d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207

Resubmissions

19-09-2024 06:45

240919-hh76aawcll 5

19-09-2024 06:43

240919-hg5zjawbqn 5

Analysis

max time kernel
52s
max time network
59s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
19-09-2024 06:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

l6E.exe
Size

345KB
MD5

fac2188e4a28a0cf32bf4417d797b0f8
SHA1

1970de8788c07b548bf04d0062a1d4008196a709
SHA256

d737637ee5f121d11a6f3295bf0d51b06218812b5ec04fe9ea484921e905a207
SHA512

58086100d653ceeae44e0c99ec8348dd2beaf198240f37691766bee813953f8514c485e39f5552ee0d18c61f02bff10c0c427f3fec931bc891807be188164b2b
SSDEEP

6144:HDd+O7VyIqZiQUa+I0st4nlSVbiWN6VqWeqfn3Zsz9HMiobZYK1QE:B+O5yIqxwI3tFOqWeqcYbZYzE

Score

5^/10

discovery

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1504 set thread context of 4776	1504	l6E.exe	82

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1976	4776	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	l6E.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4272559161-3282441186-401869126-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2092	firefox.exe
Token: SeDebugPrivilege	2092	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe
2092	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2092	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 1504 wrote to memory of 4776	1504	l6E.exe	82
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 3244 wrote to memory of 2092	3244	firefox.exe	89
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90
PID 2092 wrote to memory of 4968	2092	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\l6E.exe
"C:\Users\Admin\AppData\Local\Temp\l6E.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4776
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 424
    3⤵
    - Program crash
    PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4776 -ip 4776
1⤵
PID:4552

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3244
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1916 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d7a5fb8-6fae-4d09-a7ff-ac99d6cc9a52} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" gpu
    3⤵
    PID:4968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {34284e1d-dae2-429d-983b-8ab00842536b} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" socket
    3⤵
    PID:2676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3332 -childID 1 -isForBrowser -prefsHandle 3324 -prefMapHandle 3320 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11a565c2-d633-4029-a045-6375b13eaec0} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:2156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3312 -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3168 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b948625-a99e-49d0-b054-d2faa3f48623} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4652 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4628 -prefMapHandle 4640 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12dbb983-fe8c-4430-b798-b36e16098bab} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" utility
    3⤵
    - Checks processor information in registry
    PID:4060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5564 -childID 3 -isForBrowser -prefsHandle 5512 -prefMapHandle 5540 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c05141f9-e3ce-4fc7-9508-a3df94e9b87e} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:4976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5680 -childID 4 -isForBrowser -prefsHandle 5760 -prefMapHandle 5756 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b67b29fa-34af-4d62-bbf4-4f42ae80955d} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5688 -childID 5 -isForBrowser -prefsHandle 5880 -prefMapHandle 5512 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8d3fd4ce-079e-45fa-8805-42635bad2789} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:2492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6132 -childID 6 -isForBrowser -prefsHandle 6116 -prefMapHandle 5688 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1340 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1d09ee7-fb1d-4888-a78d-6f1aeaa08d84} 2092 "\\.\pipe\gecko-crash-server-pipe.2092" tab
    3⤵
    PID:1976

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\9lt6socl.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
dcf9cfb22c0d3be5f7a07f6bca571bd1

SHA1
afc80203c48dc24814121f442e7afbb214790e2c

SHA256
78e09f9dd0a02afe4780e3656e1a435b1b096921d09409de7f48aaa65c7ac862

SHA512
6d83d9e04608b7fa4b39a4d481a2fe3512f3d5d2954a15887850acd81008b3c8f5a9b68870c508f5a97c8eb2c0872377352a977825cd1f3e9c923383581843d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
6KB

MD5
3c655ba2b15b7f9c314bed931dbe7b1d

SHA1
dacd4234a6bdd931a66a46e3666c8ff1dba35374

SHA256
f060e368d11e99a796231d426bfd9b6ba9bfe4f5c4d3cd760e74b7e15da89fee

SHA512
b6b3170c906f5ca281502e7fb18f50d6808d487c41ce6e6753255287ee9323973bbf65bb6b3aea73f2b9ca7acba23b12451025621f20d57c8b4d97ca1e42c690

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\AlternateServices.bin

Filesize
11KB

MD5
f8e3e54e6387fde78a84b4a014dfcd38

SHA1
2a587d924fa783f35d81924b201d7e1c7c9dcd55

SHA256
c720f38f293bc03a081e1f8f1741e7f25764d799809ea91dea09d7fc886efb3d

SHA512
f0e4067bf042483165e431777b2ef6e17c59b62fa7b607eda0a8f2a906a922c08fb6b0e6cbec1bdd92c7c27c2fc88691aff27b289aa35f7a98b1a0a083cbe4cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
276a756cb3edaa8c64a62e346ce535cd

SHA1
0d6d403a58b4c8a991769457ad65aacac70ccc2d

SHA256
be5ac24fecaeacb88f828b214a90fb33a49a4305bb25fe529227adadc82bf46c

SHA512
e956449119ae3b159aa079063eb3201bb891f6949bf6a5b8ea9e041dcac7307a22c1aadf6d9a3336d6b4abf0969adcea8d2f9925c5550968fb7a9757c60c3955

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
40c10022657ef67df59893adcc8fc822

SHA1
1dea6f8495a6758da79e64d1b8853c2a5b77baae

SHA256
00ffea661ed7dd46ad7675255313107284a2323d6243b8caf1db07de791ee687

SHA512
5f90246084a52a53b544e6d8893f55f264571cf782aa943bd7adcbe9e7a71eb97293c9fa8a85bbcac44f5a8dedc2d5681d751d4d467440d89f1cb1a403ae3dc4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
4226ef4a66830ec8375a9abce29d9555

SHA1
0d07d20686fd85d38b6e6a9a2d66a7d4d3f29160

SHA256
36d74e6a673e66d24e6c388e48b396661d8ab73bd43784dade1cdfd2c0479642

SHA512
21e8923d027dddec551c2305cbbddd9710dddf06e4a73110f4c648f5b0401833d97ccd871d1f948fe0a00f3acc7d272bc20d3f11d03d06db13a41b66890207dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\47e6549b-3eeb-49ef-90aa-6aa7a52691e8

Filesize
26KB

MD5
9418891138aa76107158176196718515

SHA1
798d28787f96b07be3e5c021eeccc922b2136cea

SHA256
f7e9cba8d22dc0001751310a52a164b8fa3de1c8b2af7f89a8489fc1858094e7

SHA512
a1c9d8f17811a8a472aeb166dca359854e6d822782b0324e4b69635abb429ad62afdc4c5a7cfab2f2777a75b635f778690c0040f68b031b2d1c5c34e76093024

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\9190984c-856c-43e7-b039-7bb7a0e0e4ed

Filesize
671B

MD5
338a53b44e9af6fc46163e2494ec1369

SHA1
b8d761887b32aa60d11235163e22282dff71d8ab

SHA256
19d56cfb26d948d86bd43d33f5fab806bd3c43edb2bf7cdf46e1fb99915a3805

SHA512
cbb26188d366ebe0a06e39a7a155bfa0ebda2893cbb1600f61b1f3d26c771eed8083fc18564ee0f47bcaa9741f1861873201395bfd8b860568b4fe66e818143e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\datareporting\glean\pending_pings\b57f70d8-c970-42e7-a87d-7a760e436f0d

Filesize
982B

MD5
2f38aab2fd6d19b42ff1372358d05bda

SHA1
00cee899f36b65f9306d3f491d8fb6eab55dfc47

SHA256
28956b6f947452890db6c0c65c5568d8ffd000207f5afcdd0bc7504f7bec249c

SHA512
d91b9133501ce93364513f8f99cd043b0e3952004baad4d653f76a1ea9b87c3e5ef1bbaae73cce16f8ad3b6a119fb6df4bd65b88ce25d753f31858eaf7427add

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
11KB

MD5
d435b3a59bc3324b694c480dedabd375

SHA1
2d8bef1675e84c2fef78b5681adf7586cc9a0c41

SHA256
86868d97851e5c2d740bc19fc54ddffcafe5662f770f439297a2ca8b4ac061c7

SHA512
c150366ce708b3dceeb5535c805410f0f719960d4152dcd8d2987a5718fd2209ae40e1a5a9a33baba268a8b6f5855ec7614b096ecd373d5bf0d72df6bea7074c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs-1.js

Filesize
11KB

MD5
42b8cf39ec11e1a90f34ba54c8780e01

SHA1
9b8132c9bad09f94cf4eb704ffdfc0f041bbff2f

SHA256
0061e84678742faa0b09bc2392690a72595117d22c3c94307285db6e8f9e9ba7

SHA512
5c14f04ed0dbd468d99312fbaa99354d739097a9cbb5b6a054098b1adbdfd13b08c728810aa8bc22c52c6c74224423883727b7673eba7ee69dea48769d67c2ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\prefs.js

Filesize
10KB

MD5
f57f38285515543cb76a3d432683c1b4

SHA1
ade931fa20159cb7f9868cbcef39b2ca0d7f006e

SHA256
c265da5df07101686873c7847aec499afbc77232069d5dff82623667d5ca2a71

SHA512
4357587b6ea301c8450145e0c210b933163938ac779c3fd45defc9e4b3f526b6a2998f5b150c24f9bfa0ffc5f166f496fb66aa14340b70203ff1d483eb02cf37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
9c39750620cbd5eed83b8e4230bf5e41

SHA1
a89f9446e02cfbb24a511db0aa8f56cacc1fbe32

SHA256
69647803dff0f4c8c69fa88a39c052015fe0e93f4404f2bd24eaa44b8ec2fc2d

SHA512
c65bdb62db9d200dc96c49e5b0cde07d1c55dfa70c506482209a81b98c37612f04a86280ae880908863b5cdceffd9471ffe474e5daa394141a8bafd359619434

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\9lt6socl.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
576KB

MD5
d31a278adae9f2eb43d66a4b4d04f141

SHA1
f01605c61b426282ec9c1cf372f2e6898911ad2f

SHA256
af081a058f38eaab15f4a0a4b0fd0e2ffbc93aed7fd9eca31b9411af1c2eeb23

SHA512
f189a08380a85f121e764eb45e6338848c53fe988d61188a9f284244146b73355d8db21de436975f1f4da7a5c8b787288161da50477a8129be1fcc3acea519e9

Download Submit
memory/1504-0-0x000000007504E000-0x000000007504F000-memory.dmp

Filesize
4KB

Download
memory/1504-10-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/1504-11-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/1504-2-0x0000000075040000-0x00000000757F1000-memory.dmp

Filesize
7.7MB

Download
memory/1504-1-0x00000000005A0000-0x00000000005FA000-memory.dmp

Filesize
360KB

Download
memory/4776-4-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4776-7-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4776-9-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download