hxxps://empshentel[.]com/share/sharefile/

Analysis

max time kernel
1513s
max time network
1574s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
25/09/2024, 06:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://empshentel.com/share/sharefile/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe
Token: SeDebugPrivilege	4632	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4632	firefox.exe
4632	firefox.exe
4632	firefox.exe
4632	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4632	firefox.exe
4632	firefox.exe
4632	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4632	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4904 wrote to memory of 4632	4904	firefox.exe	74
PID 4632 wrote to memory of 4660	4632	firefox.exe	75
PID 4632 wrote to memory of 4660	4632	firefox.exe	75
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 2868	4632	firefox.exe	76
PID 4632 wrote to memory of 3468	4632	firefox.exe	77
PID 4632 wrote to memory of 3468	4632	firefox.exe	77
PID 4632 wrote to memory of 3468	4632	firefox.exe	77

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://empshentel.com/share/sharefile/"
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://empshentel.com/share/sharefile/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.0.1149780794\282813883" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfb48fdd-cd70-4afa-b784-a8fbb4f3e9dc} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 1796 291681b9b58 gpu
    3⤵
    PID:4660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.1.640793620\1100344301" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9404748c-e02a-4ca2-bc7f-a4350c6a3ee1} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 2172 291680fb658 socket
    3⤵
    PID:2868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.2.180037485\1504711376" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 2940 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1653c691-8083-4800-9374-cc4aca0e4a89} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 2956 2916c0faf58 tab
    3⤵
    PID:3468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.3.2025075966\493020427" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24b2c591-b603-4d28-8a45-70166ebcf88c} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 3116 2916d840858 tab
    3⤵
    PID:2152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.4.1799023183\2100472890" -childID 3 -isForBrowser -prefsHandle 4848 -prefMapHandle 4844 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c991a33e-c1d2-4378-b768-a59cdc8481c5} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 4856 2916f97be58 tab
    3⤵
    PID:2052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.5.528740386\87273471" -childID 4 -isForBrowser -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5fcf83ab-1f07-465e-b053-11f9adedd648} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 4828 2916f81fe58 tab
    3⤵
    PID:708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4632.6.1259095031\1081449512" -childID 5 -isForBrowser -prefsHandle 5172 -prefMapHandle 5176 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1010975-d081-4f94-a2c9-38eff49862d1} 4632 "\\.\pipe\gecko-crash-server-pipe.4632" 5164 2916f97a358 tab
    3⤵
    PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\30345

Filesize
15KB

MD5
ca07aeaa01e8c727753b4e52346432f9

SHA1
37c9327b9d150874ca2be91f620eeeee7854d44b

SHA256
a56082f76ed635ec1954a7e5ba345218f20517a17be1c2307afc05bfacb74092

SHA512
82451d75bdcc65b0a271719186f6d670b72b61d816b828bed4a516f77f4edc9c6046e5b344b290a4154ae754f16afe0c993dc5df44b39c038a4fde4a80d1195f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
8cf78831678ce02912053f65330a2a41

SHA1
abaca6676f090304e3ad35d87ef0e1bac942b2e3

SHA256
853f067df271ed46d1f001018d6c5bb3201e9fab79a3d6332bb19b9215d5ca5a

SHA512
35b93dde9a047fccad13b186e2b72b220b5aa09ba58565ed102ea795b8b7053ca3acdbe92a700e83ec09d760edab900f4e20519ae681e0eb1f3a5d288648deb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
dc8dfcd6b7bf6b81bbc70443cbe138d3

SHA1
1b827e79ee500bc6647cb5330c2834d328b891d5

SHA256
887af7a1d638e9af8ac2fdcfa23c55262911d47ec08940bc3c8192c0af17d717

SHA512
2a01cd2643fddf0b2c34ae496c5ceff31572ba9e04f4dae2a3cb7db6e863cbd04a7fb70aafb67f1dd2e839f55b76138e24da6e7f7b27fd7b7543a488541cae53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\bookmarkbackups\bookmarks-2024-09-25_11_ScpUM-Ibb5LR1l4-7-Og+g==.jsonlz4

Filesize
950B

MD5
708d579bb783ed9e58c4e87173aa5028

SHA1
54dcdeb367c15a06aa620df1559de185668992a5

SHA256
3f7fa0f3a61236b17951ef95bd63347281c40abbbcce937e8fc787d31c8faa28

SHA512
1c7f8b921e5f32d67b1150e24092ab800ca4939993832cc46f43638bdcce380da1e74b44aa2f368a74e5ae29b76ca1e3a20b837517a4f0464b7af53098772e95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\broadcast-listeners.json

Filesize
216B

MD5
4c7edcb59ffcdcb4a9e0ffb00c0c9aa5

SHA1
dfd8c5976891d8c7a801f651df9f945cd74a8bfd

SHA256
43c44cb7bb9ff161f9b9230e32ce9c696fef47a0f3b8e0f0760f39e5654db1c0

SHA512
bf45222ab69b5cb8dc900f1b98e8aaaf951e486c0d5f8151f41379ebd472d2b13792cd5cf18fe91ee531e511ca3fadc8930a58a6e10cc99ce3ce56d25f4d6c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1ca061802f15df5bedb5d59ef10fb2e7

SHA1
9a97b5d42a2c97628c9dddf908188dfaf79fb4e3

SHA256
a9502833a635b0c2d54fbb47578b0c417bd08a432c97af79ed7a9a91e8ca428e

SHA512
8f0b2750984fbcd98fcfa7775ba8dbd8c5c69b8236bd02beb7bf2d81fd4215b5d387f30035074aa6875d95f2d528c083c7ce1043d0fbe96a5b3e378047e1699e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\40ab5754-27a5-4492-b8e9-62279749b62c

Filesize
9KB

MD5
167fd0ba7ed3edac408acbdf80c33fc1

SHA1
96dc4fc569e96f61bb6bf4bad23ad09e4341ceaf

SHA256
ce07ad2e6ad9f13290a4e4c9b54ec264ec3df609150e629432d0435178280cd1

SHA512
6a09f47e305e81aed0c116d05eebeeb1575a3c4d01ce1e151f3c2c1326a34a028bc15d52fc85a9fec64ba7c00c7886c15bbb8019d1d1bb25f17d29f2a68965e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\f01e89aa-5f64-4cdb-a3f1-6288cdd257cb

Filesize
746B

MD5
47d599a7f5f43cd7a2b1e1f4d5a46175

SHA1
507734f010cfeec21722ed68986655873bba78d2

SHA256
487fc5fe2fe4a142a55490e90b8006c1e86e7895a297dc633b646460b0d993b8

SHA512
97160749da104d8a24c8c0ca0c0bcc016a0079524a8cc0f777d985ca5561d9c14c49c8e2e2c0607f94a6cb7c0ba48a714e77459479132406a3410496a6020d81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\extensions.json.tmp

Filesize
34KB

MD5
f94c10d1870509e3cc14ce6580d3f0a3

SHA1
a97270c9dabe132fd5e5c07c548178d77a4c360c

SHA256
14b226590dc43d2b6687dc8dd45a966aee381d90bf5dca1bfb79988f1fa23fb6

SHA512
e252cb161c013846bdf0c0651501b2a383d8c39d0dc10c0051cd69aa18afae5318f5d0c4a37fef0ecf956d8edf97e2ca6b0f07528fce6a8db70e281f5d840860

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
9KB

MD5
efdbf69fa0b0ef86c36ce3173d9f7e65

SHA1
9378e85443f40cd306cf3cb45a35bd43673c4645

SHA256
fa6f108a3a1b3f1a45e23f1546edcb5bc4c9d72920dc82533f7f6c475195b101

SHA512
7eb7d24960a85bcfa29052bb49a304ceff41b8361565fb49f49ddaae6f1d765a1114a5d976d98650b5f04bce3e6ff18adc36269c89876a8340ef334497d1ec30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
9KB

MD5
fac1a027e9a93b79e8c4f3b77e239038

SHA1
0a28fbecba346cffb2339c11a9bb39f7185e2aec

SHA256
e0a1836cda16133ecb4b5a8ed11593ee4dcd3a4d53651a8c86bd6b1d8380d889

SHA512
dfee58249ac12e918aaac86c4fb4a2f9fa3150f43915b6e65c1b76cdd1c612d81c6ce4e4525f2d8e192ab9f802270192b55b56365450fe8f1f6b4826f91edf7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
10KB

MD5
5a8869148c63bf43b7767fcf6185baa8

SHA1
767321f8a0b4fa1a1642c24398d72acbafe2e653

SHA256
30740e9aecc5e246fc1b5799a416c8d0924180b107824eea6ed2b5405982f62d

SHA512
03b3bd9480b78afe1d9ae59c357f4d052cbb544de02d62fbdd23b7b8df0f728d9aa7d3efad97fce9e414f9317f97aeae58d64940da94b99f5393ec51e31c4769

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
7KB

MD5
97aacda9be29747aded5cb60d933e5cb

SHA1
95f18bfcbef9616941b6ba0a7566525138aafb51

SHA256
aa4a9ebf5732df3bb87b476d3e033a4d850b4764d39e7d54d80d5bb66872ef55

SHA512
e5001f4294af0e0186975c877f6b6baea2716a9bacb932c688025d17bc19f11a93f7b0fba2983f7f98a4a07b8487a11ee153c3e507242c9594f7c320fdf22e2d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7d53e73ae1a927cdfb89629b779f0bc9

SHA1
6b626173249d9cf3924725facca3234279599d04

SHA256
8222d472bab1d359f1b349f012413314e616f6528f361df9a14ab36c18718f23

SHA512
248f7ead0e2da6dad73972997ecd2174e5ef02b3c09697d60e10d67d34af9abb0c4a1438dfdddb8ba6bf9aff7fc3469b599b0276426eb0689c12e2fe65215581

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.9MB

MD5
03701590bcd415a64254f25b39660436

SHA1
5bc01455361105b4a7f427c1b9e71c8146ce0508

SHA256
5b479860857faab3c0eacba0ad41088b4b2298f8dfefde1d453dc8b60217c245

SHA512
e5a214bc0350d8b668cf1494259dbaf2f6e739d0308de3fe7c93a980cb530b13656b6f814f483b2e8c57f294a34a2d6107febbd567316e0b8954f9c1a285d971

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
f72c2c8a738f1bdd4a5e24326ff248df

SHA1
d60277881f6b36509d709948fcf7ed3ec3da74a6

SHA256
06575a0a693c9e0f265fcf03ee5b6ced4dd922ac999f5d767a9a7d92fb199082

SHA512
7fa2cc3e4f6e6f9c77fc12e188a0ef4e5dfd9079e1ddd2d689669513bd2e512136ac4485b34aa0ed8587c8cd519572d31eb2496b4091e229b6c339bf25c27d6a

Download Submit