hxxps://doccv[.]ru/A/AS[.]html

Resubmissions

19/08/2024, 15:44

240819-s6gy4swepj 1

19/08/2024, 15:42

240819-s5knlswekl 3

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19/08/2024, 15:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doccv.ru/A/AS.html

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1052	firefox.exe
Token: SeDebugPrivilege	1052	firefox.exe
Token: SeDebugPrivilege	1052	firefox.exe
Token: SeDebugPrivilege	1052	firefox.exe
Token: SeDebugPrivilege	1052	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe
1052	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1052	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 3948 wrote to memory of 1052	3948	firefox.exe	81
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 704	1052	firefox.exe	82
PID 1052 wrote to memory of 4964	1052	firefox.exe	83
PID 1052 wrote to memory of 4964	1052	firefox.exe	83
PID 1052 wrote to memory of 4964	1052	firefox.exe	83
PID 1052 wrote to memory of 4964	1052	firefox.exe	83
PID 1052 wrote to memory of 4964	1052	firefox.exe	83
PID 1052 wrote to memory of 4964	1052	firefox.exe	83
PID 1052 wrote to memory of 4964	1052	firefox.exe	83
PID 1052 wrote to memory of 4964	1052	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://doccv.ru/A/AS.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://doccv.ru/A/AS.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2000 -parentBuildID 20240401114208 -prefsHandle 1916 -prefMapHandle 1908 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f24dffe-bb2e-4c15-9238-b5919154396c} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" gpu
    3⤵
    PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42e549e8-b3ac-4c2b-bb34-60da4025251a} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" socket
    3⤵
    PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3156 -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3076 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a312b1e-ce51-4d5c-a174-d7aa92a32310} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:3616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3856 -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f760e9b-7d51-4a4e-84d2-2f44cba73e83} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:4812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4848 -prefMapHandle 4840 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30a58b96-0325-4511-b72a-7f597002cbbb} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" utility
    3⤵
    - Checks processor information in registry
    PID:2436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5336 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {079fa251-55d2-4e3e-bd78-b22a8338a56c} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 2800 -prefMapHandle 2956 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc669033-f785-4262-b27f-9c17bacc5360} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:1424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 5 -isForBrowser -prefsHandle 2820 -prefMapHandle 3028 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc02a800-3dcd-497e-b36b-bebf8cb04661} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:1684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5808 -childID 6 -isForBrowser -prefsHandle 5800 -prefMapHandle 5600 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55f44012-6d45-49af-b326-ca07769cf518} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5908 -childID 7 -isForBrowser -prefsHandle 6100 -prefMapHandle 6104 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59194628-79ba-43a9-b498-98a7da54adcc} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5456 -childID 8 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1a763ee7-8692-4516-a537-8582fc389992} 1052 "\\.\pipe\gecko-crash-server-pipe.1052" tab
    3⤵
    PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

Filesize
18KB

MD5
9073c61abdfc81043cc338e4ed5fc049

SHA1
f8152bd1a70135c2fe7c4f2bb02d9b1247562eff

SHA256
98fb8a53e7edc7d0a72a8fb50478e50fc5619110f0d7fd858d4769df3d724eea

SHA512
8727e83ae76edd1dee5bafee67dd96338320d27c8be7e4b504d271b23a6aedea3ab83bd0a379ab4ba18bddec7fa6684f311242800367c14de5d1a93a7f5ebbae

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
7KB

MD5
1a3756eadfcb3e531c73190f0d557761

SHA1
49ce36db57604e70a707ec674870abd9ffb69267

SHA256
676d2c67fafe4a07f22259ba636457e28852ea8e5d6067d1b449366bbf635d71

SHA512
0db0d616601678bc2f2ce2bfe965345adab53497228252accb2dd3d844301f94d8a053c4884180ec530abeaf71250234df47a9f8a61832b5a77de24c35193db9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
7KB

MD5
ae6bbc172f86d8ee57fb985fe32f3363

SHA1
beb4f5d0aba68834050ce81db62de7dd07c58dca

SHA256
7ce3daccd0278aa488463ada28ad8c070ed81dacc8a8a8e04a22dc0f32b4475e

SHA512
639626d951f1fc20d97d26b6afd48568802411875c0754723a4c4a4213609ce31d2cc706a89ba5567314938dce662c89f7520be8d99c102af0243a278ebe8e72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
11KB

MD5
fd5d7d1566a7683efe1a3501f65c5063

SHA1
dc625c3195600612b15745da42e4bedd4f8d9d8d

SHA256
f77e15cfda5b1ba9cf22660712a9234abf9bfa4e44adae6f2bb1cae70709fd17

SHA512
240ec720823c5bbeecc1de9e07f0b986215b3f710ae05202b75afbce06ece52fed6bf70ce92a3c5562b8a922a645c4414a35a3cbbb652fc2e74dc26f8c16f246

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8eaf0a7cbc5c23dfff62057125368fc8

SHA1
4f16e4b2af376b4d8800a2849ababb98a0570615

SHA256
54bb2b596667497c9652447472fee121fa96984a9c5cdc937fac804a99c0ec8b

SHA512
b782b57552a04780204500cc60969f278e6cf96d818635788745707750efebe1361f3c0d843854272b7af3f281843749f0b9933d97f5c4a2a08841f533f3d878

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0190ba6992e5546fbdd7ffec214f4b60

SHA1
a64589fddea603e47a6900db0d36aa31163a2d28

SHA256
28edc5e9145b8d7bfe3fcb8e057c44d8e7503b0df3c5c96681e0848724977004

SHA512
3485884a18028eda2a26f073b746a3a49bf940c06c4eb830db8a92365a20b3ad9fc3f5d0c2b78c792803ddf749918a9861cda7e952fc561c63d12802e1c91d0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
49KB

MD5
c3e998e51c2256332d0e203366fa903e

SHA1
385a9876c28a98da39235177acec1907e2e9c349

SHA256
1e563d8019599ecb5d7a3de9ce355a3a925787b35027260332733106c1f566f2

SHA512
4aac077bbf60d339a84aa0f3cc119036bb2e6c9ef44839a204b699307166996bf4fee627c68984fd8dc3290cceb08f6ec855a618f1a05d2e8f990739f0ea9280

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\02354e2c-f8c7-4ffd-937b-39756dbf8be6

Filesize
23KB

MD5
8aebbbbc6b775193638e055a1376bf5b

SHA1
1ace58d4250cc7a3efdd90f940ca3362c8d0c9cf

SHA256
984b07c87fe9180d108e11678f0da62097ab779f4ba8e7de14f3dad1489c70ec

SHA512
abde21ed2ff8b934d9f267a4a24ea35c40bf2e3c9aebb35f097568fa4068b66348b5bffb14eedea8e755519fca1235150f49ee2cca6af5f4d524546fbd5e147c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\0d09aa15-3c71-4aef-8a71-fcc9775e405a

Filesize
671B

MD5
1be7320fc49a0b05ca626e9f207106d4

SHA1
439634e8d830da65ff00e111f43201d725881a1f

SHA256
18589b17239305653d712983f12feb45680e67e3e86a6d955ba46cda31d96dc9

SHA512
87ba8a715ee440dcca4dffb280166889df316bce2f678e8738eabbc12809ad6784d365ceafeadb9173512aa43674ba6dcbd3cf8732d277fa74ee9ce4f749a676

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\d02ec60e-e694-4ad4-a137-35f0b628e6c8

Filesize
982B

MD5
38c2539a2d280032864c9ee27ee8fd83

SHA1
529e276cfea195c13da88a751212dbf885404d98

SHA256
c8ad7fb89693b6b41309dfdf6b4d3c04639691e89cfaceab0cb339caf9d7eb97

SHA512
3bde8bb17310b6de61bea0d8ea42fee9ac8488ac1a79215aa0664c584814345a86efc4236fe6582f7dc94a070b9cc6b2514e50990e289f3e92ed4f56e402ba82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\LICENSE.txt.tmp

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.lib.tmp

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
36e5ee071a6f2f03c5d3889de80b0f0d

SHA1
cf6e8ddb87660ef1ef84ae36f97548a2351ac604

SHA256
6be809d16e0944386e45cf605eae0cd2cf46f111d1a6fe999fec813d2c378683

SHA512
99b61896659e558a79f0e9be95286ebf01d31d13b71df6db4923406e88b3ba72584ef2b62e073b2f5e06901af2c7d1b92d3d12187fe5b4b29c9dd2678444f34e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
12KB

MD5
9e5d9aae5475991d8c2613682e58e6ab

SHA1
10d3a9771d5eb93b432dac017757adc3455476c0

SHA256
828b826e585b41c5219c17b5280a24c5661fe40c3093b41c4274f00439acf130

SHA512
d0cd1ecb34aae3c16e19c811d946adf8dcccf319ef9c538a5643671b2b28ba90b065968486b82f0899686c9faf08532bef41d962c65aeebb4292556f8ad9aa30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
11KB

MD5
f9b1b39b3465aaec47b18ff85b478555

SHA1
2d5eda3078b842801efcb20d5df96f81c7c19ea8

SHA256
a772ab8e18754c193f72797f936107fc6650610a47d24de469d715f6797ae5c5

SHA512
d4bd58edb8cda4d1089c8ae99279ad5945ced8a35e7cce465bb0994dbe530b2eb00bca3955da380600d3fb40a5f46ce2bebea49acca28e197eb6c12986f25640

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
ed564eec9c5ec1c09d4ec29a9d8964a6

SHA1
0f6533e6d92c83c80c6885f7c2dadbdb85acf1c6

SHA256
01faedc5652f0d2eb8aa6ff1feb7e297f303901dbb67f2f95c0d2923bdb42326

SHA512
269d174dd79b4d65c10b14d5b8923feae822e1ce927f5aeb6aea27b9b06b8ba284cb040679f5028152da5aea59ef17881c30b3c407094a166fc824ba7314ef3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
d2d7f67656b497aea7d907afd041242c

SHA1
7f4dcb80e18f404bdf8aebafb9c19a0375d2e8b0

SHA256
3949728340990c1e3da1354821e1f405d40c62fd8404ab61a5e8b273b9c1cdc7

SHA512
f886c03996c1f2cb94827a5b72730d171a6d2272dc352cf4173ebd3a769ac08c0d5388b194bd197bb56c5a5dc6c746a77d15e1856cd3b1602070e418cdfb8db7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
6172838b051a9e90486241d379428a1d

SHA1
60a1d467b12eb20e6e7f8f6795fb0a57024eb9d4

SHA256
fba05c53ab1a4170f641dea5744b2dbd5fbe02d88390be06560de200a519ed39

SHA512
0bee0074f34f4f7caafa7404da66f795615ceb4b8808e4295d57b3c04c7e0310a6097b9e6e393a50516cd584a35f86734c0b41e586437edb1596b440d191cfb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
04c0cb286cf3088ee957e842e0c5ca01

SHA1
c31f04224d8e2d39e6634e7522ef79c840da362e

SHA256
7b5e210b5dc776c8d761ecc550e76006f0772ee03153d0e5e3797e1ec4689318

SHA512
833d1e92ef35492676326b7d6c177e8d033717f02f9a24c0bd434538718f10658e4dfec909a42fa7c51e80ae5a06d6df608b18776befa13bc2805ad4c3945c34

Download Submit