f0b2a317afea99503ae32f64dd75ddf5d49e54f1f6ba0a2b77760b88124b4649

Analysis

max time kernel
101s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 14:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MessageLoggerV3-BetterDiscord-3/README.md
Size

1KB
MD5

c5bdb10cc3f36a97df96147cc5bf11b2
SHA1

6e8c09ac5d5a93b6eb69c94ea74d6eb326eb755b
SHA256

c036f7c728586ced45f6e2a7aa212a72d6613bf32c7933c207a3b4f39d09502c
SHA512

6411573371c72e626920deb6f143e8af4167ef5e9042dde03c718036f2dcfc3867b798ebcf957b61d2eb29a90a51440075bb43ee28d6ff5fd3df05659bccf6ca

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 12 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\md_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\md_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\md_auto_file	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\.md\ = "md_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\줸ࠗሀ谀耋	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\줸ࠗሀ谀耋\ = "md_auto_file"	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\md_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\.md	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\md_auto_file\shell	OpenWith.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1864	OpenWith.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	932	firefox.exe
Token: SeDebugPrivilege	932	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe
932	firefox.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
1864	OpenWith.exe
932	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 3548	1864	OpenWith.exe	91
PID 1864 wrote to memory of 3548	1864	OpenWith.exe	91
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 3548 wrote to memory of 932	3548	firefox.exe	93
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 4792	932	firefox.exe	94
PID 932 wrote to memory of 2108	932	firefox.exe	96
PID 932 wrote to memory of 2108	932	firefox.exe	96
PID 932 wrote to memory of 2108	932	firefox.exe	96
PID 932 wrote to memory of 2108	932	firefox.exe	96
PID 932 wrote to memory of 2108	932	firefox.exe	96
PID 932 wrote to memory of 2108	932	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MessageLoggerV3-BetterDiscord-3\README.md
1⤵
- Modifies registry class
PID:964

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\MessageLoggerV3-BetterDiscord-3\README.md"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\MessageLoggerV3-BetterDiscord-3\README.md
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:932
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1740 -prefsLen 25753 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e4fe091-225f-4202-8d02-f8456c2500a1} 932 "\\.\pipe\gecko-crash-server-pipe.932" gpu
      4⤵
      PID:4792
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 26673 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e47b042e-5da6-4dbd-adc3-97cdcabbf30f} 932 "\\.\pipe\gecko-crash-server-pipe.932" socket
      4⤵
      PID:2108
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3104 -childID 1 -isForBrowser -prefsHandle 3092 -prefMapHandle 3252 -prefsLen 26814 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03bc7baf-1fa9-4868-8b26-039642d0079a} 932 "\\.\pipe\gecko-crash-server-pipe.932" tab
      4⤵
      PID:644
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3972 -childID 2 -isForBrowser -prefsHandle 3940 -prefMapHandle 3952 -prefsLen 31163 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8914deb7-a3fe-4900-81ae-ad0c66905206} 932 "\\.\pipe\gecko-crash-server-pipe.932" tab
      4⤵
      PID:4328
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 31163 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eed31238-e305-48d4-b2db-2505521ef0fe} 932 "\\.\pipe\gecko-crash-server-pipe.932" utility
      4⤵
      Checks processor information in registry
      PID:1960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5240 -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5112 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {970db53b-3bf3-4073-b03e-b8d400312959} 932 "\\.\pipe\gecko-crash-server-pipe.932" tab
      4⤵
      PID:1976
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 4 -isForBrowser -prefsHandle 5388 -prefMapHandle 5396 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56004626-0787-4a45-bc4f-973f71ce3a4f} 932 "\\.\pipe\gecko-crash-server-pipe.932" tab
      4⤵
      PID:2968
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5576 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5364 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a4125db-ca53-4655-8f02-5c645e05b9b4} 932 "\\.\pipe\gecko-crash-server-pipe.932" tab
      4⤵
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
1f1970298cac50c0797131d0adc82453

SHA1
b7b3b5a57067b60c885fdaec15951f9e7496940a

SHA256
2a16d2321b0c53fb6138bc809bc26dd595141d25009aa69559e51234cdbf7d65

SHA512
1bf66d9d6cade1924c2395211cb5ac17631590096b7b56126fc617bfed55b392e1454c5a5be0fbb70a120db96695813e9fdca81a71e69c8ffe27a34f8da9dad8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A

Filesize
13KB

MD5
2b106180d90f26023a711b8a319d4518

SHA1
47b706a723d183f6881ef5f645b9a70f78792b0f

SHA256
d961fcc8e3ef2046cbb3512fdf1726b10e5cd9df5a418c32f450a67fb19e171c

SHA512
96ddefc328454d7eae29064f0a6d51449e36645538448868d5050bd48be3511d0fbb5df3a6369d428672a6a2de2915ecb33aaba5f7aefd5a32e3193e7fe2aef1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
7KB

MD5
80973b23c2a5ecb7c7f94935ea58e0ae

SHA1
ade1f03736f3d9461a0fd1db633ac07f196240a3

SHA256
503b4971bb48d0485a218a9f88925a6f7812d6b1173a340e9a606a1a91cc2b80

SHA512
cf4861b81e5357a505bfb42517f16ac5ffaf3a0e92c7a006d5b153cb8c41ab9477499d68eab32915d675e1ed6182eefcc6865ac709954d364db9cae8e845bce7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
12c0dedc7cbe8b474d127ea95b406ee7

SHA1
dc73473275375bec2161dc20d2c5cf6efd95210c

SHA256
04c295566f2ed661cb816b3dac3988069f6890628a71cffeb43ac4a50c1f4aa0

SHA512
e5fafce31b7e9afdd26b47304736b29c994c36cd8a505bc60fe32366fd0b9f64db6c45e43f0daec092a7abf54e22824c489de96043f3d59ec59d2ff4115858bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9fd67cdd08691928c051ced929380eb4

SHA1
f529bf68f2de65b15a11cf9129c8c90ce1a01a88

SHA256
a9230f62f52843c110f277c482957b91318658ac64e3b3aad47b34e5eabfcd7d

SHA512
75767721d5da94fb89311884207a235fec8ec7488af1cded5f587af65b5ea1a1eb28a1580828e70021f59322f37b2003e3f8e4a81b506be13fe8c7d40e61082f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1f7aa1bb2ed2cebbfec4f0d9711f1a4c

SHA1
043bb9b8ea8733e8de79656c4271f0280db7b2cb

SHA256
96297d6076e93de7fb818b325d07a0bfe4c33103f97cb2e5c71d46eefdcecbbf

SHA512
99e6ff71cfce07d6ee76facddda7c433a7aee056e31646ea0cc001a3a6cbfa3c7abda0fe8e5f374af100a7a478f4096b8287f10923a1da8217852af70942770c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\274048ba-a795-48d4-aa74-c5a4b8d9948f

Filesize
671B

MD5
888fc8e8944771a4a99d47aefb16249b

SHA1
8f6259f5d35f8476434c64652933d46e5eb96ae5

SHA256
cadc3e71eacee30f8cb8c9c2dc21f6a35563c2f23ffb92eebe520649910c54f6

SHA512
48379e213a9d145fb9c9b429f14d1b14393ab6a3e2479ecc6dfc1e2634fbdbe0cdab1b80cd9dec9b24407393ff84ebf027e810f4699ff9ffe331306e52bb3860

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\3162ae3d-08bc-4c1e-9a19-27fe43be48ab

Filesize
982B

MD5
6afb7865837ec0ddad8fbb34c5687a8b

SHA1
995ae1c49f716829cb2914f3d346067d69f67352

SHA256
2565367c58cdc691973e53b9f0ac4c199c3569c1d2fdfccdaa2fa712f729b7fa

SHA512
3a71e08720f46d5117f1b4d7db2c14249b443ddeec62015a344c7071ce2c1a4f4e7807f422b065dd689d3b90c9b6dfa8c2e37d852034ed0994590ca9ef9fe80c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\d73397e5-adbc-45a1-a2e4-9bafb027e428

Filesize
26KB

MD5
c0662b27fede59c4dc1fe67defb0b887

SHA1
a819f792241a3cbfd57af5aeb0c5915365485eb4

SHA256
730556a34fe3eb9f5b7f475bb88083ecf8c76f2e8289f4cb9aa9a21f97a3ef82

SHA512
f0b3f83e4afb19d2651df7f27b79a31ec14e2bfdf74cdb300a4c3ead40fec542e9ce754a7635487b04ff966e9e4613a46fbbfb6791441e48aceb71a9a78d546f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
11KB

MD5
e3f73ea870ee414b656b09a5dd1fe5de

SHA1
94d68eff09dfad6dda38f0ee96d5fc2e7dca2da5

SHA256
56161686043b371ffe2ffc70228516f611887d9d5c5301dc73085301b2a20575

SHA512
f38141739d475e29105de2611571bc9709bf426999f93f60797210cfdc4f3750d70c798e8a69343d8c1083a4fa4ded91a385fd5a8daac7960434ae789730e529

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
15KB

MD5
91bee44342715254b59afe9d231f5bb1

SHA1
592086bc05cba8b26053b525ddd09c91b9b9c1ce

SHA256
64087817273fe389eda11d4f0dff981398b63b88ec588f9234b82bd40dc17b5c

SHA512
8423c07f209388588b5ffab4ed3aa91875992bffc24bfc191bc19d03b25d8bd4721c31ebe1d71d4a322d17c12606df60bf974468f3aa9489828c92a8f5d75be5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
9b738fb38891c8922e23a4baee693f44

SHA1
2ff370d25c2a197e9b0d35fc71db4a97b2bd0310

SHA256
8813ad750866bb38356a08a31448b1eb0798daf0d14fe22ee6093a4aed71f0d8

SHA512
8a1056eddf53e01f5c26f646518427ea1c44ec57ea4cc211e97666f072d7d855385c0638349d1cec5f4f95b5585c0157014ad820fe170f89cf4c31d86dfbc76f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.5MB

MD5
6833a434cad70b75262bd121e64fe4a8

SHA1
746a6ad09999671f5d3b1e5b88804869d3373a79

SHA256
4a1d1a1c021028b199f98f703da52725fa2ccabcd37cf08e745472e46990ea89

SHA512
950774a7be90e253a44559ceab93a47e5c1df10e197d2d06014ee45d01f5ceecb6483de6672b6a2ef656db3cc68e75c05a49130683002cb00696ebd29476b658

Download Submit