hxxp://transcabrera[.]com/yaya/jepumbuvtcxsrusym5v6zzjgbwmni1x8qe8ja/mgrulke@bch[.]org$?

Analysis

max time kernel
128s
max time network
131s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19-11-2024 20:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://transcabrera.com/yaya/jepumbuvtcxsrusym5v6zzjgbwmni1x8qe8ja/[email protected]$?

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]$
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe
Token: SeDebugPrivilege	4944	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe
4944	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 1976 wrote to memory of 4944	1976	firefox.exe	84
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 1260	4944	firefox.exe	85
PID 4944 wrote to memory of 2132	4944	firefox.exe	86
PID 4944 wrote to memory of 2132	4944	firefox.exe	86
PID 4944 wrote to memory of 2132	4944	firefox.exe	86
PID 4944 wrote to memory of 2132	4944	firefox.exe	86
PID 4944 wrote to memory of 2132	4944	firefox.exe	86
PID 4944 wrote to memory of 2132	4944	firefox.exe	86
PID 4944 wrote to memory of 2132	4944	firefox.exe	86
PID 4944 wrote to memory of 2132	4944	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://transcabrera.com/yaya/jepumbuvtcxsrusym5v6zzjgbwmni1x8qe8ja/[email protected]$?"
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://transcabrera.com/yaya/jepumbuvtcxsrusym5v6zzjgbwmni1x8qe8ja/[email protected]$?
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2012 -parentBuildID 20240401114208 -prefsHandle 1936 -prefMapHandle 1928 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {131e0834-7d8a-4ad9-9da8-7b8e7870cabe} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" gpu
    3⤵
    PID:1260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24601 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2104b195-445f-46b4-b580-83125694c54c} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" socket
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3008 -childID 1 -isForBrowser -prefsHandle 3204 -prefMapHandle 2972 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ee14ac5-85e8-4528-9719-dbb410e0489c} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" tab
    3⤵
    PID:440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3664 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 3652 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2077397b-fb0d-4d23-936e-16492082a4db} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" tab
    3⤵
    PID:1472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4372 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4364 -prefMapHandle 4352 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {23ecb256-5ae8-45f6-a0bf-6e564ba16eb9} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" utility
    3⤵
    - Checks processor information in registry
    PID:3228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5248 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9789ff67-4c94-43f3-960b-ff522ee00c20} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" tab
    3⤵
    PID:2780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5416 -prefMapHandle 5384 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99a2a39b-8813-4f2b-9027-9612adbb0c94} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" tab
    3⤵
    PID:2736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5692 -prefMapHandle 5688 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ae3af8a-ea03-436d-81f1-8f67fe219fbb} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" tab
    3⤵
    PID:2596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3396 -childID 6 -isForBrowser -prefsHandle 3288 -prefMapHandle 3256 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 904 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {637cc8e8-88f4-4b8b-a9fb-1c131eb86c89} 4944 "\\.\pipe\gecko-crash-server-pipe.4944" tab
    3⤵
    PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\etc817bi.default-release\cache2\doomed\12424

Filesize
88KB

MD5
2d4afeca7e78697052189625c7b3162e

SHA1
23b8f872f93ad9293aca7915992869f3227e3119

SHA256
3a84b74a56495c24fefbe4f9bef515e5ff24c449987f4b631067d77f5cd05d3b

SHA512
7b76f82b357f1c7aa371ad41f2fd94e407d163cb268e939d0629128af7062d96a9be1ce0eded58c34f50f2f0ea7bab14f9492c09b29be2fe9f21a6829ea6c51d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\etc817bi.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
c4e68630b244f22df8369f96bd73eadc

SHA1
41402e0fad25c97b4f1779c369d918df6a0ca675

SHA256
fc6a1e7ecf875fc56783d0a75b916b874d229b166f77cf6a9d88db0d7d8debf8

SHA512
dda27e0a9413e05ee47c8f176bdacce64e930c06cb9925723d1b594c885399fe9005598c6ecb7e315c49983335d00ac38f5a259e942194e358b0dba61ae2dd2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\AlternateServices.bin

Filesize
8KB

MD5
a38fe50fd128ff58454aeef00d108694

SHA1
9f86ef8fbdfc999f00161962ed57cfc8a9c404e7

SHA256
0babb5d693642ca5fe0e946894b7829f498f4c2b6b0c420e0d74b7710ee3819c

SHA512
cabd92624e7debf9ebc7bf77d70fd622f19ab4436a426f8be3990ec03cae9379684554b97133ba51c033607b1e3fd040ea900d47f15021bc4d82e3d11e69c967

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
e8ab1b1502842b084ae967e23e6ec35b

SHA1
bdcbab6d62f2bf721e7f3897fd8e173366359249

SHA256
6933895e3a4fa888a6b6794ca3dfed4ccb26538f7e8ef7244011d41c44ec3993

SHA512
a18a07e9c30deb31ac18742c4367717cc5d9dec4fdc719d6ebda9e2542d35693af25bb4ba0ecf2dbfeabdba745ce5ad075f0083798015d5adcc99faa40cbcf6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b11fa830e67c0c6356645a0bb36ad6d2

SHA1
1f2b3300b93c5c9401294da5c8bb7c46b21af584

SHA256
d640a455a1ac724956a1a7995881cb7dac5d6f4cd24e01685c3bab048dd2db86

SHA512
63d7287d7cc133f115ec044df67845474ebe386f9568e63fe35a116002ca43f469b7fd61c3b0409ed026afa46241e3635824fc6e32e409653b71c000a746187c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
89d75a7a8e4e610d96ed239a1cf08920

SHA1
f1f0c0921c088ec45d156f487948b32ce1b00d34

SHA256
115a3d0000f0aaf72a290e583e2ebecf0c870446e5e4e564b05e29293ca367a0

SHA512
013cf60799331b5a1e517c7691dad8200d05c9c5d7f84d2d0b7ac3cc457e81694b6a598cd823d08d114669872f8182fbfab01f6349f16f8c830e679aae2dccfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
005a0f5f185437bda71e853c1a330fe6

SHA1
296a818932f19ef40928811408fc6c9d09379f2d

SHA256
83d8b8cc1d52d3d5dcd95e8539df218efd64a2f57a48fa83be0d0d961bfc2423

SHA512
75c7f624c6bc8917f60be4da0f378acb6ae5051bc65cd4888665127117bebe4de6077997dd33ea6563843148d50d3ac1c95b9753430b534149383fc4e193daeb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\b1be1765-3581-45d5-a6f9-9012b9b68946

Filesize
982B

MD5
76fdb1e0e747c628c0acc8e624ec1e3c

SHA1
78d6b8373c825f03792ac4519f9ef5b0e578bfbd

SHA256
b01c46d232d7c5b815fae373d2b5588ea19ad53395a4950161563857e2854859

SHA512
0d858e8528fdd3ec44380033099c0b129510715711314f3a805b8e42c684009cfefa8743e6843d4f0e65f9ce585cf11e3db0f5b4f463be4af5c9579a96a459c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\b95bdba6-658f-40db-94e2-b1a34679d8fd

Filesize
26KB

MD5
662f4e5d9edb23d56e82cd9fbff64d37

SHA1
66905291ba59525bfc916f75a231d3000ccb0969

SHA256
8c5584e80c1e57d0e473425a190f39c30d82fb96f98cb26f2a8229a9ed72948e

SHA512
671cebf07d6bf553bd4ebcc23d61f97bb59643baa4c5caf0f9b96143ffa23448d5c39aee08e25ff598a9d629c85d4c9799b3cc3eb781220c442ebdcb9e06242e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\e3bb1deb-c4ca-407f-b40c-e19587d97ec8

Filesize
671B

MD5
da1f2aff9f16eb5e6b0294f388cfed84

SHA1
65c94879199d52b9e0775eb939fb93fd2312dbea

SHA256
42492041f20d6310ad26dce3e02416c3be117ddf00eafaeb5a19d0a208a2849f

SHA512
8093e41a329590a1d048a25ed00e54d9107ab0de6e2fedbc5f5f190d7ffb7718aeb72973faefc91bca41be1b177e3a3c8b08937310c1ad8bc038761c0fd86bba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

Filesize
12KB

MD5
7bf9514260990ce3c072cbb783d91cc0

SHA1
29ea86b94692c4afc10a3dc0c0fdb2f123bdc947

SHA256
c364894b860bf6d60b9776e7107b883a4cd775d5be7244a72213f579d48f15b5

SHA512
7611727fb9d50a081462aadf22f57685c140c1062dfa7b9fac1ee83675ada6ca9684559f3e5c17c450e6e34f2e87d4f87374ffed294f538c5172a419f2c81eed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

Filesize
15KB

MD5
dbf05bc3d3bb3288ada5df3cbaf50b02

SHA1
8dfcdee0fba9dbbd4d209e485ef17725feb97e73

SHA256
b4c5875b4a85bf282ce427a32427cbbc7b7e823c22325015b51214956fc7e1a2

SHA512
320323a65492e7f645238987636bf4a597174191c023537a6c9f656967d0b2ead0c73b27f7dcf9728e16422282673f9417bd58ed9f4cac70353649c2f8e2a8a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs.js

Filesize
10KB

MD5
186425ba14f8aa11ef167d932468a2e2

SHA1
03ce0b9e918968f1ec0903cc1eef130f750dda2f

SHA256
0988f9ec8654305694841c6a8f063c222bf8eb5d8ea9d69ea7e020785764779e

SHA512
bfca9341c9000ecb443127a24586c3a787bab089e028be8f285b6f64b8db14da52d5eaa8fde0ea802bf3f4b62e2f093033e8754717ed8afa1c230c3eb5c07a80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs.js

Filesize
10KB

MD5
27f2a07796bc2b27d62302266ea8fed5

SHA1
2267300e346747d001909dd761712fe7faa4fcef

SHA256
88d70277ff6722a8d10119ec7d373345d824a1e436651a1c2edf729f77a33ff2

SHA512
2c59e73fd60edef30f0b388a33d15f052164e09d046c4af7d73e1d7d448b94af3fd09dff04b332e703aa23e48e36062edd6286733d2e330f103c79bd855fe16a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
dc23d80a1f1a6df7d9e39f460f5c3ca2

SHA1
68cc739ceb93e4dbad689fbad616bf77106cecc9

SHA256
031cf2e5a020ad8830da17f42333372d0be787eb0fe8a69c8ee4a4ed1e8c1000

SHA512
5c1eb840ef02c11bc14ed5fcf457ae4744c089be4a2cea463f515215363f7570aca02bcd9fb33873ee0ed24275dcaa71cd26fd78e44ea969602fba978f704c61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
581492225d6115180e9c1bc00d51a845

SHA1
1eede73a4402da64e56e0b8ea8b70ca1718f9d80

SHA256
23638664feb4eea10b878148767b981fe1f34b2f3bee9120bbfc83295fccdd1b

SHA512
ef4c3305d5460c2a1fb057b21927160fd326a77230abd0b6f733ecf013f3fc52e9979bc57bff9319e78ad310199abfd3cdb11e86ae9d82e00abdda80d24beede

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
91f9b981a7b0a91d144b3b3a062c744d

SHA1
479abf03c54884c46e43c511603d3fd35d6e0281

SHA256
0b90ebd91dd9b29a637621a0019f6872e864157715798edf7e9d7ef2b5810bba

SHA512
6eb3ae3096316ea12b4f23735cb0897e687ca46911ca7a8823d7dd185e40f5a47a7f92fafd8feb8579e818301e6f185ddb3e489d0c0966430f554a53e991f650

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
96b07959893f0593f0084f1b5b5fbd0a

SHA1
948fc825c32ee61b7cb58fe0ad2a7a1ce3f0e154

SHA256
2a756cb83fc049c1e3e98767df6ec6a394caf0e7fd672c1185895f2208b51627

SHA512
61e22df3dbc92534d126bb514d7eeda39c9e26bd0ec16a76126b1dd6cf4458515413323f299ff9646a1da46de2e92847b9f7bddb31a7bdfb0629b182a3412dcd

Download Submit