3cc1badaf474652682b537310b01a6934dcf7c3a52352746a9e492558007b950

Analysis

max time kernel
1563s
max time network
1567s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i.html
Size

1KB
MD5

c2f6eed73bc2a0d1d0a712d820fa16b2
SHA1

610f085de8f6d6c8c53c8e9b3c4e79cb4f04f4dc
SHA256

3cc1badaf474652682b537310b01a6934dcf7c3a52352746a9e492558007b950
SHA512

e49700ce1ee26b91067d444c0bd0aea21411c46ac07169f4251218430ac8d77232b3f9d50c9c624c2656ab00cbea048e726a4356cb6ad388784f48ca8fb46435

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3502430532-24693940-2469786940-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1500	firefox.exe
Token: SeDebugPrivilege	1500	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1500	firefox.exe
1500	firefox.exe
1500	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 884 wrote to memory of 1500	884	firefox.exe	30
PID 1500 wrote to memory of 2536	1500	firefox.exe	31
PID 1500 wrote to memory of 2536	1500	firefox.exe	31
PID 1500 wrote to memory of 2536	1500	firefox.exe	31
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2652	1500	firefox.exe	32
PID 1500 wrote to memory of 2516	1500	firefox.exe	33
PID 1500 wrote to memory of 2516	1500	firefox.exe	33
PID 1500 wrote to memory of 2516	1500	firefox.exe	33
PID 1500 wrote to memory of 2516	1500	firefox.exe	33
PID 1500 wrote to memory of 2516	1500	firefox.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\i.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:884
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\i.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.0.1928692947\1490494838" -parentBuildID 20221007134813 -prefsHandle 1208 -prefMapHandle 1168 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a9870a4-80d8-4d54-a3e8-37d16ba08995} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 1284 110f7858 gpu
    3⤵
    PID:2536
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.1.1969446994\491154402" -parentBuildID 20221007134813 -prefsHandle 1472 -prefMapHandle 1468 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4b6de7c-ad99-445d-9af1-269907f47b48} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 1484 e6fe58 socket
    3⤵
    PID:2652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.2.720276443\276348831" -childID 1 -isForBrowser -prefsHandle 2172 -prefMapHandle 2168 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47b51de0-e10a-4f4e-b20b-f936c7c7d980} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 2184 1a314258 tab
    3⤵
    PID:2516
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.3.1982420776\950161086" -childID 2 -isForBrowser -prefsHandle 2484 -prefMapHandle 2480 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a65d0dd-dd50-4820-8cce-0d920b6e64a0} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 2496 1bddcf58 tab
    3⤵
    PID:2012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.4.1543508514\1943612362" -childID 3 -isForBrowser -prefsHandle 3676 -prefMapHandle 3472 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d125206-6314-40ad-863f-a6f94b6daca0} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 3724 2167f558 tab
    3⤵
    PID:3052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.5.1005472050\1644329203" -childID 4 -isForBrowser -prefsHandle 3840 -prefMapHandle 3844 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c0d4a42-76aa-437b-8e49-b3c30c24f82c} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 3832 21681c58 tab
    3⤵
    PID:1648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1500.6.45803413\1918367574" -childID 5 -isForBrowser -prefsHandle 4004 -prefMapHandle 4008 -prefsLen 26450 -prefMapSize 233444 -jsInitHandle 824 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd2183a7-e54c-4682-bff9-26169ba98484} 1500 "\\.\pipe\gecko-crash-server-pipe.1500" 3996 21682e58 tab
    3⤵
    PID:236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
37KB

MD5
0e5c3c049ec3bba172577a79c11a4a5a

SHA1
4992df74a4624598053b3123dc71c3d474ad3eba

SHA256
b97c1b0f7b672840e99ae403867aa71fc14900a35051d3d4d869bbd791d235cc

SHA512
4bc2473d914ddba3e753e813b91499390c3f209708a641b043f319a92bf02479e6bcc2c81251b144dba589a420b500053f7fa49fc41ec03ecfab19036ff9d81c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\doomed\5159

Filesize
15KB

MD5
db6bd78b6f44773f3d7e63361820e32c

SHA1
bfdaef4ed130cec28dc59b61976ebc7c04939bfe

SHA256
c3dc77630d26802050ecbc98d237732b1b6fdd92863bbe3c051541d35496e9ba

SHA512
ddd1cdfadef7797b5437f7e096afbac94b6f181c14c496d82a70aa034df02e27dd64ffd49dee637e02917e489c46c8eab6bbf062c5d3ddf37e4d5c4d4f785685

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nndpnsl0.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
6a95663d8bb0c1a06883b0450c6970e7

SHA1
172b50493bf591654ba861f99d8a1c895b4ee4ea

SHA256
ec2c06382f3c19edacb7e3e66117d5cccc0b5abe5e8e6f95fd0ac3e3c807fbc5

SHA512
916c5c232b7bbc4ab6e0dfb153c9740a4de0176856ecc4d3091d5a4d0dcf690cdb390140a1e28bbae6f1fd0a3d013d139e270aa412c17b5df2140206d742ab41

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
4993aed258c43f431c4fc27d642b3909

SHA1
c5391b28d47741f3574cb56cb03191f31cfc2804

SHA256
22f40397a4b92b4ba9777eedebd7ed69472772d53a55b953eebef67e73f47c3d

SHA512
69417cf4ef7ff3e9e40886c66009e373ec3898f6b64fe867ee59b59cd844db7aa73e10fe2d426d8eaaf3246c821dbb54eb2bcefb8c5fbe63b1559fd0a6708dfc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\bookmarkbackups\bookmarks-2024-08-21_11_5h7eKW0pE3Aq-pSa2dI0OA==.jsonlz4

Filesize
946B

MD5
895682c2fc2c07cda215ba62e57261b6

SHA1
fb66e4eea346617848114284d5f3c788ce3276af

SHA256
c156c613aaeda19ab4baead86896360c173d4af91d03c030b179fbda8372b4e5

SHA512
00a3f07045bed64190797c18db731015afb997f378005c0acda45f6e6ed412a5ae1d20590a3376e4a32a6eb12289e611ce60543702c078090a20ac7ca8914317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
252c14c51627f007ae4decee31b05016

SHA1
d1161f8a25af5eff8d3f64765dae8ec32db1ac3f

SHA256
6a9d401aad22b65c9c3115bb7bb669c5445fa1157e5f013be671d38fddf1a46a

SHA512
55234fc7e95520d568db7aaec8e4e95b58baaaa6149c056a3d0ab5f5a5e2a1779e60b378f1216592bbd1f1f0c0b00791bfee1e84a6bae0153b5d9cef9ae9c06e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\pending_pings\0f90498a-7e24-4f68-a05d-3eae4e225f9e

Filesize
745B

MD5
9f3ecaf7a8eee6cdf84a8f825942e992

SHA1
285de1938ae4000dcb9c0a8901a461aba64a28df

SHA256
ca1d200a2cf68937fb67b420a29b8b359af064ee0cfbb1077dac4035503b8c85

SHA512
71772eb61410c374d8e15499a5a68bd5585e1d82d1203ce66e4349ff180eb763c4ac44a78d66ebec1259808f838478d589b4f2310b2853898d563b29426bd4ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\datareporting\glean\pending_pings\5ac80aa6-478e-4517-a54f-f85b161c9fdb

Filesize
10KB

MD5
9ade17b5d068f4e14a353ca1c0695a07

SHA1
4ee8c862b1d797a85f0a4b6e4cdfbb814a83f0e4

SHA256
d4d281ff9c38e6246825c72d1a4747de6257a80d9b029e765549a88a04ee15d1

SHA512
ec443db5b01b0b63f8871a030e7a9f14f003475c38e7ff0135785edfb7da3857fcad921933013d711895525c39f93733f563e661e3ca35a61009eb9b05aed0e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\extensions.json.tmp

Filesize
38KB

MD5
9a76557484f92e0e34ad0249e1ecef85

SHA1
f3f17a9d1de9f1c8aee374eccef1776680f9739f

SHA256
a59787fe9a15797de405106eb09c2f14e44ee2df9ce454b7579a42a826b1672f

SHA512
1a12a526d77bf8d73b976a8aa67ef390f1572143f87c3fb4ab1eb421fc7dd16df7feca91b73ce497ac9bf86848e64b781865f5b84101ec9c5e3de1424ad4f5f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
10KB

MD5
463ff4c89256917c84ffd505e2c202d3

SHA1
f6b0d515656dfd8c88981644f6df9d42dfd15ad1

SHA256
6fefbf6b6fc5ac4178739e2a7d058b9d51648209ebb43d4da38754d451653d76

SHA512
a955bf286dab2d1a45394f30480eeafbf0b01ca4b5066502d11651b7a861205ae03685ebb49bb92bd53ccd1cb55a241589ea49cf36d519eca89f3d9c41cedef2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
9KB

MD5
618ab4aa7dae920644819ba1db8b11ba

SHA1
f753efe81417149a9ec9d0f2c6a66f561271bf1a

SHA256
92891b4928255828a2a686677f5bd6c8f594ea346389c4fd9cf238693931fce0

SHA512
4f41205a9b64a2849701fe4d1fcdf3a21b43809f7f43ce88c122789de64570fe7dc91484ba3dbef88bd2c15c5cfb6a4355e9692d93ee249e00260ec12fe0968e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
6KB

MD5
2e6d17a53254d33f89f138ad8f378caf

SHA1
800d56b3e180374706ed06d7a00e598f58240b06

SHA256
162bfd13d05443335f66e7430be1102f22075fe9c574cbe280423daa3ca28f6e

SHA512
c0003f72c784c43167fd9196434c6ae9317a0c5ba93e41c5a31eda20087a1b4ce29f96f7e16cc3e33d10849647c1780d9f01e4bc15118549521668e040647c92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
10KB

MD5
a0175dbe1529099a70914018b1e85c61

SHA1
f450eb9733daf2967bdbe164f264fd2ae18daec4

SHA256
edc7caf42fc67eae36d5cbdea3ede7ff1585f28b9510b874a2650659b61ddc23

SHA512
239da622da77111a9262dc76bf8306bdcf3f59e8704cb5a5179ba1bf10227e7f88c12c90af34d83eda40175750b2bdb22f762cffdb66d79ee37f8e5db15a5abd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
10KB

MD5
481940d277842cf9ae064864a3f0d1ff

SHA1
2ba432b774464cf587bc33cec013e8c7a277230b

SHA256
39ccde2f97ae1c336c8184acbe60aa8c08640e4a353ef7226f0ed11e0c9bc307

SHA512
9e27c39cba9a66c19bac989ea0588d6d3a2bb37feb78dbfc2b53b64e63111351d5b0ccc54343e2a8cd74ce0053638c8a8f3d6e729f0736281f4d84d667f01111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs-1.js

Filesize
10KB

MD5
14b86b184b4ce779ab2f651f76d73839

SHA1
f9be336412fd0f2208c6a69320b69ea851a58bfb

SHA256
e832adaafbb9ad10a11c1026b289afffcecb02255141471ef0157c4b5b28e2a9

SHA512
0a954bf12f195dc596bf3e3e36fb061487578d7a3e0af797ee3042dc012ffd0cbf3532ebda6cef90b4db1417efe756e50d967fa46e45c1ec4274c32e45d32dff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs.js

Filesize
6KB

MD5
4b1ca0c0c092bd61b027d0528e33f1cd

SHA1
8432b14f79fe296f713026344bbd55ecefd85cec

SHA256
de9bfc53eca1a7716547f8db0ec17e6e89e593c7878f128b4d3d98753926f622

SHA512
abd2d5940c1ecd81a658eacf75f18779f76a80592ed064f93340e5346680922a01a3ee9b39629c7f9a155d83e5ffd7cbb42597be38faab1bd27bd895ab543b4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\prefs.js

Filesize
6KB

MD5
50996cfef4e6673da70cc1aa17e6e1bc

SHA1
6a9349f7cce531742bef93663067cca4edd1e117

SHA256
8b11ba8a3388a82c1b8e73b473d227fd2214a2abdeb9afddba8faa65607642e0

SHA512
91e04cb4e3bce6d8230ad2d02960a85c1b0ffa1ac6197524e92790c730a130403a565507e2497d6ee4ffc5d83472b1fff3078903b2531e46c2627d97948747e7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
78fc4062c32e94bb90da2aac3a0c69d6

SHA1
578bbc740d2951ef9a10feaef76e4d8f330b8433

SHA256
497aca78747990e6420af1b8422935256a22d895d14b60ad384e7421cc9041fd

SHA512
94369b119b080cd728cc081cafc19a0e472d25340f345d2adfd10bdf91a8ca57a3f62b3d9bef4f882d927ca1a3d976e0a0a0eb932aa453263fd6e13a4f11fc46

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.6MB

MD5
47fd0360a7a4d6113f8d227cfc47408d

SHA1
1b8b043a557db8746a56c9f9130e457205021a47

SHA256
c925aeec45caa56115215725dd5484657241610f08d6e1a0b6ae3f3fd9b68c66

SHA512
f1ed6c49a6165811493d0fae9c6e4bf76b33c9da707618dfb0c094441d7074a248b01c498a648336e813f1ec1f9c7ef1569b0ec30679c6968a598af4cb48a896

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nndpnsl0.default-release\targeting.snapshot.json

Filesize
4KB

MD5
7a96fa7f3f60ad64a9ddb644a75bed52

SHA1
8d2cfdb252c4a62b859b409f0b6b591e5cd1c1b3

SHA256
14243d648b6c5023d49c5a16268cfd75e249000cc7b1333527e96e3bcf0a09b0

SHA512
b4ec566bb6f8cdcaad5b1e60267b0265af0449bb3c4220ee9aef866281babf0697f9edac90414b5907648791572d573778592f6e7c8e9752b4ba3d65740bf317

Download Submit