hxxps://opnform[.]com/forms/attachments-ktrqco

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-12-2024 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://opnform.com/forms/attachments-ktrqco

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2172	firefox.exe
Token: SeDebugPrivilege	2172	firefox.exe
Token: SeDebugPrivilege	2172	firefox.exe
Token: SeDebugPrivilege	2172	firefox.exe
Token: SeDebugPrivilege	2172	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe
2172	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2172	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 4784 wrote to memory of 2172	4784	firefox.exe	77
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 3936	2172	firefox.exe	78
PID 2172 wrote to memory of 652	2172	firefox.exe	79
PID 2172 wrote to memory of 652	2172	firefox.exe	79
PID 2172 wrote to memory of 652	2172	firefox.exe	79
PID 2172 wrote to memory of 652	2172	firefox.exe	79
PID 2172 wrote to memory of 652	2172	firefox.exe	79
PID 2172 wrote to memory of 652	2172	firefox.exe	79
PID 2172 wrote to memory of 652	2172	firefox.exe	79
PID 2172 wrote to memory of 652	2172	firefox.exe	79

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://opnform.com/forms/attachments-ktrqco"
1⤵
- Suspicious use of WriteProcessMemory
PID:4784
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://opnform.com/forms/attachments-ktrqco
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {67218498-0b0d-4764-952d-78f06ea4f891} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" gpu
    3⤵
    PID:3936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2304 -parentBuildID 20240401114208 -prefsHandle 2444 -prefMapHandle 2416 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2af1dd5e-c528-4d00-adde-ab0eb588bf4b} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" socket
    3⤵
    PID:652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2928 -childID 1 -isForBrowser -prefsHandle 2920 -prefMapHandle 2912 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0b585f3-77ec-428f-8abe-3f55ef343c25} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" tab
    3⤵
    PID:2876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3668 -childID 2 -isForBrowser -prefsHandle 3660 -prefMapHandle 3624 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd4b9f36-9a7f-45bd-9dcd-86075c4a9fc2} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" tab
    3⤵
    PID:2320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4756 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4752 -prefMapHandle 4680 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baad5b0b-8b6a-4d5e-a615-2095742c2b61} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" utility
    3⤵
    - Checks processor information in registry
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5392 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9446f60d-4a4c-4ae7-bfce-9c30da108e9a} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" tab
    3⤵
    PID:1704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 4 -isForBrowser -prefsHandle 5568 -prefMapHandle 5572 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {865e6b89-88d6-4caa-b722-dc55b454ce43} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" tab
    3⤵
    PID:3180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5752 -childID 5 -isForBrowser -prefsHandle 5388 -prefMapHandle 5360 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {513e4674-f06c-45a0-9df5-747ed3939db0} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" tab
    3⤵
    PID:3740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6164 -parentBuildID 20240401114208 -prefsHandle 6076 -prefMapHandle 5788 -prefsLen 33356 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96f5dda4-7e39-454d-b4fe-951e80ada061} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" rdd
    3⤵
    PID:2376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 6160 -prefMapHandle 6152 -prefsLen 33356 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {43ffecf2-7b78-4380-9c46-1f36d76056b7} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" utility
    3⤵
    - Checks processor information in registry
    PID:2164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6672 -childID 6 -isForBrowser -prefsHandle 6664 -prefMapHandle 6668 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de3c7fbc-c60d-4f21-ba6f-3ce8f3020740} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" tab
    3⤵
    PID:4740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6764 -childID 7 -isForBrowser -prefsHandle 6844 -prefMapHandle 6840 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a53c6c32-9823-4db0-bc9b-29f829187904} 2172 "\\.\pipe\gecko-crash-server-pipe.2172" tab
    3⤵
    PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
84086293a7b3d0fbc573abd70f6b529a

SHA1
1b5544849dcc4e347c40c4fb6b18b17564634dca

SHA256
e45c69edd60f024d83844808ac3b4ac7326605b14d82104aeadb7fba03cd6deb

SHA512
a8373989f1cba88ff78dd916215534e0a0f351e1acd90b1b8484d08839f24c6eb75b43c0f50af0f3409deb4f9d0d0011ca0652d3b862f22a2aa3a6773f5c7ad4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\cache2\entries\92F4D5A4F9CED6E2E644D803AEE3647A0EA4D984

Filesize
13KB

MD5
08746154370e48fcfe9ba446952953a5

SHA1
00bc05301d1a48ab19b75c7150f01125075da029

SHA256
f3403075af6b5f0919408639f82cc7b624120a59db34ab855d90ccd00233f85e

SHA512
055919695f7e1bd678765db29c58ab8fb26dcf2dd70b3191b7c16c903e25acd3f8d0e3282950bf0f3bd7b856b12ee01a9be5ca69a18b8c13cdf28c8ec6822243

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\AlternateServices.bin

Filesize
6KB

MD5
79271b7fa015a13f42dd6723fbe7d86b

SHA1
d66e6c0f511f065888917cae3aae9e1ed6fef1ca

SHA256
3a09a4353bf20fb7b82f4c145a570fc6e0326e4f199c16f3fc7e406f4ac033b8

SHA512
30d423391e50c19c80cdac45e433da30aa4d104cbbdd1d335e4a0a4ef500b90e5f86234443a349e424cf2416552eccc559432da7254ad557bf524ca858426e2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
94ec5edf206727388a8676a774ae33d2

SHA1
5c7fcb1ee5f957d8ad5c2237a1c00f60377b99a4

SHA256
abb6360c8720a1c4410501e1922b64664cc3fb2c7c9c6bc3a509691fe267eb6f

SHA512
b26d5c3be5d641ba3da36233802e88f6f6a44131a2b812ba8a63074a7193db40b7fc5ef1bf1f742fa7eeb231ce1cb58447817b29fdf2438db3334d034eaded7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
e9f3d4adfd099faa440c837030a20b61

SHA1
76ca4ec19ca39b960d58363e3b6f1c0a693b7ea1

SHA256
5bd026f2e59f137c51777440490d58f7f377f0bbba19d8083b3c46ad2e11f6c5

SHA512
885696706f7a6ff7635968c4afa94226735df40e57ca3578927daa15f7f35d784a528082de8a1b4a549fc51c50ffe7e2d21c6adb2aa11f2b08584966a80571da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
651a44a12c4b51707a196c1f6c0755a5

SHA1
e9471d416557cf212f8a32a589c77cfae0467660

SHA256
7156c9f6f84678bd6d505d272ac959f5da814a79b7cf4e39eb825646aa33e60c

SHA512
df89b4f6b07218c9f2a0d33cabc3a55124f00f5c2408f47a151125e0ff15d9f7a200ed8326686a3a01bff8402dfa5677c4cd55e312ec475751a859f88c5dbd74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\15678611-dbe2-4bb8-9b44-edd5520f64ef

Filesize
25KB

MD5
98437c735592db12fe4d8f231d69182b

SHA1
e12f6a51cb89a24582e99676d95c71f2c6d9bdc3

SHA256
a8c2672ce1ee796a06b9a2619ab04cd7c99902056e46cec415c03704470f1856

SHA512
527393ce9fa2b271e032ad7dd9d6db507b1206bf1da21a2629f00de9a4d9c927670fc6e72b45f5e7d1105cc4cd3703829a63c32a5d6b95bf7f03e46e8a3d83ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\a30e9715-688e-45ce-8fa4-de9c3076cf6e

Filesize
982B

MD5
c7e1864353003ec33b57cada1dcf8299

SHA1
547a2505d0cd4fcfceec56ea2c6bb919cdfaed3a

SHA256
053aa61949f0097160407783b1cd482ccbd49caf8de2e2ef55c8c3bbfbc2cbe2

SHA512
7d69e9782ce1d164f201914e61a26bf40ae689c1fd33c219cc6f514ff7ed45c24cd02d0d0b4a9fa5dbf8608bbb947de25901fa4e7bab1c329b06dbc936b73581

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\datareporting\glean\pending_pings\aeee1d01-09ed-4982-b1c4-6906544161b7

Filesize
671B

MD5
a7a871caa00fdd1755daa257272365f7

SHA1
73afd975994c28e099a90422d156a3a238abc119

SHA256
016a68be6a0fedbda45c026812d7a426dce6382a57130e0b0fa728378b718d13

SHA512
c61e3ceed5c28eaad4e0beb82689ea4dff26e8b324fb8c702aab2796788c88a34bfb68e2bfd063eb6f6c361a7915755d94ceb78043669db46454fed2008e2f3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
12KB

MD5
6b2c53a92870f06fdb2400aa23fd72e2

SHA1
055b5438f3a64c6922c45a5288e7df9a49522597

SHA256
88157cb896e13e25a32ebb704436e593345bdd8edfabd44de72d69bbcec37ff3

SHA512
8d1fb49b96dc174a9d3ff77fb413e4090dbea2ee40adb58db9078d29141fad59f7403d87b6085832740e7546cd47c2090091fe370a09fdcec7a323bdbeb4e2c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
15KB

MD5
9d1878fabcf3d65ca98217c1e1631586

SHA1
05274e307f3572132a31ce00871ce7a647ec9e9c

SHA256
34a8ad7772c748fc71a6b36d4e7bcda52115970c02099dd9862c3b53d8d54d87

SHA512
94f19cd96ad340883735115ac79a6e2c3d81ab84dfd3b0ee567bc1b1f7059c8a64e30e577e175eed8a9b48749e0fa8c255bbb4d25d29a2723811a39873deb43c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs-1.js

Filesize
10KB

MD5
ada01c9d3f80de2f4dabe8f0a84c97ca

SHA1
2211d5f402438a4a0177830de7e315f0a0e97b17

SHA256
f7e3b10c57b4aabe7d2525310c3543d6f96377dbcdda2fc170afde834e6dbf30

SHA512
62c327e32c79fd8dce6440d55fd1652a476fe073fe79401301d6b9b7bf7a42c3d2cadb48b38a57c10731db8ca9b8d11c2c54ded1bdb4808320ec03607d1e76a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\prefs.js

Filesize
10KB

MD5
1ffdb7aef337232b48774e5eb3a3ccf0

SHA1
1c545cffc32b33cf08e9de50ce9751667a2fd181

SHA256
ee326ef3acada3738eafb6d47bdfcfb3d2ab6e94edca969f57b0d9b71eb40cd0

SHA512
eac746614b255018aab823c0c1ba135d3ab4887dc6898e3aa917c3a23b39475535309e2be0dc3fcb81b668430c6fd7708ee6cad02ecef347de65b23190f081a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\sessionstore-backups\recovery.baklz4

Filesize
10KB

MD5
91a551f3f8590575ef1044ec1bee85e8

SHA1
e2b5962e97947a94e1eb68a04ac4f2a54b4b4b8b

SHA256
d96ba9629df2652db0cc9cfc98331bd74f3e7ebfd401f466ad44892850775f40

SHA512
66b11d140476a7f2a8291dce4708d087c8f3c119bc972fe99869d6c6cf2bfbf1ac238091d740d01596b7d2b4098f719701fa5bcf6d1a1ff5b9ebc4c150281be2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\storage\default\https+++opnform.com\ls\usage

Filesize
12B

MD5
59c592039b5e99942440777f29fec021

SHA1
f8ab07866879dfdb20530887b9fc6cac84001326

SHA256
d1cb5dc38962fa0de8dd1b6db165f20f4b38c75b9fd38ffbf4d73b16e75368e5

SHA512
a32ee984e6fc2970f548cff9db8ce3167edbccfa933ad9357f535f712d272cbe55ae6656abe206cded44a2154d7e55b8d715b6d1bfb93e9caddb924dd8c602f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\storage\default\https+++opnform.com\ls\usage

Filesize
12B

MD5
0871a4fd7e250f00a18ffae2de8d4bf1

SHA1
c58ccace28031d7214cb38f02fd9606eda81ee51

SHA256
055a901cfa30ccf078ad614ad047c88771861ce1d9b6d7fc2efd05e915f0bfd0

SHA512
9d7455649c7f9e2c9b76bdff9372b091eecfe996444d3ab57bf27004ea5896de98ff12750dff5960bb4e0e0b8c298f53579fcceaa82d8696670f36a9920c6aee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\w9rzhd5e.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Copnform.com%29\cache\morgue\114\{e886e295-dd13-4227-9eb0-c5ff3f1db372}.final

Filesize
10KB

MD5
41540da2f4b17b952c6ffc1a702a7103

SHA1
85898c0b3d091504ec626d06ef015eb53acfdd20

SHA256
ff8417966e5a911093d8d682ba7e7dec2c9d94c6534c33f2ae9af21d2a1656ba

SHA512
d8f229857a797f4f653c3696330e59a9c70c361ed900af65fe7c23bbaf51d09380450287b2d4494b56d148af22c7817ed67443092925e5a352b6fc573c5110c6

Download Submit