80b906d357a9f67168edf73f860ec395f62686e9527851c0f73fe8a0d5885be9

Analysis

max time kernel
203s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/10/2024, 03:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Oxynal.exe
Size

111KB
MD5

1a881f28be0b6c4aece090c1baa748b8
SHA1

4d39e04af02023ab4e65d3aa27b9b26828f1dce6
SHA256

d523c55b21834b10f8bdf472664564848b6a476e9e272299072f02f807aa5b3e
SHA512

bcb6901d28b8cd5a06174016e2a34f739fad6a7341295b72423d37c4baafc673eb2568acb0346a9cbe533c6ddee3c62cdbeb6c1d2bc6930568277c4c93de65ba
SSDEEP

3072:qI0EXYZxG+dKgAbmKIYwlQCfZKGhg2Xhbe3fBqGTsqY:PwG+dOuYcGZ9Iq

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Oxynal.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1194130065-3471212556-1656947724-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	1564	firefox.exe

Suspicious use of FindShellTrayWindow 23 IoCs

pid	Process
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe

Suspicious use of SendNotifyMessage 22 IoCs

pid	Process
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1564	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 880	3944	cmd.exe	96
PID 3944 wrote to memory of 880	3944	cmd.exe	96
PID 3944 wrote to memory of 880	3944	cmd.exe	96
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 2228 wrote to memory of 1564	2228	firefox.exe	101
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 5052	1564	firefox.exe	102
PID 1564 wrote to memory of 1780	1564	firefox.exe	103
PID 1564 wrote to memory of 1780	1564	firefox.exe	103
PID 1564 wrote to memory of 1780	1564	firefox.exe	103
PID 1564 wrote to memory of 1780	1564	firefox.exe	103
PID 1564 wrote to memory of 1780	1564	firefox.exe	103

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Oxynal.exe
"C:\Users\Admin\AppData\Local\Temp\Oxynal.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3952

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4836

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Users\Admin\AppData\Local\Temp\Oxynal.exe
  Oxynal.exe
  2⤵
  PID:880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ac15d0b8-73c0-4902-9b79-de07afc7cbfc} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" gpu
    3⤵
    PID:5052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2440 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e16cd868-9bc8-49a4-a591-bc81e1509567} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" socket
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2920 -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 3236 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b23c6f9e-9307-49a7-8a9c-0a64e907899b} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:2104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3992 -childID 2 -isForBrowser -prefsHandle 4020 -prefMapHandle 4016 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {218c2dd7-522a-415a-a6bc-0569413ec638} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:3056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4764 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff5b153e-9baf-4ff9-87d9-75562d6792d5} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" utility
    3⤵
    - Checks processor information in registry
    PID:5380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5328 -childID 3 -isForBrowser -prefsHandle 5320 -prefMapHandle 5316 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88c7960c-e9e9-474e-adb2-c35b7f6806b0} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5468 -childID 4 -isForBrowser -prefsHandle 5280 -prefMapHandle 5276 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10324aad-6823-4416-bc1a-e1547c480d5f} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5636 -childID 5 -isForBrowser -prefsHandle 5644 -prefMapHandle 5648 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8b79071-0a3b-4dd9-9859-0a3c4ea38b81} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:5892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -childID 6 -isForBrowser -prefsHandle 5280 -prefMapHandle 5944 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f76359bd-5056-4054-aaf4-5c6f49a73791} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" tab
    3⤵
    PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\activity-stream.discovery_stream.json

Filesize
23KB

MD5
a7bf6b6ced879a77161c4100932d67b4

SHA1
c444cd9be08c811a614baabb2837dc879fc40874

SHA256
07957551c3066f6e1b854be8e77a883d79a09152a128714c8139854103dd66de

SHA512
73d4f8df0de61a90dabb04b8bd406153f2cb0a08c28f6d68f5eb81bc512359ddf9eda165474216e7290513eaaca4dd9212aab5e833b7458ee305b3a8044302ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
6KB

MD5
bb0addbd1da5516e91a8b68d056e0cf3

SHA1
031776ac4bd8ec75ef0875b0385bbc8f4de15e28

SHA256
a86b7df08b843da85e36016d212379bc2d09e3270b0bc797d69e7fbc3b1d15d0

SHA512
214969932217820dd979a13625053a1810813207a5af3ef0baa98485db053edf5d5bed0b3ad6190a6a05eacc767f89e27d05f37e0395df8d5e5718bace05b756

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\AlternateServices.bin

Filesize
8KB

MD5
ff9a8a433cefc3fb7d7deb1f6c4c8954

SHA1
e2c5793772a41ebe76ddb75862028eecb471ef51

SHA256
29a4b446f5d9c024cfaf81ff2b8485e51518a3107011b1b5bfa284023fe76341

SHA512
0a75bc5bc64cd508708433fcd583ab630de00f3922bb6c5c9616eb50c78349b5f79a1f2a3c6e1f22d6908d4c301aec1c7505d045bdd70c8e81c6b343ed89449b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
b1466534291c83781dcb6dd8ae59d162

SHA1
09bf7f002c5a7f46497852488616e71c93a532b1

SHA256
94a6c7d3dcb901dc9ddaa613e1278f79881730cb9862d43f1d9597f94b00e1a7

SHA512
34eb8aa9c6565e44dc1dbc69b8c09dfdd9100e813d78498b54b7b094c8ba601f7146e9b6336de04ee1eefa08f0abbbb7eb7e743f075c31c25e80ca809f63211a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
c25af46c45d56372e7f8bb3c089fa50c

SHA1
8f3e0edf663d350ea5ae85b089ea14c28335e1e3

SHA256
9f92e3238641071fcb415b502f08a91da0450ac79d4d229798484c3336567e09

SHA512
1ca692f27a9274947c95af87c3a4a549e20bc59380dcb03bc9e0f3ced80f2a0ca3d8e67ca608215f8777795c1aaee50e3ecfeb979f45ae51ee9bff8996c20c37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
4c1147070173e9e28dac867dfaf7c600

SHA1
e34998613fabea0ea39435faeb7570189881a9fb

SHA256
b1d336d9eb685a322f9f1a01a60da2c4757c13e3d8cb27253727ea3a4238798a

SHA512
fb7634d55a9685bc6c4d01a053ec51636b8cec91d415e9df0ce1bc77e09e0cfc82cf5c1cb2ff0d36ce2e7d8c13bf5631ed32b623c92775791a484bf40472bb0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
702d8110d5afea2866907827db0d63f8

SHA1
6cdf1678157e61371eed523802092631f9957853

SHA256
c08532756749020ba55a46301feb6d5da7da54f621e6e210b0f3fd9303652e5a

SHA512
54858d2dd57b5ade1bc8ce7142cab855893ac4ab25df1b998db2fb32f9810d2d7ec630a86b31bee7c1fc201e923376c7a933820b16bf8f4fe5c8a4de31cdc167

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\32fe561c-ae14-43c7-9336-36a7e6e1ed5e

Filesize
982B

MD5
0d8d98742e960bbcf33f063893d75cff

SHA1
7e54501eb55e2441aee7dd65f2b9ff1f4e8ee6f2

SHA256
ecdeb3cdab8d9b4979a5d94e6ece704161c4911ec624e60ac614f39eefb616a2

SHA512
1a9c43593c8846bf0b15b0a3eb06623d4b2b33f584866824ef45cc37abfc8da6dd4fc9d999511d36196ee8335b6cfd7e04f1017c51f161fdde2b48f86ca87776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\datareporting\glean\pending_pings\cb6ebf59-a5f9-4d98-ba02-f67904dbfefd

Filesize
659B

MD5
dcf40e082206c7a00bd869e1977b9108

SHA1
63517b8772cddf4bf7716ee72cab935ed3318fe8

SHA256
02a1e6b6ef1f1ef345a3bd96c8833c04e4dbb9ef63629f67273344291777ef8f

SHA512
d01823c4a0859d7410f1a192cd1a82918662cfae41f21f6ad96494a2802a09fe4bad6fba40cc71f8320b9b0dbc9de2d4cdbccb64fbac863fef621d50d3ac19ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
7aaaf6f25c6e510506b9b106b5c64fd9

SHA1
d30edeeda4cdceeae8cd07ea82dee9bedf6b93a2

SHA256
6a1c9cd01697839935b5649e8f3a8fa2b672cfa9cd25149d4c1056a773f39875

SHA512
d7e3b2e6d27e405ff050034914b58da89d81f9ab8c7e57bb561c6b7e04002dabd7bd8f7acc50aa07c69236ec5026667b53d57306361ba4e1845d0b7103c94342

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
11KB

MD5
b5cf2d8d9d89fd78f2c2b3b6fb262310

SHA1
cb4e1c42f444decd6906bd43ec6b3b97e31bc293

SHA256
a41d84b7488b2329d8157a35bcf010b70a563ba36cefca8f8424b2a474a01f0a

SHA512
6555a0d274a60f27ad6076b5158e20acbbb1b71c77cffe1e25d0e38b462794b498323bc74235139cfb324eb80b5344dc7bfe9b30ed37967e9d69c5676c0250cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs-1.js

Filesize
12KB

MD5
2fde34918202b7f99e242a0ea45781c0

SHA1
b93a2521205dfd7630f74e17f92049a540655786

SHA256
13492aff958aa140ae2ef9844d69a04e12c1bbf91616ad127cd6679a65f0f000

SHA512
77cf3c6e4bd4d123ee3542489e4bb43dd427991ff770ed6f30dd889fed5e6803e8a363a899ee1f9c35600eebd9a6f6ce598ebb552e3d47b1acb51ccd898b57ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\prefs.js

Filesize
11KB

MD5
f8448bd123e73e87abd121580fcc1840

SHA1
f99308e2b16c1a58ee47cb1605f38d6b3a66f5f4

SHA256
8015d1127aea76521c63bca05deecd16227a3d72e3c8653f464950e8bc69b732

SHA512
f8cd0c9124dfea36bf7011b98dd9f420886465d08ede5a14d2c14ea78797a9f750aac56df5ed807ab913e513227cab54eb5cf6268f11da548b883d5738d9445b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
5061a8ad4185995e13b80db240ff6fa6

SHA1
fce6c0fa0680df38831c242e1072d4b6a34bc9e4

SHA256
f42e3c77fb9c3de26dc4cb28cd21f0ab10a84125394f2600f384f0ac499cb555

SHA512
51b5524be3dcb2e759ca14b115d667f4072820c1b0d289def776200068906581f1df57c810feacdf697451ceae850e3ea30d67569cefdcd6a62ce99ccfebd42d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pj0o4bl8.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
67aab989bb0cecf0b990f9ec6cf5033a

SHA1
f9be351e2c570066e794f5ec12c2223dd46bb372

SHA256
b2464e15868af09dd54445d8981592a0f3ae100801b1993b3e68b8d3a171044f

SHA512
452f9e334c14ef26b1d9ef2cb7210629f954981b40e93d9550dd1a4e429354bae9ce3ef43f9224fed01b4d944657bbb01f516e587150835812abf550893b5fe2

Download Submit