hxxps://librt-tk[.]eazi[.]info/ga/click/2-331572849-21688-29041-56820-34520-fae47771a9-f2ae104a0f

Analysis

max time kernel
596s
max time network
576s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2023 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://librt-tk.eazi.info/ga/click/2-331572849-21688-29041-56820-34520-fae47771a9-f2ae104a0f

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3336304223-2978740688-3645194410-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	2940	firefox.exe
Token: SeDebugPrivilege	2940	firefox.exe
Token: SeDebugPrivilege	2940	firefox.exe
Token: SeDebugPrivilege	2940	firefox.exe
Token: SeDebugPrivilege	2940	firefox.exe
Token: SeDebugPrivilege	2940	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

2940 firefox.exe
2940 firefox.exe
2940 firefox.exe
2940 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

2940 firefox.exe
2940 firefox.exe
2940 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

2940 firefox.exe

pid	process
2940	firefox.exe
2940	firefox.exe
2940	firefox.exe
2940	firefox.exe

pid	process
2940	firefox.exe
2940	firefox.exe
2940	firefox.exe

pid	process
2940	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 3756 wrote to memory of 2940	3756	firefox.exe	firefox.exe
PID 2940 wrote to memory of 1392	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 1392	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 904	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 3872	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 3872	2940	firefox.exe	firefox.exe
PID 2940 wrote to memory of 3872	2940	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://librt-tk.eazi.info/ga/click/2-331572849-21688-29041-56820-34520-fae47771a9-f2ae104a0f"
1⤵
- Suspicious use of WriteProcessMemory
PID:3756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://librt-tk.eazi.info/ga/click/2-331572849-21688-29041-56820-34520-fae47771a9-f2ae104a0f
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.0.1896180192\2117785192" -parentBuildID 20221007134813 -prefsHandle 1908 -prefMapHandle 1900 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9252328-1d90-48c3-810c-b5f5ba3320b2} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 1984 28390fdb458 gpu
3⤵
PID:1392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.1.711764430\1426444443" -parentBuildID 20221007134813 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd44bd50-c31e-4050-8014-74fb6811ed85} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 2412 28390ae5358 socket
3⤵
PID:904

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.2.555811260\109437023" -childID 1 -isForBrowser -prefsHandle 3396 -prefMapHandle 3392 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95c00222-7a7e-4236-a729-6e76171f9831} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3404 28394637858 tab
3⤵
PID:3872

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.3.1761925273\1799957054" -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3636 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cdca4241-9c8f-44b1-b108-c602b18127f1} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3652 28384365558 tab
3⤵
PID:2052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.6.1018701288\1934527502" -childID 5 -isForBrowser -prefsHandle 5280 -prefMapHandle 5284 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3173773-bbc8-43a8-abfc-f7480bfc3be3} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 5264 2839707c358 tab
3⤵
PID:2512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.5.898020\216996310" -childID 4 -isForBrowser -prefsHandle 4956 -prefMapHandle 4964 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f0a1e668-4c1f-420f-86f6-2a33895ff1bb} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 5112 2839707c658 tab
3⤵
PID:1520

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.4.1509795021\1699078938" -childID 3 -isForBrowser -prefsHandle 4960 -prefMapHandle 4928 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b028bdbe-78d2-4cb3-875f-bad7e076b5b4} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 4980 28394eadb58 tab
3⤵
PID:1960

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2940.7.1074183146\610764632" -childID 6 -isForBrowser -prefsHandle 3428 -prefMapHandle 3416 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28b74186-8089-4367-9049-b1762995a2da} 2940 "\\.\pipe\gecko-crash-server-pipe.2940" 3496 28394637258 tab
3⤵
PID:556

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\mlil8stk.default-release\cache2\doomed\4648
Filesize
9KB

MD5
35725cf592418e450e2a4dee60c1303a

SHA1
4f124a06f1e4fa7f7f7bd2079717fb2f424dd571

SHA256
50dc06efba883e6b29e282c2b7b98fa606d0d8301e28932c6e6b1f056bfa428a

SHA512
72a1ead544c4106cbb56f0821979cfc5fddb63b128e8547cdec0b85a284672927198ce09378a181a80c54be1eb4435d475d2206c0479c2cf7729a1c1037c4e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
250KB

MD5
ad30c8c205f60223bd022952cd4ed193

SHA1
1deef68ad51e75d55ae7b36218b93f7185866ff7

SHA256
2c372be65e396d03a38a682a8cf8eb307d318e6916c150fe52e485b897e0af77

SHA512
90e502afe98d5c5a9c6492b579f58d21597608172c60980607d74f05ecf977967ce0365dd8ac2e9d74ce15e203653c771e2a1c040ac5c19b3891a417eefe201a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
221KB

MD5
339fcc8d982128c490f10249d9ca69a8

SHA1
df5a6d9a53f728e0fc0a028988bca0001966f6c2

SHA256
c12d8f5cf266ef14eed7552c96d3a649b9bda7ff7b15109a8fb4923b2fe14cde

SHA512
8e18eee690472554837c29e4445f0fbdeeea695694db172d6ea68142dbee622a140c5540b016fe1277ba02c13520fb5a9ac4c2992da2713eaa0c74396ad934ec

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
e42506619e4e6213d8027b31c4e42564

SHA1
de0fb5f1173e8e3a5baad34e0185f71a29e6f65e

SHA256
78085f0436ef75c657048f471494bd2578bb9be5fd1f174c6eecfe80c40240a3

SHA512
8a9da1dc4528c3a1b0fed3fd7a6d198474eab4f3068e6a0acc2a6f9e1e7a89128e72a61aa24a093000289755c7dec091f72de9a11e76d68a055a1d1f3f89f2ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\bookmarkbackups\bookmarks-2023-12-18_11_XufqHvbL7LRBLhXq7Iylnw==.jsonlz4
Filesize
948B

MD5
cb74667bd984e4a80830ba9ccf5d2a33

SHA1
56670fabdf8c9edc0c5db25a4f70db1e02514e02

SHA256
2fd2868bf1e1404ed504f10778d1f6805b67abfc8f0c05588eb75ad961328000

SHA512
56fa4d2504bf58e397326d5db5a5f7a18e8bd2bce3839a28f03618d1987933228391188629422fbb4a0461cadecaeef0ecb2df34664b6e21dfbaea6faf15f35d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\broadcast-listeners.json
Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\db\data.safe.bin
Filesize
9KB

MD5
7f56f73c36e5955dabf178893873af4f

SHA1
b9bc93753cd09806619649a930b61f6ad8a1d242

SHA256
bff8318648610331bb26064ca8052d0cc934b858d7af00eb4d17891df76284ef

SHA512
e79904601f951eaee67a6b752688ec9b5fb61fcfeb68e5bfd911c049441311d6de755ae3ee6c179b293afea1fd3fd3d9b47e2a7779bf36841ad8a26aec90e4fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\datareporting\glean\pending_pings\393173ad-3c97-4dca-9bb6-4c01f5efe22d
Filesize
734B

MD5
a48fecd79f279c5244ca6dc7999865e6

SHA1
ebd22ce79c65c49b93d4dd8cf0d373b69a5e2a23

SHA256
dddc8dc7776666d68b3d971bdfd6d1655121c86cfc1f3e0dff122a2465000858

SHA512
27e0f1972ae6e7aa9e7e3165a650bd9cd83e090fca3dba0ad001b37e89703d7b1326b74c095cc006b2306690e21a5ac1b53dd65f65f969710b5b248793e8fc9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
3.3MB

MD5
b6bbe46a09af5e53e95bc5b13d727192

SHA1
ef625af62eed415ec2df2fbe8b03ac000cc8b676

SHA256
f41e83e51262d46811678465119268c6c7df9de99731886781b004cef6b9b587

SHA512
79eed92a17e1affb9fa99bbd59fe298a4e4cc4f16d4ec6110603e78e2895f309b9e43cf6719cb933ed36f30c10b2158c8784001b643009b33a45fe8c1bf60cd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js
Filesize
7KB

MD5
ec149442848f4d5cace5cc90ec3c0981

SHA1
ce87a1f88f2447ea360aab7066449d86f7960814

SHA256
056292a3e08b3d8f0af6c84a2f050cd8710743182ffd07c9e90e7f59662b61d1

SHA512
332317ba01b4740583728866bb6ddf73a021fffabdfa5302d8d36dc04717184c4af5ec2b4214a23ac71cc94fadd841316fc53e9c75ff8d56e369253717dad521

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js
Filesize
7KB

MD5
a4423ae2bfeaf3db24b0e4cf15aa2f5d

SHA1
7f141bcf987cf9ae367ba1dc6f5e117e3e11f0da

SHA256
2ddb51e3471a8df874992d8e886a440a7fefbeaa87f42ecd07865833eb11ba98

SHA512
f2320bc326783e275fc8ead732aa2b20512de59dced589254ad193223f086cf94d1139454c6039aac65d0d53f8d5401b60fa792c74d753fc57e98b87f60d64b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js
Filesize
6KB

MD5
d648d39a518e2b2301ee27f75f69dfa0

SHA1
4beda2acf0ca9a06c0939173626cfca0033f125a

SHA256
37f66f841315c5b6b0f0bfaf60c999ef1db101f5a81a985b01a9284aefd8a14a

SHA512
7c6d206fc5744c0a5c28bb99cf70f4eac73d11403ffab5da40f6bd7305cac519e7776ff7ad8e8ae5fdd83855e3e37675c94d60e3dbe0bc907f18a3107e1822c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\prefs-1.js
Filesize
6KB

MD5
320a9fe50e56656a1d807a55542300a4

SHA1
35a7ee04e8b19b91e8a389d02e1528b99756e4f9

SHA256
68f81d99f49814a126cbeaf404d186c7aa0de3988ea36ae862e550856ba5d080

SHA512
4ca7917b09afa1a38586b0a2af10635690cae4c3b1f99210cd45af399d6ad8d40cc04f2a123f97186bc6ffb1c482e2d8211607af66400a355eacfc7e42b151cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
97020f6c30af3c3be8b00adef857de0c

SHA1
21ff3b99cc3bc22a1f9776da6f820eef094c89e2

SHA256
552c8d346ad6da019c3fdda414fe3fdd2bc8bce89c13ef0cbdba7766a7ac1aac

SHA512
d040f9ec8e883bf30c53e3bd9a5825e5649f2ec95105e8270a3793432d177db801f70a253335f5c9fb4d58bdb9a5e1310dd96e1c59a33cacb56d46b212796a0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
f1160a12410e53574dee24b201e62bd1

SHA1
ddbff8a22d804ded765db8d8d3695de826fd76d2

SHA256
4245a094c556eb1ddcbc39df17b6f8f1930b00b0d13ed5be2589bacf70fe2aab

SHA512
b1ee768c66e10e5dd437735cfd05a527c3b723d81d080f4e933a6ef3b9857562daf51ab538cd700f68b4b8e931999e0119079c45c16be0679c2b5453dc21d3e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\storage\default\https+++zz0o.com\idb\1765089151W0Pe_74e1edb4c06395f9.sqlite
Filesize
48KB

MD5
e69f90069e3d25c3feeb99af172c26ce

SHA1
81bc6e5396a17feb3d93ff351516a7623b8a8f2c

SHA256
0a8f2499ed8b8732b6899d53d6064ddfbb3ad336542ba3f270ce40d376aa8c38

SHA512
9e2fd4f18ee38c1dbc3b3457ce8a953901e2eeefbc27d1f8c44a33b05caad889b8d4cf84d3099a777fc4d21f4cbc195610fd0443d65b280c75a10cf44b163a28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mlil8stk.default-release\targeting.snapshot.json
Filesize
3KB

MD5
2645c8a719519d692f7a851e79e49100

SHA1
15e40a63c6a46bc333536ba9d9a16736202be9a8

SHA256
cfdc7fffe140df4e42454e3a73a2cc5c49e154a8b7ed758618ad9b53f6b73f17

SHA512
af4741f29799a1d3670001f0988558059cb3a60c0f7281a6f1bb9d84b9d341388c6b61eb5ee9fdd3f2368ef0730636d2e91a4ce7138f4220657f6f96428078a9

Download Submit