hxxp://files[.]msg[.]cx/Nighty2[.]2[.]zip

Resubmissions

18/08/2024, 00:02

240818-abtejsthne 7

18/08/2024, 00:00

240818-aarvbsthlh 1

17/08/2024, 23:49

240817-3vedystgka 8

17/08/2024, 23:44

240817-3rmwxswhjk 7

Analysis

max time kernel
91s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
18/08/2024, 00:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://files.msg.cx/Nighty2.2.zip

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4796	Nighty.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Nighty2.2.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe
752	crack.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4592	firefox.exe
Token: SeDebugPrivilege	4592	firefox.exe
Token: SeDebugPrivilege	4592	firefox.exe
Token: SeDebugPrivilege	4796	Nighty.exe
Token: SeDebugPrivilege	2756	Nighty.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
4592	firefox.exe
752	crack.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 3048 wrote to memory of 4592	3048	firefox.exe	80
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 4872	4592	firefox.exe	83
PID 4592 wrote to memory of 1296	4592	firefox.exe	84
PID 4592 wrote to memory of 1296	4592	firefox.exe	84
PID 4592 wrote to memory of 1296	4592	firefox.exe	84
PID 4592 wrote to memory of 1296	4592	firefox.exe	84
PID 4592 wrote to memory of 1296	4592	firefox.exe	84
PID 4592 wrote to memory of 1296	4592	firefox.exe	84
PID 4592 wrote to memory of 1296	4592	firefox.exe	84
PID 4592 wrote to memory of 1296	4592	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://files.msg.cx/Nighty2.2.zip"
1⤵
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://files.msg.cx/Nighty2.2.zip
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1868 -prefMapHandle 1860 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {239dfa87-d861-4c69-ba37-2813fab12cce} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" gpu
    3⤵
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a487ad41-2d32-4765-ad22-7ae8db20a481} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" socket
    3⤵
    PID:1296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 2796 -prefMapHandle 3152 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {960d36ad-6279-487b-95da-4c62fe63163f} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" tab
    3⤵
    PID:1088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3540 -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3612 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0a80fdb0-a7a3-4d46-85d5-3beaf14e21e7} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" tab
    3⤵
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4748 -prefMapHandle 4740 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c716127-2019-474f-b330-3de8192a4582} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" utility
    3⤵
    - Checks processor information in registry
    PID:2604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 3 -isForBrowser -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 27091 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {feab202c-7bc7-4d5f-bb53-fbbc43c26fc0} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" tab
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 4 -isForBrowser -prefsHandle 5772 -prefMapHandle 5840 -prefsLen 27091 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2488ff3e-d54d-476e-b1a4-3ba1b50305a8} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" tab
    3⤵
    PID:5024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5980 -childID 5 -isForBrowser -prefsHandle 5740 -prefMapHandle 5744 -prefsLen 27091 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {65b10497-c4a1-42b9-be22-0aa57ddefa3b} 4592 "\\.\pipe\gecko-crash-server-pipe.4592" tab
    3⤵
    PID:4036

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3376

C:\Users\Admin\Downloads\Nighty2.2\selfbot\crack.exe
"C:\Users\Admin\Downloads\Nighty2.2\selfbot\crack.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start Nighty.exe
  2⤵
  PID:3260
- - C:\Users\Admin\Downloads\Nighty2.2\selfbot\Nighty.exe
    Nighty.exe
    3⤵
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:4796
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c "ver"
      4⤵
      PID:2888

C:\Users\Admin\Downloads\Nighty2.2\selfbot\Nighty.exe
"C:\Users\Admin\Downloads\Nighty2.2\selfbot\Nighty.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2756
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "ver"
  2⤵
  PID:3532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Nighty.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\gen_py\3.10\dicts.dat

Filesize
10B

MD5
2c7344f3031a5107275ce84aed227411

SHA1
68acad72a154cbe8b2d597655ff84fd31d57c43b

SHA256
83cda9fecc9c008b22c0c8e58cbcbfa577a3ef8ee9b2f983ed4a8659596d5c11

SHA512
f58362c70a2017875d231831ae5868df22d0017b00098a28aacb5753432e8c4267aa7cbf6c5680feb2dc9b7abade5654c3651685167cc26aa208a9eb71528bb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\lefunsaddws3333.dll

Filesize
580KB

MD5
b8d9bbc472fec0f6bf553f167b53ab45

SHA1
e565574422286a50149df787ad3bf1b1aa440287

SHA256
6bb38c2b764c3e79f3c8b850eccccdcc25cb8ee5409b3802860e8d6f872084fb

SHA512
160ea7873d4050142f9e6a9213a07c3da59f033bbdbe905c562dfedf5bff6ca814dd5c7ace77f9d87cb1553e21d99915def8627e92a0596164c6545597cb37d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
10KB

MD5
f3879f5ce759b2c5f6c4ef23a34107fe

SHA1
6a1889d4d5f5366dd3da7c158e129f7c41edc072

SHA256
30791fc8fdf927890c9ef272b3f583ce9a572e6a59d891a8ca08e7fb19af8cb8

SHA512
6dd908cc05f0dde2e34092cfdcb98e685d7e808ff54a223d8693ff763a7ffc15f501e96c7c0fcb2fc1d360cc47d9d7911313f825fd876bcd8d5b132004e17670

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
775cf8a0bf754b21b656912cb7661fc1

SHA1
dff8b4cc2b0c172f5ac96385518b4eabaaddd1fc

SHA256
6b3699cafcf4d517ece7ec265bfbea565ff179dca42199f89c680add93d4d256

SHA512
7edbf51581a33286d8f91ea1cf19fba54443c88021657436e923f9ac2032645f2d3c433c3fe32abaef61a809ac064f854f18bd786df55f971d0d5c11f2750fd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
20e797014852b87ce86b92804ee0ab02

SHA1
500d6a6de31cfa02ca801aec5ca540e09bab8041

SHA256
149cfe9c82882b494edef9505c6da5e13fed68ebec0df5e28141aed2a84b3f88

SHA512
770f988af8fba72ecfa466d3fbd204f43abf53042b9f060ea69b688c3fd85459ccee151ee2afd8ad1d72087bb2361a7d53a71a0abda114cba0ce191ee6214f20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
4dfb044d40211db184c0da4948572ac9

SHA1
e1f2bba9965f4cffd3d1d17a9211b8a961c64c54

SHA256
36fe71cf86177be8b95afccacb7d0adc02194b1af1b0c69521caa648a4957cb5

SHA512
7c447d72d5632eb2a531c8b26da47e2ac535d0e834c57a7ebc74ff94441e0bba925f8f00d118d9c952493c3b0076516cc4fa9fdadc4de1043b3f99b9b25adad8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\b387d5c4-5919-47ee-a8a0-e07b4bede82e

Filesize
659B

MD5
009bd4696cbec1b50888df66b1705155

SHA1
6b6dd45b86dfad6d3814e86b8bfcdcc4a6400c6b

SHA256
410e81b69c882c3f67ac15b6b57b8b777acb1d55fd8ae1f2b14ed805111f642c

SHA512
7dfff4248ca0534f9eea20fe8d79c86b420752cd1c6f929495cf4153be92521965e7a4f7356a9ceee32dc3ded239fdb50d8355949af3348cb484fef0263eaa04

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\b9fe8375-9387-427e-8c13-7e121a650174

Filesize
982B

MD5
ec23fcd30167e1a0d74576860c019b2e

SHA1
b28db7bd788dac781697c7dd039185b6b202fd19

SHA256
b65b2c91339347bf78983f13cd8196b3e6f964d9e5ebdd34fff7846607582a68

SHA512
ecf698753de6b8d81de8569959d6bf36a7cdff02e49b95ceaca23e8201b292f060c00079b882d29829c5e5fe3597a2f8e395d5be46527826134d8aa6f1320a78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
11KB

MD5
4a97784ac84057da6e9649f272f91b65

SHA1
28dad6a61e747050acc67b8056739d1079425f3f

SHA256
ee5e28d8571427cf4df46d5b9d01be27d671353803f544986349e199948e7c7b

SHA512
b08de85dc3bbb664b2bddae050402a76b681ef6e028f59fe2b80cb1e236b6df20fc760759494e502b5f27137fb2f447d43a7d0308fa00d6906983de75ca90aa9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
11KB

MD5
e68fed80345c9874f61ebab9c5a8c73f

SHA1
16831a1b53e172c3b4712cc5fc8e7dac2813199d

SHA256
d2d7c3fc526be565935eb57ab1cc2b2cd8791e756e8e84477f37c06c95720568

SHA512
e8f52fdbc11bae2e48100c1d12bd82a43cbc305889dc3684a02d4054d8dc9735d6f9beecb7b59dbf9f4006f740be19d486b7ed66568489b7d051df49cd227702

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
7001266ea8007dabe1755fcb680b6615

SHA1
b2b82354a292aa5a6b89dbe7e713315691cf109b

SHA256
c8c5e61dc8495271b65ad0985a66ff4bb418325ea46e82e8106490a8272d64d3

SHA512
cf11c01925aec8024768e4e76b5b7dbc698201172966926300c864febf165b6713c92545a2114a6c3bfa9e3b74bb35ed65f9826234a1b335d3a85382d5f4d45c

Download Submit
memory/752-420-0x00007FF61FA50000-0x00007FF61FF6D000-memory.dmp

Filesize
5.1MB

Download
memory/752-403-0x00007FF61FA50000-0x00007FF61FF6D000-memory.dmp

Filesize
5.1MB

Download
memory/752-421-0x00007FF61FA50000-0x00007FF61FF6D000-memory.dmp

Filesize
5.1MB

Download
memory/2756-425-0x00007FF8A1620000-0x00007FF8A162A000-memory.dmp

Filesize
40KB

Download
memory/2756-424-0x000001BEB2910000-0x000001BEB291A000-memory.dmp

Filesize
40KB

Download
memory/2756-429-0x0000000069550000-0x00000000695EF000-memory.dmp

Filesize
636KB

Download
memory/2756-428-0x000001BEAE0D0000-0x000001BEAE17D000-memory.dmp

Filesize
692KB

Download
memory/2756-427-0x000001BEAB870000-0x000001BEAB8A8000-memory.dmp

Filesize
224KB

Download
memory/4796-416-0x00000277F21F0000-0x00000277F2260000-memory.dmp

Filesize
448KB

Download
memory/4796-419-0x0000000069550000-0x00000000695EF000-memory.dmp

Filesize
636KB

Download
memory/4796-418-0x00007FF625770000-0x00007FF626770000-memory.dmp

Filesize
16.0MB

Download
memory/4796-414-0x00000277F20A0000-0x00000277F20AA000-memory.dmp

Filesize
40KB

Download
memory/4796-415-0x00007FF8A1580000-0x00007FF8A158A000-memory.dmp

Filesize
40KB

Download