hxxps://tinyurl[.]com/39x9ewy8

Analysis

max time kernel
1654s
max time network
1709s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/39x9ewy8

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe
Token: SeDebugPrivilege	4792	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4792	firefox.exe
4792	firefox.exe
4792	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4792	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 1356 wrote to memory of 4792	1356	firefox.exe	50
PID 4792 wrote to memory of 408	4792	firefox.exe	90
PID 4792 wrote to memory of 408	4792	firefox.exe	90
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 4664	4792	firefox.exe	92
PID 4792 wrote to memory of 1472	4792	firefox.exe	93
PID 4792 wrote to memory of 1472	4792	firefox.exe	93
PID 4792 wrote to memory of 1472	4792	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://tinyurl.com/39x9ewy8"
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://tinyurl.com/39x9ewy8
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.0.661106675\1325199238" -parentBuildID 20221007134813 -prefsHandle 1892 -prefMapHandle 1884 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {586b81c3-dc28-42f8-991b-d8f48398f950} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 1972 1e9fe7d8958 gpu
    3⤵
    PID:408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.1.877422507\1560085594" -parentBuildID 20221007134813 -prefsHandle 2360 -prefMapHandle 2356 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3f7ba56-eaa1-4b2f-b84e-968c8ff36721} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 2388 1e9fe6fb258 socket
    3⤵
    PID:4664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.2.591521907\805863254" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 3112 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {995e5222-cb02-43b0-9820-c369a9d7ae0e} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 3028 1e98a3b9758 tab
    3⤵
    PID:1472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.3.1391859089\92108647" -childID 2 -isForBrowser -prefsHandle 4052 -prefMapHandle 4048 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdd305e4-1aaa-4b7b-8e9c-fa66a9ff04e7} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4056 1e98b78de58 tab
    3⤵
    PID:1340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.6.525564277\1923246780" -childID 5 -isForBrowser -prefsHandle 4696 -prefMapHandle 4676 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88a6b62e-70b7-4933-bde8-efca583e44ba} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4816 1e98c60e758 tab
    3⤵
    PID:2604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.5.2013874648\1043085585" -childID 4 -isForBrowser -prefsHandle 4656 -prefMapHandle 4664 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {896bdd38-31c9-4628-b1a7-d1f5bc5a8022} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4680 1e9ff7cf158 tab
    3⤵
    PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4792.4.485977117\566121273" -childID 3 -isForBrowser -prefsHandle 4564 -prefMapHandle 4576 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1424 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9b06f62-b365-4189-be13-5154f4a3bf71} 4792 "\\.\pipe\gecko-crash-server-pipe.4792" 4620 1e989cacb58 tab
    3⤵
    PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\cache2\doomed\24945

Filesize
9KB

MD5
ad28e93147597099f6c1b18fd2d73791

SHA1
4bc6d2bb64c9b9300ccf495a0a38ce0a52128d0a

SHA256
fceac4839e733c5595dfd6e1810975fee98a007b924baeb8e043ed0a85a357d9

SHA512
e18046c66b10d41bb19f8d18b1720b19479f2871e5040ae57034d0d267f1e7bbeef50d6ec12f1caa6e1a83a7cb68d761a3331e8e0c1ac81d25c20beab65aebd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\cache2\entries\7002E71F4F8431A3D59D2158243A0EA278856918

Filesize
13KB

MD5
fb8e7792d608429f5d0ccc61a60563b7

SHA1
7a8608a8ffadf82f6ffd52b13d6e0ba11a025e91

SHA256
ed886bf10ee8a7249bc3ce7bddd2c84a059a7f87acd7930863777796bf8e18cf

SHA512
87d62d8a3cdf588ee5e80a7923ae176c302fe7cd6adabe6ac3263acddb46d1cc2d70e4895ac40630323a81440cf9e3110dd133bff45aec1168c6e8b4d87bd5c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\cache2\entries\B573808F9B4F64D3E5F0B069BDAA48EF4086E712

Filesize
13KB

MD5
3b5083e135700833e91c6358748d5865

SHA1
af2f2b1b6d01946fb08e51a4d6a43f76b90d38c5

SHA256
34b81e6c85997bb27c023dae9dffff6aebc73abb879b41c76881d0ddcf4c25be

SHA512
13817b40be5089e6b7880828dcdf1f56fdb48ba07fed09056d0231a1f52fb3e6b09bd030c7f3c4eeed5367ce49d936b55cc4306d9c6dd384bf58b6e4c7e61c9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.5MB

MD5
438c3af1332297479ee9ed271bb7bf39

SHA1
b3571e5e31d02b02e7d68806a254a4d290339af3

SHA256
b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194

SHA512
984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
75239f63ae260ba1beea22bc4e52ee78

SHA1
7fa1fb3004bd35b319bbb3fe868de1eb3f1e999a

SHA256
7b6d558645695d7b2751dd3fe56e047194bbfe1bdea72d06ed598f84c5cb4905

SHA512
973b5cada596acf7a3d65af27d57c4a94d6f0e85e4e5d3690b3e9f18e3ab1ab308ef216f1f358c74ac326e230145702f53847a50bcf5810fa7366dbb47b17281

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\bookmarkbackups\bookmarks-2023-12-25_11_oHGxaFS6dRWF8wvXScfPLQ==.jsonlz4

Filesize
951B

MD5
ee872aa3fc8674558c0aad1c2c92ccf2

SHA1
3242d3550173b09b0db87dd900f629f6a6ce1c18

SHA256
1b805e453b80acd083b643d2f2451262ce1d4c39e2949e50ecc97cedd3eb2c4b

SHA512
0da8345759a0d399c6b783ea71dd9c5ac9f51742fff44f12698fe7f9f4d7283c6c5117306d9ed82dc72f8eb85c2b8c6837e85739e632387145b573dd027b97df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
fc6585c1376e9cf68155d494c720fcf1

SHA1
eb47094c718a13b71e51ef8994a3e20240037fe1

SHA256
df87db7f2bc843092a3a3cc380935a913e8e578002faad3158eeea05365ff5da

SHA512
4be4cf67cd1fc52a2623a2690c42c9b8236d8dc70e53f8660ab5e971397d7d049e027650377430a3f2836cd3af889ab2311e0ece55b07dbe99f02755d6e6d833

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4c3b77b271b15cfe3a1a4f2e626feae7

SHA1
91ed1a8809ec587d70af4b8c9eb4996acc421aa3

SHA256
6ed5dfdb6df048315e173aa025d64aeb6a26cea575b896438ddac8c112fd8311

SHA512
4b147758d5981263af9510db7622de7befd108daee750be9a1c0c7acfc5a5bd965feab3c0059c3f5cdd51d0ff810b0b647ffe96386454418998c9220c23997b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\0538d1ff-37f2-46c5-80b0-78c13929ed63

Filesize
746B

MD5
be866a3e10310b83dd19b0981447d15c

SHA1
9f444e5398ffedc65d17ebc503254ac79e7772ae

SHA256
4f9c42833825839e631ea46f759ac87b929d0e5d739adbc39bffb2e7aca5b6a3

SHA512
bc1b01742ce9696295fb8fd97d38e2ebb26401aa6dc7e9254084fc29a44c95203d711e1404514b0c752949df37fe03776a10ca16200f505b4db656672663d42f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\datareporting\glean\pending_pings\36e925d3-0d28-4ae2-a6b4-45c852e85d20

Filesize
11KB

MD5
b7e11a07bef07fb3a3460c07ff205452

SHA1
0ef216a4e9088a9db04fef719233583675562e3c

SHA256
16e1d92ec64bfda086a88c7e14cde977153bd920a8ab2fe4984f1b2be05ba890

SHA512
2587fcb45cf12a3ba8d45437e28c8c9b4cd57b0155010382e2ce011c7e7388bf29ba34d2867f2ff1b9ba93f9f1f7c6eead54079363b32dbbc3ce0b04572ce1ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

Filesize
329KB

MD5
df0c2bf7d2179d0f94e20187b95aae62

SHA1
7200293d4aa16422b5311ed5473d65c993a6b973

SHA256
8056af661a7e7832006ca4aad57b2720d17773673f861ae9e5821a439545764c

SHA512
362497672e8f062430cc36a85fd10ef0f07534fc61712611379bfbd69a5645aaee602d06dbbc36d16eb41a7010d7cb0a66f9ed4f884249dc9f45bb01aea95293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json

Filesize
372B

MD5
6981f969f95b2a983547050ab1cb2a20

SHA1
e81c6606465b5aefcbef6637e205e9af51312ef5

SHA256
13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665

SHA512
9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll

Filesize
6.1MB

MD5
5204b0832a604111b40f8f413ccd5e95

SHA1
6ff65ca5be0473bd7b3a58c86fae6abbbfa58296

SHA256
8397b6ab1d754394c3d1f1c35206f7de5fc9fef3126569b75c1fea906b836d13

SHA512
9b638474a8d0e5e32c6909d2b86a79513d57d2c0290b791f1c6492198b2ffa5ba6225d07dcdecdc50b2f032e0095a478d7760efc3b06e22db5c307e906697031

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig

Filesize
1KB

MD5
dea1586a0ebca332d265dc5eda3c1c19

SHA1
29e8a8962a3e934fd6a804f9f386173f1b2f9be4

SHA256
98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60

SHA512
0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
7KB

MD5
7547d7c692a2e8a7651c60b5a059a0f0

SHA1
3c43e9c300cd468e8d794db05f58838e429664aa

SHA256
0c99d65e253c154c271bc192b8a202c14ba35dc26e62a7aea9e1ba7a1a957bbe

SHA512
a22999da98ed2c4040800d18e725a405a9ea50e2067b9857a975fe937fbff8d46919d77d8fb8d68e28b80a9f858397e085559330864b28bb56e4dd8628629edd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
6KB

MD5
13574863de0185b3c11df0f2ce8091ff

SHA1
51a2b26822f311d183fd251befb5b672b2ae77c5

SHA256
f479b04dee63f29c1631ad76d565e06e591e6d2ea914198eb22d45db4e586483

SHA512
b8eb2b42a3263048614b71f09ad7f67ca57a5bd1341f275bada741bc8b6d30b103d9be2139b17ddfcbf16b8e4397a8ce6c0eb5b64a6d50a6a3f386f0a8bdd0ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
7KB

MD5
b82fafa40d61fc71c8c4cda083226cf0

SHA1
82ea01e6efa993a45dc7f07475ac71a825a8f03e

SHA256
e3e456ddef17305d3514d63a89e2c2a3c3879d86c2913622c84cf4ec753e6ce3

SHA512
8859f77d92db63e3e6bce62a6fb7c13e19ed27e3515a95e1701168ac6578c4c6fa9257cb9d2be9fd71887985d659289328a8511b6edb2e94bd367b1def60bc76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
7KB

MD5
4a7d97ded6594902ab1b3cee64b0c979

SHA1
9b0299041ec3e480d10330f817bd2f4a957557f3

SHA256
761c60efdc909f8ada2a8cae2bed7385c312922332475ce61d4be43695f8a727

SHA512
e279081097070512b7893d8443d873a9f12fa8692d420e15cf2964030b8a3d57c35b85b1381329938cb673a14ac0677d0ab863a0465950c956e44d9aeb2600ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
6KB

MD5
ef255d5b23bdb6f3a0d2551f73aaf3c0

SHA1
f18bde339a667f51485566d4704f28c188bfb414

SHA256
2c960e5545000637d86b5782607a0b466b796640657aef9688fafc3e06408df8

SHA512
748da45533ee66611c541d7d16b394120ef55b1dbceb7be7988950ddf85e8411494e6edafa767613fc41f39a5957ab5c4080841aed72438ddefc825cf0b6583d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\prefs-1.js

Filesize
9KB

MD5
b31e67cebad9936858e9627c4e53776a

SHA1
b71178ca13ad3feca810cc525b13cf8f8c9e8c10

SHA256
a01d225501fe650e20e6499d69544a028700d84c9fbc5efc955860452a12793b

SHA512
34d1eb7e346082019c3760ff5da137f32070cfd013b8cd72a3a248a9a93286a40b49eba2cf65b17c609b8403d36a3d9b186c1b69e68d23af107a2f7a3ffad485

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
991B

MD5
4a8de53fb716869d87e9c3369518d5aa

SHA1
7f94a9fee0b83d8626737ce219227ad1aee70cc8

SHA256
30655e310ff616138beca228faac685615903ba304b00e35982a9e3db1e488d6

SHA512
c91e44998e8aa234862e8ab2593a1feaec12e337dcdf80b2ddbfdffc45916f66bd1fecd723c58a344dc5403422102672ec325fa8b67198996fbb48f1af9e9559

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
1fe9e9800e5f62418d302cc794b9cd4e

SHA1
7bb18a0c189f524cc32882d7b358debbacc06adf

SHA256
cd8a65aa48d8d2d0865879ca90702cffa8bdde4ce262b23e191a7d521a7065d8

SHA512
3ce2b099718a06a14a0ac5f471565a4b28fb26839d4f83f1c40c5f0e8141104e94e54468da3999302386bfa13589eadcf5120511188e87424bcfe0a83e6e488d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
b4eee19601c7c016d6fb2fb4a1c6fe0a

SHA1
e38a409613b97af01e36a045adfcc0e01012b324

SHA256
f949a408502f209484db4d1bd0fdd9d63f27a3c5b838e04fb4236cd5449589d2

SHA512
86216d29281e8c3733f71d812ebab638b31283f923ecc6f00ff886b0b67e84e1282f096a6e32d1b7de1dfd64a319669f52a5721f7847b1a44c5620db0748014d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
39888942558ae460d8906b22547b67db

SHA1
06e0df6dc947a97217567f08dd9eae762470e28d

SHA256
f827ddb94e2c18c86fdce882cbd0248d0b698fd79c754e9b2ebb0d79d73ab574

SHA512
887f1dc3073c8f461d3996e343f2812b64f7ec1090c3a87ec717d31cf6ce4060b0a6339958d27b1b1a482f68e4c91e104a3cee5bb37e84e3b41e41375c0313a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
11cbc9e271a68f93cdd0461762feccf5

SHA1
53b8d4803969562e29f1c59c0cb5575197a61bc5

SHA256
443e6b772b62c403c524ddc277a48201bbe95d522d29024a3f59b01c27591d94

SHA512
077baa8d2d3f8c2acbe3a619ff9810ccc05eba64b4ce2a5222c6e39a86ac89f79226fcf705351e0b2e7e719de404dc2885693c13726da4bb693baa3c95d2c6f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
400KB

MD5
598861b36c5f23148b2c8e2b674575dc

SHA1
c2f7da737a7e37b1aa83738e5b3973304180517b

SHA256
c90b7639335484588decb84a9649ea0f10773478851179fe1253173124c08197

SHA512
9813717272133f082e96dc8d6f48c0001796093ebad2cae6ee07ab4ef4ea1e142ef0285e95cdc4615660046004469b01711a100aed9187ee73d94ecba8b24598

Download Submit