hxxp://gndbg[.]com/logon/index[.]xml#?email=dGhpc21lbWV5b3VAd2VtYWtleW91d2Vhay5jb20=

Analysis

max time kernel
50s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2025 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gndbg.com/logon/index.xml#?email=dGhpc21lbWV5b3VAd2VtYWtleW91d2Vhay5jb20=

Score

7^/10

phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
79	api.ipify.org
80	api.ipify.org
81	api.ipify.org
82	api.ipify.org

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4356	firefox.exe
Token: SeDebugPrivilege	4356	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe
4356	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4356	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 3792 wrote to memory of 4356	3792	firefox.exe	85
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 3204	4356	firefox.exe	86
PID 4356 wrote to memory of 4408	4356	firefox.exe	87
PID 4356 wrote to memory of 4408	4356	firefox.exe	87
PID 4356 wrote to memory of 4408	4356	firefox.exe	87
PID 4356 wrote to memory of 4408	4356	firefox.exe	87
PID 4356 wrote to memory of 4408	4356	firefox.exe	87
PID 4356 wrote to memory of 4408	4356	firefox.exe	87
PID 4356 wrote to memory of 4408	4356	firefox.exe	87
PID 4356 wrote to memory of 4408	4356	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://gndbg.com/logon/index.xml#?email=dGhpc21lbWV5b3VAd2VtYWtleW91d2Vhay5jb20="
1⤵
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://gndbg.com/logon/index.xml#?email=dGhpc21lbWV5b3VAd2VtYWtleW91d2Vhay5jb20=
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1968 -parentBuildID 20240401114208 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8dd4a12c-d9ec-4846-aa0e-8881abdf9fe8} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" gpu
    3⤵
    PID:3204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2348 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d55081b-c705-427b-9b6a-a8ea0d8cc1c1} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" socket
    3⤵
    PID:4408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3140 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3196 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a79d021e-03c8-4793-8e4c-5be72675186f} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" tab
    3⤵
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2828 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3664 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aafb3bbd-159a-4d36-9f31-fbfa788ea31e} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" tab
    3⤵
    PID:856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4740 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4760 -prefMapHandle 4756 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7271ac2b-9ae6-4a42-b980-3938297f8a8a} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" utility
    3⤵
    - Checks processor information in registry
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5340 -childID 3 -isForBrowser -prefsHandle 5352 -prefMapHandle 5404 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d052f7e5-aeea-4e49-9019-c7fb41110d3a} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" tab
    3⤵
    PID:1116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5488 -childID 4 -isForBrowser -prefsHandle 5664 -prefMapHandle 5660 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a5b72d2-848e-463a-a467-b471ab0bf19c} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" tab
    3⤵
    PID:5044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 5 -isForBrowser -prefsHandle 5636 -prefMapHandle 5804 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {76af2a87-5617-41cf-bc6e-bd8e8c92fcef} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" tab
    3⤵
    PID:3132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6060 -childID 6 -isForBrowser -prefsHandle 4128 -prefMapHandle 4668 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13d56a59-4f0c-4520-8177-2c33c4489725} 4356 "\\.\pipe\gecko-crash-server-pipe.4356" tab
    3⤵
    PID:3632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4ws2kncw.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
6KB

MD5
e5a11ce84d8a0712c47dc9fcb8d3e4c8

SHA1
b727642e5f8577be43777590e58bbe1524713411

SHA256
9217f33ec9e1c49a1ea6f019cc9782a1990999048a09ddc6163729d5448fc650

SHA512
4187ddd14b07334e53d877597d95767d2ec061f0b3d24121c68824b34827625f720e987a11d1c4b38923ce1b0b4dc7e6f48459d16fd8b57c1faa39695bdac97c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
7KB

MD5
3b7fa4b1ca2d227b68e2a573257d489a

SHA1
14d0f6118b098c937ad33d2cfe99190091e82a07

SHA256
657f3a87f76ccd88fab1115cff0bab543ec46564ee4db1f3ba507f7ea3e71998

SHA512
90709eaf497d2a857b96835e2a1e1ba0400fd63c3558e50a8fd574d1562e6109bcaa2b0fa0a34a5432ec016002e3badc9ffe588bf1b539323f261dfc84eaa1d5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\AlternateServices.bin

Filesize
10KB

MD5
e5d83f2d267001cc8610e1ea92473714

SHA1
e65a54a4171ccb25b6a42ad15bc0c3820a9deb93

SHA256
72250c1836f987e14858e1653642159b6b38adffbee6f9731caa1b81d7143688

SHA512
fa8d69291c6cbe7f42dee000f462ee97c6a6c611725b359db9c2313d579c510d817b0be1f3a0d481b372a6c96c1de5b85adf7d8fabf8d4fa9b1eae018aaf0f1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b5784429636b70581128857b47e18a4c

SHA1
8fd317e9237c261255069cd6c6f428ab083ff90b

SHA256
8bf02b2c05679b3e4c001c6e8d107804130d3bfd08e29fc67642a1e920b000a1

SHA512
8bae04937626710ee1d8027821d43daccea959a585842aeea75d1f578cf586ab094a4aced9261f2d4944d79853ba9ef59a50413128b7bb0f410f208e7d216fb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\db\data.safe.tmp

Filesize
27KB

MD5
56cd24fff72d3710b779ef3327096f18

SHA1
ea43d03acc464f8522f591deb39fb8f09b67356e

SHA256
10dd3742624a397be0b2b6c1ddf4da4cabb5cef3c12d3cd1d8726766d654a4e1

SHA512
413ef8f9ccf860ff653afb7bba48cb1fe34ca4acbe72d0272dd766807b979abdc2fa3ab53844cf18503970b11f45f743143d7a40512914365a266d2d6db786e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\1b466ff4-1445-4a23-9efd-9d1fe33d95d9

Filesize
671B

MD5
e2d4ff6f3c60be7177f349477d34be01

SHA1
77224f20b14b96672f9b7e4daf931acd62da3110

SHA256
520c2b47ea84dacd70eea1e656ee4988d5ea94d9ca770b5259829576c9b2c87e

SHA512
3b9453b5c6fe2f1d8232b24dfa1d02aec6fe49e02192726db5f179fb35f60c043d61e00759ffd084f173624f0ed27140c4719d5d12043dbdc9c53828881934fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\b74575ab-bd21-4345-a391-8b5bca3d1192

Filesize
982B

MD5
16e200858fe9397364f0930da79f8d1c

SHA1
a705e20a06ebdd8dc40ce55b61ff006091ee4a67

SHA256
20c4c340c4587804f6d436a5fbadeb5fb98b51690d9ad23fe94bc1514286424b

SHA512
1998d31a87c27af7b4eaae78ca52cc53a8c68214169b42c7b930d59813ebc4ae8919a27408e3c5d82003623e29ebe92b9f7ef6d71d439bd564b93418bbcdd3f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\datareporting\glean\pending_pings\f236d8cb-fdd1-4470-b65b-f34923b5a468

Filesize
27KB

MD5
0074619577b71ff2bf53ecd133cf3ec5

SHA1
9a8469aae5cfd19476d79a688bb8018f7712aee4

SHA256
252cdb44450abddf6bb83e189ae56669abdc2dd93c690eb83f933093f51f02a4

SHA512
649fd57d3e2cd7b56f291850e996bb68610e6f4ac2e9b46eff7dcdbd27c56e75906fb5ba13be2e30fe5fb5cd2881d1e08f7a5c9ef1e680bf3b3120a736f974c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
9KB

MD5
c50db3f4edd8dfee1fe1ece6f5308774

SHA1
848ce9c07d180ca699fce58f2aac6b438057713d

SHA256
84c9a6323a28b4ad795315e3d39b2fcc11399287ac0627a089ebe4c0c85aace0

SHA512
9aa0d5b0c38b93dc6ab0f58271e0215f8b35485ea418f4ebc71a3dc5df4133a0be11c54c481f9cb30b9cf94e019da51088971de891cfcf23a9d0c6b89918a503

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\prefs-1.js

Filesize
9KB

MD5
658f0b2d757e6975e4478ad0d0f0f44f

SHA1
e535c87dc574087758332049318a5aff5d6ef068

SHA256
8045cb0e3dd4b3d533444f4eead0dbaa1714620eadfe19f84ed89c7b064d6098

SHA512
0c03f273ba258c4e39d6e6ec3d267dfe99cbcaa6813f78e6c86402c2e230546a42d2d91ddb29b7baf926fcbf8ea02a9dd0e5401472a6ba06212c268b9225944d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
c96b9a960a9ca05659ed961e2468dfb6

SHA1
052a54f21ae5c29df80a02396ad82ea8caa98231

SHA256
75a3a33c23bf58b89f9992a6559d60c61cc7ff1e56de42506329d827c34b5ab8

SHA512
9829723a398aad07236e95ee75a034139254e9005b7631a8a5dd66b00d053f80fd40a5103f92ad21090564e1fe8051459ca7ad142c8cd9c291bcaf82acebeab9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4ws2kncw.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
830eedaed222c159d05ad8c0105d6c75

SHA1
f6519505128b6511a67fb53e095bb8f5affdae9d

SHA256
94e80b0766152e5ea647542b8123e48deb3c45f09058cd6b3d041debd3984aff

SHA512
c9f0c7193daf49fc826fab5ff53420b44708309268e5c36552d31d3998ed18581ade25b513dd2dcea1508697989a40ae9fa85b89cf42ba6716d8034878f308f1

Download Submit