d1a55bb98b750ce9b9d9610a857ddc408331b6ae6834c1cbccca4fd1c50c4fb8

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2024 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SANS SEC401.zip
Size

29KB
MD5

1fbd3ca9fcfea5aac390ea38ff818cc9
SHA1

04bb53bd8a264be0b3ea10ffa1945eb6f5ecda93
SHA256

d1a55bb98b750ce9b9d9610a857ddc408331b6ae6834c1cbccca4fd1c50c4fb8
SHA512

76ac3e21dcb2c1ac7ddbda75bb3070acf444c19746a250061551c10de7ecf9f331a13fb2fb0cffac4acc550353c993d36136164b0782a36699b136c872883ab8
SSDEEP

768:ou3r/262CpGT/0VRQScGUb+DXP2D+vkNKecEyL/:oy/262CpGT/0VRxUUg+vkNmf

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1460	firefox.exe
Token: SeDebugPrivilege	1460	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe
1460	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1460	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 2896 wrote to memory of 1460	2896	firefox.exe	97
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 408	1460	firefox.exe	98
PID 1460 wrote to memory of 2968	1460	firefox.exe	99
PID 1460 wrote to memory of 2968	1460	firefox.exe	99
PID 1460 wrote to memory of 2968	1460	firefox.exe	99
PID 1460 wrote to memory of 2968	1460	firefox.exe	99
PID 1460 wrote to memory of 2968	1460	firefox.exe	99
PID 1460 wrote to memory of 2968	1460	firefox.exe	99
PID 1460 wrote to memory of 2968	1460	firefox.exe	99
PID 1460 wrote to memory of 2968	1460	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\SANS SEC401.zip"
1⤵
PID:4588

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1604 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c09fae12-4561-4b46-a321-73e6f39bb2d6} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" gpu
    3⤵
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2400 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38e2def7-7736-4961-b992-144296ca7860} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" socket
    3⤵
    - Checks processor information in registry
    PID:2968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3124 -prefMapHandle 2960 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62fda248-1f9d-42d2-9bca-b7fd137caa1c} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" tab
    3⤵
    PID:1732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4008 -childID 2 -isForBrowser -prefsHandle 3556 -prefMapHandle 4004 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4734171-42c6-4389-b1d7-602b1eaf5f1a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" tab
    3⤵
    PID:632
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4868 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4880 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a7f7210-b0d0-4ff7-b05d-4e7dc519f8f5} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" utility
    3⤵
    - Checks processor information in registry
    PID:1932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5304 -childID 3 -isForBrowser -prefsHandle 5296 -prefMapHandle 5240 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99194357-695a-406d-abaa-663bc5e2d58a} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" tab
    3⤵
    PID:4668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 4 -isForBrowser -prefsHandle 5536 -prefMapHandle 5532 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5453092-08f9-46b1-85d5-520bb1db418c} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" tab
    3⤵
    PID:4876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 5 -isForBrowser -prefsHandle 5644 -prefMapHandle 5652 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38aa5396-64bd-4d4b-ba8d-b42d5695e8a5} 1460 "\\.\pipe\gecko-crash-server-pipe.1460" tab
    3⤵
    PID:716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
cfb7629a8e5aa46930ad297f23ee277e

SHA1
fb2982d29c8c623d0da2cea11084c9f8add6f76d

SHA256
34aadc02964c933911cec0014727b0df6cec3ad16f3f3c141297c22d5b2a154e

SHA512
6e241307f5fab0712c7fc263c99891fd9c65d7d1c039c227b3c09f9b2f39204320a33cf1fa73b81394e94dd238f8f7d307f1de3eeb512fb852cc3ad29a4b116e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
876e4173be359de0e8c284e692737d2c

SHA1
bc0980add8ea38d87de31d1382188e3280abe20f

SHA256
8c33ca1dffc693f0f78488b6138842f194bfe539a921ff1e80aa965468b8e327

SHA512
06ccea9ace00db93a086b5d830a2a0628dde4d7558703a77ca86d75994691d8c582ae7a3b03d7ed036a7d77a3ef95ab3189f4971bb3df0148e134f294af23a77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
9b4abcee0403f8d6c25c4c99e8490d71

SHA1
bebe93026c948a1705eeae1a80bd0ccf7dad57bb

SHA256
7cb5e058e6e7bdbfd91574513bb2825850f0637714d4c6508a6b5c823c646bfa

SHA512
707208cf9708f803c380074f74a61300bc9fea7e6344cb94368bc8319713b5f43e90acdf51f70b1590f16ba9b639dc5fca8b8aec7437d96f1ffff9ac3a0f537f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\AlternateServices.bin

Filesize
8KB

MD5
20575918fb764735eb922289a4bb5f0d

SHA1
6ce717b8905b701de5efd87e32aef59379775572

SHA256
6413ea4a4b774e2cd51b0b4180fe25e70a991b22421421746b760cb6081754e7

SHA512
297c40cb159445c4b91a1415f9b63d8add143094d45ef769f78c8fc5e0e050dcc467d7407a6383bfe288a5e34b2d2f877b392adb5b509343e232d9ec65341d1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
13KB

MD5
532584b38a9ce11d2c02c54ede00700a

SHA1
7cd55214b8b6598deb3ec4367a19f9601cd49a73

SHA256
0543fcd11ec242809ae8796315c51460517626907070aac97a18e37de78284f7

SHA512
525a663710f36442e9683a37ca4dd99c186058252e1f64450e513467f34a5ae5b1eb1afebbe503206cc23641127c3a7b97406bdf9be092a92b746944d08e8e03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4dd329cba4a6eb05f524933f3a6da853

SHA1
2cf6e05a5c3d68af26514e6f389687acb5e7a707

SHA256
a21ee5ce99de61d167e6ffbd67e59dc2b89b9efd884cae426743e67696db6290

SHA512
61e42deb68f8ef133c985d7ec0cb9a2d3648745438f2d84af019367b2d780a817cbf9075a805b594d0ccaabe31d1c749c009f3276927cb88250572e43cd00543

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b16cde24bd19694ccacec481cdf08141

SHA1
fc2b43a97f5e86d91faf66db0e2c8b6739baeb1a

SHA256
fb2b3fdbc7aca960c7d9e6eaafd7d4d580b05f58950aba5c627a2d36f78b6829

SHA512
5488b8526c91de2bb38a0f5ff962e299aa5070f8d2172615152955fe3e2067d93311d33bdb32770c560c1f9c9e71eef06aad10a55c701a7b0893233bdfdd5249

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\835ec5fc-2ec5-4b87-9dcc-8903506e4058

Filesize
982B

MD5
51941bd0aa2cd1b753910abe0587f2c6

SHA1
f09e388fcec8f0f511ed85951db193b5b5d81659

SHA256
bbca0b9f62f47537d8387731bf7c4aba07b77ff82f8137b372108925807c39a9

SHA512
46e3dd4fa6af35b56448628bbd6bff5da7530496fd0cca71caba342b80e22eb1483be7939a79eba5f0c190e86c83c2320d16401d0f35b2bd993f5906dbf66acd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\c4546ebd-7363-4a13-9075-a4dbb3b59859

Filesize
25KB

MD5
8d5e0fcbf9520fd140307420532973e7

SHA1
1ee0faf1bc6c310169ca0d1a25e315d1d1b42344

SHA256
366869658cad57cd1d0f37d2be7f01dfc81ead4403dc4a87e27103259dd80f05

SHA512
5e08c4587f954adabb56bec962db71199f9558707d03266628e3fa89e82f90e2b7ff36cd837a328877e5ca41ec8d4876161f4bbba3702b418847b3a7c06d0a83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\d543a00a-a53e-4bcd-b95b-f97aa6603f01

Filesize
671B

MD5
8b88b767b9493e22c67c8c1fff47e3f9

SHA1
2b5edfe3eddc3398eaea230028071aca0f260eb6

SHA256
7c7a61a57ccd8b57eef2e27b5df6401ebdede1af5d6283428439846ea45faa68

SHA512
459f08a916daee162a280c6ae64d697393e25f34de7dfbbc1f45636bcb9232fcaf915decbd6731d007a4a965572496608f20a8191198e6f398d92f26f083a7ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
16KB

MD5
48a13f7af83e9b1640e876c82e63ad44

SHA1
c4d25c88d9ec3d3ab4544aafe654c7074b861c4c

SHA256
9c2c0b9a48fa49c2fcbda0598180c9fe26940167e936e58deba06178bf9023d3

SHA512
ae2881c050a32a71dbbb793d06c8b203ec31b431e5342de3f385e0864886ebf2dbdf9b120f5f401718aa446ffd4f88fd55d72632ab95bf5e79857cc94ef37529

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs-1.js

Filesize
12KB

MD5
3b552efbf6b9dceb5a447290055a8992

SHA1
4e6d021ff330e61f64257db37b5aff391b4d6dd1

SHA256
f048e2b822d237b20e1f6eb038339a708bd5d77338a75387f9ec9d218581e59f

SHA512
6a2fa177bd547a3541ce330ac9d5973884d6ee7722e52558d58afdffe8be9784bb7282deb43682e6be7aca49ed8d8dcc3b2260fcbe8782280babd641fd1aca10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\prefs.js

Filesize
11KB

MD5
209f4698c9c80d293fa1967e03d2649a

SHA1
f0c65d1d74bd38eafb03338ca67f917f3233819e

SHA256
ca4f235659ce5c13e3a8857a0317d1068f35966c0d753b74afc0fba21b430869

SHA512
07ed2e123de2b3353b533b6a0436d2377a3c995e36daf543948a67d4164720b71fc48b506c8ce4c1fcd29196d13f2630cff2a4a5a99920f4a893a8b8e56ad1dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit