hxxps://jagt[.]github[.]io/clumsy/download[.]html

Analysis

max time kernel
332s
max time network
338s
platform
windows11-21h2_x64
resource
win11-20240730-en
resource tags

arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
submitted
02-08-2024 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jagt.github.io/clumsy/download.html

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2326217578-3761199233-1872589011-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\clumsy-0.3-win64-a.zip:Zone.Identifier	firefox.exe

Suspicious behavior: LoadsDriver 13 IoCs

pid	Process
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found
648	Process not Found

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe
Token: SeDebugPrivilege	2832	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe
2832	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 1344 wrote to memory of 2832	1344	firefox.exe	79
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 2132	2832	firefox.exe	80
PID 2832 wrote to memory of 5040	2832	firefox.exe	81
PID 2832 wrote to memory of 5040	2832	firefox.exe	81
PID 2832 wrote to memory of 5040	2832	firefox.exe	81
PID 2832 wrote to memory of 5040	2832	firefox.exe	81
PID 2832 wrote to memory of 5040	2832	firefox.exe	81
PID 2832 wrote to memory of 5040	2832	firefox.exe	81
PID 2832 wrote to memory of 5040	2832	firefox.exe	81
PID 2832 wrote to memory of 5040	2832	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://jagt.github.io/clumsy/download.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://jagt.github.io/clumsy/download.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8db92e85-4037-4115-b8af-ef84548aaf82} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" gpu
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc779944-e209-48fd-88b7-39b2dfaa0882} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" socket
    3⤵
    - Checks processor information in registry
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2900 -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2844 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {905591f8-107c-4340-ba37-c01f1008ca0b} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" tab
    3⤵
    PID:2068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3720 -childID 2 -isForBrowser -prefsHandle 3712 -prefMapHandle 3704 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aeae3321-e460-4c44-98f8-9b7098d41b2a} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" tab
    3⤵
    PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4480 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4436 -prefMapHandle 4444 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb6c2ddd-064b-472b-9d04-11bba6b317ad} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" utility
    3⤵
    - Checks processor information in registry
    PID:4756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 3 -isForBrowser -prefsHandle 5508 -prefMapHandle 5496 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc777a62-2ccd-4672-8699-3eb0b26b1fe4} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" tab
    3⤵
    PID:1848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5660 -childID 4 -isForBrowser -prefsHandle 5740 -prefMapHandle 5736 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cbb65b0-dfce-483c-b390-592a56ae9bd2} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" tab
    3⤵
    PID:1536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5928 -childID 5 -isForBrowser -prefsHandle 5768 -prefMapHandle 5756 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d5beaf7-a132-428f-a338-62abb0585410} 2832 "\\.\pipe\gecko-crash-server-pipe.2832" tab
    3⤵
    PID:3884

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2664

C:\Users\Admin\Downloads\Clumsy\clumsy.exe
"C:\Users\Admin\Downloads\Clumsy\clumsy.exe"
1⤵
PID:708

C:\Users\Admin\Downloads\Clumsy\clumsy.exe
"C:\Users\Admin\Downloads\Clumsy\clumsy.exe"
1⤵
PID:3676

C:\Users\Admin\Downloads\Clumsy\clumsy.exe
"C:\Users\Admin\Downloads\Clumsy\clumsy.exe"
1⤵
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\im7rwvgx.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
96f56aaecfda0e42c73292ac1b68b84e

SHA1
414d4c1a45e7eafaff81fe4c5c71de640ec2ea8e

SHA256
df826b834429d0ca65017df90bbdee11b525517451d651a39d6a37eeb10230ce

SHA512
36ae980569aa241399071421e3ea3cd2f47e570111658c7edc0e3f44da3efd92445ddcb6415607341a9985ca5954d087e81ae660f26b31c5c7f387b262f59a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\GV9C9MGUS1NLMSVQ1C8G.temp

Filesize
10KB

MD5
810dcb614b0fcc680477201eec9cb6a5

SHA1
a497dab4104775d89ad9a1470aaee1b0a7ee445b

SHA256
22a40daaa7cdca6231763a264372d1a494bed140e0db555c564915d986e1db28

SHA512
416bded739f377755fdbec61f7c1eb4a622900019c0074111dc06333921f7a351da9add9f8ff579ea46363293effa9b582dc679c38628e915e640fb15e8caa91

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\AlternateServices.bin

Filesize
8KB

MD5
9a5882759f2321a1b1ff6d2ebeb7f0b2

SHA1
4919aede5242ead006f2cd4e4b576faf123f53d8

SHA256
0fad30922ebcec994f96c6f6aa0ffd066a884395e47cbc277a5dc2d08f49a8a9

SHA512
a76522337e245250c41e04a2dc79800b1b9e0cee13871a99d473a2890920b4b709453e6fb5f117af9c2a0342817f290f77315a684dbd458aee5a7e644f6901b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
89875b8b46cbb348c515c92c1499a6be

SHA1
65ee93435dcfba68956b25e60be4e1715e399246

SHA256
b8f2b1e08c610852bff7345baf3fbbce601cefabc0a6e4a5c72684b08715ffbd

SHA512
5553d4a95da4b88bdf3dc2e625e11d8d9e53b0dc9997812cfc89c4c1d1fb98eb0968596a979b22a8bf8c55336b57cff9ae79a33430f65a4085ca03989d5bcf6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
48332630adff4ce2f8676ef7f7f9268d

SHA1
a99f4b97f87b95d4b4f36b5db2197d95dd679f33

SHA256
83be0360696130b7d6211c59927bffec8f60e90a8c7d5065ee64a38aa4c1f991

SHA512
f87a561494b839da3d559f9234703792d6a81d4e6409d129969eb59328be8831cc08bc089ae1421dadf874fcd721b257a72e94459441a97c6e73f9e7905431b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
28bc39b0d226b757e6e6ac690e06bfed

SHA1
10210f3b95d2a4abd7ddb53f72a8447cc42f23a0

SHA256
c6baf9acdd13de2abc459092e334c2376c32c69cc76ec7017e5cd89cf4aea777

SHA512
326d768162e65293d2c4240ac4d24dda15424b5567931052ee5d28f344bd0088232826ce90151263e5a1789c5ea25fe8e7fc3a1ddbbfeafc4cfe7921de99bbbe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
3f230af781df625d8254a7f316482f9e

SHA1
f9f1c1a86608b21c0ac90a6336a5f8655c45c738

SHA256
f3ad3ffd332928922f7da3cd5da0534bcedf337d1c8f7da3438d729a94ff8344

SHA512
f13212be9285dc1a8bdbeeb4ebc60b10270b12eebf75156ec1c5712e0d737d791464e5a720acc5c62858c33b4a653b82f8461a31a43c2dbbda7baf0a465d4632

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\datareporting\glean\pending_pings\0c6fffcf-ef35-4d0e-8ba0-878807cd9dad

Filesize
671B

MD5
4a9e48bf6335d0085c9ff7167e1e11a4

SHA1
e6a430f4923fd2f977b86a96cde1517a25d5c0ec

SHA256
3e91bbcbc9a8c4357a6ea880bd50a735e8727850978ca5d7a462096e18b0a0c6

SHA512
3bbabb4b3e2f647339adc18348185c6dc6f128fc1354e8438c997f4579e303a1c80e6f4f8f666b933bcdddac0af14a1d0d529ed26e8161d848cf9084c2b3c7d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\datareporting\glean\pending_pings\8031e59c-a7f5-4a6f-9688-0ea77697c4cf

Filesize
25KB

MD5
058a19f026edbe692d1e42081a1dfb68

SHA1
9fca25e2f131d359b0874490e395ee55cd80919e

SHA256
25da64460ee596f7688cbb56db63cc0ea8ac7768c7b6378c7637d760554b98f5

SHA512
c3ee7208224e03e4ed0e5fe6d4859026b0493a276a4b69732bc9e7efc9d8fb66b52fd35b116bd66df1b8e2caf2a8d639c1883b4c6aceeef72897f4326f5d90d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\datareporting\glean\pending_pings\c7db22bc-df43-4bb5-9e01-c509df91feb1

Filesize
982B

MD5
bb423e6ffc14f4292999b1f2078e85cb

SHA1
64c2b2b27f2c8e531b734b3d116a647638af1104

SHA256
3af69e6ce42b3e87b49a9047329cfde4e62a85fa46d3b583184c7b9a05a2ffa4

SHA512
70cf26a28fea3315e7823f1eec85b16f0d567ec78d59090d9a0f44fb5dd7b13cced2b3d2fcc798a726ec609597aafbf4a0c047f0e324842cf551d10111f311df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\prefs-1.js

Filesize
12KB

MD5
574f6a27d89fd25405aa413975093141

SHA1
533f801b5389805e0e2722809505fe2b801a95ac

SHA256
20abb75dc67d7c9fe84275642455c145b7f78ee1db75d9fd5fed56a129839567

SHA512
33619480eb75d28f0400e68b757cae73a4b10c81ef445a45411cc4c64c8e361652c68d893c639d365d56902182b0bbb117bdf50d9a015cdaae89a8c771240add

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\prefs-1.js

Filesize
12KB

MD5
c3d87f0b5af8e24c6d7383dac4c7223f

SHA1
aac03c304cdd75dfd828834bdcf006d56ba85194

SHA256
60381e420800058b419789267859780b0f2e1b6934c23a416d38ab1e18b3720b

SHA512
52a8c7e1e844be8a3860f34bf16d075e7f5b95dc7a3e1b0c6e818c3a9b7e92efd3f9f5098fabc73557b94472a54bf37fafaf73635016e6981c0a6b070b47be1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\prefs.js

Filesize
11KB

MD5
f3d12c29cb17eb45ce10c9a96221a4bc

SHA1
473bc5e98e70df071114b8a44705df6d4f536119

SHA256
5cfc7ed69b32f9e53d947aa7036edefa23a22f32611905ab7e0809f2f74fd69d

SHA512
83ac2349c3c6e493e8b3c02f4e10238d40731e88f7c000a289d59190125e2a6b72d20cef63ac101dd39e0fbcf0d3003861dfefd482f430a7ab6fc7ddaeaa16ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\sessionCheckpoints.json

Filesize
228B

MD5
a0821bc1a142e3b5bca852e1090c9f2c

SHA1
e51beb8731e990129d965ddb60530d198c73825f

SHA256
db037b650f36ff45da5df59bc07b0c5948f9e9b7b148ead4454ab84cb04fd0e2

SHA512
997528e2ecd24a7e697d95cd1a2a7de46a3d80b37fd67fac4fb0da0db756b60a24648b7074255dc38f7651302f70894a53c3d789f3d7cd9f80fb91bd0cade4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
b5148429f016996f2875d21970f9e5de

SHA1
f3dfc27d87a5cb08ba03e5c624d50e7b03253a64

SHA256
50bb9cedb971c34002999b4a227dd158b968f0513fe8e7c7928d4659c17218dd

SHA512
9f0635d5ce3f1385ad3b22840f3cbaf9f10b1187780c540140f5224e4a64d489656ad9bb447be8362fa28848f099dc31e1af159deba9cac3319b9fd1032e68bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
5c2cc7ae6d77165ba629cf637cb10626

SHA1
ecf143c81d73476137cb927a2b39c61505694403

SHA256
3049b62906d46a3cb185a8116f3438616c4ba997b51b8580f0932f6525219cbe

SHA512
2af9e3396cebb3baf5f431aaca2792fd2fd1828ca37383828dbd4b070787c77744f0a6d80c99abf889a53ca64fc9d8f85ff64c57373a1a5723f4df1d9e6b21ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\im7rwvgx.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
b888607c59662c2794d54fd459fd5279

SHA1
2f3fa34e83ce7d5965ea83877dc5a7fe601a7ff7

SHA256
fc5ab0410dc06d38e08288575354e2c927b220ecf2a712389190298f3cc38b50

SHA512
33243b18364c409ad3f0e2d0ed27c53fed97c8b9384673cc35857081c13b59b083e707ec6a6c396d5c6f534e645eec0a2df555add2bc5049eeafca5ce02f5269

Download Submit
C:\Users\Admin\Downloads\clumsy-0.RPPrsExq.3-win64-a.zip.part

Filesize
524KB

MD5
4b53a792fdd035a7ac6b335b705fdfbc

SHA1
2be6fbe140b4ec1d91b043bf2f3c6b5ebbf8122b

SHA256
f50dc734148815831c67d9fc2c246c22d421c53dcea51e26eee905b0b2806c27

SHA512
7f87683895bf833636f81d1092adb6fafb42457890f6631cf532c9909502eb598e6f5eeeeecfbc416048123133a52fd7e5ddaece65a0f5bcfc4a62c824ae5b5e

Download Submit
memory/708-469-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download