hxxps://github[.]com/Crescentsz/Boostrapper/releases/download/v1/Boostrapper[.]exe

Resubmissions

07/09/2024, 15:24

240907-ss4kyssdjg 10

07/09/2024, 15:22

240907-sr3bhazerm 8

Analysis

max time kernel
61s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/09/2024, 15:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Crescentsz/Boostrapper/releases/download/v1/Boostrapper.exe

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4496	firefox.exe
Token: SeDebugPrivilege	4496	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe
4496	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 1152 wrote to memory of 4496	1152	firefox.exe	85
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 2436	4496	firefox.exe	86
PID 4496 wrote to memory of 824	4496	firefox.exe	88
PID 4496 wrote to memory of 824	4496	firefox.exe	88
PID 4496 wrote to memory of 824	4496	firefox.exe	88
PID 4496 wrote to memory of 824	4496	firefox.exe	88
PID 4496 wrote to memory of 824	4496	firefox.exe	88
PID 4496 wrote to memory of 824	4496	firefox.exe	88
PID 4496 wrote to memory of 824	4496	firefox.exe	88
PID 4496 wrote to memory of 824	4496	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Crescentsz/Boostrapper/releases/download/v1/Boostrapper.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Crescentsz/Boostrapper/releases/download/v1/Boostrapper.exe
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1956 -prefMapHandle 1948 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {47895f52-8074-41fd-8ecc-ba37649d9159} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" gpu
    3⤵
    PID:2436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2460 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a72bfaf-492f-4018-a114-42fd9b5bfa1f} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" socket
    3⤵
    PID:824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3228 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2988 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8299b83-e75a-4737-af78-70414d914634} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:4444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3812 -childID 2 -isForBrowser -prefsHandle 3388 -prefMapHandle 3188 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2722896-9e3d-4d8e-bb9c-f0cb9810f1d5} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4300 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4304 -prefMapHandle 4296 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4686a0ee-dde3-4190-906c-48832ac29f0d} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" utility
    3⤵
    - Checks processor information in registry
    PID:4896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5168 -childID 3 -isForBrowser -prefsHandle 5164 -prefMapHandle 5144 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ec85bb7-a9d6-444f-81cc-0fa0ba8457d8} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 4 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0655253d-541d-4d08-a7e3-7547ac3049f3} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5596 -childID 5 -isForBrowser -prefsHandle 5516 -prefMapHandle 5520 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 892 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57ced69e-2613-4c9b-b900-b6c90fef40fa} 4496 "\\.\pipe\gecko-crash-server-pipe.4496" tab
    3⤵
    PID:4336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\activity-stream.discovery_stream.json

Filesize
42KB

MD5
6c230914d8f8943859937791d4487068

SHA1
5a00e8e2b7a2d954d80bd588c74d6bc914175740

SHA256
3b480cc36876b6485f96a7fd71ab4a6284a1fd8c2a10ac2fce045ea95ce58464

SHA512
5bee72bec6f3867ace6982dad873a18947922f65bc6ac5e6ca98019ba1be91c1bc641e25697e05dea17a5fb1d076db75c74091ee56cadf246d7492125c8fc621

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yaq795em.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
cbeb31495ae03ce174d1865db6121c85

SHA1
4eb74a6e299891558945c716f1a66b4135447f57

SHA256
9d970099c82b477b6ff083c6d7dcc5d8f4065e27e4f79fdeda29428827ad0a18

SHA512
b4fe5a8b155c1594b7ae6cdbddc370e23e19bbc6f6ef982373c7a8550f76c51b1cec283fdc2cb00e87a18c6115ee6ae4dc73ab4109840aef1e39649b1b0d982d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
6KB

MD5
f6da0fd65b23d8f79e655afb81da5af1

SHA1
2dc29368394bf100dc45bed08edf04b06446fc18

SHA256
c96499c3f3bdd7bfc27c0315a0df280b56e7ac7ba6d5185ceed95e5ff91860c0

SHA512
84e5b9024c60e151e249ebd285a16f5ee1ae6c244da03b114dfeff87557cd3dc2381eeedbf6def2840f777871ccfa847a72fe27973749e6891f4869b7477fd7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\AlternateServices.bin

Filesize
8KB

MD5
45dafeae9fd81ff5fdf3842a48184a22

SHA1
d3a5a76c5a8e9838e096243671d1532918b78b5c

SHA256
d8548772d06cea7b3dd74b1ddb3dc968b28322bd6275058e08e294279919c2e8

SHA512
3a3a80cb04dd52ff0eb1389592ce2fb5793cda130862a2957eb7f07487f810341791bda5146d01fb1fb0fd1f685503089792eadb78f2c1d83c9d1a596cc5a17e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ea1d1eca5f25f80392877b3ef98b463c

SHA1
a73168e1231d4f9a7a677b0e8aa7e43d146acae7

SHA256
59ba0ca8fd8574fb6b2b1d5497dfba2c0102c4e1b35f13e3b7038bae7c0f2166

SHA512
69fa1ed211786fa55c0938c9853acd635aa4302717080a653543a974e5f3a0938ffff106b79f7ee3252d7f6f508244766240b0784d335eed83cca0d036ebe903

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
9916ff163c9193ad329e9075c689c01f

SHA1
1c9c87e8aa2291ffc4d5018f8f4247857597934d

SHA256
8959a05624a04e95bdccdec9cf87ff0882403cf6db678fcff718de7f9f281115

SHA512
8720e84da0fe1063bfb95273787dbdabc6544a04bc93b77ceaee136c16b3b142978ec8e73ac5e3b31b680aff7a7ed9c985a8d345b53de188cbd7b69296e92e65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
b306a5458a55c5afb8a563985625b690

SHA1
cdec36ffcacfa12a34ddc1586e7a8d7fefb8983a

SHA256
5e3f76819356acafe9d0e7803ca87e632449bab3127d78d8a1aac273d3395470

SHA512
a207b325f3a3014880bc0078d6c0d001cd91ec15fd3156448fcad2865717a9e493bb412f68539d0e3253a26661e1303edfd71a0fd6bc882ce4807b04bd44f6e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\3be3fe4b-514a-4592-8e56-9bc594ae9afc

Filesize
671B

MD5
74653718d61a35f92858663aa2e18ec2

SHA1
42ce870786f1e6d849bb5d113a309fb653e0c356

SHA256
07d2111a1ac7815cff4029b59883cac1419c1d7df1c41433cc24a0a38b8b9619

SHA512
c7b0607b6d2a1b7ad0afdcd0dc0c3b55c580792ac3415259d42b7e5814ae0df7e2fa74c8ab3b2c48045fcc348373729fdf54d3a9dcf72986bea61e73441eef01

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\6ff3a645-d912-4e93-b4ba-0d45257679e1

Filesize
29KB

MD5
1698958b089d04d67d758cf72a0f920f

SHA1
6bb4d7cf5c2c3309c34a6009e349751db3bd87b7

SHA256
1cf8c26d3343d7b4ee1f4c111906c71d08b0f6344d7646fcc2aab66124483fa4

SHA512
20962e42c03fbad93d13bd15721887057f5da9adbd1ce7e4b479464dd87fef03a3bbff0674567821c553b5186b947aafaafc24b5823dec0d969164f758a7e645

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\datareporting\glean\pending_pings\cc89af66-26a7-426c-a2a9-47d9129bd034

Filesize
982B

MD5
9976acdc9326e04bec60ab6162d285a4

SHA1
0e092a1d23488eb53ebd5cae620899d1ef9d7ee8

SHA256
4f991bc9161a369750658b0b1a3ccca6cc9b2e28aa3d6d30110de441b2da0b62

SHA512
5509eed6d55d8e5e8eadfadefd3c6fa2448ab5cb23894ec6a1e46218c8e1d38e300808023d20a8f959dd29e71ed16fc5d8cb31ac32b381e96f4ade96cfc6979f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
1866b5d3ed95b9a7f82e185184e5afb7

SHA1
41c30f62995ccee56f5e65d4892712ae8adc9e49

SHA256
e861c8fb64c296de4492f488a78869dd20402394f94f01bb396a6c520c4e9838

SHA512
a39fa8915586f222432118f51a4d0d23d03a34141326afdaa93856ee2583562ec267c15b1d9bb10da070529131b1f72490e9cb0164b603d01dcd9e547a0642fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
11KB

MD5
602498217c05c63febbab7f182a48e84

SHA1
12d2271364cc450e083d6b05a996ddd50268eb72

SHA256
3d19ffec6fbb2d8a1a44e6d754e903cd9cc7f9177ab199ad5427386f8441f64b

SHA512
3a9bdf31bc70cb9483cfbb2ddb69d9680b8d70704dfef2b64a3a3abefd564ccaa2b3f1519ed3db4c88bc2532a9606ed223d5026da6a3ada4dca1d0ff82422c4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
13KB

MD5
a9b98231f2e2bd0a85f4263b0f4d9568

SHA1
008bdc9a733a0d705424ced8783a0f32f5403cbd

SHA256
e432a662860ef782e9be1acaca074a1fffea028c7367757a02830d6e17e629ca

SHA512
6dbb926f1614e648e0bafe00ff78f1c0a5e06db40da74f13db1f9d94aba30abc2007baf2f51365ba096e4fe0a16ecc4bc94715c75c2d3302adba3022d38b38a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs-1.js

Filesize
13KB

MD5
4061af6aed4e48382597438f67bc2839

SHA1
1e4267642588af96fabbc8a64776e5b703fabb38

SHA256
c6f1ba13bc0c99920bb4f2c357ef1b7ccd09aa06deaac096eed4ef1986ea5312

SHA512
dd70f54bda4308d494159f04d0e7f14798c7b64ce52b1c27ef2e58d5662e0a131265fec6af03da54359a2413d308a31c1fcc4cd7a43259bb2d14b263316b9045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\prefs.js

Filesize
11KB

MD5
bc3a34a4385d21f32bf7bf7809d8b7a8

SHA1
61c51c128ef78dc42175c6257029b38cdd279b9d

SHA256
7e92a019ca6040c09257cf2fced4a80659e17f27d7d97ca6edf127d85ad2b338

SHA512
8189d79eb3f19d86474044575c801fb80ad00cd34e0ebc7fa4946f67e337fc60c8b249c6de5178702a82138e35e84f0de039630fed17da0d3c9e871f322d9b29

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4e0d63b1cdac18569f4a2dbb5cf1ede0

SHA1
be569bb73abeeea855eb98f479981140a4aa9658

SHA256
2d8c34c239951454e73a5d7c55ca268e7fa37fc965dbceef31d4c3729ee0514f

SHA512
4b8cb84ff893c0b36d2759ce9d19dc06b8e563fc2467d64b95c6ab05d4a62186fdcc53305a490e4a583526ca0b4531eb88249928a4d658322460bf20ce931792

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
9c2de41f90c6bac9bb432c4f7a32ace0

SHA1
8ea0d521af1bd127baeecd9ea1fbd2f75ff92497

SHA256
00169244320e5f1188a58b53e80aad3bcd7886f5c4ffd268e42a3ee7a1672cc2

SHA512
9203543cf12c3d86d4e88e405cee0f6c19e38bd946a46d8a7605da83cde456bb3cb1dc8dc9ed348d3c55d786e1446566f33b977b5b9a65d3e6ddf54e71cc20bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
776KB

MD5
3711c58b66b77a6cac3036bebfa66199

SHA1
d0875a14e17c91b70e4b7223f3cc91ddfd0f16b2

SHA256
3a52ec44e5163ab0364a666a08ea13376c90e25db080303be1d0e9e1e71fd436

SHA512
40407bce571e375b4bd99dfc40f4f90a659a074866a11f6c6e35c12d30b87377adc4e5a1326965ba8f4985778319386adc284ae9bc35a2fc87ed2b41d777d17a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.3MB

MD5
beefffd6ff827ce997694c692bf73a8c

SHA1
f688a97857aa0cddde346351f65d3ddadd877a04

SHA256
a6016836bbf5afbe304da1966126290a7f139e2443b5a92be118e145ed69bf69

SHA512
dafc19a320e1b41e4589e73453e6386d828f670ec110c5054e4d32cddcb3c0f18f1aa370d51be6043b1d917477e962f57d842fabb82e65838b4f38a6889f81c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yaq795em.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
2.8MB

MD5
bb116a1c0fea6fff1e27a24ee238ad50

SHA1
8ea634f02afe1f99a7573dabc885ee78d41f92a0

SHA256
e5c6a5a7e634fa42e7cfd496a0ccb83d8b1f5754315eceaa960ba9a23812141e

SHA512
7469ac8c27bd0f30cfe1bfee7bb28ead034cd28d6f653ae6f5dce1da3f64720a4ef84ab8d9badedfe043ca8d2e501c2631e627057d61b29621b876c1f7880985

Download Submit