hxxps://linkvertise[.]com/461464/aimr-activation1?o=sharing

Analysis

max time kernel
150s
max time network
154s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/07/2024, 23:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/461464/aimr-activation1?o=sharing

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
129	api.ipify.org
136	api.ipify.org
150	api.ipify.org
119	api.ipify.org

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133649563312044003"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
5508	chrome.exe
5508	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
440	chrome.exe
440	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe
Token: SeDebugPrivilege	520	firefox.exe
Token: SeDebugPrivilege	520	firefox.exe
Token: SeShutdownPrivilege	440	chrome.exe
Token: SeCreatePagefilePrivilege	440	chrome.exe

Suspicious use of FindShellTrayWindow 30 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
440	chrome.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe
520	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 440 wrote to memory of 1972	440	chrome.exe	73
PID 440 wrote to memory of 1972	440	chrome.exe	73
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 2052	440	chrome.exe	75
PID 440 wrote to memory of 4932	440	chrome.exe	76
PID 440 wrote to memory of 4932	440	chrome.exe	76
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77
PID 440 wrote to memory of 776	440	chrome.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://linkvertise.com/461464/aimr-activation1?o=sharing
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff865859758,0x7ff865859768,0x7ff865859778
  2⤵
  PID:1972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1660 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:2
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2068 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:8
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2896 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2904 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:1
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4888 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:8
  2⤵
  PID:956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5004 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3768 --field-trial-handle=1772,i,12315036485502186697,7829002756964171266,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5508

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.0.173266900\927303716" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f0aeb96-48c7-48b2-8752-8b0b947afd1b} 520 "\\.\pipe\gecko-crash-server-pipe.520" 1796 25b75ad6358 gpu
    3⤵
    PID:2588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.1.1727856467\333304808" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {16ad4677-6a3d-49fc-9846-e2eccc80adf8} 520 "\\.\pipe\gecko-crash-server-pipe.520" 2148 25b63771c58 socket
    3⤵
    - Checks processor information in registry
    PID:4256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.2.613224530\1605776744" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3032 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d240a995-7f24-4edf-87ad-0066e13b0c7a} 520 "\\.\pipe\gecko-crash-server-pipe.520" 3008 25b79ca2b58 tab
    3⤵
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.3.451065408\595131183" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd9cf0eb-5394-4c2c-bf18-b90e5f8308dd} 520 "\\.\pipe\gecko-crash-server-pipe.520" 3508 25b6375d658 tab
    3⤵
    PID:2928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.4.641775641\781927516" -childID 3 -isForBrowser -prefsHandle 4352 -prefMapHandle 4348 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbad51eb-a432-4b9e-856e-6539cc6cff0c} 520 "\\.\pipe\gecko-crash-server-pipe.520" 4364 25b7b904a58 tab
    3⤵
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.5.1553059710\1695220322" -childID 4 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {df6caa42-d995-411e-b20b-0a5ebee2765b} 520 "\\.\pipe\gecko-crash-server-pipe.520" 4932 25b7ca1f858 tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.6.342740937\1122360654" -childID 5 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5b0ec97-b8fa-411b-b679-1deab1273782} 520 "\\.\pipe\gecko-crash-server-pipe.520" 5376 25b7d518758 tab
    3⤵
    PID:5388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.7.2002322341\1892100274" -childID 6 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {007ac8fe-b5db-4980-92e4-5488d813c4a1} 520 "\\.\pipe\gecko-crash-server-pipe.520" 5496 25b7d632258 tab
    3⤵
    PID:5404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.8.1579162274\816447780" -childID 7 -isForBrowser -prefsHandle 5788 -prefMapHandle 5516 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee955994-5eb6-486c-b3a9-f87d6078f895} 520 "\\.\pipe\gecko-crash-server-pipe.520" 5796 25b7d62f858 tab
    3⤵
    PID:5412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.9.2111282753\47118571" -childID 8 -isForBrowser -prefsHandle 6100 -prefMapHandle 5336 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f55230fa-d049-4857-b161-8ef8b9e46f89} 520 "\\.\pipe\gecko-crash-server-pipe.520" 4372 25b7deb1058 tab
    3⤵
    PID:4228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.10.733887120\285065812" -childID 9 -isForBrowser -prefsHandle 4380 -prefMapHandle 2548 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae15e11b-bb91-4759-863d-996ffd75c0c3} 520 "\\.\pipe\gecko-crash-server-pipe.520" 5228 25b7d9a4858 tab
    3⤵
    PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="520.11.1825614736\777835827" -childID 10 -isForBrowser -prefsHandle 4092 -prefMapHandle 5336 -prefsLen 26689 -prefMapSize 233444 -jsInitHandle 1324 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8e15401-18a6-42e8-b3eb-c9f2b10ee0c1} 520 "\\.\pipe\gecko-crash-server-pipe.520" 4644 25b7de54658 tab
    3⤵
    PID:5836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3ecd42b3-cf27-40a5-ba9f-afbc6764fa30.tmp

Filesize
706B

MD5
80f55e014fbbad07e1bf7345ec60094b

SHA1
f020dffc60988c965c5e2173e787481b162171cc

SHA256
c829513bd3ba1b00ec6a0fa44a995264aa63f2ec990881c4a2092c019027394f

SHA512
04ec91dc6f9322c005450568a18977572646ea3c9802160a7cd5bd78cebc828fa9056ca355c308f87b3e7e8a76ff26c18433ac50867a1b947210a5cf12c6298e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0773ec37dcaafe9c6c624a40ad728241

SHA1
86feaccedb640f046a5017c5500cd455fcd40ffe

SHA256
f2de9d5680124c866bbef5acfbb8fa2da1004227051f65de3dfa4a83abbc2df3

SHA512
94cecb2565098e6cb57d60724b88101f774a5ad564a47d9ec39671f7ec9cb326ab65f49c0b614d3737afff3778d64285aaffea669d8a6de361cca69a81f916dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
67f878f61f1b2b4e36701377cc4d5243

SHA1
68d0de2d0e701fcb5e99010a8e94327ce393781b

SHA256
f6daf17653a0f77126c1902e408f381035c536ad2c909ece2e30e1b747a8e174

SHA512
6a3999c697c5a09c6f5062258b3bed7dabb1c3d1aa43d22438c29adcfd389e412b816736a2801299856811521b0494de84742e3435c50185522a47bc8199456c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c7c92d7e65b76224ce2518b11b4ce961

SHA1
5ffe5cc7f07fe30c5c7e892205bb0a2bbdc6faea

SHA256
2fa3b13293602bb810b9229b1b8d9e1608a22fb0f1a6748d00e3707782eb3bed

SHA512
83d1b3b570c99ab84747abd70731b8cb4a2a55de03abf959509fe520600f62bf7eff92024034d940b3e279ec511757c9d875cc2a35b822a4fd680422765572f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
e6ce3484c15c0e5bc09e61487f430658

SHA1
74ff60c5cc85c769420f3fa5febc8583d82e5aa2

SHA256
671c6fb67180aed5044220ceb65029f652c55007e19cbf30902e82ab4abc4067

SHA512
c2cb6e458ee2cc22efddeb46fa79d78061a0cbd29911809b5dc16be485945408d8c5469585ab33a76af4494843969762e1d833dd0e716ea04f3d5b1d3e39a858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\18250

Filesize
21KB

MD5
a50767790d7138c0ef510d04b2db8579

SHA1
5edba2098c23564dd21458b69f35bfa3b7609f1e

SHA256
e54b815a87403c57693dc66473badf4f7e2c30b4a43a3bbb147b594abebe2208

SHA512
6848520af560e900c03a37b59203060da1bb9d9e78943306bfd6214b6e5a8f2e0033bddceaf0379c0f3d98eec90ec864aba4e886c5a10a388acc4cec3858232c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\20723

Filesize
8KB

MD5
e72121a1c6d82f90362c8ddfe44d2f6f

SHA1
30d7c71be1f2be2e1c336e74570526d9cdff301d

SHA256
9ce0a3f76af37f54b4e2267023cff0fd0a8fb1e02bd3603b5a3590f5de7396c6

SHA512
024d3e0b26926ffcf797e4150eea445800ac20f7979b4b65542cfbf05a61a1d499516a510702bff66787e7809290fac20ff3f1c4dc6fafe7435427e2ffde0552

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21176

Filesize
46KB

MD5
34504f76c971f61291fc8c85b76418ea

SHA1
841c76e179ee17728792bedfbdab21fa39444e35

SHA256
715d58dc6b6df97ac61cc9ca7c952cf5bcdd713cb6363e24de629e07f975af58

SHA512
ea1dbcbf74e01f3c68805c998d1382f3a0ff3d5f32faed6667c4f6003e241698816a218efe658d13e6d4ef6e39e593b7f7cb3175a9dd81f57d45c62475de06e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\21536

Filesize
10KB

MD5
2b421566428ac0399261d9d8d10c8628

SHA1
04b2c1ba6cdbb1fcb9ace9f743c308eacb2bc69c

SHA256
094a2d58f50dd5c02cf73f9f75efe39c81cba9a2382e8cf5adf6c5ebb8057d3f

SHA512
3fe4d69d77938d37f5cac16bca9a2050767ea714c78c5a5c4aa832456c04852c64db59079183433694d5f01db46190b80ea4a15b0db30aac204aa9f3a856fc25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\26105

Filesize
8KB

MD5
a514c078980eeaf7e7fb1adfc3f00c0c

SHA1
1c267d3c0b4a904680197f893a0b6860b72840ea

SHA256
134e00e0ebd9e284f0725968152f88df5c0e0629c125ebf64edc8b9e6532b043

SHA512
82064c2430d73fb25ea6f0abdc7fef411d3de1913e22b8a1ce6df964c75df48d7ceef7f73a7396fc135f4e7d65d9847fd7da463969ac4d29ac8d06e65289edcb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\27247

Filesize
13KB

MD5
52ce21bf99b97d0e27bb31c8b755a2d2

SHA1
3e0a5eae7d82bf5cb7c9b913fc2b0dda320b2ffb

SHA256
d9fb434de7092962eb3e43ec7da3ac3276c0d949290b2ae02ada5d4dbd2bd312

SHA512
5fd4ceb3f03c2c672a147f71ae038642802b73c4f7aa5c02048f4789ca4d75b3682d2ecb4f491866360a00144ab6d4aca2e5964d5ba24aa786b3531b876d0405

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\28711

Filesize
10KB

MD5
47eb365217e24301618f789270c9c859

SHA1
d4262659b5651c3c9dcdc37c57e09a2812f1b2a7

SHA256
581d38681ba6883f04feea7775a36113b74995d6f1650a53fb8edcfd9ea35b96

SHA512
d50cfcef4803300f5ae2576070de8f7d92ca90b1987ce5cf0ea135dc9e2f9be848ab9bba60854be4c2dfbb0249a480bb196cf392304138cdf9c747bf0c4706d0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\31413

Filesize
37KB

MD5
e7220b3af2873220e542284bc89778df

SHA1
fdc5682aa0f744164f78839ef940771affef6001

SHA256
31ac3ca56023cab4d704174e34f9074c0e9e9f71d9eae578265c9a2e8a91700c

SHA512
09946324c86194f19dbcf07769a937d2b08621ca352a007c27d275e593b9ceda3b5731ad6cfb5646aa8a059ef2db31f1c48485f9853dae0bea51c907863c9c28

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\32691

Filesize
9KB

MD5
f67df8e122b84a88fc43bdb55b45ce5a

SHA1
c72ba5c41069b1b874df9a116b4c50f243d6ed22

SHA256
6d0f7d701a75bfe37dd72a059e5015ecc57b7c716b211eab3754fdf1f87d3f7f

SHA512
785183301979b588b57d4d51f643ce8781de922f5cabe81bb0e263bda91d4e876f2249324d26e83824182b145917864b1f7a6a6f4c891c2140425d6d96e76015

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\4046

Filesize
8KB

MD5
f3a5b50e20e159393c90bc81d81f420f

SHA1
f29b0c434b7f678c16101f8e9b75e355eb9b648c

SHA256
d55397b5a11c841e7fd77286ddec25d02f7384dbfbd62bf35d452cf727e764d2

SHA512
798f58980cfa32bf32ca8e63d07fce32be5af1e547363b8fee0abc3e463003bea5eb3582142f58ed4481bb0fbd182570b620207df90889561bc1553e1747bf57

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\5125

Filesize
8KB

MD5
0977cd7a257e2f02b9b6bb0c0ccd92f1

SHA1
48d74349c42055fbf774743effcf25d6c469e9a9

SHA256
7a8bece95d828b513df9ec3ee98aa3c3d9628756c96889f96f6720df571df387

SHA512
17a107ec2a72d74ecc3720c8603eab5672e5ac97c85fbd16c44a4d11cbccc384d9db007e5eef40a69f852a1ce446e81608279904413cdd8cf6ec5940c1365c4f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\7087

Filesize
9KB

MD5
9e3ddcca6c3cdf57b3163e918466d130

SHA1
85ea31ede871e5830bac9469f0cd6179d9cc4d8d

SHA256
6ff4f4c4db6679edcea3cb3f30d4c14ee42502ed041d17cbc133e952e763bf1e

SHA512
7458abdf4988536bdec9717bc8f63ee79017def7e814bb16fa84046e490338c4b85c6b217129987b86f4f55472e95852dfe9d0db3243ea872c18aa41fd41a9bb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\599F0E97901513FB8DEA3AF082B4B2261F90D0B5

Filesize
134KB

MD5
954413f011c329356beaf09f9677cab7

SHA1
bd383d0da00ebcb0dcf0791e5c799ffda00dce9a

SHA256
8d008a49f6f1262ba2f994d13e4bb6fa3f4ab85b8b157427e9a48011a177a93a

SHA512
0b827ebe1e18dfc7a38549a619943706aa1c697492e799048ba43595445db7a957af1b627b5b11711525ed9403614917b936c840c1d92a3a1bd763c85aaa7b29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7FAB881B33F4D9C22FA47E5FE9708276FD4EDA98

Filesize
16KB

MD5
148c7975a51ea3c610bb522c4e794c4b

SHA1
b4cf0c719c7a45f7ddb50d44910bfbc61a4341c6

SHA256
a202289ff94a93b7b83a9a6527442a645558ba40b05a065030b28e18068058ca

SHA512
063d404d84a0cf8a43724eba2e8db1bdbdd88a9db361dbda36a547ace0d57bb3075b70c08beff92b26c8012b6c515cf09ffccb1f31361644c125a67b0f8c0124

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\thumbnails\5ec79c24083c1104950472029d5b2fcc.png

Filesize
13KB

MD5
b6b9995202f7fa23af6bb5ddea15a6c8

SHA1
df5b798185e2a769471babc3b2eea04440a14438

SHA256
e1be45f337514ac3e81ba59379ecdf43395b7788790749ce3f112eb2516db4c6

SHA512
581946d93365f69a5f84751447ae078a46005c8a82734a4fb337d8957f6f51e3ea29f5dc4d880a572091f6c86b4e69f56cae5478139614858a1eb0d56df37d18

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\thumbnails\5ec79c24083c1104950472029d5b2fcc.png

Filesize
4KB

MD5
61bbe5693ca6f5e0d5d4ee93b9e5a962

SHA1
1fb7af0cace4c279ccb537788e96f7514e03b30f

SHA256
7c43a06246e74e26ceb9ba2bc029675a96471319b7bed41bfe5e1472ab4d1787

SHA512
a0114671f4f6790a7b2d494798e4acb18262e46aacd9601b970e588ca8c6a7586a633fb42aa3bc985c818ad1668181b2b8e484cd980dbac3551e2ada83545d43

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
39ad97ec646280599e622b706db23839

SHA1
db5bf4ed727d2d69f356b8ba8a662c33651b8b95

SHA256
fb6d4f02185f979dc43fcefa1143cdc7beddf8c89ac98fc4f6e89d814d12c8ae

SHA512
5349a721598588eb58afdb2484ff63721aa20773cff25eb1dc1f0adb67a06e9d3d202679f710bd0b30b0725aa8761cd3a32db20781765a4854488f16f8f0827f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\4d9967fb-299c-46ba-af00-362c48d89473

Filesize
746B

MD5
d606dcbee66ee14731f564208a5112b3

SHA1
766ed3ba317dd2d410585cae33cb42fea4a044ab

SHA256
ab88ed00ebf0a6828a4c0b857c4bbc54c965bc800caf6aea5e889159c8d2e786

SHA512
7bf5704de86e992aa927ce1f4289e42a8a9f81c3d29fba85c03a5430914d559b5606b00e969bb57d76413f7c65e6a892261e32a51bacac82def09a1cac102d42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\cc9d3431-4f4c-4083-8a47-94fa81d89856

Filesize
9KB

MD5
128fc941307edc4ff2aa523205674e03

SHA1
a3dedf02559ddf3a3af5f24dc03ead89b45fa431

SHA256
b716e6eb9572bbf12c0d25b0d004f61e8e14f6ac8888285fbb320202cbfb53e2

SHA512
276b16d75559221efa931fb435dc7e5f0435e0c62f2665fdd5a380c72a18a433292f2d98a6719c47f1210262158dd1ba3519ba21fa8347539311c510db71711d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
5b8f42603829df5da63d396bfed2e6bd

SHA1
220b42fa2e70485b0df7088fcaa2fb4c3abc7be4

SHA256
a882c10af2af0ab154b5759291cd6e34761ccbb47def1e1d9df35cd64dcd05a0

SHA512
13da8d647a7e2c2be6f9069026b16d7a2e149a8bc35175432d17817c2981e69f62d6b35022229699e7b6b20ec4950c79ff54d64cb0e736412ebb7143f0bdce12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
ff5a68c6b2cc21eb5c998e96a6cfcac0

SHA1
d8ed872262376c3e0d65f65bc8226a97c530a66a

SHA256
a34c9f2522493694e341210dad6ede5aee8d61aaf6854936336d80cc8ca7fa04

SHA512
a82e0acfc4d1afdf3c2ef01de193b86a41be730d5200a3d7f61e666f3d7952cb25dbf8e4dcc7c405b2618bb8e0c13d0f9dab056d20afde48e94a054204cda5a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
baae532b68f537f6013c1a6a55f90b34

SHA1
63c9d4f4f2c79f457a4c53c416cfb2f511e22de1

SHA256
e9d3afd0021470ce02b076e124367046dda277b1d8d6bab975b78a11c8deb27e

SHA512
3e8b6d9308ab62ec3e1e8f1eb3a2bb559951c3a949e9829fe357dec8fd6083c06a359f5422f2d0c4c98f7d25e76f5203b496d8da16ceaad44d9cd4ba9876eeaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
a3e7c69f346c39d82358fe307f4d7da7

SHA1
73c7e553fece14b7c7d0d4fafb5388ae31cc7410

SHA256
0443afd8e00dbfc969d44c8b09015ded6eddc938ea80dd26e578398fad08dbe7

SHA512
e3890d3a8e0491ac0d31a970e5df0f4f6ef9c92ca2293b2b77cb8dd5c80f2b0a22b599a3869a26545a70405a8d8a6b669e3011581343feab1f67481413d49246

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c7430363198f6d5154123f74ba3d4e14

SHA1
410486f83aa9f0b55e718c379afa19bf22996501

SHA256
bf492c5b9ee422622d641479ad4167712cb8d30d3bc8a8ecc63928f71b16c200

SHA512
acdddb074ed21fd40b81279818ca3cfdc5eed35e1e5cd0a57d5018e9d9b134a3b09f5cc8a95669d2dc40ccfc9e3be4f0ba4d8068e47f59ee8c4e0749301a30e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a68effdf343ee7a5cb12d4aa37db3424

SHA1
00f8bc77dd64bd10f4a6bf61a286a4103fd876eb

SHA256
1382d415f007da814d02b66e7f7a9b8fc15527cb3d6118d2c46ffda04f0839a2

SHA512
5aae3806bd988ab6c198fcf09f60bd852456c41bf5ed4d53b7f6030103fad45c0e02ebf5a260945847672a0ae30a512de192787a149c3a76e01631a107398435

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
df26b1add01226ca130c5dcf67862b06

SHA1
4a289da44f7ed89989b09fb5e870ad3d28746188

SHA256
0c0c93cf375560fb9459646095780bb94d1af4eff8cf596c9e32f2469aeb2ed2

SHA512
ebf04b4903f6fe615d96d9cfc038b4e61d8364750c35ca999d2c3a07a9736dcbbd868f6b586d978fa7d7f5803d22489d006e0f1f4a1ced601928f0685ca9e97a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
32b907d8b12cb7e7ff5454287d5ccf6a

SHA1
f7c18f348b51296b3f4b52a1364e19aec9eba9d8

SHA256
cc5a32aa483b451d5e01afb5df2fc7bedea3f1e95d3795c2a50b72bfb7b3cb28

SHA512
68a3b36cf7ce18110858ff9cb5b0b72066dbf7450f257856a9aecd64cf081131424d226fba2f9cc8c7e5a10fe20f0c9d9878bd65e2fdec97a14407b0127cd560

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
eaad444c68caf91e8319806bf1bbe306

SHA1
f332b335f7dfba954f8c0c15426f3f704dd794e2

SHA256
09552c7a281eb98ff8dd447070b4488239bfb2324d389b3c47ad2479919f0a89

SHA512
477347c58968889656b2d7bf8600131d5bb2ca96ecbc81ccd945da90bc4b602055b5aafa0e76486990ee2ba02a94c21d8699a8fe6674deda68033445b5d7cd7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
e3df488c38eb05a045c9fdfec3442015

SHA1
26a0732d1a4f50b57faef5c11dd828b0f3671c5b

SHA256
b6a65e2cbaef8c19c66771c097655ee3c639de1b7f2d794c376f69c6631313d3

SHA512
71835e1687897e5429dd03126b55df98e333adb8bf01c4e965286a8c8843c5c6cbda49acb37ffe9634a78de503ae629afa5f495fdc9f7539f006bff8cc871f89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
1f4a796292e395148918997dcd7f43af

SHA1
934ea499541ff73429ee2db70795c5b629d8e48d

SHA256
6f1b15478a9e87ef9aac84271d84f8484dea3c920ebda97dd6e4cb3010d34bae

SHA512
e9445edf6a0776c6ff9c1b1d5966d44acf01af1155ba3dbdef1a8438bf2ba279462420d334b7f3a37e86e88ac21d0b67d5697b9dc546b18a57bc42303e0a4ba2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
5KB

MD5
2cc041689b621bd3cb9f8cfcce67c35c

SHA1
0ea76289fcfe3535211f897ecd73467e25ca339f

SHA256
80a28f90addf1a12775c2ec559725d0d7d65e58e56a4ae098fe51c7cadaf999b

SHA512
65e3715cafe6b6e59e1dadf31f2657ac6f39003ad4d6855725765f19529d7d5c69583aea82c30522ade11f028a6766ef1d22f2136cfd3a4f115816a7069327ca

Download Submit