75c02ef78aac8f7fb0fc0bca6825df1045e57445d6aeb373f4ad010c22922cce

Analysis

max time kernel
4s
max time network
148s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 13:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

901KB
MD5

ec1c70253b8b244e9a71d54d6b7a917c
SHA1

2a4e57c4c91e7d050205ce1cd845d5e8b7b3c197
SHA256

75c02ef78aac8f7fb0fc0bca6825df1045e57445d6aeb373f4ad010c22922cce
SHA512

0b3a8b8b0b89491f00b3bd9e5a5c086783678780c9e422d5b84d0dec11c7b79c8931d75419579472f86aec35a3156a5ea3219ec2371b1a9b5073a03c9bea8416
SSDEEP

12288:LqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgahTbKW:LqDEvCTbMWu7rQYlBQcBiT6rprG8a1N

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	file.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2912	taskkill.exe
2732	taskkill.exe
2728	taskkill.exe
1960	taskkill.exe
2624	taskkill.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1488793075-819845221-1497111674-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1128	file.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	1960	taskkill.exe
Token: SeDebugPrivilege	2624	taskkill.exe
Token: SeDebugPrivilege	2728	taskkill.exe
Token: SeDebugPrivilege	2732	taskkill.exe
Token: SeDebugPrivilege	2912	taskkill.exe
Token: SeDebugPrivilege	2868	firefox.exe
Token: SeDebugPrivilege	2868	firefox.exe

Suspicious use of FindShellTrayWindow 11 IoCs

pid	Process
1128	file.exe
1128	file.exe
1128	file.exe
1128	file.exe
1128	file.exe
1128	file.exe
2868	firefox.exe
2868	firefox.exe
2868	firefox.exe
2868	firefox.exe
1128	file.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
1128	file.exe
1128	file.exe
1128	file.exe
1128	file.exe
1128	file.exe
1128	file.exe
2868	firefox.exe
2868	firefox.exe
2868	firefox.exe
1128	file.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 1960	1128	file.exe	31
PID 1128 wrote to memory of 1960	1128	file.exe	31
PID 1128 wrote to memory of 1960	1128	file.exe	31
PID 1128 wrote to memory of 1960	1128	file.exe	31
PID 1128 wrote to memory of 2624	1128	file.exe	34
PID 1128 wrote to memory of 2624	1128	file.exe	34
PID 1128 wrote to memory of 2624	1128	file.exe	34
PID 1128 wrote to memory of 2624	1128	file.exe	34
PID 1128 wrote to memory of 2728	1128	file.exe	36
PID 1128 wrote to memory of 2728	1128	file.exe	36
PID 1128 wrote to memory of 2728	1128	file.exe	36
PID 1128 wrote to memory of 2728	1128	file.exe	36
PID 1128 wrote to memory of 2732	1128	file.exe	38
PID 1128 wrote to memory of 2732	1128	file.exe	38
PID 1128 wrote to memory of 2732	1128	file.exe	38
PID 1128 wrote to memory of 2732	1128	file.exe	38
PID 1128 wrote to memory of 2912	1128	file.exe	40
PID 1128 wrote to memory of 2912	1128	file.exe	40
PID 1128 wrote to memory of 2912	1128	file.exe	40
PID 1128 wrote to memory of 2912	1128	file.exe	40
PID 1128 wrote to memory of 2768	1128	file.exe	42
PID 1128 wrote to memory of 2768	1128	file.exe	42
PID 1128 wrote to memory of 2768	1128	file.exe	42
PID 1128 wrote to memory of 2768	1128	file.exe	42
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2768 wrote to memory of 2868	2768	firefox.exe	43
PID 2868 wrote to memory of 1976	2868	firefox.exe	44
PID 2868 wrote to memory of 1976	2868	firefox.exe	44
PID 2868 wrote to memory of 1976	2868	firefox.exe	44
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45
PID 2868 wrote to memory of 1868	2868	firefox.exe	45

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1128
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM firefox.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1960
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM chrome.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2624
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM msedge.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2728
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM opera.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2732
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM brave.exe /T
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:2912
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.0.2035705191\1851873629" -parentBuildID 20221007134813 -prefsHandle 1224 -prefMapHandle 1216 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {267d3fcf-5e73-4051-b2bb-8acf8e1983f3} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1288 122d7058 gpu
      4⤵
      PID:1976
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.1.1793567900\229566661" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0b51cc1-b32f-47f0-9535-53c22c7fc654} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 1504 e71e58 socket
      4⤵
      PID:1868
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.2.989509981\1590770081" -childID 1 -isForBrowser -prefsHandle 1912 -prefMapHandle 1928 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3377a611-424e-4af8-8cdb-e2689e430b27} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2096 19ecc658 tab
      4⤵
      PID:1908
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.3.266127846\162859218" -childID 2 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {039f79f3-ac92-4e85-91ba-324be7ade1de} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 2952 e5fc58 tab
      4⤵
      PID:468
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.4.766363282\1286040275" -childID 3 -isForBrowser -prefsHandle 3628 -prefMapHandle 3516 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b99e3901-969b-463b-9924-85a851e60d88} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3648 1ebf7458 tab
      4⤵
      PID:2876
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.5.773002848\979332553" -childID 4 -isForBrowser -prefsHandle 3780 -prefMapHandle 3784 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd2cdddf-df18-424c-8579-49fdd473f54e} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3768 1ebf8658 tab
      4⤵
      PID:2804
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2868.6.1981244683\1579608114" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 26275 -prefMapSize 233444 -jsInitHandle 880 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5369b01d-062a-4c98-b6e9-b5e18c85502a} 2868 "\\.\pipe\gecko-crash-server-pipe.2868" 3948 1f45f858 tab
      4⤵
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
81c74091cc00371a0f13a7e250547059

SHA1
e8c357a9b85d45bd8703b682657dabb98d0a8303

SHA256
c1142703df5fad9a6770bcc32fda7ce1f92702539ed4a05316e831762274a2a3

SHA512
52b07a7ef68a72e1e5087400ab60d9784f0d054bbafd204ee4d932dbbd1b063ae087f8e4eb07f41efbaf9f7b53cd7fb3bb8de5e6cd5effb3e9639ed626514f98

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1009pdhg.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
13KB

MD5
f99b4984bd93547ff4ab09d35b9ed6d5

SHA1
73bf4d313cb094bb6ead04460da9547106794007

SHA256
402571262fd1f6dca336f822ceb0ec2a368a25dfe2f4bfa13b45c983e88b6069

SHA512
cd0ed84a24d3faae94290aca1b5ef65eef4cfba8a983da9f88ee3268fc611484a72bd44ca0947c0ca8de174619debae4604e15e4b2c364e636424ba1d37e1759

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
5.9MB

MD5
9a48bab3387ef9644b1554d3a5c31b8e

SHA1
321c0ef2e25fdda736f4d927d0ab3f76848612bf

SHA256
ca3ab5840512cfc5a032f9e4b1a74ad7f4dd7eb536b3477e0863642ed259f81f

SHA512
dfdd889551cee4addb54d7533a1d776b504ca736b524f10e0c03e879d886902649589e1574cd8b2f4af3da7df751285285ce60e127b70330b853cae201f04d25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
7180278e1fd3ae1f533425fceff25200

SHA1
9329602a0c435bced8b32e39bf4106bdf8f61c53

SHA256
98f8801682f0757e233cddf4cb27d10acf4b9badfb3541ea3fcc04a85a8fa110

SHA512
1419e1538b7a011f14dbaca7e52df37339f30a53dea85146f78fa38fc33d4c6c8694853d625e712d2cac983791202656fb87af43c2af575858ab18028966db48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\19f93f7b-0dd7-445d-bc24-dd6730f943d8

Filesize
745B

MD5
11d56bd6a78f894b163f38b83c414332

SHA1
a1b9561ea9027ce413dba3f8c139ae7deb66f9c8

SHA256
277787e538a22cbda84449250857c3c54ec6c98f9623993cffb75233b3d76cd0

SHA512
afcfb0460b0688b7c6321d327076264bd6f6072f2c30ea6362501d41f77a19546a82d155c3a46245b3f839a63e8f7374a9b08d240b65e38005cf6bc032eb0f37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\datareporting\glean\pending_pings\259f8c84-3adc-4219-baf1-38f2b8999fb1

Filesize
10KB

MD5
49559903c71517d6c7d63c12d839de28

SHA1
3695b11b28e1d4b8ee790ba26602266f79338bd9

SHA256
9efeada27851a6f4f0576c4daab79ee07d50b72a4c27fe4ad7634c6f58aca163

SHA512
31e4717079431acc35bac8fa2b86407c0d9870edc27966d0bd55af841a437927145fbfd39578b1564391eea55398a2305dc11fefa01fcbea78a85daed9147ddb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
6.9MB

MD5
92ad2b27b5104b219decf3b9707a4a77

SHA1
938ec70da1cd64c91f769d8f19202ab0a0f6e55b

SHA256
fe1e03211ccb65ab1cd65d60bc6f3f3c561650fed80552a3831c47203790d129

SHA512
3def38a2c6ce1a0ba466c03f3c09539d52c5b7de92467a7bcd1a2521fa878a39e45714466b961e9e1c2f032cc3c85eb08239e587b61289c2fd346b078f76b092

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js

Filesize
7KB

MD5
c82821e9365de664a147b5ee5f5786ce

SHA1
b93a33b97e75d79fb3a84b7dd049c4d54d4e5feb

SHA256
f4c2b103fa36ef92e1dd43dc6a3641093ebca3863fef34b510c7f17f395c32f2

SHA512
557da31e49778024ddea4b040f2b685e513d09ba7dafced3da7b882a194f0054196300acc9805bff47569a0255afbd3af28b8e8ff30408a7d5ea6feb8863d6ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\prefs-1.js

Filesize
7KB

MD5
4fc2e46e800d53390e3b6cb89a31c523

SHA1
7283c986502c58d5ef255193066bb95fcfbea1f9

SHA256
97b024cdd82ec1991d9e9fc9e7d2389d475c018d3802931299e932d7d2a69139

SHA512
4f0349d2dc945e66eefa158f5f315bb901389d0eeb0b4a628c09e65cb5d2d0c2d9cc864c1bb9a08c6b4e869d624a5dd29a2a90df209541436143beeb1f4dc70c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1009pdhg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
effabeb7ec5ce2f06cd42b289931d090

SHA1
3108f4661cdf4fd792d738c5e54d7aa2e278d681

SHA256
721461990dd0ff127ef0527e5c49f8939cc84c15d522bf709fab0e21436d2a4f

SHA512
8a66f5ed4bebfbb587d5cf2bad5736564ffbe1a03223297b45660e6db30aec775f825f26b89e14ccc070d75655784120dde2a2b2fe1468e9dc1dd49bd0764c3c

Download Submit