cb1bcf331721008e6dd6b46cd0f1880612374d54403836f43f264f924789e610

Analysis

max time kernel
298s
max time network
257s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01-07-2024 13:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

maizu hack v1.4/dimaind.dat
Size

509KB
MD5

1040f641d8dd01f38ee4888772506c2a
SHA1

46e63895e37a82147bfc01147d04b6effc450e6f
SHA256

51cb1292c9198346c8f943b5787d57502b8a580bc20b1de9a425970abb02a7c5
SHA512

87bbd4b3691ef928c80580e3ba9468f8bb7e4375e4f2e08dfdb3472be0a2d9b8726e38cc46a08194ef8c2ed883a4172bc495a7f134631df11098a2e59f17b4d1
SSDEEP

3:n:n

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

3624 OpenWith.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	1912	firefox.exe
Token: SeDebugPrivilege	1912	firefox.exe
Token: SeDebugPrivilege	1912	firefox.exe
Token: SeDebugPrivilege	1912	firefox.exe
Token: SeDebugPrivilege	1912	firefox.exe
Token: SeDebugPrivilege	1912	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

1912 firefox.exe
1912 firefox.exe
1912 firefox.exe
1912 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1912 firefox.exe
1912 firefox.exe
1912 firefox.exe

pid	process
1912	firefox.exe
1912	firefox.exe
1912	firefox.exe
1912	firefox.exe

pid	process
1912	firefox.exe
1912	firefox.exe
1912	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

OpenWith.exe

pid	process
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe
3624	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

OpenWith.exefirefox.exefirefox.exe

description	pid	process	target process
PID 3624 wrote to memory of 1148	3624	OpenWith.exe	firefox.exe
PID 3624 wrote to memory of 1148	3624	OpenWith.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 1912	1148	firefox.exe	firefox.exe
PID 1912 wrote to memory of 3460	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 3460	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 4380	1912	firefox.exe	firefox.exe
PID 1912 wrote to memory of 1880	1912	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\dimaind.dat"
1⤵
- Modifies registry class
PID:2804

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\dimaind.dat"
2⤵
- Suspicious use of WriteProcessMemory
PID:1148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\maizu hack v1.4\dimaind.dat"
3⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.0.975740648\713163244" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1660 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d212fcc-4ae0-49b8-97f6-05d0d5bd33c9} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 1764 1ad26ccab58 gpu
4⤵
PID:3460

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.1.1410581059\1428450708" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d45ed391-590c-45f8-b291-71a9a815d4b5} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 2140 1ad269f9558 socket
4⤵
PID:4380

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.2.1127259330\1397527459" -childID 1 -isForBrowser -prefsHandle 2928 -prefMapHandle 2788 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb9dc0b0-5201-406c-a821-d8211955f36e} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 2920 1ad2a9cfe58 tab
4⤵
PID:1880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.3.428235004\687057945" -childID 2 -isForBrowser -prefsHandle 3252 -prefMapHandle 3248 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0892a019-b56c-48ea-8edd-e0171fa929c7} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 3244 1ad1466eb58 tab
4⤵
PID:760

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.4.1253498931\732289562" -childID 3 -isForBrowser -prefsHandle 4840 -prefMapHandle 4836 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {94bd56de-5fa8-41b1-9b06-b19390aa9d78} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 4824 1ad2b00d858 tab
4⤵
PID:2820

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.5.310160028\179706589" -childID 4 -isForBrowser -prefsHandle 4904 -prefMapHandle 4908 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {39d1a30c-4d1a-48aa-a50f-7bc67fbaddf8} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 4896 1ad2d643758 tab
4⤵
PID:4572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1912.6.1512102886\425481982" -childID 5 -isForBrowser -prefsHandle 5116 -prefMapHandle 5000 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e5d1a4e-fd1f-4c9a-965a-f83e01e85ac8} 1912 "\\.\pipe\gecko-crash-server-pipe.1912" 5104 1ad2d644358 tab
4⤵
PID:4464

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5CD1EBDF6B57F13C7E783CE5E6D8E9C44014FE1A
Filesize
13KB

MD5
a88322953be87233cf29cd9c98b26312

SHA1
0b38d87e9a0ae9aed9ffa620fa423563b3217b6b

SHA256
b5a43e7bc490f5598416a248653da840cfd03684489d9d51b4e8279cd08942ae

SHA512
84a707cf56658949c9d47410f284e94310a659881b06c2e17575f9b09dbb1845833e7f67cf7a5b4ec86f273313fc17e9f077eef04b9a28df3131450fdc5dc05f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
4b227c3b81ae0ecb43e01d6f7e05ebe9

SHA1
7161d9d74e9ae59ce43112467718687bcec6c615

SHA256
1250098f4591b2674ba48b78ea496276cb02486d75974f9c46fdc9dcafe9a552

SHA512
fcfa257f9e8d36fc098bfba7fcd1de5b56801222c00b41215ce2a95e82998a3d68e9f2098f3c29995bd7cb8a901c8a433f576702843820a3fd2b798b1b9e80fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-07-01_11_JYHA1IDH37kjW2ud4k03lA==.jsonlz4
Filesize
948B

MD5
7c618c5385632ed123b3929e89a9104a

SHA1
877eef304b5bca587c7f990c0b187b1fbe666e04

SHA256
0c052f029079668e4dc8f63800c6b2fd173fd97de4739e5a66d017df726f519c

SHA512
78e0c287f8367a1fb67e816d2ca7a675cf880d1a245ebc1f4633c52a54bd7fb8ba4564d7c07ceddd9f56c9efbaadb2da1ccc928f679645b3d91dcdac7c87d64e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json
Filesize
216B

MD5
efd658a4a63875b30218609379ef2766

SHA1
1751b1b10865dcd30e4fda0ef17315607b07ed40

SHA256
9f4a05c47a68624f0c81b99a2e8201329151371ad868adc013eb9ec2c72f4158

SHA512
98e8165789827cffae57a652a749cf4aff45875eb71cb9c67240f858648e4bcdc91de5d24fd919ff399069c4962680ce8d044b480663c618b145012a9073f8b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
b39a8bdbd594033290273af99e62111e

SHA1
9583aa39010de34f4bfbf713b167a02ced27f36e

SHA256
bee77605a43cdfab7c2ded486bdc9d8bf9ade96bfa12964c24aec711381256b0

SHA512
506d0095698e1d805504fd4ab92b876ce2e828f3607bf09f8ee02fd91a451f655ff7a4332c21ad03c6b4a3942c8973d4371c1377ebaece529f6b1576a08b9a9a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\11f8c73c-6514-4307-afda-258289ff71c2
Filesize
746B

MD5
b2b459ccdcf2812ad1ed2dbb2f2b174c

SHA1
9dc9abcbb6319d55fc247ca1c1e7605160fae407

SHA256
d73d17c0a55b43c217844e2fc62bf03618b40c6ad02a18de982c0998f98d6203

SHA512
8025fb3f8b71d9e62b64c247a4f717cebbc619be7e65ccccc01ca1963e05d07b7d7562a79d82bb7bc56fd3ec0dbcc93265bb47411d81e16ca9cc41d68a732d10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\412f3664-782f-4bc2-a57c-58bbbfb122a1
Filesize
11KB

MD5
1d0062497e796da59374b91daa7dfffa

SHA1
ecc48361f2aabe21038b8c6b1d7d0ef4635fc1ab

SHA256
ebf7218ff6425c1c578fe468657a812e3affe1f6d1e85a83ebdb31f6bf9fe485

SHA512
dccb3cbf4165480cf528dc97f65251ac8b9a2a4c0de7c1742fd8966b389e78fbe1d343d33f83fad67a0ebcd3485691b44ee72d3a6959b2fff5d292a573666bfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
10KB

MD5
2529cb1082e34261a21416a40507a039

SHA1
95c79c8df7720f8461080a38451157b4fb3a37a8

SHA256
14132c3433ff97215a93a89a06f0057cf3bd10aace7189742813e03fbc3ce568

SHA512
09e72eef77bd1cc6ad94134f6e46b178db8485640229138fd7212bf06b1bc113c2f6be566badffd898fa7a961f69da0c680cdddfb2c09004a6ce25dc9308c764

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
7KB

MD5
91944bae758ba7a18050034f18cc9c42

SHA1
6b283cbb0d21f84858d38dee1b318ac47132e815

SHA256
4113ccb039addb853868d8311deb7660ed3cc0d3e2f45c23da870bd20c411015

SHA512
24f7088ecf88e3bac171af38c75bcbe04afaf3156be17e0e1983218456ae621c9e9a525a8bce1a88bde9b7aeca7cedb222a669c86f85428ab674830105c446ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
Filesize
9KB

MD5
5c8f81e488326b1297918b5b057fe25f

SHA1
20363829d7261efb54f4b96a20fac00f94f07fcd

SHA256
8c3deba77ad420942de1b8f57ec75157af8b00dd39a59aa7e99c90c73923fbae

SHA512
7747cd7c8b8d5bc630cc0be89299e6c6dca5ce319ae15e1b1618c28447cafd484fe17734fe7943bf16ab34fd7eb1ba3f7803a315efb21ee8987ff019d0064adc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
75777b87a5b5631e101e1405cbd83fc2

SHA1
7aac0f8e9748fb8b823826683cd11067ae58d381

SHA256
1f4837b1b7f61f0dfc45075c5b58971b9abb7ef7cebee741effb516198c4f98f

SHA512
d22e3b57e655916938186d926836772e47410229f834a4c25edfa73d7a1785f043bf0868bfa7d5ad1d41e692397e9fb16dc5b9366730ad5c4a2cffa5fea2a228

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
3446d7a8e0fc3b12418fc3e74cdf36ad

SHA1
cd553996e170c443caa63cf76f7e4fdcfbb9dd39

SHA256
4fedb45f94357ee2ac10a7d56ee34fc1f74f7c82f39d7aa6f1abf7c231308ce3

SHA512
5ce0f73f17f418900c4553e3e47ef957b02b18e71e5af64762e8f90ebc8cb09162c70cc4277c006a7fb1a25fa007e3ff5f0eeefb19733eee7f862d512eb4409e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
7.8MB

MD5
288408eb2b027da4893f2b068ab2e675

SHA1
b90bb6255adf082deb7c5504b1b5b6ec524a2cc8

SHA256
44ddc04f93c90aa90c5d6d1b0420cc1bc32d7020b0dd6f228c620b8f11d08cb8

SHA512
f933db666941e1445f5c670fd9dcec6e3982f267be21b9b786c5a7f86396186128e6bce7c1f98d19069053598519b69622b4af0b83e7882fabd17276b5519361

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
7f868e557b098795d645df9ea302427f

SHA1
001f3306144559b4049a8ab139b4139f51e59c0e

SHA256
b228e23ecfb7965e3badefcbb031de0b4bb887634bccb34a826ac8ac89124ac5

SHA512
56fd8aa514cc25db5a2c9191d665eaffe90182cc5e4f15317e0cfbc9adf7336d9ad937d20384b0504f784e5939b76b4c4b0020cb06e4a472c650355cc6c4c89a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json
Filesize
3KB

MD5
86d4f09e44e8dad9d56edc7f6e895386

SHA1
d94195840bceaeb18f2ed38d1dabf970c78acced

SHA256
8f6e2b98312915bbb765c7198f490aa1d3a5b3b9aa3f071334497cc6f4e52b41

SHA512
97026f84f06d28a4064a412bbd048f10ae18a2633448a3e66cc455ef68565022ee14f2f2b42a7ba56ba680cdb6af2b7b4fe57e40f61a43d4d5924a5ebb2d7630

Download Submit