424c

SHA256
c07ae58c127ca705cddfcd1eeea093143e2015c2380e7611a2bf4b6d00f2fe81

SHA512
73f13219e0104028a8b566293e3fad8264fb9ba38377935eb3439db65dbd8efb3a7d7c50a1f4890fbbfdc6926f4953d61d34c652a22ff38531a98a6cc171cd8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
64f8f4fd3d3f243c4bdc6d62020410b1

SHA1
c0907197034835a2719d7a3324f04c6de0b67b69

SHA256
b36a9158808a73007bddea2a5952375a8c2cf05e493d631420cef31944b7e630

SHA512
20906ea096db77884b7ea5c0bfa849dfb53848111a8440d8577180dd9697ef5405c7c8bb811ea5a24071ed44615f0f0be2df06435d41b031d1c026164728dea1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
eb7ad0568db922d83698664ac711c012

SHA1
ce51703455d57373f5ffd106f4c2a32115673ecc

SHA256
2a266453e3b07fd84df26d1f81fdb6e4c6b011e8e8f4a0fd57222de48643f166

SHA512
994bad9c1c4a03f2ac159f47175eb7b9a28eede8dc829f8cf539ec3fee4878ca32cb56d317bb505475bd3a47157a5945e3a69d9edd5fabaaf6e399d32aeb585c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
d17e456b50737f7645d94bba2285bc7f

SHA1
f5bef99bbae6dbe9f54f5e0b5a796ea10cf3e2cf

SHA256
eaef95c81190641e0945db1ce398251d0d9d7960cd19aba2ede7d668f3a868e5

SHA512
6bc915720709ffc42afd30d9a8a57fbb6d00e002564b7e0c68e6d58423fc562eb65dbf11ca16c7d0e11330a07a43f2a9c0234f1d6ef5c731715513d6f7468c9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
608KB

MD5
6bdf17fa38a45aa621267d65f200a029

SHA1
02fa45c71f83f5d17bb3756a7bffdf9acc2013eb

SHA256
b0ae79efc05dea5c3774f8173984454a277992605b1d5e6ec57594b0ee183bb8

SHA512
7ddd01270338b6e3083b68e25919d5589f9a24b9024b260c53d475a41ee64bc916705d33a0c0d882b5e5cae8e9af463f184686dcbf0f33e133c2296ffd72e8a7

Download Submit