hxxps://github[.]com/woodoomictikfid30/Bandicam-activation-by-jel

Analysis

max time kernel
511s
max time network
576s
platform
windows10-1703_x64
resource
win10-20240611-en
resource tags

arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system
submitted
13/06/2024, 10:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/woodoomictikfid30/Bandicam-activation-by-jel

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1453213197-474736321-1741884505-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4076	firefox.exe
Token: SeDebugPrivilege	4076	firefox.exe
Token: SeDebugPrivilege	4076	firefox.exe
Token: SeDebugPrivilege	4076	firefox.exe
Token: SeDebugPrivilege	4076	firefox.exe
Token: SeDebugPrivilege	4076	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4076	firefox.exe
4076	firefox.exe
4076	firefox.exe
4076	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4076	firefox.exe
4076	firefox.exe
4076	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4076	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 2800 wrote to memory of 4076	2800	firefox.exe	71
PID 4076 wrote to memory of 3124	4076	firefox.exe	72
PID 4076 wrote to memory of 3124	4076	firefox.exe	72
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 984	4076	firefox.exe	73
PID 4076 wrote to memory of 4300	4076	firefox.exe	74
PID 4076 wrote to memory of 4300	4076	firefox.exe	74
PID 4076 wrote to memory of 4300	4076	firefox.exe	74

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/woodoomictikfid30/Bandicam-activation-by-jel"
1⤵
- Suspicious use of WriteProcessMemory
PID:2800
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/woodoomictikfid30/Bandicam-activation-by-jel
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4076.0.1787929642\232134474" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20845 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d01927d-26a5-49dc-af80-19bbc5be89fb} 4076 "\\.\pipe\gecko-crash-server-pipe.4076" 1796 2b228eceb58 gpu
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4076.1.913360620\584938477" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21706 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {984a331e-0033-41ee-a6da-a78792f9317b} 4076 "\\.\pipe\gecko-crash-server-pipe.4076" 2172 2b21df71958 socket
    3⤵
    PID:984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4076.2.87737902\1350573573" -childID 1 -isForBrowser -prefsHandle 3004 -prefMapHandle 3020 -prefsLen 21809 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b7815c2-366a-4038-8765-df1696ed25bc} 4076 "\\.\pipe\gecko-crash-server-pipe.4076" 2996 2b22cdf8e58 tab
    3⤵
    PID:4300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4076.3.1537764799\533819454" -childID 2 -isForBrowser -prefsHandle 3648 -prefMapHandle 3644 -prefsLen 26214 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d8cc53-d35c-49f7-aeed-7e5571d10279} 4076 "\\.\pipe\gecko-crash-server-pipe.4076" 3652 2b21df67858 tab
    3⤵
    PID:4228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4076.4.2063466736\1236326815" -childID 3 -isForBrowser -prefsHandle 4720 -prefMapHandle 4788 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd5dbcc2-6dfe-4857-9b56-cac6394f8793} 4076 "\\.\pipe\gecko-crash-server-pipe.4076" 4716 2b2300f5258 tab
    3⤵
    PID:3132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4076.5.1910437312\487643578" -childID 4 -isForBrowser -prefsHandle 4932 -prefMapHandle 4200 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbe446d6-e3ff-49d7-a5ea-4e8b220c54d5} 4076 "\\.\pipe\gecko-crash-server-pipe.4076" 4740 2b22f14da58 tab
    3⤵
    PID:468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4076.6.68293705\1117539984" -childID 5 -isForBrowser -prefsHandle 5092 -prefMapHandle 5096 -prefsLen 26354 -prefMapSize 233444 -jsInitHandle 1308 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {515c70af-e20a-43af-b219-beeee315c7f0} 4076 "\\.\pipe\gecko-crash-server-pipe.4076" 5080 2b2300f6a58 tab
    3⤵
    PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
5ccce088d378d0aa106172ff8985fd4e

SHA1
fae25a0f5f5384782754ea89d29e63742cec8bb6

SHA256
af03e1b89ca9c5ff404a1e9075c812b79d17769b9eb0b59ae5537f12dde9376b

SHA512
b0a4c3fcbd9bd4ec523b4f330bbd0571662bbd9287560afde814da1468965e6e36b86b5e728fb2f68f39c0343f8158e98f44c815ae810e156ab9de2d06506cc7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
f088143b02868bfb5bf3ecd48d1cde17

SHA1
443052e90847e441d599f83280da53d923d9f4b2

SHA256
93be455a8ba21be9efbdb075886a46e2858fff7df3ce998bf2dbf8839030d810

SHA512
4fb7af8656ce27dc47cf1d99a4750a10e3048969490c65c04fae49458c9b60bfca988a282795bb5c502f1c0cdad8c18a0e2c0ee3f8aaa0a8796040d7c59c27bf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\cache2\doomed\23644

Filesize
11KB

MD5
9f6381297b4ac0713fc4899bf1ba70bf

SHA1
3726a922daf155157cb83ab0ed18402a4399abce

SHA256
2bcc60f1455721ad06ea6a4f347dd76643d6afabfb77bf2137df5287c0651007

SHA512
58e51b7ea2797efe7ec0016fefae405530e3e6bbd0429a3d077fcb47c26bb1b6c57aaf34910e09d2e7cef9537550f4cefdfd59f075fdd95ecb4cf8a4ff5d1169

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\2b7acdhd.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
df7e28543a75375bba76a8ad158cdea3

SHA1
f059267b6c5f70da3f647981aea871ffb2b9bc31

SHA256
16c09a3b0061823a602e0f1628187ef71f223b371b06fa384e4691b8bd4eb45f

SHA512
c7cae99a4523a584df674621f99fa7775bc0f401f8e7dfdee8758c3fe7916c38731ab243df01d6e21fc6adec718ed55d2300a168cf007b4a5cdc29cd2f9fd88a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\bookmarkbackups\bookmarks-2024-06-13_11_f70S+BIHcjdozL1H+8sV3g==.jsonlz4

Filesize
953B

MD5
14e152530b0003973263fd54064ea363

SHA1
98a18c46e4980317a1f795bb0f364f02b7524f06

SHA256
98818f8d867aabab23dcf95b03d2d912fd8d6106f1bf48e1f04dc9b5af42f199

SHA512
21a75ea8970d68bac8100f499d88b38fbdd904d5217e69492f10f63c9026f43f00508fc62e059f54f82d7a1bb6c16b15f14b281c87542613ddd20893029ce664

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
8934764ce438083ae2c08d34ce0f7681

SHA1
8393213ef4581f543a3112ef6257531bbea3073b

SHA256
70b94448a784663b1e7d431309dcceb722480ad5e2bb2ed0abe28d82aeb68099

SHA512
c9088b9522108d79371e3e0956b446b3a452a835c142b94dd3dc47140badf3171c221ad91ce536a096a7d6e6954f83dd4a17eca93da3b6709f6efccff22f747b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
ec7edb5a3a777ddfdd139d3f90022987

SHA1
e00ba731ad0eaeba668762bdfc5790d5b73fdab7

SHA256
e040d82bc7fd4b33ce381329c7602a20fbc879449be4f0c306cf21695fb71fca

SHA512
51d5a4cf87f34897df3f9a371a56e5089c803e2a5b6928b0ce47078348505ad9c495cf971cb892834ef3bfe5c8d53342b663515f4a8de0a7e4e91608b634a246

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\05780c94-780a-4b97-af66-e54ef4183f55

Filesize
12KB

MD5
ac4c3676ca818202a5dd4cf94a8defb2

SHA1
415444045b65f1495e17df83a4a517da7a621ad9

SHA256
b8e0c0d65f3e3115ba19ce7f20e57e032640775c636c7d63e57460e817dad3cc

SHA512
4013f69957b82c303f3e64e4ec62885614011fb7e909b65f648ea0c787e3fbea974cf86b6bfec8ec6ea06bc70cfd0ddb8798fdc2e9a60e443c9c375d25ad3065

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\datareporting\glean\pending_pings\f6181502-c0e0-4995-8ddb-a9d5db7c3b00

Filesize
746B

MD5
a51952a9dc0fe1499bcb9841a469b89f

SHA1
c6610ac4528c74e2e69b56adca339ccefa7bdb91

SHA256
9cd4e09f1b178198d1e8e26211262c7f839dd02f9ada4b85c6e9d34b16582213

SHA512
afb625cbe9d732b5c2cb0e1a287ffcc83095c7e03bcba826e05eea186f061bd746155f5ab00718f6996ac0f3b0f65383ac78064050e9bd041fd8e25363abeb6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
6KB

MD5
4f9207d926b18f33b64bdbc87bcd07a2

SHA1
3b0ef189ea330e39526efbfc35c65a1de17a002c

SHA256
40f97e10968cb35e1d59c235672bd25e6af325b58fe97ec6b717be33d88f4338

SHA512
ba4fffba915b00158ee27476f7ed0dd1d262fc4532c61fed0c9af38d1d733f3dbb38a83460b997de58d4a9eb4fabd86e20fb452691291c79f061bcc18ad6d3d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
359fb62b2fa12772ada309b202917667

SHA1
a250ad04d4c6280a6256dc4e873e15fcbbb17d5e

SHA256
96c3f2c445ec13f1841cda232f0925194374769d7f89ff5ad176864dfa0b7025

SHA512
cbc3af2d19a0b72d0e92dbbf6ea9e3ad05842f94703621d7f08cb20781f52cac8771ef4ff32a8a0ab40038799d36dfee72829dac3610083c2eea5918fa46cac3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
ce97dcfe065d5d32349ff1d90e11f68d

SHA1
487ced72085527d199d05950df7ac31b9d8a35c0

SHA256
ae5e501cb44ae1f77282e4680d943746b554161cc9393d367ded97fea0d14ce3

SHA512
b881593c4f469ad887a28a94a3d003861539b6a4959fd5ba5d5edc06c98947d897b88b25e99f8ab192c45f409a928cc440a4da79b4cb417410e8f6c8dbe924a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\prefs-1.js

Filesize
7KB

MD5
0df415057fd07d67fd285614af7c180f

SHA1
dd972fb0501212fe3dd3fc80e05e1cfd27673fa9

SHA256
faabe1ab7cc325aeab5db70bc268a4fdb0a15c3249b7068ca33401ba8d45a883

SHA512
3e4fc8e2498572e255da957f14c01e2da447794d3d37f3a161819152c7c2a96b34161a4083b504b76d35922646f26ceed96629ca34401311bdb0555df5aa1a42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
5b30408f5163ebf7419aeb67abb7e4e9

SHA1
153722a26a87274eba8930002357af6a977f34db

SHA256
c22976fbf5dbbc10c8e5e35e3d3d51b609c122cc56f0a84b49bb17b82b5a0cbd

SHA512
6180262decf5bfbf215ac847bbd378ff0e9b0ac4ccebd41175f0acbab8fb6dbd01a1d0fbe4bdf579c998cfe51b19b4d83a4e105fcabbe9dd07d590b4c01bad6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8bd295dbba1dbb7870f37145cc3d9618

SHA1
c4723ee5ecfdb33a93aeaad8a8bd6670bfa372b4

SHA256
aacf6771d82e14801655d29b8738791edbd2632a4e9159ffebd6427ddf3e0a90

SHA512
3bf453ab49bc4b795a18260e0985af25d77a1efc47365e1052856fad3e94e7e0cd88ff26492771938403ea10b2381e25e0c8ccace8fee0dddc282f4d911ce50d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
a240d180006bc89ab2602ede0bcffdc4

SHA1
7a6595e910b83a8f66b7cef3bc0409a4142ab7ab

SHA256
6c390544c35edf8a428e2cd73525176afaed405734718b94bec7b86a76444645

SHA512
3d01026574f87885c4c9626e86a9b4de56a28363d5fe630fb7301d9ec4edfba82a7cfed2561d2f082d01adde4f8afc1a5803d87b8c86f971d4d4ce1eb12b44af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2b7acdhd.default-release\targeting.snapshot.json

Filesize
4KB

MD5
0757274dd6d2fe046ed049f308aa49d9

SHA1
536434034ca0c1d2a428aa49fcf660ec907d6b99

SHA256
d7975099262e195486820be7caa3dede5d577f158a60d18c8dd613c59c0b06f6

SHA512
9ddb21805e55f87a1de83df133e008d64f54769de14aa8165e9a12ba0bd5338e9d39b10f88774abc85bb989b5e3401e8e2d58b5876a06f428bf1d2b8f7e38135

Download Submit