hxxp://stremio

Resubmissions

21/07/2024, 22:43

240721-2nqyqsycmg 1

21/07/2024, 22:41

240721-2met3sybrc 4

Analysis

max time kernel
913s
max time network
1195s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 22:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://stremio

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2958949473-3205530200-1453100116-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2876	firefox.exe
Token: SeDebugPrivilege	2876	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2876	firefox.exe
2876	firefox.exe
2876	firefox.exe
2876	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2876	firefox.exe
2876	firefox.exe
2876	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 1356 wrote to memory of 2876	1356	firefox.exe	31
PID 2876 wrote to memory of 2784	2876	firefox.exe	32
PID 2876 wrote to memory of 2784	2876	firefox.exe	32
PID 2876 wrote to memory of 2784	2876	firefox.exe	32
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 2688	2876	firefox.exe	33
PID 2876 wrote to memory of 344	2876	firefox.exe	34
PID 2876 wrote to memory of 344	2876	firefox.exe	34
PID 2876 wrote to memory of 344	2876	firefox.exe	34
PID 2876 wrote to memory of 344	2876	firefox.exe	34
PID 2876 wrote to memory of 344	2876	firefox.exe	34

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://stremio"
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://stremio
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2876.0.566812890\1790832046" -parentBuildID 20221007134813 -prefsHandle 1276 -prefMapHandle 1160 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8128fb9a-f572-4543-91dd-b4a5766f4e81} 2876 "\\.\pipe\gecko-crash-server-pipe.2876" 1352 114d6b58 gpu
    3⤵
    PID:2784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2876.1.526391881\2121274651" -parentBuildID 20221007134813 -prefsHandle 1540 -prefMapHandle 1536 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7efcec16-3b85-4693-9d5d-3a16cc404d1a} 2876 "\\.\pipe\gecko-crash-server-pipe.2876" 1552 e72258 socket
    3⤵
    PID:2688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2876.2.1859952388\1008104668" -childID 1 -isForBrowser -prefsHandle 2200 -prefMapHandle 2196 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f6d07d1-c8a5-45ba-8ddc-cf7b39874d95} 2876 "\\.\pipe\gecko-crash-server-pipe.2876" 2212 1b314558 tab
    3⤵
    PID:344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2876.3.1815056418\1050578288" -childID 2 -isForBrowser -prefsHandle 612 -prefMapHandle 708 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bc33de6-81b3-4449-99f8-1b72d483398c} 2876 "\\.\pipe\gecko-crash-server-pipe.2876" 704 e62558 tab
    3⤵
    PID:1640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2876.4.1883668607\487497106" -childID 3 -isForBrowser -prefsHandle 3628 -prefMapHandle 2892 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b65061cf-f5b2-4fca-a67f-b8c9f2a02289} 2876 "\\.\pipe\gecko-crash-server-pipe.2876" 1180 1bf4f258 tab
    3⤵
    PID:1272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2876.5.1855609905\899833571" -childID 4 -isForBrowser -prefsHandle 3752 -prefMapHandle 3756 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3b5216c-5eae-4c70-b00d-3a07f7572f28} 2876 "\\.\pipe\gecko-crash-server-pipe.2876" 3740 1eeb6e58 tab
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2876.6.1910289835\725549251" -childID 5 -isForBrowser -prefsHandle 3916 -prefMapHandle 3920 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 856 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {29d14412-461d-417b-b5c4-49ea5cc2368b} 2876 "\\.\pipe\gecko-crash-server-pipe.2876" 3904 1fb2c958 tab
    3⤵
    PID:1072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\activity-stream.discovery_stream.json.tmp

Filesize
40KB

MD5
5f809cd8785ebe31dc481e2c22322d46

SHA1
3e305569f0479afb154f8b6ca0685d8cd05e35d0

SHA256
bb1d9323d5b036324bdb2a3ed2f4a1d9aa8da866b887dcf9642b9e24d939f763

SHA512
d36b23353e8ef2cca9abbe43a21c81be9a9e636c0bc47f10422fd9177938fa3737fabd4102c45f9f00b0b129c1dde5ca162998533d263e58b16da5346b1a962c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\7943793AD6EF12CA229A1DF7A721B44C210BBC82

Filesize
37KB

MD5
dfbb5371e89741a7f8e97ef5364dd0c1

SHA1
eda999c63e6b566abd35a7f566a885f84b2798df

SHA256
3f6f7eb702fc8ae1116de3810fd32ffda44d8cbeb81e3ecb1444f6515603ccac

SHA512
9697c01c579eba82ec8c9a38e8fc8ca602b63c027b4463a14855ea8fd6b501fa769fd2edc38794d535e597968573d6788396458c4899388b87749c6081910ea2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
2aaf16ee0f7341025bb84a1b243d50ab

SHA1
d3210746d00b05375802156de8453737f55ec484

SHA256
b3a80438422e3745092ccd5d616d593f8fe98674e59b2dc240d1c103020d6dac

SHA512
0c833857e7ff5924136249c413a722fd90e41ac9e6ea445bb5f982f3d34e8bdb7a81cf72d9b4fa70fad2bd2c97f6d020b875038367a795292c2542e132c99b31

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nyws1jjf.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
ecf0ad1d7424014a1356ee9225d034a3

SHA1
5cc381489bc35d519563baca60b917f710c9d500

SHA256
95c28fe5a789fd5bd9b1c3bf90232b24e851c2b58ae28e8a00b4d34c7e021c6e

SHA512
8b448bb8d4d686d193422fd439f2e0cd44278424e1e4c5c95ba9b2b82812f6fb3a800bbd309f3fb185a1d89979b8e9398eea324c45fd4e1880409b1b8722eece

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
ae05b2c444cee039d93913becd659054

SHA1
56697a9ed68fe01336d1a6b38bc342587cbd892b

SHA256
3ae7100cc24f324af84db619ac2da8fa0369d95b08edff8b356d6bae120da7c3

SHA512
3d7338f48e493193fe940f16f41deed11d1613b14d3b49f78aca06d8a336a848470d05ae5247211c8896957d9c1c8c7e2a6c046afb99463c149e9f5f8c7a87f5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\bookmarkbackups\bookmarks-2024-07-22_11_k-PozTETHt6fhzgbtjurZw==.jsonlz4

Filesize
945B

MD5
3d51709d111f1dc0e9ff50769d909199

SHA1
b63660e874277d13f65082aadac3e5129c27b671

SHA256
2296864a5031604077ad9080a817a493875eeb6ca70c6555c99eacaf404c5ed7

SHA512
fc4f8bb48e7f4c08226a7f2f2f6b6825d489ce1d2b90fddaa20f77a7d568136f223a7e01f06feef868a836ec77c3cf59a1102c140b5f7b64eea9afbbe0a9011d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\broadcast-listeners.json

Filesize
216B

MD5
b18ec7e0c32331e9084c0a3e6f5ed9dc

SHA1
648a78498a259bc8fba90cd19ae87da31e718867

SHA256
63d01329e66263344e86c69a40955ac9df4da3a76311f58b929d8032564b4051

SHA512
d11889e4110ec6f7c7088007f67ceea84592e81bd0302fec46935e3fddeb40ef860b091befdc3a615b45f45718778da862f7c27d6cee696d3933398dc66dc636

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
5c56d194383695a211e70c85b0a9b116

SHA1
ba4a3b780e961543cff47d69e69606c33fcb12b4

SHA256
bba34033c7dafd492c5215b8b7a6fef3f596888234d8243c8290127509c359c9

SHA512
fd458ec123199f437a6e3a5996ac0663cc748ca22132676de759c123ed18fe91fb12a8ccf479354548757ce8cc0e512e722d5e5a1696eb34899b61a3af9b026c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\datareporting\glean\pending_pings\5bc232c3-de5a-48d1-917b-756c7f149228

Filesize
733B

MD5
60884a26ef1ac2a1b8a6a8c643bfa6c5

SHA1
b987817a7dc28d24cbbe69b7dac2a76fda5c6f01

SHA256
add12843ea89f30e4ee2134e77cd2b5000c90a67083ae16931600f2d262dbd06

SHA512
e96b7d47dd9955771067166a4aa97ca774d812685c0a42c5648cf50b6f72c3af1341cb2383b636a6c2c0a5094f4301af5f3c73d70fc47061aa6d51a3cc0cad30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\extensions.json.tmp

Filesize
38KB

MD5
1edc04423d459772683c6c678ead668e

SHA1
e162cca36f7794c6bf3f8142c01d3667bef892bc

SHA256
40310dbec6777033bc8248dff6020b275ee01f32fa42daa5df347fa67e408e4a

SHA512
9fcbd674cb02b9326315dca7ebaed808ce73a8104bf18d5cbd42c06be7ef9734ebd9237659c200b417214dd856a6829b8779ce54e61b9e6d9ea615e1c2b725fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
10KB

MD5
85b6483378d65dc6f5847749a969e596

SHA1
dd3509fdbff3cbbda3f7854a1b14e915139a74af

SHA256
6b89849d8de02af85228e621849778a8444db96bdcd2411ea39678f4337d5cbd

SHA512
9c45ad7e0ebffd9c0abe4673fd6cccfb7f72ed6411f22cc1ba9daaa5f6cd4c5c7a6e05235464a6fa5380d954f12fefd90425aba0ee72e8cc6b2881321f4721e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
6KB

MD5
64c1daffe3b2bd115ebd1f13f57baea3

SHA1
18b6c6c9b0891dded1bc81ece20a095077ca6d1b

SHA256
6551f08aeb938b9c3b39b370d128de865422894176b9c6af6a69549839ce608c

SHA512
d842fa8a27ecd14cac599dc8d9ef917f1c306b1b4d22d03e82cbb65ac504f6d7be079072ea9e809eca5b4bf251e73b2126edc3e58273d36d9f58015638a84876

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
10KB

MD5
758f3aa7e310587db79e2298cbbadd38

SHA1
f5fa005431ea233957c131b0c4b1f65e78f97c7e

SHA256
c7ce068df3480908b5158e2a0fdde8aefba81d3509585069890653c8fa53a3a1

SHA512
a8dbc4f7710557e53ffecc507f23aaac2d2b18dc795db730e69c4a526d4c6b687a0435a64e9e59bea9b6c964263b352690622d7d28ffc1a9f5b81b9a3456941c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
10KB

MD5
91a68eb92cdce758e94179dc313fa7ad

SHA1
ebd9261016b0824cf328ba1c032c39b38aaef4f9

SHA256
a0095865176564178a7b6013e7552819712d3f975baeeccf0e91d8f3bd4ae05a

SHA512
050cd3c85bd38dd63679fcdb86b8f67f3d40df47e9043957f2828cf7f3bd17d506114c091148a4a127c9da53c78cd0701c36ba6cd5991c198f99d239c1a90e77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
7KB

MD5
1ab46bb693d02ab2b511c5604f15011d

SHA1
1a3864d6352a9899c8233af4437ceec556f86063

SHA256
018b07a922a6fa8f4ef47d1afe414ed97d1926ef7a401b90aaa33db605fb930f

SHA512
9be9ab12a83542ac1f8b88cf5192d3676fbce73ccd9c039874c0d81b27f384cbdcb6ba4f7e354cebb76f50e4f9eaa981788815d8c0f3a3fbd63befb6e29e3972

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\prefs-1.js

Filesize
10KB

MD5
19dadcc6237712e46e3fc3108e47818c

SHA1
d91cddb38ad5c2421ce2aa59386607607a408ce4

SHA256
217a134af38b54452d7508036e22c3740470d117780f9967fc5cd6dd53c97261

SHA512
809335e7dcce0667ff27cc052b87d0da1e6d8fa794a9f466954d96536ff8ad3e9d3247c320021004854898301a57c7ac35dabafacb1f91e8432e0b261747bf68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
41bf5fbc66d825dd16fd7f753ed712cb

SHA1
ba971135bf33d4898aaa6ab67d42443fa310a99d

SHA256
c8350d8a20d271790135c6e2e7c8667160d827f71576ba10b74d3c1971df157d

SHA512
1c3df8c714db752ca50ce0f2358cc946e02369953d78d21f8e362553ec4239dc3d6b7581b4ad66ffdeea95b4aafe694e1564f058c46d332466323df82db528e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
86bf0047edb8180b01c9c86beaa80dc4

SHA1
461e0b7dd591ec9b7e610c86c62df1a4024a1e58

SHA256
652cb8ce9e445c4a077e605da14003b1c3645e9557ba9152103d59690ee6d68a

SHA512
ed8131bf6cfef803f760c390ae25432ee332166ecf6704ef949779cdbffdf05969aabeb5674efce5e493d288078ec3be8f4372fbb2f00f86d8c72022f518278e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
63d876aa017c65b1b75f391330ec3836

SHA1
e8ada656d51b2e524522f57662f5379332c9dfbf

SHA256
141e19090d0eeb22fc7cd5bebf5d2290dd925dde298a1a4a383a140fbeb8d13b

SHA512
7e3e15e9762d7cb23d6baa23c7c437e573c41ba93702eb0578799b5282a8ce131a78902a611ce0769bc1173af5eacfc352a87e73e36a97cb3991a48e69ed41ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.6MB

MD5
bd41b615e9a74f0c376f604cf271a56a

SHA1
f0cdb6ad2dd5126b13bb9ba9b8161898438c7f1a

SHA256
bac05418fd52ace5daa73d53863bc9e22d25b5c47bb7f4e14f565f1dfea0270d

SHA512
e0a4eab44478b569da2b0c3a91d0a4053bfa6dba28e68e9115fe39bd7ddd411a9689edbe257e537b304d95a6add482b8455ba11ef15fa52033152ae676209ec0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nyws1jjf.default-release\targeting.snapshot.json

Filesize
4KB

MD5
38180c9b4a6edb289d8bbd2f2ecc3ac4

SHA1
83f34565113eeb793dc9555d5d69d02bb80dd948

SHA256
2a1fe8891da761c6078cfbb3842c04ea16dfd0a4ccee7c9ab794d2e0e4c657cb

SHA512
11241c3f1daf8beb47690f6ff97a7f8dd9f900e325fa1331f1a3572742e8507fd1f7e67cb8f12a374b9319e3b15b78bb905d4b79449fb623b9767d57ffab6ca4

Download Submit