8c8dfe1b52beb050ef527f1f05eaf973417bf07754baaf6a5d46de3fed659691

Resubmissions

18/01/2024, 09:42

240118-lpq25aheg2 1

18/01/2024, 09:41

18/01/2024, 09:37

18/01/2024, 09:36

18/01/2024, 09:33

Analysis

max time kernel
914s
max time network
906s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 09:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

island-hoppers.html
Size

17KB
MD5

bd2959ba6cd980ae626e0f9f006fbfc1
SHA1

a9219d8ed705634e4bc41f5e8f6e15f3aadd5681
SHA256

8c8dfe1b52beb050ef527f1f05eaf973417bf07754baaf6a5d46de3fed659691
SHA512

4d491682a7131b1bdfc9cc9e50c0c7ce832c4a7072e491d2b968c04a5cc5202ff6b58f1646cdf388cac060a19f946d46ebc9af5f301bccb857c91b35fcf979c3
SSDEEP

384:ZKfuRmrLAWiD5GPK0sj9Hku7Ed/PjBF20RZdldjiQi6K8ybJNc:8fuRmrLAWiD51O/PjHbeGKFbJ6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2176	firefox.exe
Token: SeDebugPrivilege	2176	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2176	firefox.exe
2176	firefox.exe
2176	firefox.exe
2176	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2176	firefox.exe
2176	firefox.exe
2176	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2472 wrote to memory of 2176	2472	firefox.exe	28
PID 2176 wrote to memory of 2692	2176	firefox.exe	29
PID 2176 wrote to memory of 2692	2176	firefox.exe	29
PID 2176 wrote to memory of 2692	2176	firefox.exe	29
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 1720	2176	firefox.exe	30
PID 2176 wrote to memory of 588	2176	firefox.exe	31
PID 2176 wrote to memory of 588	2176	firefox.exe	31
PID 2176 wrote to memory of 588	2176	firefox.exe	31
PID 2176 wrote to memory of 588	2176	firefox.exe	31
PID 2176 wrote to memory of 588	2176	firefox.exe	31

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\island-hoppers.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\island-hoppers.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.0.240676814\771475050" -parentBuildID 20221007134813 -prefsHandle 1232 -prefMapHandle 1224 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8620ad7e-7d1c-4947-afa6-43cca51fba0f} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 1308 10cb9b58 gpu
    3⤵
    PID:2692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.1.1369093733\438289600" -parentBuildID 20221007134813 -prefsHandle 1500 -prefMapHandle 1496 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {58652521-e92e-4216-94c4-2ed629b8181c} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 1512 d71c58 socket
    3⤵
    PID:1720
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.2.858195463\178543280" -childID 1 -isForBrowser -prefsHandle 2092 -prefMapHandle 2088 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f746cf6c-57df-4d11-a5c9-1ce6ab48d130} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 2104 1a4d1958 tab
    3⤵
    PID:588
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.3.1070054979\145165902" -childID 2 -isForBrowser -prefsHandle 2476 -prefMapHandle 2472 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8f4e0eb-f4ea-4d16-88a1-0d33d231b174} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 2488 d62258 tab
    3⤵
    PID:1660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.4.1424829270\554927766" -childID 3 -isForBrowser -prefsHandle 3796 -prefMapHandle 3708 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {73bd649e-869d-41ca-bf2c-5291e74091fa} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 3416 1a593a58 tab
    3⤵
    PID:1872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.6.1168087578\752432539" -childID 5 -isForBrowser -prefsHandle 4080 -prefMapHandle 4084 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0493515c-11f2-4d1d-9de9-545d18089a98} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 4068 1e21f858 tab
    3⤵
    PID:1648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2176.5.119187490\1335220324" -childID 4 -isForBrowser -prefsHandle 3892 -prefMapHandle 3896 -prefsLen 26170 -prefMapSize 233444 -jsInitHandle 860 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fd0f62a-944c-41da-bbf6-68bc182a8159} 2176 "\\.\pipe\gecko-crash-server-pipe.2176" 3880 1d74fd58 tab
    3⤵
    PID:3024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E

Filesize
13KB

MD5
895f307d339e09bdf6d5be7549674401

SHA1
2f64f47b3e69dd986f16789bae4b45ffe377a095

SHA256
13c1a5964e7f65be704da9710c6b4e00c2563c9324b050b5845c3d850da82ba0

SHA512
93460547cd0d87dfc32253fc115009d191f25563d0dc8d29d5fa51c371abc3509550388dd4c9a293fef3773a5747df4fe2f1f54f575f3a9ab25fda5ac6b0291b

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
5.5MB

MD5
0b6102bf8a74e3662179e5bc5df10629

SHA1
41c29cc1c7fd4d78c238794201fb544c9461a66b

SHA256
a1671c4be703e19880cd6d735ceb1c222c1d79dc0afdc9a509b3e70530f3d90c

SHA512
55911793fc23c79c2ff194fcbc9c647f4e44ab4a0376d2bc625e9eb8274c942d4373d1de5e0bbdbe83128cf61b4f412a47d1c6487e509149e10ed4dfaafe5f94

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
ff6e495a6c29bd443521654cb6ed3c9f

SHA1
b1a8df5d925095961e530ce9182ca407220b9712

SHA256
03c61241edff82ecda0a2114ba7ad9246c31c678bc671c0919ddb7144d4ca705

SHA512
cce20e142306172236a936742a5f72fb1dadf02610baca550d3c3bf6f852840afe55568eba800449a4a3fab3f767e79284d6923a8ccfe560321af36424b42cb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
0608ae940e346d41306a0d6c7e974b00

SHA1
c4da4d29d707940ef2eb52014e3d72f622b325f4

SHA256
a1a3f4ec31e5672ebe4fc0493f24b208874b6b7e445fd145f5c85471d18f9263

SHA512
2c41d6dbc74f57302ba40e235a09e5ec0e2ade06d93d1157fec5b61332fc24a5450afae0feede8c82034753b8bf919ec171eb7a32f5acedcd6960e0ea916cf98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\bookmarkbackups\bookmarks-2024-01-18_11_5HioUO1AAPsypLiYZdFnxA==.jsonlz4

Filesize
952B

MD5
7e94d41324df1a71f232cfb2f6bcf89f

SHA1
9a0636e8365dbc7e4d39e020bcf479346a647a96

SHA256
e34a554acd60564768b32c1798d2d26652b93988072b50e00dc5837e3651daeb

SHA512
2a21be85607917c2938e2b1a780fb0a4413d522c6880c2cfe173f5315b36b6d5c2ecc91be5d04a8af2977e92097987ddcb6b05b93a619b10957d8c67f20c6ac8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\broadcast-listeners.json

Filesize
216B

MD5
ad0fdd6c817a83e40d8df0ec1bdd7d55

SHA1
a4ea71f24140b936aef1399f3de01152cda28b4f

SHA256
406a127d122537b47188c294b8c9b49ec8aa740c82d6cbd72b22ce4138464826

SHA512
775bab52fd4ba115735584eefaff5e921f92b159aa66c1dbd2c04722b1280d1a995091b090fc0d18f607e2108da519bb01aa5749f761dca523e351395bdfee39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
1b2206c9ed6541938b24fc27d73a108a

SHA1
97a6c16df955d1ea4c9dd4d02c2ec55a14f143ec

SHA256
81c60aad91cadb67db357512dc7125dbc0486e728816fa073407969c1b383aec

SHA512
365058c000e5f682c202e0e6c55e5d92fc5a9ec8ace738dce73ffab9c4ef9a6e3b3663ab4de75093ce3ea4d69345bbbf86390cf64c2ff7170da7d0681c5525af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
07a6fcd361f554b60474f337fb141750

SHA1
2d2e65652827d582a1d363dffcb59996c38b967f

SHA256
5f4b12e15f674cbed8b22b5b47d0a6b6a18c680744112673397e2cd39d274a64

SHA512
6125dab258a37605d58327ba98d4c5eb36877424a92bb48026eb3212347fcd2f545c3a09de2ab9abbb69140c4eee6d04e14361957c440c3976b614f5b7f9f84b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\36b60908-f18a-4e3f-b9f0-91420ada6627

Filesize
745B

MD5
3c551c45d47690696971f2aa707e3556

SHA1
23c5830ff509541103236ec11ef987c0c61ac87c

SHA256
9ff40c979adb1d4268b7e2bfb9f9998e5d23e4958b3b5f43cd9117f22c898688

SHA512
a24ab600780c092e755208d26c2660c32ae97bf8aca5720e606c806c6510682e4176f11bb1570c33fe5ce9bb0989d24bc7cffa6b7b7a2277e66cad0f550566c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\datareporting\glean\pending_pings\50a3eab2-2185-4715-95cd-328e338ae559

Filesize
13KB

MD5
ffc779049969b8fa91adeb406491408c

SHA1
6d09ee1ed7a4ac15c6e3af9911e41212ae361d5c

SHA256
7a3a99a0ecabfe7c8ecfaf2c302824fb95f5f1c7d87e0d31803fa03b005445b5

SHA512
7cfb5284adca7077597a7dacb5927e60adcff7de606fed8bdb124213f1ddffb6643f42ed85413f47434068b98bbbafe048fa497a335543e128944cd09a76025a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
7.1MB

MD5
d294981dcd8c5ba0f9f58be9a6103fbe

SHA1
a9e6a35518e95a1eeea8cf232c507e47cb8fc3d9

SHA256
c955f011bd5bbccc7a357624730444066c70086fe61ae5d6702671a1ac02de0e

SHA512
80899597a2cee687f25688d8ef3bda1afdb10258ab9824d036a28eac1e7c72f90cdd19eb8a72e54cb48042f24dffc42fc490dc0cc271484d6b563a05a07636ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

Filesize
6KB

MD5
efc06f772e09f072c69b5b28f8957616

SHA1
e3cfaba512c69bdf9ae95c27014c0b5455c68666

SHA256
e311cef44df2a87c3f6074b4cd826cbad97e8f3221975dfa77a3807ed080bbb7

SHA512
580944c880b717525dbe1ed63634bf9f11d88d84454a7b838aee82a35c42322a3a0e952de4f2abed567b952d6b413ec870da7b7cadf418ce7c77a620cc7bbab1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

Filesize
6KB

MD5
09a76ebf4852dd9b88a9801cb32cf3a7

SHA1
f35c9848a81c622a007868bc0bfaa219c0bfe341

SHA256
0a760e42929e149ff7460d12b3a5ff95ccfb2fa4f0bf535fc91c6db4f371bd37

SHA512
9579364aa39f0f3dcdd72d605af865c0414704059d63bee1618f4d8d18456b711ee4ae195b0304ad62f27ebdbc6c24b4d302bb8118d142de032bab7085435883

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

Filesize
9KB

MD5
0feb93dadd704fb471178f64600a6fd6

SHA1
5126ab664b676fdd2440cddbdff57ef0b3ef7116

SHA256
8da247ca81e3117ea603e05b18d4b9bdfc514b24598201c192a7352e6213f172

SHA512
f53ce62fcbaace9d0a926877e0beb9b24f29f35a04c0f2f80113228b991049baad13fd5adf6bc51ae744edefe42938ac99ca78f3682e65dda3eafbaa081f00e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\prefs-1.js

Filesize
10KB

MD5
3d1c57a1e32387be31c95d3ce7643339

SHA1
da800e45bd738cb0b2cab26271ef9c4112164e50

SHA256
4395a862f229de2739850c9f0acdcf9c505bf3f5cc12e907c8573f31c230f801

SHA512
089d971cef80a841115269c2c0b4bd2f0493bcef53b39d6956eec909f4de30fba57ddef002288f0952b9621ba422ccc5cede8bbd31886b7ab67b3c501575f4be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
245167dc683547c6b014ebb8e2fd0f5b

SHA1
f540caa41a9ff8a17a1ac879f797f2f31af9a429

SHA256
4acc4dc47211678ebcb8c088c9b41046c517a565b5830ff2e01fbe4cce30bbcc

SHA512
f9010a71507dffbddd140148fd8fa490a3664e149a2e1d7071514409cc0a4ea055ec90eab45518c365736d7dd56436922ed97779366f3d3133d6b6a6ed267ed4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
6.8MB

MD5
5524bcbabcede981d449aab21b3844d1

SHA1
259f487c12512c5f5c8b94bb05750247588f8d79

SHA256
c7259b2b674cf6581bae3e93c5d4cdda1022b6031616740a6afe6f936274c444

SHA512
7cd7f8dc2e8590987fefdff911c7228b3ac529dea25dcedec1cc1864347df23fdee0a59cc289c9b6e83d0bda7a966395bd2b0eb796b7a2c2a768f40ac021734a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\x5f9h1ra.default-release\targeting.snapshot.json

Filesize
3KB

MD5
236148eb4e4688394e10d53f0bd7aad9

SHA1
6ab5e5242972b7e41353c426499d7eef6d87c0e2

SHA256
06ad86bf0e74ac7ae2f4afc8d1eb3e91b9c7f96e399c34f845e64ecc5d538b73

SHA512
3f482ca1e175352137a75004feb985079176e0543ba543fde46ca2d95c981da848f952a7146c04f9d6edf491dfb03f25f565c5a65bb21bc14c1676aea760531b

Download Submit