22edeff32b74c2c9ef15f3711e7ecd60a66d8c9013e14905937df7ab731ea6d8

Resubmissions

01/02/2024, 23:02

240201-2z6tbsadbr 1

01/02/2024, 22:58

240201-2x541sacfk 1

Analysis

max time kernel
137s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

KorepiCheat.zip
Size

20.8MB
MD5

95175bc813ade6d58266f1a4f8732602
SHA1

273feef2c99899b5110e38aba8add22bd1bef41e
SHA256

22edeff32b74c2c9ef15f3711e7ecd60a66d8c9013e14905937df7ab731ea6d8
SHA512

c54536ca3baa3bb186cdc11b5ec91f32e415eb6966256a29453a092f48055397f0acac6c51d107460bdc4ed4b25cdabf98acfbf37cae2d152d955824dc0bc643
SSDEEP

393216:AF5fBxuFuWkPSQFSGf+4CKhSL0HspJp5Ht9cAa6EsglxBPYrpeLooyUgRfMVVRL6:AF5fulkPNFEKYL0MN5NFVSYGooyTfWRO

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3404	firefox.exe
Token: SeDebugPrivilege	3404	firefox.exe
Token: SeDebugPrivilege	3404	firefox.exe
Token: SeDebugPrivilege	3404	firefox.exe
Token: SeDebugPrivilege	3404	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3404	firefox.exe
3404	firefox.exe
3404	firefox.exe
3404	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3404	firefox.exe
3404	firefox.exe
3404	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3404	firefox.exe
3404	firefox.exe
3404	firefox.exe
3404	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 60 wrote to memory of 3404	60	firefox.exe	99
PID 3404 wrote to memory of 2580	3404	firefox.exe	100
PID 3404 wrote to memory of 2580	3404	firefox.exe	100
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 2184	3404	firefox.exe	101
PID 3404 wrote to memory of 4460	3404	firefox.exe	102
PID 3404 wrote to memory of 4460	3404	firefox.exe	102
PID 3404 wrote to memory of 4460	3404	firefox.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\KorepiCheat.zip
1⤵
PID:968

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.0.992482628\773632498" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f58e7de4-ceb4-42d8-901c-cb2ab78188a2} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 1948 2855a005858 gpu
    3⤵
    PID:2580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.1.1765885690\1067240744" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20707 -prefMapSize 233414 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {46be955c-64eb-4995-a2bc-55050fe77ff1} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 2348 2855883fe58 socket
    3⤵
    PID:2184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.2.1062713412\1480101287" -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3036 -prefsLen 20810 -prefMapSize 233414 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c204cf53-f3ba-49ab-86de-254f18cbcc14} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 3084 2855ce99058 tab
    3⤵
    PID:4460
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.3.2060543149\595519441" -childID 2 -isForBrowser -prefsHandle 3560 -prefMapHandle 3556 -prefsLen 25988 -prefMapSize 233414 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc39cc18-c4d0-414a-b2cd-0674b09ed03d} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 3572 2854c462858 tab
    3⤵
    PID:4800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.4.401720509\286159534" -childID 3 -isForBrowser -prefsHandle 4580 -prefMapHandle 4572 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {060bec19-e19a-41f7-8727-70afbda11bda} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 4588 2855e820e58 tab
    3⤵
    PID:3608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.5.1413787510\999382381" -childID 4 -isForBrowser -prefsHandle 5088 -prefMapHandle 5116 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2caa586-fd51-4a2b-8139-c8a70a49692c} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 5068 2854c466258 tab
    3⤵
    PID:2316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.7.2011467446\521162824" -childID 6 -isForBrowser -prefsHandle 5444 -prefMapHandle 5448 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b523fb8b-b38b-4bcd-b4cd-102f6445e656} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 5436 2855ee1b058 tab
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3404.6.311296837\468126166" -childID 5 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26047 -prefMapSize 233414 -jsInitHandle 1380 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a47335f2-791f-4f49-a762-001231d0e494} 3404 "\\.\pipe\gecko-crash-server-pipe.3404" 5228 2855ee1ad58 tab
    3⤵
    PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\4832D199584363B876D3E7D57CA02A9B0F4D91CD

Filesize
13KB

MD5
08ce88e374203eccc2d31529cab0d2c4

SHA1
5529c390e0403b4ac92375047bebf626fe11704b

SHA256
76c03ce99c7eebb2d9196ed5618eaa3ce7ae48423ab34fdcd15e40d2bb057235

SHA512
3fea8da3f0bf17d7cca358f85580fabe60952aad93a3448045707d7452751709124be0c812a5086d0c900be573e028c21cad33b935617871580f3285ebd72d4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nbjxj16p.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E

Filesize
13KB

MD5
1f9f83f3e05c5772583d7b6e2bcf197e

SHA1
6f111dca9b8039bab96c69001c2715755407f490

SHA256
f1bce9c857e075fcbb17cb148c1848b45f63faea5073d837a9faeb906152a6fe

SHA512
a992a1d40dc10ed3903fa10c871482035ac599fd8971acf6c3aa3965c344c4f81ee0a9898f762014f1e8bce7e6b088467cac8c1da59f288d752dafd18ae03671

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
4.1MB

MD5
7b9a7b10b98d89cddfaf0bb7ddbf9494

SHA1
85e67d068c785318b93cbf309d9a451955797177

SHA256
3993d65a754c19a30c6a24d70157d5c277c98cca96b82c910704ac57444424e2

SHA512
89c7a42faed49862cea9b4a26a3fb0e4d364f6db2134198548566099c3d82c913ac6447291a94eddb5392167a516ca984bd4f2d47645eb2840795af564490dfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9f7bd57df69dc627d3f45ef4e870ee35

SHA1
654f2f38bb6e69604d4c8abea42dc934c293ac61

SHA256
548a2a236202178e9df5f540abcb616b706de1538f94503c5758062413d8b2cf

SHA512
64871f93156b5c700859e20e6b13076aae2c961f272a794701efe5130311bd4d0df92c6678c6d6b74c47da6bcf997663086dc5be8aba9b9dd87f395cf5a95998

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\06b28176-f1f7-4ef9-906d-1b9275cf9fff

Filesize
746B

MD5
b37d9e18843c7b1899084f42e29fe59b

SHA1
feebe39024c3bdcc9ee724bfc5afe1a76aa7d089

SHA256
897550ae2f685e34373fbe65141df02d417d6db114de7bbff93c9e20f1f170ea

SHA512
235068b54c14bde43126b36836e006a9e3c13a7a94a8205388ddfdc047535c8e221a8aaa4179636c0f462359932053663c8f8fcc28dc2aa6e93b0b57329876fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\datareporting\glean\pending_pings\d17e6f3a-53eb-4f9e-a317-c7c347fe0df7

Filesize
11KB

MD5
d269170b327851707bcc7e15e2a52c25

SHA1
d0030018ce0519f8f80fdcdd2d11fecc5908c123

SHA256
a940fac4557dd6e0c1b8daf96affe939e1f337ef970ee192577c208f1884a202

SHA512
a6f86d7dafb3ba2e5539adbb9dc37a303d05c6ded135affbbd7da20d56fff04fab87bce7961c7737f7f74fed264d2aa03ac907291b3939d4ee984adddc62fba1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
6.0MB

MD5
227e7a67137c35a8ea115d8b2117ca68

SHA1
21ba19198c3eaea07b18bf8244ccb92d425e120e

SHA256
1bb95d4344ade03c3823b7a615e2ed5e415901abba9eedfcbdf1ae38d49dec50

SHA512
4a531eca4615b0fc61dabb62489fda6f063c41fa4af80d25c6e828a0116bb34addbc94ab990e05afccefde3048c068b5640aef0178c442dd87cb93c94ffb8bec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
6KB

MD5
f82c87abc0be0f482d3c79f9e87c383d

SHA1
7a76d07e1f996edc5a07d12ae555f070d9a40d93

SHA256
0d5230df96a859a6b010b1a4168f7ff2cc5210c2583a3f1d50dfdb1e306af64c

SHA512
f8f72719e21ce6ac0093e95ed21b1fde2c2c4b2f64265e98b74daac0c336a154ce745f73504f3af834d40a6998cdd50a5c8cd7ff6575b5aed7fa6ef0de841995

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs-1.js

Filesize
7KB

MD5
61b34878d74890813abaaf02a4ec22ed

SHA1
cc7f136998a220d501b5c293f0d17f135d08505d

SHA256
53ba3408f6b6bfd8c304ae91df6dc11b28e17b91590f64e0e4d800d943155c12

SHA512
206c08350e3589385345a3561837fc81be59b254b1dad39473caa651b6f3365a9f8b54f28eaff6d234220da206f5da9b25dacd43e04fb04e6c26fa2b47f9da1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
5KB

MD5
d1b23a674f5fd345690891d7a37749e5

SHA1
1bf9d95d16d8ac6050b352526ac1a680f620e53a

SHA256
38f249e3c70302f487cbc7c3934758ba128f0f26742bda9f46f9f979fb8e4230

SHA512
0c07a844b86fb16a3e3d19b5e07ddaab6a6433069558f90896c0a3d098b8660c084c098f3abed707fb11747e237cd661b25e123f075ebec71bfe2a7e9ad3a99b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\prefs.js

Filesize
6KB

MD5
cee9b9ff860ce425fdc4cd5b2a48019a

SHA1
ee8345a419f355675e926f85d900b33ffc32e9b5

SHA256
bed457ae6d676dbf9d4cf330b76a73b9fa9cd39f39377ce857d15b871774f436

SHA512
ada67ee537b7fdcf7597b1695badd9b8ce946c539e1be4afe0449e235c25040f7b89ba1461f63e85678b1308e09989ffeb87dece545af3a309a78c675f69cd0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
9ed3dfa464da5ef54dc173ce6c839d0f

SHA1
10919a5be9d801b5f9a535d8fd88f709a4d35651

SHA256
91701b220b015853952e55157cb62dbdfbf9cf693f2fe50b5f289f6fa88ba5d4

SHA512
17d06135afe3d498bc7eed36d99cbe1adde4526ccede317898e46a35d167f73bc804067b6fd1d8b25ce82ede7c004923b0037fb65954c7d3a27ec1260800c7a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nbjxj16p.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b4e248b8f969358a7bfa32c68bda5789

SHA1
201120599bc3a747d419adc989473b524b7bc56c

SHA256
53bba6be73ce1c9b4ae9b1810a5225aaa7dfa9abd0ac1eb3e9b9bff37b266443

SHA512
bd21e656c602c09e140eb153225054a947e3b446927d8bbe0720e2e6cfeff0b237e0a5deea5d575ee170479e0b8472799f19c553cf3955982123e32cca006c35

Download Submit