11438a5e03ababdc7aa308a1c82fb1685c58bb0d4b0a7e3b0a2af7a3c28b62f4

Analysis

max time kernel
304s
max time network
309s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24-08-2024 22:47

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

gasai/misc/Direct Message with robio.xyz#0.html
Size

1.7MB
MD5

7c4f125fba0056a9e5e06c53599b6b24
SHA1

9ff65b98525045cecb116cdb1d7edf059c011b86
SHA256

1e2bcb3c455446f11ed62698062c220dd8c2f8ab78b48663242143aab815d1d4
SHA512

35545099c3a61b0c43e502fe5071ab8d3e6a40fde0aa7ec24033d3509f1753e98517d2c855efd809635566af5b354ac5ce2897fc6bba2b22d629e7b75b0e2b1c
SSDEEP

1536:ZotC3h7zcWjVumi7Z+L6AgxpM77Gn5CfHiBEpykdGx8Q9MIbU1xg2PTmFOd0bQ8F:ZlR62p+

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2800	firefox.exe
Token: SeDebugPrivilege	2800	firefox.exe
Token: SeDebugPrivilege	2800	firefox.exe
Token: SeDebugPrivilege	2800	firefox.exe
Token: SeDebugPrivilege	2800	firefox.exe
Token: SeDebugPrivilege	2800	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
2800	firefox.exe
1472	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 4932 wrote to memory of 2800	4932	firefox.exe	73
PID 2800 wrote to memory of 2912	2800	firefox.exe	74
PID 2800 wrote to memory of 2912	2800	firefox.exe	74
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 3880	2800	firefox.exe	75
PID 2800 wrote to memory of 4928	2800	firefox.exe	76
PID 2800 wrote to memory of 4928	2800	firefox.exe	76
PID 2800 wrote to memory of 4928	2800	firefox.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\gasai\misc\Direct Message with robio.xyz#0.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\gasai\misc\Direct Message with robio.xyz#0.html"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.0.1502501481\221178170" -parentBuildID 20221007134813 -prefsHandle 1700 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e750a359-377b-4e16-8b6b-642622c36c37} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 1780 196ed8f4e58 gpu
    3⤵
    PID:2912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.1.814970234\406708613" -parentBuildID 20221007134813 -prefsHandle 2136 -prefMapHandle 2132 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c5af737e-f544-456e-b762-8cb62a293348} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 2156 196ed7fb658 socket
    3⤵
    - Checks processor information in registry
    PID:3880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.2.281169473\1506798339" -childID 1 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eca5fe08-d29d-446d-84ae-f4fbc4132c65} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 2936 196ed85b758 tab
    3⤵
    PID:4928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.3.1287990526\1703134075" -childID 2 -isForBrowser -prefsHandle 3504 -prefMapHandle 3500 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea368444-f294-4d2b-a158-c2e33be2ed3a} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 3512 196db55eb58 tab
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.4.426142024\821336297" -childID 3 -isForBrowser -prefsHandle 4704 -prefMapHandle 4700 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24f0017a-586a-4dc7-95af-8450559bab70} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 4712 196f43cdd58 tab
    3⤵
    PID:4652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.5.545794252\151367767" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4860 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c62ee9d9-7f85-429b-9415-4bcd1d5f84a7} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 4848 196db566558 tab
    3⤵
    PID:4132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.6.293017983\695318520" -childID 5 -isForBrowser -prefsHandle 5032 -prefMapHandle 5036 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a32b7d9a-5c61-47e9-ab20-532a3bf486c9} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 5024 196f43cc858 tab
    3⤵
    PID:884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2800.7.2120821551\1870087321" -childID 6 -isForBrowser -prefsHandle 2604 -prefMapHandle 1564 -prefsLen 29971 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0c6c29f-b917-4e2a-b1a4-1550110c4e23} 2800 "\\.\pipe\gecko-crash-server-pipe.2800" 4136 196f195fd58 tab
    3⤵
    PID:1968

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa3aef855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\3906

Filesize
8KB

MD5
f7816683055a1e83a53dd649838e5556

SHA1
dbe9d1b205ff50b9e634424793385f1d4bbb3882

SHA256
8272a3078fdce72f47ef4889b88e68ed7d31998082772bfd03aa1fe713445871

SHA512
756589369d442fd2a6a83b92f3ba9b561d07489fe7f006a28f3bae5894ca54745a330955f67f9ac46b571e9b210fa1655cfe88c37c23408dbfc6e94e5277865f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
4fded4bef7611b9f9c17dfba998ecb37

SHA1
c28e5ddfeca34ca5e102127e013ab3dc7374551f

SHA256
ee77bfb4d83af8315610b366e6b39cb57cd6dafb5cf9c498d77483e23407f35f

SHA512
d7a4e18f3dfa4df760bb4522840462e4792205d75d549d92b4247986b85fdec9f11d0f1b47340e91bc29aaed541b6b0721c06204bfec28035a9323ba093cd4cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
78fb30e2653947e676af10e426638693

SHA1
d6a1c393b0887a97231d33640ad96de0477f2a42

SHA256
e223af785c410da6b4497f2c7fd749a6671978042d5ce5a22ce2a2b438463714

SHA512
98f628e53945dac1ef86471ab19546e1e439e54babd5ff4654360192d51b9580abc0f0e0d28fe64f5f1543746bcd2130c008cf2c027d5a313f80ddac070815b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json

Filesize
216B

MD5
bc478e023b174a85444509d37ed35db1

SHA1
39009c63f7e8c30a90e8d0eebf78a364f25adcbc

SHA256
9eb3672b441b029fd00508926acf8e71d5053e333411a7c6aba93ed242458604

SHA512
10232afcc0df00bc17f5bb84f4e7c3523067b85fe89b510bedca5e6ee4fc2fec79892ceebf5cf200f741d26571fe811db807c57117b926268023a51c1a256fc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
13ebd7192072736d9a479869691cf3fe

SHA1
6930a1c6f432a091606cf31c5de458883622cc2c

SHA256
9a098c8fde8d769199cc32bce1116688acb8bca045d0c31f723a4c1e57bea6ca

SHA512
9829ba85ad676ffd8617220f8b60cfb24804879e7f3560a577e48371bc85bae014bcb99bf0e075d0076230d9eec2a19590acad216822e561bf45ca57810faef5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\34c4db2d-3059-4a86-a533-5c7d3befa0e6

Filesize
9KB

MD5
e8e96b6f5c811a26f1b260e5e404d970

SHA1
8cbb615b3c02fd1c37a756f499411a998dbde71a

SHA256
99303391f1206da9afabe241ae9a657437d41c97178aec987353264da766b691

SHA512
2e57c28d6f68f4c3531bed74181c3a7b9c7521768bd434229f9dc098a25678b75868b915763f0b4ca0eb2119e145111eac7c4a27be50557282298576b879a50c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\3774f256-635c-4c1a-8a4f-377536e6b9f5

Filesize
746B

MD5
4750c778e817996a10734adb505fbc65

SHA1
925a0825b255e28618881a62a6fae37944dcd9ad

SHA256
79cb1becd6077cbe726aa2bbffede6935b843ddafd7ab7e9955de6dedcf3dafd

SHA512
1cd458db1013e2874bb92e362a7fbba57cc63af4d079c5d33d90cdc518cc0cbc37b9443da96c9fdbf81239c21ffb4e156ac49363c1680c3c5ce6d2b2936fb2c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig.tmp

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
17bbeec66cec80da60f97bdc0467803f

SHA1
98a00c6ed5cf2c97f484a8d4584deb26b1c077f2

SHA256
74baf8f328cd4946827e41d004ae4b32e220d79bd11350f339068892b94d9631

SHA512
8aee9485fedec347c2e30df15e7a4f7c2a78c7d839e41546f9c3daa094810858d056815bd7af56f4dd39e330984ed6c01144302189cf48de7891087273652a09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
9KB

MD5
7159b5a00fdde049cbf7e48aff048067

SHA1
78190a5a945a2dcd7c491caf95f0bf7fb78b71eb

SHA256
aaae92ffbd41159fdd5c6ab56ed9769159f8109d6b0a9d6deeab7a0542ba40c0

SHA512
9a6ae7401e5edbb5074cca1cb3f6ba93b9240b2bcf95341ea571c2b74c0ecedf247c25931cb4340f7e842ca8a5d9c27060e5ef1f4f655f99ac447c2083dae777

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
10KB

MD5
b3995e71f9929690da2e28c2413e7628

SHA1
64e55ab8092f38a1c0467c17a4fcfc10b974319d

SHA256
1fc10f9cc9ad512bf4f220125ef1be3028b07444be2336828cceebc631a874c6

SHA512
285ddbf52c207e87d2bc4f2651766b419c7535ccf7b75fa8925746c1dbe86ebc6d608c274b31c5698c75d5db413fed89c99e30f7a167191ae0cd0f1c3733193b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
9KB

MD5
2b71513299a618112072b8aee33bba2d

SHA1
cebe74dfdb4aa6c7fd80b919bfc6dbc08e47659f

SHA256
e958f61416f4d87b6be3808735521f34665e803fb6c8869cb09af4c42c1e9434

SHA512
27193b90f94b1a7056e4adf33d4111261f7d35270ef6120479281a299719cd4526659372daeaf761aee788c03de40839c427ea04512f97ae85d45b7cbb9184da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
7KB

MD5
5cb9bba95b8d608db35aea78f195fa53

SHA1
ba77ee630479b83b935247729248e8d3c2db9d27

SHA256
66e9277234e1b80bc37c5e6c7fe5a816a850f8954a12d0dd8fff9775060b4a7c

SHA512
4252a0cf7ccbb681c92546b7fd4965d9bdec36b9d08770ff7848e9a468601c668fe3fe68a9a810598905ec5444a9c3dd2a0b5ac61e911ee8e6dae771a0532990

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
5e1df113921e52c78ea55d5da636927b

SHA1
005b63cacabf4ddec60d53637370bcc61c885d11

SHA256
1d09e67e3f10b1385dd8db461fb75d467e1ede8615f7d70bdf2abcaa72814c9b

SHA512
188c1bbb5584db1143c7bb8ba04ab36463f868136a729a3bf6c250a42bb82c3a947038fb59bfde9a381a2fc6206f2773abf82dca40f3623cecba7c8eabfcbd53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ff9448730c065aaf2e5b35775bd50de4

SHA1
49da4abea81b53573e18f84d33af011f682e8a7a

SHA256
0419c8b350189ed329b171ab927fea5a272ece0c5b0ef9236f3cbd813a67361f

SHA512
6f5aeb75684442d0f08566533f355fa89cfd3a65cb6e89627408ec8ce45bbc7ba088d042fa6ae173f17ee69adacbfdff43be6e4f0bd7fcbf8dd76f82a75ff769

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
47470c2c5049ff824eed70e11a09d94c

SHA1
8d8476400c0260b5893d4e2f4104ac60c0b95f37

SHA256
ff7038b76884b9d55ebabcee099b29787b76e60654f845830e4cac56f1d27b34

SHA512
6ec1d83d3aa1017df468223bbef8c2ce6c2c7bc0c61c2ae4e9cb4ca87ea5c96557e9fe3b4a5cb2af36c97b6d13416bfb08cd11c9516a7d2c71f545f62737f47c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
e79957629c6a4aa8bb66a7c77b802ef1

SHA1
0aa5d5fad5e389fc033da0891645bf8bccc7db6b

SHA256
cff4865663fa6d47cb84ba72ac94f80188974bacc4d2a947ba810adb451e5e95

SHA512
c4af98f1d76af3827e0a0254eb39112a24f051831282207b5016e023a25f2ca07a770456ef9993e2a86872a20c35334b7dbcd602b127d59a611936877f3b06fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
8585eb30e8624aa382b926cd007cbfba

SHA1
8dfa93d003c6e47a5058a7908f3e818be0e06ae4

SHA256
ccac933d40ce308ca056d1cc7ad4aadb105905e8f66a16243d9ffa99eaf5fe45

SHA512
4ec4aa8fe39803865026820f248dbcc3f276e54763f48c3fe13b0b61f20b7097e5383a0c1208cc9066132610cbf121d23a4db4bf900621f09727aaa2bec768e4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
2KB

MD5
2fcbbe9611c31b20fa69d8802df5f0fa

SHA1
2fac897617e72e681e4a42765fcf6a7bd6e635a6

SHA256
a48410571e25b4e6b1eb226aca841cdeb15c02c2c315ad454d9963d86c539d0c

SHA512
3f640a20b6571f35265b59b9c47229aad0096258ac471a2689fbda11cba44dce53efac6215dae85324445e9a0947afbb9dc868b4e19ed2e5bd0f8c17532ff308

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
8.0MB

MD5
5c84d0c80148813ee78bee6901031008

SHA1
470488edfde95e8132008d460ee9cdfdf2f06fbc

SHA256
0a1041acda9207395692b5ded05a450c066f9a53f10160b0bfbc202dfb7bc549

SHA512
766352f4c295e5bc6ec49451fa15150e9a065e34419e5da7a93ca360eed63f0f57964671d23ebe7a0a47cb86ddb90e86b9b0e13f344e42ca1a920f0b678dcc28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
a4627d94b477e3f653435fcf27e2663d

SHA1
d5dc31c0165277e469d92453c556786995e2800d

SHA256
7c1ea6cee0386d6af3cb7523167c2b880592657ceacc4e56edbc2394575c5c69

SHA512
7619d8f8f790c6b47faa75eb3f834640fe6ab684209f2eeb6eff26017c7ebb44972018463bb15d0e7955bed5bde4ebff809754b3c2057d7749bafe82dbe48455

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\targeting.snapshot.json

Filesize
3KB

MD5
36301c27ec6d13c3376add7d21f7ac3b

SHA1
5168d84686c68ba619ae75c7ff14f864836c79c5

SHA256
8732f17e05afdff487fb870117c17c844dcfa54d8207bf0db5bf68b6d76bc89e

SHA512
9ab6cb42ae898fa24f1fb18347a81c8ae095c8c8c680c9eb8eadc3d491faef8ae112fd76a21414599b2321658f1ebcf75d468b6a4c6aef382c90c638075b1ee1

Download Submit