hxxps://drive[.]google[.]com/uc?export=download&id=1aaHy4-BL1jpAnjhteg88KMZ7cu81Z05w

Analysis

max time kernel
124s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 15:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1aaHy4-BL1jpAnjhteg88KMZ7cu81Z05w

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
24	drive.google.com
25	drive.google.com
28	drive.google.com
36	drive.google.com
8	drive.google.com

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\wusa.lock	wusa.exe
File opened for modification	C:\Windows\LOGS\DPX\setupact.log	wusa.exe
File opened for modification	C:\Windows\LOGS\DPX\setuperr.log	wusa.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Win7-KB3191566-x86.msu:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1056	firefox.exe
Token: SeDebugPrivilege	1056	firefox.exe
Token: SeDebugPrivilege	1056	firefox.exe
Token: SeDebugPrivilege	1056	firefox.exe
Token: SeDebugPrivilege	1056	firefox.exe
Token: SeDebugPrivilege	1056	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe
1056	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1180 wrote to memory of 1056	1180	firefox.exe	83
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2396	1056	firefox.exe	84
PID 1056 wrote to memory of 2912	1056	firefox.exe	85
PID 1056 wrote to memory of 2912	1056	firefox.exe	85
PID 1056 wrote to memory of 2912	1056	firefox.exe	85
PID 1056 wrote to memory of 2912	1056	firefox.exe	85
PID 1056 wrote to memory of 2912	1056	firefox.exe	85
PID 1056 wrote to memory of 2912	1056	firefox.exe	85
PID 1056 wrote to memory of 2912	1056	firefox.exe	85
PID 1056 wrote to memory of 2912	1056	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drive.google.com/uc?export=download&id=1aaHy4-BL1jpAnjhteg88KMZ7cu81Z05w"
1⤵
- Suspicious use of WriteProcessMemory
PID:1180
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drive.google.com/uc?export=download&id=1aaHy4-BL1jpAnjhteg88KMZ7cu81Z05w
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2008 -parentBuildID 20240401114208 -prefsHandle 1928 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ac936af-4737-4cac-94f5-e11b2b7c0031} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" gpu
    3⤵
    PID:2396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7c5143e-7aaf-48b3-b1d4-83184e7c98ea} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" socket
    3⤵
    PID:2912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2880 -childID 1 -isForBrowser -prefsHandle 3196 -prefMapHandle 2812 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5550320b-78ef-4d9b-80c7-17a315731c57} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" tab
    3⤵
    PID:2860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3620 -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 2728 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0a40559-751b-40d4-95ec-fc34f9a2b9a5} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" tab
    3⤵
    PID:2812
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4188 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4168 -prefMapHandle 4156 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a63897b3-ec7f-42f2-9fb5-8bfb350a6658} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" utility
    3⤵
    - Checks processor information in registry
    PID:4548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5556 -childID 3 -isForBrowser -prefsHandle 5548 -prefMapHandle 5544 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e03fc2e8-60a9-4223-859e-4188af609438} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" tab
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5760 -childID 4 -isForBrowser -prefsHandle 5680 -prefMapHandle 5688 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04a43ed0-d704-40f0-b6ab-65d8261958f5} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5912 -childID 5 -isForBrowser -prefsHandle 5652 -prefMapHandle 5660 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f340ee7b-e405-4386-a7e7-f891b81ffef8} 1056 "\\.\pipe\gecko-crash-server-pipe.1056" tab
    3⤵
    PID:5092

C:\Windows\system32\wusa.exe
"C:\Windows\system32\wusa.exe" "C:\Users\Admin\Downloads\Win7-KB3191566-x86.msu"
1⤵
- Drops file in Windows directory
PID:2692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
736cb3c37aeddfabf4f13952a2952f5b

SHA1
9a8b1845b779baab77b015a6f1ff9d21b365da37

SHA256
eb25001e216360f752e2ce3af436a7dc9c95c53fcf13c4a4ecc3464e3b46c857

SHA512
bf340c6d1b8aea2072afc1f0d15dcf3c2832ff3af2cd797ef09ed2504d7c350bf2aa65319fec2dd42f84ac6f0f150c98fdc68f07937ec6c8d7f26005651f47c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
6KB

MD5
d04114999b45a9e38924a5d291d22ea5

SHA1
f989ed773b5c1dd07a3fcaddd5b2f567bacfd842

SHA256
8c259c2770840e2bdac61bf3020d0c765108c311937c43a1179d0a33ff681b82

SHA512
2bda3c2e19f21b6249ef3eedb1c6e9a0e7924c37cfd9cdd6451b19f9037426804dda6ddcb88a0c5f8fd0effc7db582cbc66091f09b8b3bc6e75265fda8896a52

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
7KB

MD5
0414b57d16a5d660cdb585058b1e3b9f

SHA1
350a3940db7fad318d0fa55bf20bc2ea7a6dfca7

SHA256
cfa834130beee3075caba73f7253b8873c8f7e481d36a9bf11e4ca88e32a03a5

SHA512
1f259e304125360225b229fd50f3e137df4b2ef2605e962a3f6abff0b703dcd94431a1f49862df43536a125babe8ed591a2b947ee6abdaf18edf1e542ca3774f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
11KB

MD5
afbd798df6cbd2aaf0b2fb1aec107443

SHA1
a1dd58714ab4beb1a31198a3ae2155432ff0064e

SHA256
73385c8f14414f52c27adafae53fc1059e5067a76ffb1bcc525de41075845f2a

SHA512
f545b3f1b1bae7f952048cc91d8afb45e4e0ce6ef3b872814bfe20f207c403bbed7423b3026e42b1c3502080f3957346ddfc63c8a0c8f6d2f82cca99fbcd5309

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
ca45d69434cba0b494dbc6a35f5f0361

SHA1
f705ce174c9eacd827b6c127162c8076e5905e14

SHA256
e4f99190b90d76d8a7f11c8028b385d81b120c95fafc0695c3ce2fe1b19cb0bd

SHA512
36d137eac90af7493efc860e5b835950818f17d8de56ec2435091bd5ea1aa145f08a2dab46b4e92a054daa81f0c5b5270c9a10a2776bfae9407aeca6bd538913

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
4747a874169264d8e9a0d0aca623f7ca

SHA1
070cf77a3629d58781f27d46483ffaf69a2248cc

SHA256
b334b1fef9aa72e4e1846bb018b0f5234dc70d7a1b1d3c582e97d98952ceb19c

SHA512
4a9a0b773641a582db9cb89dcc1847529e2f630325e6860b702ac67ab3a20af556ddad6d6fccadf189f2e1589695f2c6318bf11d44af13cf7031e9ce62a4b2a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
c77a25d42a1fb540792a119f2ed5afc2

SHA1
fa3194004c085cd842e13874725f25b8fc25aac2

SHA256
7725826eb80672d024df37a9f036ff85ad02eb68a019850ad23694c52100fc0a

SHA512
e80af8aaabbddbc1006e965fd304ae0191a70fe25ff173694353e26141071d6f5746d14e61ccfe1b8138d0193467f6d5ab0a67217867b85800af4f8c8147a7e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\40c74863-44b3-4f7f-84b0-2ce197554971

Filesize
982B

MD5
2f567fb1b5a9f82b330622439067eb14

SHA1
4d5ed4cf1177d2c20b76b4e0d01cdd61cc62f950

SHA256
8373633f3d628125b80130a657aec84a1eed747e1fb113fae9fe68b1377e7082

SHA512
052cea3f896231b813e636d6ace3fba8e122dbd25b05bc1b3b8e16a2f2045eac4615f84f34c8b3d948211e066485e3938a5c1cdc0f6e100707b013de46ab3f50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\60e579f4-c00c-42f6-a458-3c654ed3c960

Filesize
26KB

MD5
d33c1eb9f6d80e62b9f19ac69207a284

SHA1
0841e2e0f1838e92c092bc312c313753a0d2269a

SHA256
d21723dadc707e21951c5b11418e053be3ec8d8e44cc5ae39cfa3bded82ca33e

SHA512
7b315448445038cbe94991776cfdea1bee075b47d45edb88e355973ea97b75759de0b52c3d736fba2b91a5f4af07ae0188a1ce5fae7ccfa85e417faa024682ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\93a02246-c3cf-432f-a2a8-c32097dd31ef

Filesize
671B

MD5
79f2e0778f28497c3be11f088042f182

SHA1
751592db9708e4755c57c75ca9570b2ad436b9b3

SHA256
56a0d2e25684ee3f36796928752d4dda29c0427e46e5cbbc21c56dfb105126c4

SHA512
bff1fb4acc5158804512280880312d254a877766cd414cc2463d0cb829c60ffc7f126c92ee76f235e1a32594a3a8b9aafafae0ac9eb454a7d519c839319296d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
11KB

MD5
96247e25303577b08eae8887747edfb7

SHA1
a14bf5bf53444054f792d25522ca35f1bef5b284

SHA256
cb374467437606dbc857ff49156856339a20fe21966f1614da0dc8bf3f9246e5

SHA512
813598aa329cffd1863ff1b8afee81fb70eac74a95c35a74c435c4ba6ab51aca3ec56bff73a9596d0cba6c80b1e60914df99f3beef4a09aa0fadb9c1686df505

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
11KB

MD5
31e10456af4ac325134de37a3d83889d

SHA1
ef530aec46b43003f2ad31f1d45a2c75c6511aee

SHA256
482a4f982c12694b66188eff66c2ad96cd86bc2c05681773a9a2687ab7462c4f

SHA512
abf021c72bf99850190f8e44abdb40e0a2f7c4cd0185e0adbfde8e1ed58d2d5565e5cb792308bd8e888b0a100b9907c520b020c4974e25bd03f9c03118266f10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
12KB

MD5
06a69c26f5c93f9d47f3faaea3298bb9

SHA1
430d89d6d31ec3affdabcc1e4379accf0ebb69f6

SHA256
1552175e9a901a114690082edb0855e72eb4434a19224d5e36ef250d38c80c62

SHA512
caea1c8cc93cef165c623ed59037e95daa8c3cc4d2e481e8d57812f3ea3f1b29f473081363607c3343907dc23a398c53f1a5b97e7671e0725c75efe83e5733fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
287f60071f8fc006aaddf9c0afb0de55

SHA1
f2571818fb16f2d2ec4169eabefd0ac8198807ba

SHA256
dd1c9e2f7f9821eea89b55feea386382a43ba943dff6f334305c9f153de39ff7

SHA512
e844e77c11daab4368a4629da7f480984718092df4bc5e44b5cdbc373ea9288c484a4ebe60620af1e718562176a0cab8658de09e75aa1cc8020a19deca2ab9c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
62ccfd3644fb5818a43d6ae93e086940

SHA1
c875091e50f0fcf1ef3e3769ddb767cb689335c0

SHA256
c43e07d882e3bc2169b3d2ca9cecc8c9ff66cda587010cf81a4c23e0e51785fe

SHA512
00f57b5d2b80d8ecea84dd362cff436f5b7f68fd66151fda06bfbecf0aacdc82e8d0dd8dc42cdf04680a3295335edd3eb70e30464d8cf4afcbfc9f9a047ba416

Download Submit
C:\Users\Admin\Downloads\Win7-KB3191566-x86.hL5q4iUm.msu.part

Filesize
42.7MB

MD5
4c5f198f00cb50b92d53a65773d7da35

SHA1
a041e9b51dac5808f400a5498bcd1f1c415ef044

SHA256
4575c47bedf732c7a215a5dd9e184ac2f06f10c0f23fcef38eec96b0ff3bd121

SHA512
896074b0a49b0fd9a283e8a9511a8f69167d23c88a126e9697d2e1f43d899e4224b18369272a89c7dcc526e8116a1cea700c75d5fe530f65737fc59f9affd6c8

Download Submit