hxxp://duckduckgo[.]com

Resubmissions

24/02/2025, 11:42

250224-nt46nazqy4 1

17/02/2025, 12:53

250217-p46b5syqhz 10

Analysis

max time kernel
35s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2025, 11:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://duckduckgo.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2278412438-3475196406-3686434223-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\DuckDuckGo.appinstaller:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4924	firefox.exe
Token: SeDebugPrivilege	4924	firefox.exe
Token: SeDebugPrivilege	4924	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe
4924	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 1916 wrote to memory of 4924	1916	firefox.exe	83
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2656	4924	firefox.exe	84
PID 4924 wrote to memory of 2292	4924	firefox.exe	85
PID 4924 wrote to memory of 2292	4924	firefox.exe	85
PID 4924 wrote to memory of 2292	4924	firefox.exe	85
PID 4924 wrote to memory of 2292	4924	firefox.exe	85
PID 4924 wrote to memory of 2292	4924	firefox.exe	85
PID 4924 wrote to memory of 2292	4924	firefox.exe	85
PID 4924 wrote to memory of 2292	4924	firefox.exe	85
PID 4924 wrote to memory of 2292	4924	firefox.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://duckduckgo.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:1916
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://duckduckgo.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1988 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1660 -prefsLen 27131 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {578738ed-3632-4e2c-a6aa-8cd859490473} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" gpu
    3⤵
    PID:2656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2296 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 28051 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98d7913c-4d96-41f9-8124-dfb95988ea3e} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" socket
    3⤵
    - Checks processor information in registry
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3264 -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3272 -prefsLen 22684 -prefMapSize 244628 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb4a3201-3b3e-4ca3-9fef-5efee845f50a} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" tab
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4032 -childID 2 -isForBrowser -prefsHandle 4024 -prefMapHandle 4020 -prefsLen 32541 -prefMapSize 244628 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc0e6f1d-038a-41a0-99b2-a07cb5a33b6f} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" tab
    3⤵
    PID:2768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4920 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4520 -prefMapHandle 4692 -prefsLen 32541 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {93cc0346-450e-4e5f-bbf0-45795cefb242} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" utility
    3⤵
    - Checks processor information in registry
    PID:692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5228 -childID 3 -isForBrowser -prefsHandle 5064 -prefMapHandle 5204 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ef465f0-2626-4c8e-a19a-fc94782469dc} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" tab
    3⤵
    PID:4184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1240 -childID 4 -isForBrowser -prefsHandle 1244 -prefMapHandle 3108 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec999cd6-fbb9-46b3-971b-c46dc44fd8a4} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" tab
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3252 -childID 5 -isForBrowser -prefsHandle 3044 -prefMapHandle 3032 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af653c59-aa20-46f3-8bda-5b7a3f8dd407} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" tab
    3⤵
    PID:3256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 6 -isForBrowser -prefsHandle 5720 -prefMapHandle 5728 -prefsLen 27083 -prefMapSize 244628 -jsInitHandle 896 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4319d873-27df-407d-b48f-12a0c0f07dc4} 4924 "\\.\pipe\gecko-crash-server-pipe.4924" tab
    3⤵
    PID:2540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
47c06927c429f96949b20ec9d99cef67

SHA1
a4a842a8d5b8a21c996c9c1b533aac8ccb0d8708

SHA256
423219944fd9cc5d5979c7be46cf05a12deeefdaf82af7252cbc00b829aba1fe

SHA512
df08b6fedc3ac0e754bd1bba6d08e591737a1052f3826af6593a47db8842267c8c326062c93c7c3ceb19bebe63c9c285bd2c220b1d51734f67e88c1d7c711f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\AlternateServices.bin

Filesize
8KB

MD5
89f6a6a7fbaea49e3dc9a3bba058b92e

SHA1
b7d614c4a7ac5d52b9ef57cf2268c1ee40e061c3

SHA256
b1d10fae4b1eed73ef7962a3e92ad3ca88c07d60709554fee8bdc0635b62e8ad

SHA512
dd7a2ee822d9c2b59d090425d8ef840f736fc16856d7c6325fcee44d746037fdd35a74b2020af155705d5ebbaa7b69e71c306f7862e61c30051a45bdea698f31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
15KB

MD5
f8fa711f19f73c53ad3c72da3b142a6d

SHA1
895ec872834f3b9d8876fe22a738cf6e1602186f

SHA256
b3fadbd3d2f52db59c9331e836fe45d9ac9e68e23bca68dca28526f05666f9e4

SHA512
9f5d912ea6f3510f850b5157486a984548dd5ae5fb4cb0b24403a4101f51267349c8c70b77cb3a062e36df2c9d80b69d81b4ccc339f9e5c84a390059f4322746

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
b3a9b84ce1b4d37e1a51b25475120083

SHA1
a474b9afbc90c931d58a5390a9a02f834f8bac97

SHA256
cf657d507abc7f005c507718ea032063f993f9c1b322f790383ce0fb6728c8ea

SHA512
52bdd592a863a0679cc0fb2721f525ced9ca39063a080d02a5feff37f52cdab186d20baf672df272ea30ff97b213c2c86d56d490b05dddf31db80775b1e3e262

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
9eaf7b1e7058a4ca437441a9338559c2

SHA1
7388fc103d9a48eff7e52c6d4bf6083ddbf7edfe

SHA256
c1d9a8af906b7238c6137069af136837b2188a2e079f2729d90ccfb44173594a

SHA512
c3aa5bbcbe8509f227b3a94929ef50317ac59aa15d607f70f3b9b0bf85935651b5abcbe9d7ea984ecf23107c1c6a4a3e7ed796f61933b33100dfc2e064335067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\datareporting\glean\pending_pings\0a73ca54-3dcb-4de7-bbf2-94d871756241

Filesize
28KB

MD5
d0acf1315ea0d780104f6df4c8ae0b26

SHA1
bb24a65e819732404758fe5e9f41a9e9d2011f56

SHA256
7ea059825b86bf648c995d549bced6e4da98a401ea275084166569932e2c5109

SHA512
da0c689ffe7cedbf3e9ef0d18b73c7f66556e2f5e1e3d0f50bc6f5f09ea2212f648e6f6f4a464c9faa96f3d57a9c6fb52cd03e7a3cf9bc0dc56e322af7d3816a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\datareporting\glean\pending_pings\8869a872-ecb5-4041-905c-61bd56326fc5

Filesize
7KB

MD5
1335b94915850d046c2eccfc5e11cb21

SHA1
b60cab90fd0861789c0a33b72c64feadaffe8479

SHA256
a8293e11b217a4e3fd357ecbb1fba9d43c7f2f6ad866763fbcf0f6aeec36e35c

SHA512
7eea76708e91d53e345a4169305ed1f392c63f593c08833f7881a4e9bc9e9005c4397ae325339cf3718e728f41a6762d89002ab407cf309a94a33df77aff1b02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\datareporting\glean\pending_pings\8d51e2af-40e4-49f4-8afa-502c467cfc01

Filesize
671B

MD5
527dc934573898828217ee88e3bca107

SHA1
fc8ed315d7d0d66f73e988b750830149c117df35

SHA256
7755edf7159473d59f8f00c098424778df36e5743cacb9c5f0b9cb8d93f42f22

SHA512
80e4a5914d45147fe482c01629afe4a1cac9e3230d5aab8344f2762697186b175ca4dfb8072c457f9aae2f9cc6a6de66e79051cb144e2aa2b95b6978400c104e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\datareporting\glean\pending_pings\e6fe1a86-9f7e-468d-b9c5-851564489921

Filesize
982B

MD5
f8e56bb95cccdfc91c20d7bfe772be5b

SHA1
b839e8616bcbd7511b73b5eb288fd1415b71845e

SHA256
6b2fa5b45a512e35d8b2cc18b74e7152036beec93f7b7b3ad7a32390289b287b

SHA512
7f0a3575ee89a2a76c047cb534e1a8f1c851c9fb5ded9d7f4124fc47599570e28f3de80f1098856185a010a1b5f8c1f29c0c5173aeec3846d43dc095f9ddfa10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\prefs-1.js

Filesize
9KB

MD5
e64665792540f62833e79f5cc4da316b

SHA1
ae266b6eca5ccbc41297d3b26ac99bf26849e65f

SHA256
1c6815652e2115cc1f44d5fa91cf3dcbd75c5707683d34ae5700a571976d7dd4

SHA512
65224a95ffed58e00e0a5f8c6a76de0e4d2f2d52b36f9bfe1ad57e00a9d0c2163fffa941213102b6f1fc688c416d326a77ecafb06f1dced432fb967f50955f60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\prefs-1.js

Filesize
11KB

MD5
a992f64e341a52fb2551225f225ad2c0

SHA1
308171fa2257855613a8d3df1e1fe8d43fb183da

SHA256
0905acbbc0610958e3d004e20f0340092d7bbe29b7b9f9a98e4c8af663cd1dcd

SHA512
0077410a8017bbfbcb6e0788dc1179df0a220b0c550f2c7fce1d7d9ea8658ce6f874de559cf5d4660987d9ae0bbc5e2673fc1d0f0bcf1456f905403113a70fb0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\prefs.js

Filesize
10KB

MD5
8603cc0c31fb21608ef698ac728ace3f

SHA1
34b6db3af872217513cbe8bfd4761328f3bd8e07

SHA256
ce8cad7e40547ff057e267221fd3c693642ee274fe198cd4e271127efee3fab9

SHA512
967215813cc8032e2bd659fed0776e53b733cc390be51c1838dc074b4e20b92b153c1e4ffaa0c4d292dc76a16da5ba782470076edee6635016b65a590bf11cc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\sessionCheckpoints.json

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\1tx1xrpd.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
de289da149e19a450b245cff8cda86e6

SHA1
74615cdbcbf78ca0022e8a8012f2507d929de37d

SHA256
28288479d1be7e58c96c7c5b3f6757c95ba4bf4e5605133cf5b14b84fedb9d54

SHA512
50a2f69a9c175a2e1bd06091c618116f1c64e11cecae7d7a95153210876e92db7440203f8111caaa8f9460f39c93fe6a24613c06b769270016fb78e523c5b8b6

Download Submit
C:\Users\Admin\Downloads\8-3hox7j.appinstaller.part

Filesize
782B

MD5
3bc85c086d609e26358ba5cb3102a5c3

SHA1
53a7017843161ed59aa020452e3dc353f5bbde0c

SHA256
91109785522149bae42c4df9c2e80ca110375c7dfeb05d169830e5adefbb702e

SHA512
6c1a36ac8409550726bcf57104e2bdebc9b87e10c8e5f1fa63f82ba451ee4677183d65c90348a6e51a85bb3afc92ee69c61cb8b97a87bfbe49c2850fa540f4f8

Download Submit