hxxps://iinat-jhi[.]s3[.]ap-south-1[.]amazonaws[.]com/rez[.]html?lu=aHR0cHM6Ly84c245c2tqd2puZHUybnVoZHVlaS56Mzgud2ViLmNvcmUud2luZG93cy5uZXQjWTJ4aGRXUnBZUzV3ZFd4MmFYSmxiblJwUUdsMExuTndhWEpoZUhOaGNtTnZMbU52YlE9PQ==

Analysis

max time kernel
123s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://iinat-jhi.s3.ap-south-1.amazonaws.com/rez.html?lu=aHR0cHM6Ly84c245c2tqd2puZHUybnVoZHVlaS56Mzgud2ViLmNvcmUud2luZG93cy5uZXQjWTJ4aGRXUnBZUzV3ZFd4MmFYSmxiblJwUUdsMExuTndhWEpoZUhOaGNtTnZMbU52YlE9PQ==

Score

4^/10

discovery phishing

Malware Config

Signatures

Detected phishing page
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe
Token: SeDebugPrivilege	3452	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe
3452	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3452	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 1956 wrote to memory of 3452	1956	firefox.exe	83
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1444	3452	firefox.exe	84
PID 3452 wrote to memory of 1120	3452	firefox.exe	85
PID 3452 wrote to memory of 1120	3452	firefox.exe	85
PID 3452 wrote to memory of 1120	3452	firefox.exe	85
PID 3452 wrote to memory of 1120	3452	firefox.exe	85
PID 3452 wrote to memory of 1120	3452	firefox.exe	85
PID 3452 wrote to memory of 1120	3452	firefox.exe	85
PID 3452 wrote to memory of 1120	3452	firefox.exe	85
PID 3452 wrote to memory of 1120	3452	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://iinat-jhi.s3.ap-south-1.amazonaws.com/rez.html?lu=aHR0cHM6Ly84c245c2tqd2puZHUybnVoZHVlaS56Mzgud2ViLmNvcmUud2luZG93cy5uZXQjWTJ4aGRXUnBZUzV3ZFd4MmFYSmxiblJwUUdsMExuTndhWEpoZUhOaGNtTnZMbU52YlE9PQ=="
1⤵
- Suspicious use of WriteProcessMemory
PID:1956
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://iinat-jhi.s3.ap-south-1.amazonaws.com/rez.html?lu=aHR0cHM6Ly84c245c2tqd2puZHUybnVoZHVlaS56Mzgud2ViLmNvcmUud2luZG93cy5uZXQjWTJ4aGRXUnBZUzV3ZFd4MmFYSmxiblJwUUdsMExuTndhWEpoZUhOaGNtTnZMbU52YlE9PQ==
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1980 -parentBuildID 20240401114208 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b471c521-0825-48ef-8915-4fea40a15d7d} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" gpu
    3⤵
    PID:1444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2440 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a712e4e3-eb4a-4be1-9991-93fffaeffc69} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" socket
    3⤵
    PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3112 -childID 1 -isForBrowser -prefsHandle 3120 -prefMapHandle 3096 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d678386b-68e6-43e0-9d3a-bc505afee1b3} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" tab
    3⤵
    PID:3880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3672 -childID 2 -isForBrowser -prefsHandle 3656 -prefMapHandle 2772 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78ee0fce-62f7-4e39-82ab-704c3737fd51} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" tab
    3⤵
    PID:4288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4616 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4704 -prefMapHandle 4700 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bff5a18-56d3-4a65-98d2-3c6420eb7c8d} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" utility
    3⤵
    - Checks processor information in registry
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5200 -childID 3 -isForBrowser -prefsHandle 5176 -prefMapHandle 5168 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02c1f0be-1160-4ffc-917d-a3b685cb6c78} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" tab
    3⤵
    PID:2912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5348 -childID 4 -isForBrowser -prefsHandle 5356 -prefMapHandle 5364 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9027106-ba6a-4309-a605-7c7839b8b902} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" tab
    3⤵
    PID:2000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5548 -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {456c2024-170c-4bb2-bba4-dc8906019c56} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" tab
    3⤵
    PID:1784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2972 -childID 6 -isForBrowser -prefsHandle 3056 -prefMapHandle 3156 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 956 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c17d6547-6e4a-4417-8ad4-9b39b8bcd69f} 3452 "\\.\pipe\gecko-crash-server-pipe.3452" tab
    3⤵
    PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
2e656b1b3ad1e047634bed15bf301df0

SHA1
4084999cc5cc392ca48d003b15595bc0e4027eea

SHA256
e3cc295cee28dfef838260d0b46696392c278da68fe0d0675a1c09f6964bf2c6

SHA512
930e03f24b4043737d01ff2c5ff584e2a33c323c5441721f937ad60531efe9358b60cebd102c5dfbfefedb83acfe0892c584575b31bcdc70776f0d43601d6758

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\cache2\entries\39DB9E847E680B765D7B04FCCE6BF5BC0225F878

Filesize
13KB

MD5
5d54fc1699d573a05b522654f125e457

SHA1
c1402271bfd394735498477ba061b804ad134586

SHA256
64844e22d4261f6720d71be007d3a59b01c7614f6b3250845d29ecd16db1b4db

SHA512
0d4e085da5fae3444bf5359629111ab0bbf5921aabfdcd1bac1238205c361bea9f1078e67a865304d28430a963b7fcd171cc796786679a0a00b8eb77fc5fd369

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
6KB

MD5
450f71427fdc97cd0a133d329eb654a4

SHA1
de768b690d119c219996e70bf09a65af88f3891e

SHA256
eedc4c75954aa921c0e414f13074e29581be97bcd40e855cd5efffe5cdad3fd5

SHA512
7388d50e13a0c311276df3b6d428411d7f78e49774999e205956f3ffadb615a37dd602cd634cbd087a33b6d72a938061d0e86cedba76836fb2e951326d727b0c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
8KB

MD5
0f1d2a1f7447acb3c2c81d7c0b4a0548

SHA1
70f967ea3be12981d141d3d4a6ff982f1943dfeb

SHA256
bfa6e40cf40a9679510bd6f7f4c0e0f94f4a8404ecaa2fdad73442facc69632d

SHA512
b06d211fd5de176b978a32f74a362455c8c819dc58d883d50297836172b7335f0faf4d0520ddd8ad5f3a6ade6202b9b00995aa67571e173c34fa48dbb924730c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0892673b71c178d01cd09603eab2055b

SHA1
808c61234ef1d3e7b8ec6ca28887164fb2aa4633

SHA256
cdafc3de3c825b52bc2cd64f354c13b0c33a0eaa94da8d97cd8874329c8a4d96

SHA512
a746ed8202140866e80e96bcab807186256d350a3ea1b055d78dfd3f4c7699e10f6a1f26059ac353208b9e912531981f3ab5d3fa9b7cd26636c665a5b1e03c1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
9064a58f68fb5161699b3df341026fab

SHA1
d45591527d7f9688aab6c50d44f9f6e0f4afb9fd

SHA256
4501b22ce9a145e99ec90026a05f07128b0c66915cf9e3066bf5ee694b8cf924

SHA512
585fd1085345343d6b9b1f82251ba6782c9f5f21e59cd835d1b485ad62d2bde019a4bceb2e73c64ec31b99a4fb27c732c673f39610cd5e7e0c6f0d027f5f1b7d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
b0ad64511d0332a64cb428d0f98dfd9f

SHA1
d149b95052c5cf70bcbe2c753c1170b00b77fa44

SHA256
cf5f735f087feaf3b129e9f4105f030b5e2005d499c418b12cfd1bf42dd9dc58

SHA512
eef107592883127717378cd597944eef195c4cf8fa0dbcc5972550636310133cc4f9c8d5a6593f336c9001b9e5aa158aa87ea6d254644fe36439358d5b81986a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\5adbafb4-638c-4cd5-99e4-2d84b413f42d

Filesize
982B

MD5
4f1ea412667bcbb0d0aeae457ec0dc29

SHA1
601a6edffba975c511bb50733dabf31e8950545f

SHA256
3bbdffb5306fcb61aad5cf336004f4d5a6e04f0be6fa3e62b61a4af6d4cf9371

SHA512
a86397510051d6372c7bd2dfca308ca2f105987f88249d28aff6eed32f5a737271134e574da4e14358a0066527001bb15d9d300fc3252b451c59c8fbc7f76cb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\80eca217-1bf9-4d2d-9405-3c47df3cbf2a

Filesize
25KB

MD5
10dfbe3aee4beb7648c5c32436025e05

SHA1
7016ac0195c948e71e8346d4f3659de1785da1bd

SHA256
8bfcc61771fda1fd87830a42299ef388cd6a5de8b1ae250cf633c1a7ff1e650c

SHA512
645395f21f9107a1f6688f94632e27a2c029f2dffdc0ece2c951548291283be0e7c6e81811b51a62f0b015d0179f0a60daf5fc0e8756e60945af0ae4493c8b44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\da2b72b6-94bd-4f8f-815e-2c21968a98f5

Filesize
671B

MD5
97c2b4ca906f45ee12dbc763f4f94660

SHA1
86726e4f6b4f06674b02723480166e28b66a12c6

SHA256
b70f29bf963f7cce7fa80f56950c213774f6fe561c2d5b4bc14182f2143a2f1c

SHA512
02688cfd9755bf41753a90521780a6cc0e7b08940ba5d4320c795f5a64bca09bdf4f9c5e1a9ce596850d11adcc48c91c887732e0524c593d88ebf38c80289d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
10KB

MD5
d0d842e4b10d85cff3477aca010bc8a9

SHA1
3b7f23662826da7184ce3545b5b6e16917565f1e

SHA256
c678ab3e0b58b8673083542dc1fcb887732ae74f1ecc8967d743a45d709d00e5

SHA512
502483582182c4767214919e5f1d780bce3a534097aec602911d2c445c8abadf30f9ae690f68ae5dd48379e7039c89e3a062e6c4762627e1333b73c6d6e4a982

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
11KB

MD5
377244f22b50af7e90df86b5a60803d4

SHA1
5ad02602f8ddaac079ec289e464a15711c14c8c8

SHA256
5641f2ca0d89c80e3e89822a2a0d8f6af8726bf7b399a6bdd2897a8d90e4154f

SHA512
7e33ee14cd27bd6b309efd677c9e27b520b68ce6f93634a172ac4c81e4d98cbf468db487ab91b03bce628c3ee4f74dc0471b4de4d3c3f4f1d80e786b8c9d3be4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs.js

Filesize
15KB

MD5
fa39d884791ff2d885d0b63734ece9ea

SHA1
9c9d8e7f7a43c001d9a916dd6f1cb175fe0b767a

SHA256
0dfcb3c31b9e38db57a4e5395d8921062f6a8e837f92a2ab243b71bf29c07d7b

SHA512
9ab07ef52c428f1554c771c4aa303a9856cc5f6de9086510200c25fd2f0db53dd12b35aaadedd17de11fd2e3b52b3678a73b33c1687c3d363626257c8e631b55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
94fb6b0c61b146665e6a349ddcecb0a7

SHA1
562cc6ad52e4c9103f9f6d2922fe53019d09cc7a

SHA256
f7e8649ff6044cc229e142b4b97b72cec3d6d852c845160282a99b532baf451b

SHA512
f1acb4812157afedce4a3567ef6979b95d19cf0bef11fe5d944e4c9bb10723ee6cb58bae425e6149031a42a0dac8b840eebe83366aaf01238d57b82f1f1526bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
c85e328ff3c7ef35f384c30c6f1061dd

SHA1
fa32eb12629ceac2f8c79f649827789f16b263b0

SHA256
af578524e0952316d3efac4710cb6913535c902dfc353cc9a2590b2a9c933b70

SHA512
c97f0af408339af3f9f0ba7649881f2ef20c0671a2600543a8973e13053eed2e7af39986bf22c7b89bac572a26f47d3835d3aa218f8a398befc7efb828266f3e

Download Submit