netsupport | hxxp://geo[.]netsupportsoftware[.]com/location/loca[.]asp

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 19:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://geo.netsupportsoftware.com/location/loca.asp

Score

10^/10

netsupport rat

Malware Config

Signatures

NetSupport
NetSupport is a remote access tool sold as a legitimate system administration software.
rat netsupport
Netsupport family
netsupport

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe
Token: SeDebugPrivilege	4828	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe
4828	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4828	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4732 wrote to memory of 4828	4732	firefox.exe	83
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 4344	4828	firefox.exe	84
PID 4828 wrote to memory of 2800	4828	firefox.exe	85
PID 4828 wrote to memory of 2800	4828	firefox.exe	85
PID 4828 wrote to memory of 2800	4828	firefox.exe	85
PID 4828 wrote to memory of 2800	4828	firefox.exe	85
PID 4828 wrote to memory of 2800	4828	firefox.exe	85
PID 4828 wrote to memory of 2800	4828	firefox.exe	85
PID 4828 wrote to memory of 2800	4828	firefox.exe	85
PID 4828 wrote to memory of 2800	4828	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://geo.netsupportsoftware.com/location/loca.asp"
1⤵
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://geo.netsupportsoftware.com/location/loca.asp
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1960 -parentBuildID 20240401114208 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {53ac69c6-719a-43fc-a841-ec89855d00c2} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" gpu
    3⤵
    PID:4344
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2312 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {66ca1aa9-3e5f-4be6-910a-727d1cd913fd} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" socket
    3⤵
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3400 -childID 1 -isForBrowser -prefsHandle 2936 -prefMapHandle 3024 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d40c390-0998-4d33-9221-4cc79f5612a7} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
    3⤵
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 2 -isForBrowser -prefsHandle 2736 -prefMapHandle 3124 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d73e1436-08a1-4231-999f-883b6718e784} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
    3⤵
    PID:4308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4540 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4500 -prefMapHandle 4512 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {088c3dde-2553-4b54-8a40-50f94a9e13ae} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" utility
    3⤵
    - Checks processor information in registry
    PID:1824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 3 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb40ae83-7797-41c4-8019-2511a890d968} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
    3⤵
    PID:2836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5780 -childID 4 -isForBrowser -prefsHandle 5580 -prefMapHandle 5588 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8cb570d5-9449-4a9f-b772-fab88ef0e5c1} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
    3⤵
    PID:400
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5940 -childID 5 -isForBrowser -prefsHandle 5952 -prefMapHandle 5896 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1216 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c12357ed-b690-490c-b429-17eb7a9e3cec} 4828 "\\.\pipe\gecko-crash-server-pipe.4828" tab
    3⤵
    PID:232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
b1afb4ecaca398e5af56437f901e2ac3

SHA1
e89f9e1f0bf4ff7e50df88fbcad53522eb9e460e

SHA256
e377fc565c71adaec1f02c9267484e53a55c9702f375373ca57f6f4eb6fad373

SHA512
ac6df9ddcbe9e685e6f232136c966ac2acdaf0dea7d361f6ff762c28e7c5fc26923a50a25fd4c2f661642ce9763035b559862b556d2c535a8d4e0230edc5de84

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
984205293f98fa54d4ee812da70e9e13

SHA1
ae2e5d6d33f221d359d3c208bb2473779cb33626

SHA256
996f545859d2722a548dcea0fb45f35c12447ec669b13e16cea76a2d10489507

SHA512
a8ff3ec2c2ae8868ea9f58994fa4ce92928498acd96697b6b94ef59d240b30ac26e4910004e342778a867acfbb2f4b7cdc3380ceaff937c5d432f617f1fc227b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
48da461c2f550f9660b8d458215082e8

SHA1
efb33253eab9620eaa132409c34bdebe323e2921

SHA256
2d642e18ec8ddb5c3ef6575e40ec5db575f601f796fa7fa5b44190cc12cb8e82

SHA512
46bc9583f83efcf7f78a4d052e94c07a4342304348ddabe198b10ea1d10422bcf229ba3e630cda142562e400481b048bde81c60e745c87693662d98db8b5b219

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
6KB

MD5
351c3462a21fa731f9b22636996e76fd

SHA1
895d5e3f854b7b3e9bddc985ccf38de89556e100

SHA256
f95a25fa9395b3a38af04bf56c6f30ac34054c9bc72b68f64a254d6948574948

SHA512
0ac5b48248616cd501ab33d29164cff0b632037fbf5be309f263a7d23dfd116d4c2adfb07b4d7a699ed33b8fcd521fd3eb1b181d1e2b3086062bbd2db1e628c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
ebafd0541fb0ba2ed798aefda9dc829e

SHA1
e8f5dd790a4ceb08e58396096375fafb83089966

SHA256
eaab630b6255ebf2991da1fd880e10de523716421ce23cd5526bae08d9658821

SHA512
c30a87ca69acde3f635b486968713371861b10df5e7ae7bf2a425b47a37678a7db3d25367bcb48a79aaa7b18145cfb58450ea738c93c70afc94ba9aa27f10810

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
94909e017bc797d8e03a616fc2475acb

SHA1
a92ad64fe609be8d3f1f2d5a2819bb18c8da6122

SHA256
556df26f61c63901b4a49d39ba7fd25ab835b6bfc71185ac921844560f9dd826

SHA512
44574886c1424eea28df78fa50f76b0bf6d203351912701ddd2d099889b63c496dc273c4d63ffa14de530cc1cb380a9857934122653c45644e660fa52c3e0ee6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f47b222e44c6b8b540a838bead9f9d55

SHA1
98ec91fe7751e993cefd861a3493f213325cf72e

SHA256
969cc2b5dde02bd9f3781157fdf3626fc6009f020c04df795276ce20f4a3e9ab

SHA512
c411e240c9bab82b643da779417322c59923bfe7636e470473ce449054b0ba514995e1832a0ce355532c5ba701983f0f9b13072d855e3430392dc309532901b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
14KB

MD5
cf7739695071afdffe3c86ad449c31a9

SHA1
ea882ad0a2fc73a4716692084712930a2dd1b768

SHA256
610eb00f7f9fb3926bb77e31b4cba010db9d34a9bcad4f13089a6a36ea65a45c

SHA512
343a5dda1ec0d47940050b6815c9cc27345d0923826057e9ee36493a0acfddf62f9c01521ca82d83f46ae69b7246390f80431a78aee483634934551c747dfb12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\9687516b-c7a5-44e0-bee0-8ea75e7ea67f

Filesize
671B

MD5
32406609422eceb1d6090c68e85686d0

SHA1
32e1017fb870d6f687ed13431f646491fcc2ae11

SHA256
c36e7dbca9384ab2cf7ba06d5b94e1e79754e7d6df7843a26a2a0225a09c563b

SHA512
803efb8d338873dc7ee8b36ce140a2a20846e3e11c8fe5de1b6ebc692daffbc263ab41f73442c44529c239db5d3a575e8db144bca5cca68da1802fb3bf8a0cb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\a17a2c51-23a0-4e40-ad45-6a56c2c33dca

Filesize
26KB

MD5
b641ac727ab267eeedc1de026f2b2663

SHA1
63de58c7aed05eb779ce59ab3dadc4ab1a1feb59

SHA256
faad234f9c5ead0ff518c7eb642b256f4b8bb1277a5b689f8d79d27d1bfda0ee

SHA512
b2858c6c1cb6c49f0aa70583aa0c029faf56866467581e41352ceaac20be5949c3ca7cae44160ae15292bc0f1a2437f45958ed9369e309933dd0319a4428e000

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\c36631e8-c3fe-4b94-8af0-07b7cb6a4c3a

Filesize
982B

MD5
4d45be1aa5063cc23cdca11b4209e2e1

SHA1
13d8542e166942d58714083305b57cf823ae68a6

SHA256
2f38798b451e9b1f81aa423594fe6ffb9419bd56454af0c12937b11fd170c123

SHA512
ddffdb3a920211e25bfeda6cb5c1a8a5a5be0e6c4d25e6753e79525ce7a788738af16f5bf29527c8e5f17924027c3ddf68915737f62455022ac3df68200fb631

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
12KB

MD5
bc8eec649089501bcdbfda1b683c55fd

SHA1
4a2e3025eb65b2e17c2f21309f8387b5dbbd44a7

SHA256
ec5fc561f93c1e44cf8bbcc5ac6049e9847b1bcbdf9ef734f30d15a765907a9d

SHA512
d2fd2f43b8f6a521efea378c1bbc35d96aea573ce18a8dbaf5614d79851b3d9d13375a1f5f69b1b425da931eeefe8930c90693cffb626860596e1ef10b9b467e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
5c955eb5ef9bae8db81d8606d9e8d1ee

SHA1
a6141499e33e9c031814c0722bd573557b0b4a11

SHA256
0f8031e752d120adb781e12282395a3471bc7a329742e3138a0bb3d2273b326c

SHA512
e90a64fad36391efc9b6d1236e130f02b765391db5587785013316edbc06c2b610344b52497d0dcf8b61e3deb64c76c1421e2549af1104491bad03a6183d2e63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
664KB

MD5
86f28c7a032d23671e2e010ced12623c

SHA1
aafee19c2cdd742a2cb91c53e7faa08bb0948b99

SHA256
4269ff36645f36ddcde6b7232813c28e56ece7320a0e93711ec4003e1afd5a60

SHA512
200c10003f6bf05e3eec709efe1cb4c14b470de720e0543c5cb4c22ebe157b6ca5d3bfcabab903c518584f8a157883f1a2b2ae47c456ad84e1f99ff15dc6a071

Download Submit