Analysis
-
max time kernel
1513s -
max time network
1608s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
01/06/2024, 16:36
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY
Resource
win10-20240404-en
General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 6 IoCs
description pid Process Token: SeDebugPrivilege 3164 firefox.exe Token: SeDebugPrivilege 3164 firefox.exe Token: SeDebugPrivilege 3164 firefox.exe Token: SeDebugPrivilege 3164 firefox.exe Token: SeDebugPrivilege 3164 firefox.exe Token: SeDebugPrivilege 3164 firefox.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 3164 firefox.exe 3164 firefox.exe 3164 firefox.exe 3164 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 3164 firefox.exe 3164 firefox.exe 3164 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3164 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 4388 wrote to memory of 3164 4388 firefox.exe 74 PID 3164 wrote to memory of 644 3164 firefox.exe 75 PID 3164 wrote to memory of 644 3164 firefox.exe 75 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 4980 3164 firefox.exe 76 PID 3164 wrote to memory of 620 3164 firefox.exe 77 PID 3164 wrote to memory of 620 3164 firefox.exe 77 PID 3164 wrote to memory of 620 3164 firefox.exe 77 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY"1⤵
- Suspicious use of WriteProcessMemory
PID:4388 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RiVHMwdjlYLVRDcTdZVkRVTGxocnhqc2NQd3xBQ3Jtc0tsdUtGUS1SNVE5a192WEg5YUVUZUpIWjh6Ry1YT3RZSnN3RnRTenVtNWxVSGxFN2VYbGN5VWFOVW53aDdiTmplUDdNWVdSRTBnenBWTWtPZEtMQkdHMlhQVi1SUHZIZGFvTHpqdktjTkpaVzkxRW5zQQ&q=http%3A%2F%2Fwww.miniurls.co%2FBhUKb&v=MSLzrILy5GY2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3164 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.0.1302320106\83026332" -parentBuildID 20221007134813 -prefsHandle 1712 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {75c399b5-22ee-4036-9a85-c4a8f61d6a8d} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 1792 1de4b9d3858 gpu3⤵PID:644
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.1.600790146\29716925" -parentBuildID 20221007134813 -prefsHandle 2156 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63ef30df-5293-43b0-956d-3baeaedefbb8} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 2168 1de4b8e6058 socket3⤵PID:4980
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.2.151615716\149195525" -childID 1 -isForBrowser -prefsHandle 2852 -prefMapHandle 2848 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b8baf09-7941-4a33-99cc-b2c5ee46e7d3} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 2824 1de4f9d5e58 tab3⤵PID:620
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.3.1133780431\1987431678" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1726f6dc-69cb-498e-a5fd-63ec87c464f3} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 3472 1de50aea458 tab3⤵PID:2556
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.4.817719823\1722382706" -childID 3 -isForBrowser -prefsHandle 4964 -prefMapHandle 4960 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5b299e5-1f64-433b-8396-50a2956f3b8f} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4972 1de51d5b958 tab3⤵PID:2800
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.5.736213381\851940088" -childID 4 -isForBrowser -prefsHandle 4292 -prefMapHandle 4844 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {322adff0-2106-47a7-8b7d-a502ef82235f} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 4868 1de51d59258 tab3⤵PID:1676
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3164.6.1511929968\1859852199" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1276 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1121e87a-1c45-4627-9cce-7681a206fc26} 3164 "\\.\pipe\gecko-crash-server-pipe.3164" 5232 1de51d59858 tab3⤵PID:3672
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD5ac374d098ea88db886962938351c7404
SHA182cf61d75717b8350af4a825c03df39933e7c940
SHA2568c65a9419455a59b4c90cfff60e85bc0ad196a1ff537462dc5d845084a2fb218
SHA512e7d32d95d3a256e376968620bf23a82061e0b186089164f7e8842d765ef6203d35c440c50f3afc0d4577fe5a42ec3e4ea7b9eb36a364f89cdb0416d26b11098c
-
Filesize
11KB
MD579c9ad3dfcae6dee4c66628d85ec6de5
SHA13ca38b4b501eb2a4f9cdf3d7e71ae0f9bf5456b0
SHA25622e4a0da439257f521af22dfda1997c1418d88c5f73917ee2be3cc425d4690b5
SHA512b208600d649696fe094f02821269b67f6b15fd03a24766b35bd365fb506b6e54ee5ba10ce023c661195db060920e24fdb3900a583a880586dc540f84c661fa1d
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize7KB
MD536293662d550305465a83ec82b06f1f8
SHA16b9002506396b6461869ec8bbf395309fce8362e
SHA256f55918ba7f0850983c9104b99933fe88763b29a56d16da50fdc9536383b49a84
SHA5129d5dfe0e30a0b0f01a2b9af80411816eaaf2e1dbfa31c829f3fdd900b47424cefa5f3ef2239c9c1c5e19f8cbf539e9ad95f9ce0fedce7150651e6dd8657bf04c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\addonStartup.json.lz4
Filesize5KB
MD5c50432940b22108ca8696728f0576492
SHA17231e99b36152013757d372cff7f0699bb63ced7
SHA25645d9643f0c530e4190136f7bb1a59b8c39042a79503217d31c292bca4b64a595
SHA5122cdaad9d449605c4d394efd089149ae5681494aad3376b833825d56df8c661b43b0caaf7edee87868552e41f4dc01d6bef0f5a89abcaba4a57a9ce16def320a0
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\bookmarkbackups\bookmarks-2024-06-03_11_ynjabA+xcPNHPZU1gEyrew==.jsonlz4
Filesize946B
MD5bc3030c50bf86982219a2ef0685a4342
SHA1f5959d9850ba5f1b0e7ac71cfa35550c0dfb6c85
SHA2565e38cdcb2dda5e8038815eb31f05ec6bf9d4db0718af6443aa4247fb70d888d6
SHA5127970c02c7a335c3b1ae73f9363fd3282f495ddb8238947af59828eca4c52345e5ed2801e2b766b86d13f1fd784629ea86dba711711cc0760fcd579e11c0dae8b
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json
Filesize204B
MD572c95709e1a3b27919e13d28bbe8e8a2
SHA100892decbee63d627057730bfc0c6a4f13099ee4
SHA2569cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa
SHA512613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin
Filesize2KB
MD5d3a74e05c31d89878c8150283b56b5eb
SHA118d19658cdcdda08df29c758025d4e3d1eb6ec94
SHA2560bd22a45b8ffaf4fbce73d45413877be182efbc5f2286767b9fa3231c1003fc7
SHA512f6e51d6d50db5a254a83554ee51da02ce052dff0227b0dbf541c45248b2d4e66c7dcf71ec48d6cfd4969bff8180e8cba882e21245abc0b304c029240c0936f68
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\21da55c8-f8e8-4995-960b-b6e3938d421e
Filesize10KB
MD5ed1ad214f15eb12d9bbf87d97287379f
SHA15bfd4e6037537e1fd06ac777937387b42cf85e0d
SHA25657c5639c02e35012b163d68c570a58e94de657a18b5cf641745378a7a7965ddf
SHA512dcb79fb1694c9bacc65dd8383440ceb16f9f9aa4afe01dd2b765815c0cfcb812e91faeae9bebe5f26247e477435f04462f34e38061bc2f2331d5be8e7a79d205
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\88a9257b-43dc-40c7-91b6-30c07ad4d02f
Filesize746B
MD58577aff8e58f2ae81dc84d5f5b04ff18
SHA1535306610d591bd77e2d91853a26967607b85bd8
SHA2562c6e4caa4d358390f8f079d8b19a3f8265e607e9f572f09915e5c6c110a38510
SHA512737d3e2ca2f9040692c816657089b23046a695571a380b15dde623c7a156d2de85d215f8abb71ee403f643a372583fb5d8e13992b8a4b797d23e704b413707a4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD55e6168c9b97bea4e1a5a8119a6734b02
SHA13ed7ea3b048557ea3d2b28d06f2feae9f2a9134b
SHA256398597e3671c8c754ae91667236b305adc1bef2e0fd249765eb6b2688c5d1c76
SHA5120a008a3dc6e2a6c78eaea4ac1ea0da4866730eb41110d64a2393a2191470340d1a6d2888203e096c0a09bc478597f77c488e1890931ddbd4a0293e42fc4f940a
-
Filesize
7KB
MD526d59d6ea01c0d5b89a2f397aa7805df
SHA157791d140717dd725659cc5edfd4abb9308d5cac
SHA2564cb12dd12a9b53e194abe33bd1eb39bca066d22aea5f8da6b8fbabaa3f2df1fd
SHA512c4266f370e47b1aab0a537dc3f8f1e0fa5467a9ee5ce91cfcf32cdec5b8b65eda25345a05a1da5c0ef04387114ff5b991d07dba9872b8244553e10fa5cb50f15
-
Filesize
7KB
MD53fba2d80c9ab293ebc3f56e9cfb699f8
SHA1fe0085b1c740ce6831bbfe2ee4a2dbab356a4cf1
SHA2564008a624d348ed1fc6ece3595ea0b567cce1ad25c4d890baa474aefa263b51a9
SHA5123deb00e13e6777b65f84d304444f01145313716623bc9565849ff4cbc9473457eb20c8d0cc0424f2b8316c0e4c57136ab6505929ea7814db665b6ef685e865a8
-
Filesize
6KB
MD525f2fde436fbe2d3c50b23b6dfc211ca
SHA1fb48bca66d7ac6271c365ffa3ac913664529acae
SHA256a9aba6aa1be260762fef09cbf85bae4e0ed5ed80dc01a678e9dfcbfc96e8f2d0
SHA512d10d735e285801cfaf81f8a4d972054b8f87d9568cec293d767aa0f3b4cf019504d88a4e7adfd4f04a385aecc81b3a8febbf1f76380221c05e03a1ea11707052
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json
Filesize90B
MD5c4ab2ee59ca41b6d6a6ea911f35bdc00
SHA15942cd6505fc8a9daba403b082067e1cdefdfbc4
SHA25600ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2
SHA51271ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize2KB
MD5c99320c642ef87c1b23e4705b9037af4
SHA18b35d555c3b92268f295b13a3b804713a20df511
SHA256c7a31494cfa2ba39f5a4700683524990adefd7911a99ea61a36246e867800825
SHA512b095f2ab365a52590ce51c6b64cf534a63aac32d2ca8ac5a6511227c65abfd4ada2c75bcd226416ee6adee04f3fa3b3300352ff92489b4e45e841bd5b5b6874e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize192KB
MD503e360185f65fadb4d456b077ace703a
SHA13822b07d99a4e9eaf3159bc95d553ee4690d2d1e
SHA256cc75f1094f059adda20a55440063e464d8dbdd27e69508b7d6d7e4dd1bfeded9
SHA5129838bd306674158ef9a69f381eb80199bb0e1da6a90762c18e216b64f32d3a697c8ec62474a62f6e16d1d02dfe54c2ca9681c941f1388663b70231a19911b8e3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize184KB
MD5a4627d94b477e3f653435fcf27e2663d
SHA1d5dc31c0165277e469d92453c556786995e2800d
SHA2567c1ea6cee0386d6af3cb7523167c2b880592657ceacc4e56edbc2394575c5c69
SHA5127619d8f8f790c6b47faa75eb3f834640fe6ab684209f2eeb6eff26017c7ebb44972018463bb15d0e7955bed5bde4ebff809754b3c2057d7749bafe82dbe48455
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\targeting.snapshot.json
Filesize3KB
MD5d765fe679d18dd762afb70d0a953a9de
SHA10d96e030cff8f6d5a421ac9973a52176248c525a
SHA25643f5756a48661641638577cb3caf6c13eef607a55c3559a605de5a4bd94c5d91
SHA5121a6294231ce72f770380f80ae83ec884679e7845587c5ac639f4b6ac5fc82325ca2c557c4d745dc7fef203ca55e4919266dcf3ca527db4545694d2041d14e412