0181cf0dbef45211443265b7f013cdbf049b9d8500aa3f2831e5b209615a01a1

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21/11/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Status Update MVFN.html
Size

3KB
MD5

2de94a3e454acf31aaac06b3fd70375e
SHA1

02023bbf3fd16d57c6eba971c7b9d599bcfa54b0
SHA256

0181cf0dbef45211443265b7f013cdbf049b9d8500aa3f2831e5b209615a01a1
SHA512

93edbb82411cd41714d5ef8d11297cca1d671f44c59e66976b4855b1e27d44ae94e0b4a6cdc64f1168cc1ecb7869daf1eff16d95d166556679922c2bd216c305

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	844	firefox.exe
Token: SeDebugPrivilege	844	firefox.exe
Token: SeDebugPrivilege	844	firefox.exe
Token: SeDebugPrivilege	844	firefox.exe
Token: SeDebugPrivilege	844	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe
844	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 4428 wrote to memory of 844	4428	firefox.exe	79
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3888	844	firefox.exe	80
PID 844 wrote to memory of 3388	844	firefox.exe	82
PID 844 wrote to memory of 3388	844	firefox.exe	82
PID 844 wrote to memory of 3388	844	firefox.exe	82
PID 844 wrote to memory of 3388	844	firefox.exe	82
PID 844 wrote to memory of 3388	844	firefox.exe	82
PID 844 wrote to memory of 3388	844	firefox.exe	82
PID 844 wrote to memory of 3388	844	firefox.exe	82
PID 844 wrote to memory of 3388	844	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Status Update MVFN.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:4428
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Status Update MVFN.html"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f7a1d2d-a5e5-497b-b61c-6ec9f331dc75} 844 "\\.\pipe\gecko-crash-server-pipe.844" gpu
    3⤵
    PID:3888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {15454722-b59d-426c-8830-f6a0fda5ffc7} 844 "\\.\pipe\gecko-crash-server-pipe.844" socket
    3⤵
    PID:3388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3328 -childID 1 -isForBrowser -prefsHandle 3200 -prefMapHandle 3196 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa8b1be1-611b-4db2-a5a2-d447cd2da9b6} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
    3⤵
    PID:3712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 2 -isForBrowser -prefsHandle 3140 -prefMapHandle 3100 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ceecce4-1b10-4756-9b3c-da3539c89005} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4204 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4292 -prefMapHandle 4272 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f72229ca-f4d4-4532-98bc-9e784a33c323} 844 "\\.\pipe\gecko-crash-server-pipe.844" utility
    3⤵
    - Checks processor information in registry
    PID:4624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5336 -prefMapHandle 2748 -prefsLen 27093 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa9a47dd-afe9-4a70-b027-f02af7208c58} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
    3⤵
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5784 -childID 4 -isForBrowser -prefsHandle 5804 -prefMapHandle 5812 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d4653ac-8643-4156-be0b-08d452bc8ee1} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5956 -childID 5 -isForBrowser -prefsHandle 5876 -prefMapHandle 5884 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d09abc6c-d8ab-4eec-a3ad-f81c9714ec26} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6060 -childID 6 -isForBrowser -prefsHandle 6068 -prefMapHandle 6140 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5d30715-2f94-4c8c-a788-b932f618b88a} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5916 -childID 7 -isForBrowser -prefsHandle 5920 -prefMapHandle 6084 -prefsLen 27174 -prefMapSize 244658 -jsInitHandle 1280 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aac30da0-7fb5-4e60-8b30-d51b935a38ab} 844 "\\.\pipe\gecko-crash-server-pipe.844" tab
    3⤵
    PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
04481246795b93327df5dfd4adbd4596

SHA1
c14f2f2623b420ea3ef8fc4131e1a3b91dc8fbd0

SHA256
3aa83a0e4836723be590772d8a0497535f34e5a9b1278e9b68cdb741179e8c01

SHA512
93a81c1f7d6ae0c49120efcc25e2d81a61aca8dc23786bc8fb65753205d4f19835268da643c406c4e632466a7826b362e8cdae27ca057b6b88869e91581775a1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
93ff5a934d141273e95e245e24bcb9a2

SHA1
b2762a0dcd8a588b218a5f8c7767313c985af3c4

SHA256
04c5e0691eacddcd4a8a29efa88f485aa0b75542090ed0c1cb67d5cd6ec5692f

SHA512
c00db053816b1bf528381d1be9b80ae3c6ab8cac6658c9fc8aabd820aac8cc52f5bbec2f5d859a8926112f754e7cbc670e33b400d1adfbf369a3aff055ca9cea

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p38rro19.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
c5453820da4a3bc1e204f83c7b35fd75

SHA1
91b7936617885d3372ed31c1429462471bca3978

SHA256
0106aa5bc358a9a055a49477a4d420578272fc040d484640ba703b906ba03933

SHA512
cd19bde1d358253af2f414b5b13dfd84b9065fb2ffad05496154c49186ad296f63f72b85509385ede2d7c8f79cb3dd1b037ba2979c579f54c88f75fa01e141ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\AlternateServices.bin

Filesize
7KB

MD5
d0b16992302051889492208f22a9f507

SHA1
8ee44eabeff6456a01b007bd834caee236be2d5a

SHA256
1d211757fa7463563d900de259e49ddf8fed889f9081a2efe442d7f3207397de

SHA512
3790de909f7a9eb34cf16025901ae3b3f3eda83a1a6df41cdbd7c15831fef919ce332006687c9e0197cd6d417cd63ca63dc5c12783f679cdb16d5b37d1b70a61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.bin

Filesize
21KB

MD5
6cdd10f893ef1a7c439f232258c95c4b

SHA1
327d3701a8500940688767c83653a7603d8d2b5e

SHA256
38cb773a50f9d77fe7ca58ec7f5d7cecd4ac836edab33271b1684d483e776c2f

SHA512
bf0ea442ec5b01f270ad5b6f0dabd8c18ce437285f9591672d351bc5829e9bb56081f882b8a02699c48c735d39bbf3fb921ba328061568ab5a419003b4246e1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
3131b3ebd33dca7fff51da21116430e8

SHA1
077d0c9878d8cbe92a4357e5d4f1bb44248f685e

SHA256
56afe59ea9b1745830ae3b6d9cf17d1ded28755a93cc853aed2de1143c5f8abd

SHA512
cec0fe6174e4ab74f875bd1651394121db0fb11dd58acc38c3de2277be2243e13ce51aa2ae85e095fbae85291701e8e6878574013f64c8456a2458f1b179924c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
42ab82aefae7053adb6fab737a0abb4c

SHA1
a8edd2f128eb5a0bc3f7e6e8abeacdc8cf76f655

SHA256
ab4c477631607b5b68aa1cf0001a97a44076a9eb7de0ccf5a6498e1aad15ab9c

SHA512
f952e933444500380b1b628a75b30309bde288465695150b87202e97875e88ec46789af76b57ff33c94a75eeddf07ec4f117450f188bb4c447d6e82a73c8788d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
4add3c178085d3b2e975c79dbbba773c

SHA1
aa213cf826f87b428bcbe9356322b01f7f2d9bed

SHA256
e69b16c067e42b9b8f7b8dae94bd9489ad1c0130bfddda120247fbc4b5069d9a

SHA512
8edf83255e1b718b457bbbc5de71a046fee47b7e99512f954ad68622a1ead6ca4c634765895e8d2035ed42024d10e070c3f0b5b909cbb24f9ad6c4f6aef51b09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
da913af0209c0b1d165961a254d54605

SHA1
ee61ad993825fc9508653d85017dc3412a79bd75

SHA256
080762954a9c54843e3b67744a7a08c1b986c9d1b8bcda89716c1ed1da9e4f25

SHA512
5f71eb6a9802ee8f66984ccec8619ad63a570b37442835c6e769fbedd92b12a5896afaf8ff3dc77f625a243099ed7f918f48e5808fce516beecd4be7dfe24d0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
7582c32e7cd0a5c8173560ecb46ae5ae

SHA1
e93597d082c58ce442db0cc09e3d44d249163229

SHA256
248805046b81e39c647a60015f18ffa7f43e570ed1c51ec152fdb166e0306741

SHA512
e570f2dedc9ea27936a99ba7f7024530fbd81c4073fe08afa652c1a019371e82f86f35926a27ca5c72981781123ceea72533efe22bccc9cc9e57e61e0568e539

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\94ea273a-3c19-494a-bc3b-d58afcff3891

Filesize
659B

MD5
67045b53d45585572f37b9aca187288c

SHA1
f712c3d0f09d4b3fc86459c554fce33d0b99ba0a

SHA256
4b04bdee4130c5c6239063b25a30342ad9a03026111ff1c3e41f967d39fe8fd6

SHA512
d954126c30b8a4107c2939bac38e45b43f4e79693ce64db76f9047f2df6f23cd056c180cdea948a55cb6eea6e32440683f06320b97c887e6a01827060f9e0a62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\datareporting\glean\pending_pings\fe2da874-f111-4132-adb7-c3f75adaff01

Filesize
982B

MD5
a7b78cfe8721fb7df4b9cdc3033319ba

SHA1
d439a7dc543df70d91db7174720235215cbb12d0

SHA256
6f34be5fd17fe28b1cfd24d50601f0003bdbbac9683bb80e8f1e81c418c20144

SHA512
5cb94d64ec886c99574781e33c2215796c3e57b21b5e9d59a3079076682371616e05d6365185bc409e0151e71390889f3503cb281b97e557e8382d24743a065f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs-1.js

Filesize
15KB

MD5
f92a7f169baf247acd4e499c19e0af0c

SHA1
93672f1beea6d7242e99b7de48c8ec966b182127

SHA256
66b7c3fa3242208fd20c9e780f433fefc501d581cf07f2fac4180893a4ee17b0

SHA512
0cad3bcb4e04c1797c17bfbfeb6d9aa684ea470c0a3b8c2a3b35a4eec7eaf445854ec1bf826a9508219aa0f22a2fe675d5eaafab79dccd452a94cd98cb258615

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
147a028a68a37c62f6f47f6f76be9ec9

SHA1
78158e1815faecf0c24dc6bcf442994bee4d943b

SHA256
eab875f2afd597c5fd180044c13eda321c11fe008e045472e9ece104ddf9e9b8

SHA512
e76881486cc6196ebbbb4ec283f053ee14a964d97b2ac23f721d66ea0966633cda105f06a1677d74f8d6c4b4631571aef4dec3830c33c76d02dc397c085beb6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
12KB

MD5
a1eddd4e0c458f4261a95927cc54ca48

SHA1
0b50de85fe15ef2150c9e31283afb55b25624bd4

SHA256
8c493f0bf5618cb50188b84190c76c1b0b762ba2ceeecc3261f6b044f4e0c30c

SHA512
84e6e96f65193fac346d1049ba826f205d54ee0a973458ee0d29ab5ffb20c684ab2459ab48594fbd9503d335badd08be32bc903b85d9160295bfe959537257bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\prefs.js

Filesize
10KB

MD5
b82d3320bd3c8073d0e05d253e76f087

SHA1
91eb7b6a4649b8f1a19a2bbf170e4dfe4ff491e2

SHA256
351f9fcaf71942b6cd87b397203af7acb10b0e9cfef7ce28aae104740478474f

SHA512
9939f9ba58c939a34b92d47ee2ccd69c7537bcaafd17e9fb1b61de56cd40768ad8de3c37220cba71ec0ec9fdb80a1f4bba1226b54326f9a04321552c6f3f3348

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p38rro19.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
7f5fd2e4cd2aa814238d64fce95378e5

SHA1
3ae76e87dc58768f06f9a528596334ab318f26ba

SHA256
9350fdb3680045cd9e7bd30de4b0accca16631c6b6752fd1a24df05e48100b74

SHA512
16cec18dc1aedc03eba18176968460ce0fc46ce29c1f6ff240c5fbd624140c88932c2cc9eb032e1000d4c21e523c20be270906cee674173231c0cd05493796e8

Download Submit