b224fa51cce330912eeca59fad7572308b05f417569f7b63ccbf70fdc169d2a7

Analysis

max time kernel
58s
max time network
56s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
10/08/2024, 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AimStar.exe
Size

2.4MB
MD5

568827860933354812f1f218ed13651e
SHA1

9e134cbd5f3065a3e1c879469ca24bc1a67ad2e7
SHA256

b224fa51cce330912eeca59fad7572308b05f417569f7b63ccbf70fdc169d2a7
SHA512

9609c43af744f0195e350246ba6e031d262011b57bc76f31bb0f076d07213fc1aded2bfc27e5df04cd41afce9b0bff5ed57b575691f9e2b9a04183f40493ce1a
SSDEEP

49152:bzwa3eDz3tP8+A65l80ZpinEs+IcL1dHh5QcmYDOg:oDz3R8TEs+IcL1H5Fn

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2227988167-2813779459-4240799794-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3536	firefox.exe
Token: SeDebugPrivilege	3536	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe
3536	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3536	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 792 wrote to memory of 3536	792	firefox.exe	82
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 1852	3536	firefox.exe	83
PID 3536 wrote to memory of 3720	3536	firefox.exe	84
PID 3536 wrote to memory of 3720	3536	firefox.exe	84
PID 3536 wrote to memory of 3720	3536	firefox.exe	84
PID 3536 wrote to memory of 3720	3536	firefox.exe	84
PID 3536 wrote to memory of 3720	3536	firefox.exe	84
PID 3536 wrote to memory of 3720	3536	firefox.exe	84
PID 3536 wrote to memory of 3720	3536	firefox.exe	84
PID 3536 wrote to memory of 3720	3536	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\AimStar.exe
"C:\Users\Admin\AppData\Local\Temp\AimStar.exe"
1⤵
PID:2424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7f6af76e-7786-4ca7-9680-8b1fd0e5118e} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" gpu
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2344 -parentBuildID 20240401114208 -prefsHandle 2268 -prefMapHandle 2264 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dba6b851-1776-4900-beef-d1dc04ebc43a} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" socket
    3⤵
    - Checks processor information in registry
    PID:3720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2956 -childID 1 -isForBrowser -prefsHandle 2948 -prefMapHandle 2944 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5e4d78e-af98-4bd0-a349-788fbbb2d290} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" tab
    3⤵
    PID:1992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04544725-3d95-47cc-a0d9-6820a27592ce} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" tab
    3⤵
    PID:2816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4344 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4760 -prefMapHandle 4380 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8186bf-cadb-44ee-ad4c-ed7471ccb1dd} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" utility
    3⤵
    - Checks processor information in registry
    PID:1916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 3 -isForBrowser -prefsHandle 3616 -prefMapHandle 5392 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f183406-6a28-45c8-9b9a-9e8a58e87eb6} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" tab
    3⤵
    PID:1376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 4 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3bae9ca-3944-4bd1-910b-2c49223504e3} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" tab
    3⤵
    PID:72
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 5 -isForBrowser -prefsHandle 5492 -prefMapHandle 5496 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e095fa4-0801-475e-83e1-aa4045156c0d} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" tab
    3⤵
    PID:1464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3760 -childID 6 -isForBrowser -prefsHandle 2740 -prefMapHandle 4364 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1244 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfe5f705-e9c7-433b-a099-dbf8ff32292e} 3536 "\\.\pipe\gecko-crash-server-pipe.3536" tab
    3⤵
    PID:1924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\activity-stream.discovery_stream.json

Filesize
39KB

MD5
0bdcff7c3015075344f475ac1ec09844

SHA1
198d9b53521fa206b85822f8c83050220ebfd926

SHA256
78e4fbbb8c24bbbec51bbc9758d9a02b8060e7f426f3bd87778503dda8a1e2cd

SHA512
5e20f4eaadb557a73a930d23379b2abf82447811362bf632a855e18a73858d7a7bbb350b7bb1f5bc2a63a89169b8b27c0a90d9c62dc243dea8e9a9c14f135d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin

Filesize
8KB

MD5
ed20b825463f2f438001f21c4a3d7eb6

SHA1
f7e70b77385d498983e96f69fe4db7b7d3abd666

SHA256
73eae2716e108b0651a435d71ca622e1ea876bfae18676f08cd3627c102d1dd7

SHA512
407e50c26406a455c0e231ee2c5f311ac28874ca4ba2c86327d02195b4ee054ae96da63b1dc77c0bd0e670565b59818ec0b754bb76ab44325a411ec1925e130c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\AlternateServices.bin

Filesize
12KB

MD5
2d5557e45a448fa7222a0d232ea4a8a7

SHA1
2548629b1561b4e271fe69b4f8042169889845f9

SHA256
1cb6a9a444f7162a1b190d1dfd510a81eb4f7cbb8008a0a3c10b7087391075cd

SHA512
ad1f89d59e5e6cafabcd49168a2ee5fd9a8aa8c2d27c70b0d7e1f4080aec9a8ff02b91660531299e87ae8d4e133d73baf219b3d14511f2850e9c792105def31d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8cde26d7f7505c55d6bb38a0d745c165

SHA1
99034483baa8a71f903b686e03e31b49f25e8740

SHA256
6e6a32b0100b430ae8bb905ac68f92b38469a55e90e4869c27ed4a9c32f57b98

SHA512
695ecf66e1616d3b0c306852ae4d7bf8ba2f0f99b2be5ba8d01cc7b83db22aa3d991b875901c3749934f6bb5a97ec66fa647e9f17f0890d0b4cb549ed381ffde

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
7ef28f5f3a78b520112d27ef70d420b0

SHA1
0f4db444fe2fc4a9c550edddc6a2027191db21b6

SHA256
e3b934c011667c043c33dd67505734ed4a52fc952c023ab9a40c8d27f93046d5

SHA512
5682e98e6065eccfe8946e58b209cebfc7829b06661d3a3630bfb8125ffe315d2999f2ba7af4cd3f8453154ddb4fb12f286900a33a063b8723fb8919bed0aa5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ff07f2abe2710d6038acab5bfd4dccf6

SHA1
a98782c2b10a3d1d42a273635c3754369a3aae8a

SHA256
151c5cb58934e26adddc158910f6abff6d58a39de1f40a8d1a51dfca6c71f23f

SHA512
bd15657bd38afaad7a857d3e0fabc625e493c58f794b67c66a6a3d843c4cafd8d311a6f38de6d1ac5dbe56f9d81bbf359383904364f273502f1ff5e9ddb4106d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0b207d7fbe73cc48ff125700119d5db8

SHA1
2bb7c0d5a98471499dc73cc88de2ef0c2d22dad8

SHA256
4e7f1f385a66bd07a700b909d41419d7934d7fda9edc6c41fd61067e28532f18

SHA512
14472a8efd2966928e4525956de36fb086df6eff5bcb5b2f5a5ed2c6ed641b3d39c8415d7304778642846993f0470f7013357160cb2e2c192f51591c4f8b5839

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
0f13be1ee5b804548c542228abfd27ad

SHA1
69dca31edcd6a7445364c3435a4d0b2bb158e1c9

SHA256
c5599574b9d529cd596d8c32efa9b6ebed31f34c8197dd9538fdaa5a6294d932

SHA512
b5aa7680f7558e69055bde2916969bd38e830395d509f6df7ed47e62319ae80b9289f86d2c5574fd51146a4a4e050642d4bb6f2097b773fd065a8d6a5fb8a83d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\0c2f0e2b-14dd-4aa5-89ae-42efd730bd1c

Filesize
4KB

MD5
8446caccff0a66d374e70777f624b0c4

SHA1
972bd9dab28f58d839d2f2e7387e9920c8b86132

SHA256
0175c651da7c1c707cdbc9eceb737a75240c68e90e7e2a61824aee526a42749e

SHA512
003cbd76aa29176afff61487b3e5965222def173bebb4a2a1b8a1e3e42fbe2904960df5721bc50f6eeaba79eaaf3bc413aea08230ceb2f15ff8983b62262ec3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\3cd3aad7-a047-4989-bce1-9c247d9396b2

Filesize
671B

MD5
2fdc743e85b2ad89fe9279612741a52a

SHA1
23bdf0942ec5214182e0c10f0148142f4b2b9de4

SHA256
06681e9590f2d43949039ba40adc016ca973afa16dbb075c1776de862cbeacd8

SHA512
775fea35a38cf599d93376169d6a13f85481be6d5308718bcd576ecf84e8ba892add61ccacebb51d5a76bad8e2bcc75dae913ddc0ca80ead984938f4b450f929

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\6e768172-430e-4a19-b316-70aef539e087

Filesize
982B

MD5
c9ead52b74c9aa6ae30170ad8b748d2a

SHA1
a858ce7f57552a131243db29ec19ebfbe33178f1

SHA256
c50161030ef3338ea21203a3381a2548251ec1fcb8b40fa39778b389cf0f3ad5

SHA512
74bdec55f2dd4c11ef28707cf8f51ba5e65b145e6b2a9b281345fb60bf8e8d70e5b4a343e3865af49c563b69a3c741f1ba35b28a97a3da2bf2a535a524110c12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\datareporting\glean\pending_pings\94fadab9-b3ca-4121-9191-57da109d8c7c

Filesize
27KB

MD5
a8ae9a6f2350753ac0ecc7b11e419fee

SHA1
2db39c62d2742a5ecfe3d9d56863a77f8f2bf467

SHA256
09e2dde2d5a557dd746bdebeff4c9fbd86f083a962ef01a3ca968a0401ee5ed4

SHA512
b25f79cfbce74888acfaf6af0b37eb10ea2c644364700af47956b513457d20fe0c0a80d58382a9b44de0c911b9c8d0939a810372c106c1e8319c820b45c806f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
11KB

MD5
f4ae9459a761c9536b94b1c22689cb54

SHA1
36402d3d08cf31ae9ba699ad6f8b78178b3f5cb5

SHA256
48013a288c1d80b002c53ec38fbc914abf0f275c925d02db5caada58d9e26858

SHA512
f7aabdf685d16e36b86da04e48a3cad64ca24cd92642d6e38adb70ffd1a1a1f0a98ae2257306e6ddab33cc4b8b32b9321810bb707b6e7bb5a580ff6f680b2f12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ybdgtqfi.default-release\prefs-1.js

Filesize
12KB

MD5
8b8cbb44a1ebc54c9975cee305c2bc59

SHA1
baefdcc17abd5ae31684ca21286e2370fab197fd

SHA256
7f642a6e24746f35c83f41c3f320e877746da7b36c400a89a2c94c6075f488a2

SHA512
b313ff03a3f70d12b23463c1db34cbeab5b41d6ff71cecab832c481ca37a1bec32f3254eeed1d04d481591c3126cc84d31b1e453515f9d75decee7ee77fc91b1

Download Submit