hxxps://secure[.]2checkout[.]com/affiliate[.]php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fmaycorolbuche[.]com[.]br/xrp/CPrqKA/ZWRpbmEua2lzc0BtZXQuY29t

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 10:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fmaycorolbuche.com.br/xrp/CPrqKA/ZWRpbmEua2lzc0BtZXQuY29t

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4576	firefox.exe
Token: SeDebugPrivilege	4576	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe
4576	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 1120 wrote to memory of 4576	1120	firefox.exe	82
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 2448	4576	firefox.exe	83
PID 4576 wrote to memory of 4980	4576	firefox.exe	84
PID 4576 wrote to memory of 4980	4576	firefox.exe	84
PID 4576 wrote to memory of 4980	4576	firefox.exe	84
PID 4576 wrote to memory of 4980	4576	firefox.exe	84
PID 4576 wrote to memory of 4980	4576	firefox.exe	84
PID 4576 wrote to memory of 4980	4576	firefox.exe	84
PID 4576 wrote to memory of 4980	4576	firefox.exe	84
PID 4576 wrote to memory of 4980	4576	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fmaycorolbuche.com.br/xrp/CPrqKA/ZWRpbmEua2lzc0BtZXQuY29t"
1⤵
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://secure.2checkout.com/affiliate.php?ACCOUNT=LANTECHS&AFFILIATE=120043&PATH=https%3A%2F%2Fmaycorolbuche.com.br/xrp/CPrqKA/ZWRpbmEua2lzc0BtZXQuY29t
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1940 -prefMapHandle 1932 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d98a8254-0bb6-4a2e-a008-bf6e6ad51d32} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" gpu
    3⤵
    PID:2448
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2464 -parentBuildID 20240401114208 -prefsHandle 2432 -prefMapHandle 2428 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40d738a7-4b10-4704-9750-2c1d4cf65ed4} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" socket
    3⤵
    PID:4980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1532 -childID 1 -isForBrowser -prefsHandle 3136 -prefMapHandle 1728 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8aae2928-bcf5-4559-96ae-bf3210e85b66} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2676 -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3460 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d860a58b-0892-4ccd-bdf7-b1f248a5f2f2} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:1392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4512 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4564 -prefMapHandle 4580 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {353fd4a0-5604-46fd-8bc9-eef480c36032} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" utility
    3⤵
    - Checks processor information in registry
    PID:920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5420 -childID 3 -isForBrowser -prefsHandle 5412 -prefMapHandle 5408 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6c31606b-cdad-4257-aec6-3bce95bc0865} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:1496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5552 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8da8a7e-2fd0-49ce-aa48-b4420467ce92} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 5 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c71293a1-5500-44aa-bf71-d97a41d9e624} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:4592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6128 -childID 6 -isForBrowser -prefsHandle 3016 -prefMapHandle 2736 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bff0893-5c22-4338-90c6-1bd7c6ec6573} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:3932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5040 -childID 7 -isForBrowser -prefsHandle 5520 -prefMapHandle 5516 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd88aaf1-9364-4895-8a33-e1e8a4afca74} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:1352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6180 -childID 8 -isForBrowser -prefsHandle 5752 -prefMapHandle 6028 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 960 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6d04c590-bcfe-48a4-93e0-ec52f12addb2} 4576 "\\.\pipe\gecko-crash-server-pipe.4576" tab
    3⤵
    PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
6KB

MD5
99a261f0b3afa79e71c264c92b3b72a6

SHA1
cbaa948130a8b9a76884d76c79a3f2dfcaba1a93

SHA256
fdcadb92bc425712b1a5f66570861ed32f8302e77361adbedd0c7456838bffce

SHA512
41c5fb3ebc1f00191d99abaff21bce2d62302c0d28296791be25876e4c1c6ce2b4de74a22e4cf980536c356da28d9df39f55c04d9f508890d036ac760cdf9281

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
8KB

MD5
a0f0d344ac71c48c6e5a17794c520235

SHA1
4c9addc7340ced5fccc5c50475b9fd88202b1ae5

SHA256
d96b8c311ef79c04b0d411906b306c619ebd752815977bfe2e3392d7598e0ce4

SHA512
796a0ff749fa338439e7a2ccda4f5ceb11411ae9d17bf28defc1021f6bf53f4b232757b2139ca8d713f3b857ec89aa070f794108a8f46cdd2246990111744585

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
0239abcfcf4151625e1c4a0914fb93c0

SHA1
1fa34bb2845300a39e2152919f7b11372ed7efa3

SHA256
9b3b3b47c06bc9eb47555fa2c94b1f6a4c9b847d36591aa99711005622e25e94

SHA512
1f4b48243e23115261086757b9c4fc4cd5bfe66d2b6ed1c5dec77daa5d4ccefd88e2b2891fb83ca11a8b0987d1952255fb109e8ee8232396b76fe97c7cf6f154

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\5639a9c9-bc59-455e-8fd4-963820a3d3b5

Filesize
26KB

MD5
63badef635528f4452b9d2c7e1e4306e

SHA1
9b8520ba7c7110ee5165d4bd604a22dfb0fed9a2

SHA256
b102a9c0b33caff8248eb690b204e8e9fe5b4da6dfa0052f9cb35262500ce324

SHA512
a50104d8ec780cff7fa61c095931e231d936b9e17877c8f00013cc8bba18fc2fb26f1dd6b2aee7b22ba6575ad5cc690fc351a495197fff0d6a8de0e8b52cd643

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\a2930fa7-6a66-423f-a783-63c9668b06f1

Filesize
982B

MD5
224b8319e7fc7a25127c22adbdf90503

SHA1
dd2187011db795a86927a623c28c096d7b75ed85

SHA256
4e9b2077f657ac2b2e381751b5918309a7acc8fc6abf9123da85618a7a737e35

SHA512
7a70f505bd90290dfe19a68fe8ff2506bc7fd0408f81edc4e2bbdca078bb890867300baeaa16eb4b2f2f4b45b2d019b5a8a9fd0c9909281692c797d0febe33f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\b9709dd1-2c9f-4870-8cde-9e276fc9ee1a

Filesize
671B

MD5
6f2974f829f3ca79b2e39bc8eb086185

SHA1
9481cdb0f01a150673017f96948b6020b0568c53

SHA256
4ec0e82c3950717bd27e18dc81391bffa715f7cade08e5a1ad7f54f7275a01f6

SHA512
10d56caaa4cd058abc0c887f225241540dafeb006ad15735b432ab10c6d43f0d650758ebec61882fadc69e2730cb62b8c189ca561acdefd18246146cd808e2eb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
12KB

MD5
2c8b8897fb35ce95f034e22301dfd1b3

SHA1
018991b704b60745abc63efb281b0f22c5cd7562

SHA256
9b4325e601fc5c5d41774459891b55ca235f41be775006407a59320c559c38bf

SHA512
b2fa36a4aea0adb337e7b1a57fe17c63ddedeb3dce2211e1696efbd2926a7bc6dfd46afb6870eef31314e651c7b9484dab55b7b812f610a1237de8998111d72c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
11KB

MD5
9e87b35e2812efea6005d909ff9fe231

SHA1
27335ab9e1ba5ea10a153908094458374c127962

SHA256
9eb3fa58d0b2f4fa930e75dc09d8c39283769da807d3957a9c558408f833ba6c

SHA512
2e2014f6b48d22957e6d97916d3553fe4b329ff361d32891ace2851f854c53768dfc810de4c00720f81b299b5086a34c9f33120cfcd704a5bfe415b3354eaa1e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
10KB

MD5
8db3e547f684265ed5589aa403c12a3a

SHA1
f43884de2043cb6bb13ee6770d991728cff0d8ba

SHA256
e2c5987a9f88e61b2ae8ad29f3fbeb02a4bb96326bfd208bd952a38cf7b059bf

SHA512
ff4eccb9110cf2ff5e105c338e99f019d2dd6db28026719713c25c099fe79a9382a6ce33265a86bf61f3f19871081bc6b2bd251a1db914812bee845d43b9f128

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
2666ae2e27def3017fa73fe0c8b26ffc

SHA1
bdfbf3299949a18f1a28125a5145aa0b55e2496b

SHA256
131ff993b0bca53d555846a64583fa4dbcfce73e6b6bf39c4d91206add8d0388

SHA512
1bb68070715158193c8bbd9e4856b8e5e171a3b5eb845d53077428617949d6ddd2aed7d7a878f90c0bb0e7153b67338ad13c783f5c8742cfd549de3ed6c81588

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
ec3a8058133b1c176040987fc6d8d095

SHA1
67c58ac37e48ab21e18ee6d84fe99e6af4271128

SHA256
a16a688130605097532856e67453ff7a27ea84caf3f159749b7a3429868269c4

SHA512
b152dbc47230f5349629a899d8fc8dbdc3cbbe95eef39a8612f198ad14fd654de60e0d20103914a591b4bb00efa3db3583d1de703de0bd872088fa494655e119

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
836efc7dfcf7676e5008ca8848016ad5

SHA1
f7b3a6b2373f6b9e029823b496e1921cfcdd774a

SHA256
ef4050fa699ded11c12ced9867ca508e14fc34d757d00ed12fed792e4ea25512

SHA512
cddfa9e87c53bc7b160e69fc96c81613132943c3da89f12d8ee36008016d3293aff6d398a7a8a72af9a4cfbf49ea4c405087a561aae73dbe28f6e44d73db236e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
60b00f3a6fedd7aab93885abbfc8a57a

SHA1
9b81049e6d3cf1f8397d39623c2caa985e5e61a7

SHA256
c1b925236ca70ca49556d87bd361e9dfa13441526be0a54ed888fa8be78c803a

SHA512
cd00fdf2f45e8c14d7d6b94a4e8c753f7962df4af46e238c1b4b4b0ec5905be5a18e94b8fde21778a31b12bbd2f041c45b943b7533af734af0ed3dcad77e6ef3

Download Submit