hxxp://csố[.]com

Analysis

max time kernel
283s
max time network
255s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 23:32

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://csố.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe
Token: SeDebugPrivilege	1720	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1720	firefox.exe
1720	firefox.exe
1720	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1720	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 2192 wrote to memory of 1720	2192	firefox.exe	88
PID 1720 wrote to memory of 5100	1720	firefox.exe	90
PID 1720 wrote to memory of 5100	1720	firefox.exe	90
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 1492	1720	firefox.exe	92
PID 1720 wrote to memory of 2668	1720	firefox.exe	93
PID 1720 wrote to memory of 2668	1720	firefox.exe	93
PID 1720 wrote to memory of 2668	1720	firefox.exe	93

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://csố.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://csố.com
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.0.2008914568\1545317244" -parentBuildID 20221007134813 -prefsHandle 1904 -prefMapHandle 1764 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {629f9bd3-ac90-46a3-9133-3bbdc472d96b} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 1984 235fe6dbf58 gpu
    3⤵
    PID:5100
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.1.1018886981\932903000" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2356 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d25f83d-a1f1-4cb6-ac6b-41b0cad74c2d} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 2396 235fe5ef258 socket
    3⤵
    PID:1492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.2.473076960\2101026963" -childID 1 -isForBrowser -prefsHandle 3160 -prefMapHandle 3156 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42175fd9-1c25-40ed-8d65-5883564b8a13} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 3168 235854da858 tab
    3⤵
    PID:2668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.3.180929301\780326097" -childID 2 -isForBrowser -prefsHandle 4056 -prefMapHandle 4052 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef099fb-1c81-4b19-b95c-d45f1ffe3e77} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4068 23584cfbb58 tab
    3⤵
    PID:3676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.6.392052717\1249347769" -childID 5 -isForBrowser -prefsHandle 4684 -prefMapHandle 4724 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64d079d8-4383-4e33-a42d-8cde3eea724f} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4964 235874cda58 tab
    3⤵
    PID:2240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.5.1363923146\2023243871" -childID 4 -isForBrowser -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5771f753-304d-4d04-87ef-edf68a4a994b} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4960 23586d50558 tab
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.4.1629463653\239883489" -childID 3 -isForBrowser -prefsHandle 4820 -prefMapHandle 4812 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e454bc84-5e0c-4691-84d4-3cee7433aebb} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 2800 23586d52058 tab
    3⤵
    PID:1300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1720.7.2103306361\767332145" -childID 6 -isForBrowser -prefsHandle 5340 -prefMapHandle 5268 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1192 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {99215cbc-b299-45d2-b02a-463ac6bf889c} 1720 "\\.\pipe\gecko-crash-server-pipe.1720" 4964 23583606258 tab
    3⤵
    PID:828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
bb55a445d062dbc1f082c34d280bad1f

SHA1
c0447a431057083cecaacb20aa731a1073171c01

SHA256
ebf8d07158fe05390aa61cb0ef82d8da6ca59b0cc0224e5d86c0a562ac9ca1bc

SHA512
bf664c31c96a138e309b04711a5e2bfe3570723736f4ef28cc0f5d32814234670bbc6b0104c11b40e73cd953feafec44799221e06f2958c65c4e04a4952b82fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\bookmarkbackups\bookmarks-2024-01-04_11_j+J83Kao--KLqP8jMtWQCw==.jsonlz4

Filesize
944B

MD5
c639412924fb2551a98b46fc4bdf3141

SHA1
1752b89039382e7b27649a23c80ba7b1dac2fee3

SHA256
8281cfc3ea7f91e7ed602d94ce53d6a34ad4ade3dea796bc44fa4f601cc18601

SHA512
c5956a6a71cc3f67d70ef759d1f453cc4f2994afe48b6815ead62335d2128e19e543bec3ef54e4eaa1ddd7be2369a2a7e7bcc36eda06110cebf8a0e3402e8ffa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
889aef13c087151e5d5034ed8b1cc02e

SHA1
b909519ab4f9e2ebc71bc15c6188a4255fb5e208

SHA256
a66932d038ba3477d9c8ca4faf6cf21d9a680d05ae8f35e5674fdb189c429716

SHA512
396ecbde66f21a988167943455dacbc928e04037b52f2bee5585a17d0c44917948255614c592f630bbbe77d97d14f226be96a76712e9be70c17c432362a6e013

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4982611ad12b4fc189300fcb15ae3b77

SHA1
85bd30f8b9e5157f67215f08b7a9eb2e4d1221c4

SHA256
606c6b4c012356c9025a565b79a919925317aab0967ff09235e6ef2c0b6c616e

SHA512
6ba051394b8657fa14ca2714167b26662c88c341056e7160a34b2202e59d9241d81cb3ae6d7f062351da3a614e2242bd77c7d56d220142ee1c8b711e105f9c6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\76daacb7-b908-46e4-9471-5272556a22b7

Filesize
11KB

MD5
6463ba185a79a247e29f2541f19046ca

SHA1
688c0d4683b0c1111cd50ac6529bc6cf2322a230

SHA256
864d523c8a4de1b47cdf6e839c557ceeea961e21ad91604962992e02b98d242a

SHA512
1c76a05ff181168149971af5aa02fc162bdc3b02fb5da55ad1bfc7775a2035c1db66d98217fbe5cb55117a7fec64758eb19467eb38940a734f54718486f5a118

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\datareporting\glean\pending_pings\acde0a9b-6cdf-4275-9da5-c5f3c5e01840

Filesize
746B

MD5
79a5b385a628ddb358d81ccb027a0a85

SHA1
ac83550db35151efdcf71b4a835449f669cab14b

SHA256
8b295ca0a270a06b479061d3040215e38af5791e0d89b2d0aeaf80e6b06fd7b1

SHA512
73b58ac8e0198ed9028a78d1ebfdd4cc17de3160ce531eee40071ce4f66234601aea3043b7409b66421b14bec6b2a2e83ef6ece3d39301ea94383a16bd912826

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
213KB

MD5
bbfc102f2c3461e54b1cfea656961a18

SHA1
1ceeee8d739e10bd3f669dffd7f815588e1431cc

SHA256
1c754200196ad2f977584d063b4acb20a48c5d8818ec6ff4a3b73bfbfb468220

SHA512
e56305bcc0250aa2461b0921d0781b4612a039cef5562b6549ee50ee60db812516c15c537c284e71743bebdbc019d3b5f4e70cd02339f5097400a40b89f9cdd7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
4.1MB

MD5
4e706c59d3ee199a02da2729ea364413

SHA1
adec693165cd1f41094418f55bc8d23e329325d8

SHA256
6c7eed213fbf4882b1275db59eddc3152e34f5214d82f5fd468cadfc0db89502

SHA512
37036906e0228732aba8be0e30d7e69d21e0a2e92e27efe57b13b6ad4b8072e765716e0d9dca55281d0f89d6500342a5db539fe2021fafe7c600aa3ec892a269

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
2db3f24eb6aee31c2005fa70d8f34288

SHA1
ffac989c5fb25e3e427bf5de4414cbaaf8ba7333

SHA256
bdc14407428c174189176e48335c85a6880da946a2679bd90e185c153c09c7d9

SHA512
89e15e28da3d4ddc52295cc61ea80a07ab0b2424b22a2ede02fe607ea2a1105a90c889bb1f3c6a8bc4c31ebebe81a129a6e83697df0b0bda6ad27e035e953ca4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
6KB

MD5
aeea5c96236a53280f5cf09a011a2da1

SHA1
9da3e03187cc6ffe7f2d8536deaa8d53a78697dd

SHA256
007e365909dd49b46df78807f423677d9290defaf3421bc1a642d14dfbec1355

SHA512
bd29a60f0f5d5f7b2b76f65cc122fd1cf737fa533e5e1dfd94cf2262065ec635ecf1f65e0b1078e1d4163187553748850dbffd8ebce411c819d650c7dbd02fe2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\prefs-1.js

Filesize
7KB

MD5
034167fafc3ef4768407f27ddf6b4113

SHA1
be1fba9158097c78aed007727968e872a2bc12c0

SHA256
191db4409406eef340904536d93ed83189891cb1c52fd6827f9511fe66d9780c

SHA512
02bdc1cfd225198a15971d3bc4bfef1ca03c9c56b334695f1530015101c39d9b4d85166b9e2d35f64e23370df5ec945ae0a4d09ef4d2bbdbefe3da1411b22c4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
03eb92defb2c354f21b6ee51886025ca

SHA1
0c5429c365fd5a9caca8a5816e224b4d447ee639

SHA256
a9307a0d638a184eed2e9f3f3bb1a25161ef274f8c85d338ad72bfa8d37cd649

SHA512
b424bddf237b114295c94693e867e9b3a706fd0bef8b91dee8b9be5a482a52bc17a1bd8810443928ff0f10070016bfdc40428deeda2e1313b8676c41a334e7da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
252a28e21e1d1c50c1c911c15761daf8

SHA1
12f065bd7c5896402e9e986fdf91a967fd86f1dc

SHA256
4a6ea009af18a2c773c7cc13a262c82ee1d94cf9988d6d101e79493a0efe0345

SHA512
7bb565a881a2d9077f73bf313b9c832cc8c1d91e974fb622a0f14a0b7da7e9774cb878acf3fd10f193fa985d40399b01bc9ced414702d4954403b2c23f91fb57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
66ac987e1193d66bdaaec4944a71bae9

SHA1
7cb9bbd38cca045530b1978c22afb19cd1337027

SHA256
166589c66c4a08dc1e209a56e305bfe326dd325f506fe0befc65fa52f50e3b77

SHA512
e20f34c05cd7c65191a43ec0d6c0b9ec7fb57f0e3d24a7d1974dad2f46704f0ba352b564c535dfce6db8655b7af46f8d08d527473e618de13a46a2d1bc9a8cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
56190b057758387430f270927e57e8ff

SHA1
80a9e888950d3738ed56684fd659d8994194983b

SHA256
64ca0c1abed7f527452a4c4d4bc39e9c78493f4163988d10eb056e8ee7f07efa

SHA512
76540bf9b12bc0bdeaf30d7574f48416b832455d7e5eecb0304797c0a16701b62e8713b5007af73e77db2b5665990901dc45d865ca4315e4debd95b6085b65d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x3x6afp6.default-release\targeting.snapshot.json

Filesize
3KB

MD5
0b50767fcb05728e88a19f0b369e3778

SHA1
edbd9cfb454a311104ec236cf3b1346b5f2d6769

SHA256
1fefe96e6bd8ec4cc2362edb79c747e37c20a5c7e74620fb4c72b1270c85df89

SHA512
8b81aae4de17c03d23557b9db369b4c95e27a62b4a1140571a026a61ca001a01827f3f7141416c55ed148bbdc0b78219b01696f298e410e2df32d2a5e8d34c2e

Download Submit