hxxps://drive[.]google[.]com/file/d/1yE3P8SW5-g2ooSlPNNUQvgei1grZnV4B/preview

Analysis

max time kernel
125s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-es
resource tags

arch:x64arch:x86image:win10v2004-20240709-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
22-07-2024 13:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1yE3P8SW5-g2ooSlPNNUQvgei1grZnV4B/preview

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
18	drive.google.com
19	drive.google.com
30	drive.google.com
39	drive.google.com

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4756	firefox.exe
Token: SeDebugPrivilege	4756	firefox.exe
Token: SeDebugPrivilege	4756	firefox.exe
Token: SeDebugPrivilege	4756	firefox.exe
Token: SeDebugPrivilege	4756	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe
4756	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4756	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 616 wrote to memory of 4756	616	firefox.exe	84
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 4376	4756	firefox.exe	85
PID 4756 wrote to memory of 3272	4756	firefox.exe	86
PID 4756 wrote to memory of 3272	4756	firefox.exe	86
PID 4756 wrote to memory of 3272	4756	firefox.exe	86
PID 4756 wrote to memory of 3272	4756	firefox.exe	86
PID 4756 wrote to memory of 3272	4756	firefox.exe	86
PID 4756 wrote to memory of 3272	4756	firefox.exe	86
PID 4756 wrote to memory of 3272	4756	firefox.exe	86
PID 4756 wrote to memory of 3272	4756	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/file/d/1yE3P8SW5-g2ooSlPNNUQvgei1grZnV4B/preview"
1⤵
- Suspicious use of WriteProcessMemory
PID:616
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/file/d/1yE3P8SW5-g2ooSlPNNUQvgei1grZnV4B/preview
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1952 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 25759 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {62c554f0-41d5-41c1-b3fa-387ac51f9273} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" gpu
    3⤵
    PID:4376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 26679 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef49b407-45e8-4dba-bcf7-99304272efb0} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" socket
    3⤵
    PID:3272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -childID 1 -isForBrowser -prefsHandle 3080 -prefMapHandle 3076 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70afb29a-7757-4169-bd23-f3d14730cbf2} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" tab
    3⤵
    PID:3688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3700 -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 31169 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5efc812f-f97f-4a55-a00f-53ed08f54c62} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" tab
    3⤵
    PID:4424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4776 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4744 -prefMapHandle 4764 -prefsLen 31169 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {770a678a-d6a3-4c0b-bacf-e4e97752ce26} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" utility
    3⤵
    - Checks processor information in registry
    PID:1172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 3 -isForBrowser -prefsHandle 5444 -prefMapHandle 5576 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f0584f5-6fb8-4906-a355-15f067b0c8ad} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" tab
    3⤵
    PID:1168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5748 -childID 4 -isForBrowser -prefsHandle 5832 -prefMapHandle 5828 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b0971c2-2ae3-4c00-a0a1-0494b1f52683} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" tab
    3⤵
    PID:504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4648 -childID 5 -isForBrowser -prefsHandle 5760 -prefMapHandle 5764 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08f02df2-58f7-4890-b945-922a9b7cef73} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" tab
    3⤵
    PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6368 -childID 6 -isForBrowser -prefsHandle 6360 -prefMapHandle 6356 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca366fc4-7e4b-40e1-ba76-0117c3799212} 4756 "\\.\pipe\gecko-crash-server-pipe.4756" tab
    3⤵
    PID:4452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
f9c45f9006565f8ebfed9f407faf1995

SHA1
7f64f85e838eb171cd2b022310e9df52617ab61c

SHA256
f769430aef276a6791110fd72d0926aee87504b7a0aea335b0af758433b34d7d

SHA512
29d44420cba425c2c3144e0c626d3f62b82585d8b7dac60d2304484563f29cc3f5e2650947192c5257fcce6f7155b78cec7739a1146ee381ae0e823a8df05677

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zirruo9e.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
a037e58e9220e4716280816690505c9a

SHA1
5678b35e9c9ba204456e2777142d88e5304f1a99

SHA256
2b73d363605dae090300a96eecbf60f33febeeb100f4ab600c45ab645358098b

SHA512
6151ba97c2575cee3d3e4ce05eb4b2d67ac48541c8a28ec429c71104fd5f72a567a782f69d27f8781b3da9dbcf772e534204e11e23e2c5a89d1cd48bd955d082

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\AlternateServices.bin

Filesize
7KB

MD5
11edecffcff953c9130e8e8e8626125f

SHA1
2d577d19511753ce4b88b65ea1af825a14a6bf95

SHA256
c3fe222025925893842b417130b74fe1cc9e36c87544a0f9214c2d85c1a7afcd

SHA512
64a441bc403e95c29cf1e5dc3cc5fb4fad16f4709623524488a5aa1cc0d8d1cdd14e1600c4029887208e0bcfdd85affc6cd13a98b8c6a718a684b7faf1a99975

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
7eb0e34560bc0a1fcba0709e110a9be9

SHA1
9ff771f7295b327027b6c993bcc2db71e8f015f6

SHA256
a26e23d47ec9b956b812c88f54afea51d4733d20b48eb47e621ed187882ff245

SHA512
de46bdec39076e29f58829678773148dff90be200f11f32ae12b3b150f833b9ebb27c4b9ec6a637a51d027340544042b881c5ae8fff08fe018ef47d57c8db09e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
326f7af329b5a994ae017060b2b2009a

SHA1
d69b99444efba9c02e7072f79d468b1140c8c151

SHA256
b99d10f149cdb5127c7dbfff220f07016e358a503fc56c112e3b0bdeefd970c1

SHA512
0be3ec9293dcb309df6a733c5b6faed1a32c349efed8210bd32e7b3156dbedff74ea4c9a421954cf5423bf736b3af9501ed254b2c7e5d89c80582692d32176dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d272cc070e02a411cbccbf4c9b398c2e

SHA1
e9bc3c1052b61a45c8b03ba656a1d5f859caed4b

SHA256
b98fc1aceed8e7860fbd2c9f884e847292d0f89fb99682ece47260421a068a6b

SHA512
ac5fde9c04b53a3a8f802d704b5d8fd9d24f8a5cda8065e05a30533271138c473f1c7945b94d9b7d5a7eff4b6cd3f0551bf52993126380e4e2f84814ad218be6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
6a855ca67db3ff1f3e0baffab3f5c922

SHA1
71b327e5d54aaa9bfb4b96ce83fd9f0d04e5a3fa

SHA256
a9defeba08f6e93096590fd976dc7a18ec62314059f10662d2c528dff855dc1f

SHA512
85d6b54f6cd188183d2949ce0101bb23465e8e94436ed445b98e77ab4a73c2e9af3619523a0f54b49ecb6677dbecb6f396149d8d72cb29cc52032210a91e97ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\1691062c-844c-409c-8bbf-cdecf53fef96

Filesize
671B

MD5
775ef4e88e12d9cfd78d8393f79796ca

SHA1
febc387ae7017b0e6fbfc191ff6d5ca394840a88

SHA256
83131e48c80423649188741847d194180c35bd0d88bb401d93ef2eba077ad974

SHA512
4ed670c9ab0b689a9aeaeda3dff128d9e86a3728855c40903ba8b819231609bd0c2f4815fab3a02285257c6294b08c314dcb0472a98ed57b1ac9657a86fdaf4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\3ec3697f-eaa6-434a-abcc-19a8261c654b

Filesize
25KB

MD5
11c29e124dfecd1a88135682edfc5449

SHA1
bc287fd2434c253984a7b2fbe2dc55b9fca54c2b

SHA256
2800d60c4897a9394b1ebe3fbd7f0b0a4ea2337a7a8adbee13ad5b271be36492

SHA512
a646272ed35930c17be4cd50a6904d173d519b62734a180f66d5b0316164f923f6b65237655088ba11ecbede4589734a9c74ff9125e3cb5fbcf0aba0e9dd9b6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\datareporting\glean\pending_pings\611c1efc-b3e7-46b2-92f6-682c2a4abe65

Filesize
982B

MD5
42ec948233c359c5c7b437909a771ac2

SHA1
85b862f362cc79edd63388875e0a3b49420f72eb

SHA256
be27e7dedc42a2bd7372c46d3991303261a9fc8b91e4649344e9cde81c711792

SHA512
06d0a1b748ec24660ea60b4461a01eb2c20a2c230828a58504657dfdadd0dc6d10ef44cc8c28d62f2d179025d794a3e8be8377f503a8d861a9871be3da46405a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
13KB

MD5
356b6aee968cf8d4186efc3d8887eda6

SHA1
26a391ce5a6dc0cf42623128a5dcc11f13045c4a

SHA256
d20efad2373f70f050b71fc7e58518bf295293b022bd6185e6f85209c77b08fc

SHA512
d190b3af1d990d589dbffb07de9b72efe7664d264b304f5a54843d2803b391b868a01a44367dbf7cce7e6eb8041d5697fa3432877f03733f58996c5a78f13408

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs-1.js

Filesize
16KB

MD5
b799e8193f84ecb5f57fd66cb9de6313

SHA1
ab42749cfe1c9227ae991649931a8c114dcac165

SHA256
ef701da03194d5ae3a1ad8350fc53d74f64604df6c6388d7b037311bcd81c779

SHA512
36a258c2a604880f6d335e47ebd6a88578719f59c090cd42f4ed25a90c935fe736094f3642c4e46c50143dfbf11e288d82b71756cf2c9b0ee119d47d3bf8700f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\prefs.js

Filesize
8KB

MD5
9f9c6fea62436078300fe255c3d86ba9

SHA1
401bcdfcee78918c9514f786f718495598e45bd0

SHA256
5f777c9c2820331e898b15dfb8a294634e700738291bd4c3150ec2142e52c46f

SHA512
4c4febbf5a0957b94eafb20631153c42fc83b619ed568961e398ad3db93916f79c5c465923005f6ae9539e95c0340867447121bd02c79fa5647ea08bbe86c3db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zirruo9e.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
950942db27e29fa696f3d5f94d10d9ea

SHA1
17620021603e4415dba1f45c25188f620e168237

SHA256
f9a2c71fdbc23bca8eeb3cc8e88f6151dc49b03c4796081c7ed2573067fdfb6c

SHA512
da2caf2006cc900570a93819341b7dbcc81ce5d56d1cfcbd0bc6c6dbf700a897b406abd7139f3712e59cac60179fb6fff1a06f978d30cef0d14665b363a5c99d

Download Submit