hxxps://telegra[.]ph/Action-Required-09-03

Analysis

max time kernel
147s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12-09-2024 18:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://telegra.ph/Action-Required-09-03

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-242286936-336880687-2152680090-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe
Token: SeDebugPrivilege	5040	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe
5040	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5040	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5092 wrote to memory of 5040	5092	firefox.exe	80
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 1152	5040	firefox.exe	81
PID 5040 wrote to memory of 4348	5040	firefox.exe	83
PID 5040 wrote to memory of 4348	5040	firefox.exe	83
PID 5040 wrote to memory of 4348	5040	firefox.exe	83
PID 5040 wrote to memory of 4348	5040	firefox.exe	83
PID 5040 wrote to memory of 4348	5040	firefox.exe	83
PID 5040 wrote to memory of 4348	5040	firefox.exe	83
PID 5040 wrote to memory of 4348	5040	firefox.exe	83
PID 5040 wrote to memory of 4348	5040	firefox.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://telegra.ph/Action-Required-09-03"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://telegra.ph/Action-Required-09-03
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23600 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4837eca9-d7d2-4da2-a002-9c9d68c7af08} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" gpu
    3⤵
    PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24520 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9852336-fd27-47b1-be4a-9a6569f5c3ce} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" socket
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3320 -childID 1 -isForBrowser -prefsHandle 3312 -prefMapHandle 3308 -prefsLen 22590 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd1259b5-8738-440e-afac-8f0458cb7656} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" tab
    3⤵
    PID:3244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4092 -childID 2 -isForBrowser -prefsHandle 4076 -prefMapHandle 4052 -prefsLen 29010 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {881d335a-089a-467d-8c49-7a83e6f1af39} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" tab
    3⤵
    PID:368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4816 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 29010 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1fabe0ae-5cd1-4bd0-aa75-7e0f7064415a} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" utility
    3⤵
    - Checks processor information in registry
    PID:1712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 3 -isForBrowser -prefsHandle 5576 -prefMapHandle 5544 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33ec2b92-a9ac-4803-bba8-08524fa99cbb} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" tab
    3⤵
    PID:2464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 4 -isForBrowser -prefsHandle 5744 -prefMapHandle 5748 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a48a2c4-d9f7-4255-84f7-574fc27257c7} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" tab
    3⤵
    PID:4844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5932 -childID 5 -isForBrowser -prefsHandle 5936 -prefMapHandle 5940 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1332 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a39ed719-e212-4106-80a6-f6ee9dff219c} 5040 "\\.\pipe\gecko-crash-server-pipe.5040" tab
    3⤵
    PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\adahrqhl.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
7a9912173afea49416f806b4ad665934

SHA1
8284dae088a0f1e5ab86cb4fda109a4648683d47

SHA256
d10c9be08b97edb39f4de68ff8b3a1d017178e5dfe1e990af7d43c1b244901cd

SHA512
323d539c5479a441087d1c50b8120067c9b167dfa7c62c89b3ed85bb229c6081560a0908b73e8fe3596cbf732f48cd33d0edfec2921385903aaa58215e73cad6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\adahrqhl.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
b37c0e9bc9d8a900a86bb5b77af0f504

SHA1
5449dfef8a7584cae3ed4228e731731253e642be

SHA256
0c754f220494243f875c1e89cfab422fbeb7fa2a30f3c37e60d21d5c3f7c0b08

SHA512
6c42d72bad34572d6c0a392fa6558a28fdd820d1c41c927cc4ec5f06d25b58bd4fc4be32df048a9548257fecebd39bd39fd42a7ba75ae7795abdf6ef2f5875eb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\adahrqhl.default-release\cache2\entries\58EFA56DB4BFFECB0EDA547894BC9A057159E22F

Filesize
13KB

MD5
114bcf38ca488d964f1f2856475e34c9

SHA1
b1b412b6b32135d724490aa2094cb44ef1e01afc

SHA256
a2413714476092ffd16c54060a95e114b24c1528714cd01e00f2b052111b6ceb

SHA512
27c1e52972e471ea323b3d855377a6ea5a554df2f1329cb6b636df312146a06e8418de7a7487f7ca4150c1924fbbef4c8df6caef99036784e9e257496fcacaff

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\AlternateServices.bin

Filesize
6KB

MD5
007689d8d0ee395d45c6231f8a404a17

SHA1
dc34f0724d9509ee22aca3404a7d1c8df8be09ec

SHA256
8d013e2b192952fa2a1caec42cf4aa384edc46e493c0bd7d0a1421c3c8db7e9a

SHA512
0c17aeaa4b9e1e8df0497ecaa5a7ec5aaf5429b4b685bf776003c5f8bc318bc2d6ab350417abc4f25d9f5b222e2bdfdc4b91f1a919cfc7a748eba24e7072c762

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\AlternateServices.bin

Filesize
8KB

MD5
efa8881c43d3febe152edb60fc2d0299

SHA1
39d36ac44984972aa43b8e69a9a2fa4037998e40

SHA256
3c702a214b3d946e5919b09d6a64853d772994483a4a07908e5e1b23f7e7049e

SHA512
cf53637d4e467e0874a827618cb06d1eaf5141bc389fa046bc003238546b920d4a33826f445ffc9cdf62b3a20a701a4756dd23975ab17bc3a45cbb6704111b13

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
fd3a3bde0ea6d07dfe08ad506c018cc9

SHA1
38977147067101be1a17cd20cf8b6c00fe82ef79

SHA256
91d35034e28b7d20ba1713a9753e1a7e4abded0fef512a4b93dbe615db3ad996

SHA512
5d8e436d0f694771f63a42964a351cc9a66b417df00683b0847f75edd949caa981f50c74b9b51d6af7babfab767a61b10b52fbbf578d83309910c644dae65e86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
959e0debc38a0e724127efbbc26fa2ba

SHA1
63fa30e79f9dd0aa84057315d01982eea74dc065

SHA256
0d6123df103d385741ba5f1f86d04ea107fb34203091ea92ea24f23ca25504a7

SHA512
5bfc1a227d76726d5bf247b51544f82c4bccd5fa240c7fb0d128434e669a2bc80e37a26df60afd127db04366f6aa398654653b17a1656aabed6c87c225f43bb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
1b3000038611cb985e63dc7c99b14f3a

SHA1
5d11ac5c9b879d42d1ae9c620bf09a750697fc8e

SHA256
a012d2b1e08ec15c86d28d631df8387e1617788c402d16702692236cb206d829

SHA512
973d097eca7fc2422ffcdc8550b4f0ec46c204bed96886cdf4b2340fc96c99f5601cfa903028f05e26016c39ba2fc1b95151d8e06c058a7086a6606219da0c79

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
29a781fc4f64c51738dc1cbe23ad8ebf

SHA1
e90473293eb420bec2020401e51398ce72f1fb5a

SHA256
db71129f898bc6fe47c77537e5b52c7eb1f5e0e822573f1ad086dea605f99852

SHA512
35a74dbc092cffa03ef12adf1be15f5c855faecaf3be5c3a87c330032e6c5743996f972d904950e568971f17a90f5dd0213f3a96d9c8755bce1f198639a480cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
b43a3fa10d3c0b7b6fa7e1b1ae22803f

SHA1
c5900eb0940c115937592872296b40210322d5b7

SHA256
18e88ff30348831c2ad41d53fe49e73165629a040125b4856f6f66def61c9633

SHA512
7019007a24aafec316fdea8c91cca342c2ce060f6dc2902b66c662334341d93fc37c86790f1435810cddc76c08fff67060a30a0208ed118c40bdd9de4f260a8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\pending_pings\188608c8-345e-4390-a300-68cf43c60b11

Filesize
26KB

MD5
85dfad5fdbc633cd9398bb862c83dff3

SHA1
b8a497a16ba9be21f0e15d13b2b23159cb110437

SHA256
8d22a7c6806be85a616a95bcc98a81b586838cbc26ecfe8d7f51045bfa873a38

SHA512
7be72e5db95b2f37c58a615e444e5fc8c1d763e22f00b6db6689f42abf8e6f9acc4d63745fbaa2eb9b8ffc42fd35ea7fb6f00a14a755077c3fa8a992f29308a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\pending_pings\1b3e9c12-6f2f-464a-b092-8b799a625f6b

Filesize
982B

MD5
0860b566e84fb8419eea43f2de79286b

SHA1
253bce85783fe9402265261bba5988984b3bebf6

SHA256
d805367e7cd0adccb24b84ba1a471065ca750ac11e72f3b4677f6dc99bc951cc

SHA512
bea41e33e7405e4b51992600fe9becb419a2a7133447b45094f4a681c2b32566704d4551d7726b36a22985e41af655463efcbd883d15f5b4f36b0259a37bec43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\datareporting\glean\pending_pings\6ea79292-eb67-4135-afca-ebb94e619317

Filesize
671B

MD5
86cc405c640b1a858d90437d6c36b727

SHA1
82b5a678236f438f034e63f80edae0c5b2d93b91

SHA256
6073ab4e1dc945b3f8f956e4870394b6e0b355deff746c5bad8d10324ddbe2f1

SHA512
8726551e75a6851147734d0fcf3e3dd3bfb4ced366114fd675601ef60b1c851f84f1ae09cba1d66d3ac6670895461e6eda2b5ecec6e8d9fb4a37521ac03e14d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\prefs-1.js

Filesize
12KB

MD5
e9f438c1eb96ddd445af90fc413a41b0

SHA1
9af31c5ae4457802bc1f6758aba19047027631f6

SHA256
e2e92e69d7ff7f37abf5176361552585de14f1e571774596b119ba8576bf6540

SHA512
10bd20f7a2df5c6876ec2ac807dc3a1f217f0cc15a977011e0aa0e3352cd446bced7d6a984c78c5797864bba21ffe13940f199a535bacfc3e8a149c16ebdfe8f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\prefs-1.js

Filesize
15KB

MD5
252254bb0961b378767ac610f2ec4206

SHA1
801b9ada484da7789e0ea6c6d840f923073af39f

SHA256
c0781e527a242d01154614f5a41e4f48e9a0f7a5575fffe28f2303b97eebd397

SHA512
0bfed1f6db61a512c47d7706e23041ee4406f46d0430528c1fdf757be59a4aabe04af5f715a30f83dc4139e5071f11907863cec702f53b7c86b371e8ee29950b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\prefs-1.js

Filesize
10KB

MD5
34c0e0e7402e20b12abab707061ea50c

SHA1
97786affe0010f61aff1e5466aafda2b601c3285

SHA256
42893c63f6feb31875e9bd27edf9126d51fbf4ab2d45cf3d1c0164ab42d11bd8

SHA512
cb7982c0351a15eabce5b497ecc91e708b700ceb3646791f98249b3ee4ad4632512f6d2a0c7da7e51ba0c1aba7b05ae60afa9c74a71fbbcbd7afab4854fa9705

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\adahrqhl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
1.4MB

MD5
105ed764bc68ce6abb7bb007f08cb5a1

SHA1
1c8781a2d2fdd7cec8c3c023df8e38e1b99f7c9d

SHA256
25425d877a146ddcd43fdf6b6d2e2bed88640041d2891d89b7f7dd875fb5f106

SHA512
96646eeae73368ce0d293348e630c6fc9b7853a2d708e99a705a6586359f8eb8df82e121b47ea1c01516c93f77cfa76784f0ad9b5b5a70099968f604689e0aea

Download Submit