hxxps://secure[.]sign-doc[.]com/XN0VNVXBaYU9vOHI5TU5WditOeGZOeHVNczhOTGVPcEEyMHcyaSsxa1lGaDY2cnI3NHI5MlYrVFdyQlVLVGVudnVhV3NaeWUvZlVOOExvOVJGSzFkMkdDVmxNNlNYdHJ6bXBHWDd2cTl6N0xncE5velJGU0Rsb2pLVzIwV3dQOEdaR2w4VFM5WnMxck5OSHpkN3ZYSlB1NGgvQTBJZEgzcHFvQUNpZ1BTR2xWdGF4b0RWd1BpN1hWWVdjcEZHRDhGU0N1Vlh2ST0tLXlxL0RIaUxQTGFMb2libGEtLStkcTgrZGZWODljK1hVaTFnTS8zQ2c9PQ==?cid=259489278

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15-07-2024 07:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure.sign-doc.com/XN0VNVXBaYU9vOHI5TU5WditOeGZOeHVNczhOTGVPcEEyMHcyaSsxa1lGaDY2cnI3NHI5MlYrVFdyQlVLVGVudnVhV3NaeWUvZlVOOExvOVJGSzFkMkdDVmxNNlNYdHJ6bXBHWDd2cTl6N0xncE5velJGU0Rsb2pLVzIwV3dQOEdaR2w4VFM5WnMxck5OSHpkN3ZYSlB1NGgvQTBJZEgzcHFvQUNpZ1BTR2xWdGF4b0RWd1BpN1hWWVdjcEZHRDhGU0N1Vlh2ST0tLXlxL0RIaUxQTGFMb2libGEtLStkcTgrZGZWODljK1hVaTFnTS8zQ2c9PQ==?cid=259489278

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-514081398-208714212-3319599467-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5016	firefox.exe
Token: SeDebugPrivilege	5016	firefox.exe
Token: SeDebugPrivilege	5016	firefox.exe
Token: SeDebugPrivilege	5016	firefox.exe
Token: SeDebugPrivilege	5016	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe
5016	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5016	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5848 wrote to memory of 5016	5848	firefox.exe	78
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 4168	5016	firefox.exe	79
PID 5016 wrote to memory of 5832	5016	firefox.exe	80
PID 5016 wrote to memory of 5832	5016	firefox.exe	80
PID 5016 wrote to memory of 5832	5016	firefox.exe	80
PID 5016 wrote to memory of 5832	5016	firefox.exe	80
PID 5016 wrote to memory of 5832	5016	firefox.exe	80
PID 5016 wrote to memory of 5832	5016	firefox.exe	80
PID 5016 wrote to memory of 5832	5016	firefox.exe	80
PID 5016 wrote to memory of 5832	5016	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://secure.sign-doc.com/XN0VNVXBaYU9vOHI5TU5WditOeGZOeHVNczhOTGVPcEEyMHcyaSsxa1lGaDY2cnI3NHI5MlYrVFdyQlVLVGVudnVhV3NaeWUvZlVOOExvOVJGSzFkMkdDVmxNNlNYdHJ6bXBHWDd2cTl6N0xncE5velJGU0Rsb2pLVzIwV3dQOEdaR2w4VFM5WnMxck5OSHpkN3ZYSlB1NGgvQTBJZEgzcHFvQUNpZ1BTR2xWdGF4b0RWd1BpN1hWWVdjcEZHRDhGU0N1Vlh2ST0tLXlxL0RIaUxQTGFMb2libGEtLStkcTgrZGZWODljK1hVaTFnTS8zQ2c9PQ==?cid=259489278"
1⤵
- Suspicious use of WriteProcessMemory
PID:5848
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://secure.sign-doc.com/XN0VNVXBaYU9vOHI5TU5WditOeGZOeHVNczhOTGVPcEEyMHcyaSsxa1lGaDY2cnI3NHI5MlYrVFdyQlVLVGVudnVhV3NaeWUvZlVOOExvOVJGSzFkMkdDVmxNNlNYdHJ6bXBHWDd2cTl6N0xncE5velJGU0Rsb2pLVzIwV3dQOEdaR2w4VFM5WnMxck5OSHpkN3ZYSlB1NGgvQTBJZEgzcHFvQUNpZ1BTR2xWdGF4b0RWd1BpN1hWWVdjcEZHRDhGU0N1Vlh2ST0tLXlxL0RIaUxQTGFMb2libGEtLStkcTgrZGZWODljK1hVaTFnTS8zQ2c9PQ==?cid=259489278
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5016
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 25751 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {25a8ca4b-6b54-45c3-9e1e-75cbfea3af72} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" gpu
    3⤵
    PID:4168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 26671 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69f5391c-4462-446d-b7ab-22a59207a2d2} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" socket
    3⤵
    PID:5832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 2900 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d07c5023-8a23-459c-87e2-e03b7d413753} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" tab
    3⤵
    PID:3996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4048 -childID 2 -isForBrowser -prefsHandle 4124 -prefMapHandle 4120 -prefsLen 31161 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b315f29-2baf-49ab-862f-4a2bf8eddf9c} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" tab
    3⤵
    PID:5524
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4836 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4728 -prefMapHandle 4748 -prefsLen 31161 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8901d149-5a3a-431b-a788-3ae1bbd87a63} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" utility
    3⤵
    - Checks processor information in registry
    PID:3564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5296 -childID 3 -isForBrowser -prefsHandle 3928 -prefMapHandle 5280 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d22b0a83-24ba-4378-901e-3160e6490abe} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" tab
    3⤵
    PID:4332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7df0aa58-4569-4ea9-90ad-f7aa002dd17f} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" tab
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 5 -isForBrowser -prefsHandle 5520 -prefMapHandle 5464 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8866aa51-02b9-41ec-a5af-17447bfaa4a8} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" tab
    3⤵
    PID:6072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 6 -isForBrowser -prefsHandle 2884 -prefMapHandle 1264 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed29e14a-07b3-4e19-a32d-7a08ac3ee319} 5016 "\\.\pipe\gecko-crash-server-pipe.5016" tab
    3⤵
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
4ecf81ffb0b85b1f17c692651b4bbadc

SHA1
34bbc2d0d3e261e91e1a3f07adfad26fff39cc05

SHA256
2bf9502d70f3bc4829ea0ea81fda51304293a4a008eefd74cb6a6427d2c12d70

SHA512
afe82037cb95017c77359abb884d83493546f1abdcebcea89350716c5237f97d317a7b74da4932cc4f4f1fa30063422a85d76483a9afc415e1ec413e841b8bc5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
fc8caaf94f572fe1a53b14aafacaed1c

SHA1
62a4019c77ef2f62760241124924f7b2145b3db1

SHA256
4a4564c6d0a74152b152e7537265cbaa23550c95030808582c03ff9a565082df

SHA512
fb67975da809c63e8b52b2e6e824b06d92d2f3cfa56febf5bb9c013d9171cc21f44f84bf4e54ba175a44e5b3a39e622f154b3550bdb1c069ec1664eb9169b677

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\AlternateServices.bin

Filesize
7KB

MD5
47224a06aea8ff5e82a71576e995131c

SHA1
9821861c389be01bf67d9c08db5f25f782c2e97a

SHA256
19404e5d8a342ab05976b1a5230fb79d87064569d7d3e3f68ca136bd8176f465

SHA512
1c6380dce8fc327ac9dafcefae2d5f252a96d99cae0094a44dad5a7b8dcfbd7d767ff0abcb755bb753747783917cc9260c805470d27e54501585d39363410859

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
c6e2bef13ac37a93f9c4cbcf1eef1232

SHA1
2d1e86300ec0c16f8aef432a9da1e8e0eb68b805

SHA256
0df5b19f768eb07470ec098943ca9c947488bba9c45433895656d3cd195ead4b

SHA512
24e8add6316c271e0104bb03e45e44e779dc3670043d7768a0cd48aabdaeed79d84c6f4f87ba7b376f893c70558a840b25b9e0163a70fd8b339a830f4b873a47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
dfbcf4615879c5c4bd376488202caf02

SHA1
baae39f7ee8c3a97e9c7f879d5a648cca48d09ea

SHA256
c219d6674db397a31431d608c1ef657cbaf66be5b2e0218a5ff22b98fc17c25d

SHA512
65af580d3ac4f4fffd0c81b8a05e8139bd077588550916f97ac17c008a34ebeb197f32756b90e01e43051fb605eb362ff7fae55a5da5f6339451477475a5ebfe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
240563f551e51115716d23ad0984d38c

SHA1
7bd66f3ee889242ed64d27c94ba1a35c722ab082

SHA256
4b53c2a18153ba4b2114f6a593f7e90c85ce453ab3f5119495541911c91ea159

SHA512
1db17110c3f077eac72c7d5dd0b5aa182326f2d39ed68f575631a5c078bfabfae0cf4d2098136b4a829d15e1a0b4154c48fe5570837b2b8abb25133dd7d41ed2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\1fadc3b4-d7fe-46a9-9064-a178e22de120

Filesize
982B

MD5
38cc6878a667385563d17d0aa84a8ec2

SHA1
ea5cf16f3f0572ae6ba4fd5b17d991cf39bf4a02

SHA256
f5159c2d35524cd6ea24264c1dcbf3a1f06ea54edafa29cf63a3fea27fcaeaf4

SHA512
a4f5065fd3b7b69e1a6a8a1fb9be6b9bca7a908ee835cbe407b0da46491f4294f4c892009792c68a304cf633ad992eb6e4ac91b1bb455084a91a40366ad37975

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\875d346d-ee10-478d-81c0-c4ba21f05957

Filesize
26KB

MD5
9e2a20c6b939ce637bdc4c03824a7323

SHA1
4a22753b5f3ad435ec253bb1841b0d20d5ccc5ca

SHA256
8d48e6a8d8fde34d815159771c864c2db4e14fb67c85b153978de9323556e53f

SHA512
e6d96dac5806cdf37eb32d38f64a809b1d93b4cd94b4aaddda8b258e33def151c8aca1f3760db1651a3d196a3fbe56a048b7e4a5018e6fb3dac9dc2509831bc6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\datareporting\glean\pending_pings\9476672f-88df-4b1c-8604-1613577f5c50

Filesize
671B

MD5
96316432ded16862054c4299ec70c84d

SHA1
95208e47d5ac431246e0a14de3db584c92dd6679

SHA256
899e241b6c70c518249009c7cbb7dbec48533abc4d1c77afcbb0d809ae5b41b5

SHA512
b9f5447bac1e3ea1e052af0eb723cd96289125112056a05ab69152204cae628fed49688a2f4ca5239f93493598bf728a80297bd5743e366645bdc4e02ef3aef5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs-1.js

Filesize
13KB

MD5
376641d0a208add137959fa2987f9a3d

SHA1
d357e367eb5b440630b38851dab2b4867a52e40f

SHA256
4e741b1450fbf43135a8b38b97c898d6bfd3e0e8267d3fda2e873e9c307bce76

SHA512
9298dc0fe6f1936ea73d50c65c9ccc0ed5bb5cf547ace659c42dc539e809b30eb1034b6f0dac3b4cc104cc0fbe0b15e6e0975c5cf30dc3c70c8336273ca27eae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs-1.js

Filesize
16KB

MD5
b2fa832708fc96b8d9c354ae26fef167

SHA1
6bfedd19d49419d3e8118be770ae276952911694

SHA256
ae4c88b27013d2ba1ecd403cbc8bb8d2e49d016877a1f8252bdabbac1e7ec277

SHA512
4d03bef606bc9c60525bff04afab4740ebe4bf63d0ee7f91456eb9f9ab51cdff4cfa2bdf4a091307ada73911138dc67f9ce7dc7075ca5cc83c6e0add8f7d0f49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs.js

Filesize
11KB

MD5
e704ffb036e066cd068878a090be80d4

SHA1
8afc60266331d223ca93b1bb8794d9d122ef2759

SHA256
91a660e4a915baaf836a841d18f66fdd83def8dc246dc51cdcf38a36bb525412

SHA512
0e7f39636142e9c59484d0e19a7c18b330a08a22e7d3920cc5123970b86c7110fdb59104b5cc23f463da7c5df4d2991bbcc109a9859f6609f8308d0adcdb8c4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs.js

Filesize
8KB

MD5
abb9521dc55274a59086612675508b9e

SHA1
0b3050482cfa2170216299e72b55d06320ee006e

SHA256
88f5e213067c94bfdef9d8a7b3d85644eeb4686d7d09c43ec94fa6f0c320d2f8

SHA512
8c7fd521c31c9dbbe6e60423f6817456d4be9a59baf67033c20a31ff83a3919210b62fdcf36de74868367a72b6abf131d639c887c84a16f55a6a820895111543

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\prefs.js

Filesize
11KB

MD5
f9e2c8d9c78a5c89189f1eea4b229307

SHA1
68e896ca93d431573453a309ce8ade5e0eee8b16

SHA256
845b70b0541a09ce33252de426655fda782b0f33c4646e3023d81b60f47adb19

SHA512
375e5d5d300900fd01293c902df7f414b5fe72c033d4577b43a2c6c6bd28c9df787ef802ce5bb1dd4c4fc5d7501b6d08c600f55d18d5a4401363e0dddfbdf03a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
73438731e14886c1d9404f89e1b289b4

SHA1
72b586013dfeaf3fce9ef72aa9e8e146a20e410c

SHA256
e09ca3de8637a1122655e11b627cf1da7ef2a8930a520618b622cec367ec32b3

SHA512
3557da6d6f6a93af383d80bded9c491a3b133eb967c8609aac8f485ddb9c557411e66d32658edd7817b35bbc9ba31fd0353d946cf716ae38a015dd951eae083e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
944KB

MD5
5ef1c3f1e28fa18891716adf57d62704

SHA1
ad972bfb29e4db610663830d7c1a2360f74e99dc

SHA256
7256c7009d8a1c2bbe3f1f1bf482ee617292e61d539633cb7ddaf54faeadae69

SHA512
324969acdd611e759ad2692726eff3b3b19dce95f6b9a36cbc4df9199f01bfc54811e921742f116ed46a5d2e454b8c6fdd1b0c6213f1ab21764fa996a5fae9d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ywkpx7r6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
9.3MB

MD5
dc951f985af6033575fbdd34b71e5702

SHA1
d837c53f5308289921d0c0914a2d5b65be2c8f45

SHA256
588496c7e6e9fe28827ef7a524f74b248792bb3719d1f0c86dd1bf5b6ca31a46

SHA512
0abc5052d77e9a6698de05dd6c89621ee6309296dd7bcdb7467d69436453e6646f604721d49f10f987724096287d7391af9734d80f1502117ddbfdeb18210373

Download Submit