hxxps://github[.]com/FailedShack/USBHelperInstaller/releases

Resubmissions

08/05/2024, 23:10

240508-25zbfacf8v 4

08/05/2024, 21:14

08/05/2024, 21:13

07/05/2024, 20:34

05/05/2024, 21:55

05/05/2024, 19:37

03/05/2024, 01:17

02/05/2024, 23:32

Analysis

max time kernel
1514s
max time network
1509s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
19/02/2024, 17:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/FailedShack/USBHelperInstaller/releases

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1454216376-3069400526-304058712-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	1892	firefox.exe
Token: SeDebugPrivilege	1892	firefox.exe
Token: SeDebugPrivilege	1892	firefox.exe
Token: SeDebugPrivilege	1892	firefox.exe
Token: SeDebugPrivilege	1892	firefox.exe
Token: SeDebugPrivilege	1892	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
1892	firefox.exe
1892	firefox.exe
1892	firefox.exe
1892	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1892	firefox.exe
1892	firefox.exe
1892	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1892	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 2528 wrote to memory of 1892	2528	firefox.exe	79
PID 1892 wrote to memory of 1512	1892	firefox.exe	80
PID 1892 wrote to memory of 1512	1892	firefox.exe	80
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 3472	1892	firefox.exe	81
PID 1892 wrote to memory of 4564	1892	firefox.exe	82
PID 1892 wrote to memory of 4564	1892	firefox.exe	82
PID 1892 wrote to memory of 4564	1892	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/FailedShack/USBHelperInstaller/releases"
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/FailedShack/USBHelperInstaller/releases
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.0.1960770185\730465386" -parentBuildID 20221007134813 -prefsHandle 1756 -prefMapHandle 1748 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8add83b-1fb9-483a-bf8a-bb4d8401c325} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 1848 1ec71109958 gpu
    3⤵
    PID:1512
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.1.1206223460\185629103" -parentBuildID 20221007134813 -prefsHandle 2220 -prefMapHandle 2216 -prefsLen 21563 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37189f9-220f-420e-a796-dd8f023dc6e4} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 2248 1ec6fce4458 socket
    3⤵
    PID:3472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.2.1788712919\202482587" -childID 1 -isForBrowser -prefsHandle 2816 -prefMapHandle 2968 -prefsLen 21666 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d338065d-f75f-4b4d-ab86-29c9a5fabcdb} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 2944 1ec7501e258 tab
    3⤵
    PID:4564
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.3.2069881954\1983683181" -childID 2 -isForBrowser -prefsHandle 3760 -prefMapHandle 3756 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fb101c1-5a07-4a1e-a531-aec2c2abb348} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 3772 1ec7647ac58 tab
    3⤵
    PID:1668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.5.452550039\71615006" -childID 4 -isForBrowser -prefsHandle 4944 -prefMapHandle 4940 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33bc46c7-7062-4667-944b-7fe17b1893af} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 4860 1ec77871e58 tab
    3⤵
    PID:2292
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.6.181009739\900095845" -childID 5 -isForBrowser -prefsHandle 5052 -prefMapHandle 5056 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {630cd30d-5b2b-4071-a713-5f321a799f54} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 5036 1ec63e5b558 tab
    3⤵
    PID:4464
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.4.666428590\1447403748" -childID 3 -isForBrowser -prefsHandle 4720 -prefMapHandle 4716 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec9b4cb8-d29f-45c4-9805-f5c68ae777cf} 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 3904 1ec761b6358 tab
    3⤵
    PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\13685

Filesize
9KB

MD5
436d033f0cc6e1704097766e0f60894b

SHA1
90b503cc3ded36acac5a328fd2b53538fab69dd2

SHA256
c796cb1024d05d0d9103cc72dcd34bca1fadcf51c3b328364e97636e02917911

SHA512
2f03d7f7c941083a1d4c5c97fb2c8bd3acef8191fe685a05c6c27fa6fb8f0e032cb1b889d12a542a5a1674722f5a0ad0318eb31646133311398416dc6b4ff90a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4idil8qh.default-release\cache2\doomed\3480

Filesize
10KB

MD5
09fec5d45302a9f3a5a2c16cb9c8f75f

SHA1
0b023a56edd945036ec81f82acf01b955d9a3cf7

SHA256
a3a71039e6dc207de8b444d8ff705e1566de5427f74d2e7e3b70d8d0ee5a2823

SHA512
d978e9388d860c0970ca18cc4cf6a83c6a32986a6e3ab09eed68bce709f04b1aecf2d9a283df43bf2cf4680cd83791908eefb32ebcfd783fd692d007a8e08667

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
75678d5260605e145b59b5557b7a88f4

SHA1
9ea498ad39d350a6e66a526ae7b83ac634d79b07

SHA256
140121d2009663b710432e5046e2afb1caee2315152b1ef009bf7fc159937466

SHA512
5a1ca6776d0c38d68bcd8c5ea7eafcb69c6b378fea328f5b881dd584a6f074913c6e697c27087f78013afe9c26679fb8d0ce716f8c30e5961301295f114b4542

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\bookmarkbackups\bookmarks-2024-02-19_11_eR6HuWZKQY7Z1w17ksp-5A==.jsonlz4

Filesize
949B

MD5
d03e91e33172f990887fd94689ac24f9

SHA1
f27450d4c31896455d1d8380211d608ef9dae7e7

SHA256
02e39810eadf58172a7a5f36ab35f4dd8eca1b70e8938b284ec39b0022a995c6

SHA512
144929865f2dc5911ff836f52d7b577f992f8de9e92c7118487a9f8a0128b32a33037bfdfe1972439bacd7226bdb0ed01adb1906bbf4ded5c0bca7ed25eb4af6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
d8f9553db51bbac55bdd441f0cfee121

SHA1
b3c93e2cfc1a1c4cf705613fa5f5da1b951feef4

SHA256
da3667d8b29d69813413b1312caff3cab50a06c792e99772a08a765e4727be56

SHA512
c371a827e5288196d223e17cd72dac6a34f3651975b0d264c780adf81500ab6c064d0ea554e49f62aa48917ef9b4ced0f3e1aa0146cc2d7987ed16d1efb51d7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\datareporting\glean\pending_pings\028260ce-87c7-4fd3-8c12-0d133c99157d

Filesize
11KB

MD5
b4f0bb0fd06f9e550b9afc666134d88e

SHA1
f1cafd4c7f3a27adf023949dc4a35f5133aa41ba

SHA256
a1890e718897d983be12788e8dbdb9525f6bd3044869306f1bf03693b265ef3a

SHA512
a8b3cbaa2c49d897a108f584d6ac2dbe94af9c3df0cfcf9320bb8a37254f1c4dc58879bdcee4bcb0779bf300852ccee41ca43f5c7b0143d968c7c5cb04bf52ed

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\datareporting\glean\pending_pings\225b80d2-6819-4600-bab7-d1f3a8c00ff1

Filesize
746B

MD5
a262d2c284b415923a1d67c71484cb74

SHA1
e4b762cf3b2b5db6d6100400be2f243a67cb88e7

SHA256
fa698c7fe96b9da151c15a69f04bbefea9a9dd4f16690e593361b414bb97ff93

SHA512
eb9b8dd36dbc4fda2388416a43f9ac5b3a2770fa21a8b06ddf167d67ce67edfbbb80cfa5f7fa709651422bffa2526c3139ca68438c315ed494ed51350ffcd5a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\prefs-1.js

Filesize
7KB

MD5
0d70fdace12fb900504564edbf35f4af

SHA1
62aa6fdb71aa8cf483698013d285f923c3edfe30

SHA256
c1acba5d335e7827b8a9ed212e906a811b5bf1508913b2778c60c1567e4b48aa

SHA512
6903dfd14b655e15d84b1ca781d9d6d3b492b658131212a6b77d54b46e0140eb1b63650d72812d3350fea340cbee7799ee20cfb0d94ccf1bf47ba8f71ba91f76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\prefs-1.js

Filesize
6KB

MD5
d8c67c52f71e771acfa826bf3ab4bab2

SHA1
fc0f2c855e48e3b0316067e5d991aa9355ab7357

SHA256
4f6932441f7e2dd191e839f52e70212f613aa15a2216c6dc2e858780db294060

SHA512
077463065473570bda9039cbf082f19233947fd5b4c6a1f20c2458550ad73ae4338ad4662b8207ddaa980d354b60cc6e9265a6f2b3fee6fd06e7e2110790522a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\prefs-1.js

Filesize
7KB

MD5
de025e174af248b139a901965d5d3c09

SHA1
3550d687617ed822f5f390b7b95d649f7f173895

SHA256
dbfdbf79f378b7d558e084fe85765f80d5c25247071f85c8f18098421d29c7cc

SHA512
b03fe359d93e13301c411ff7c002a6bf117422295fac9f5bc8635021dd2da60765eb64fbe217cf856d0b8dc91d60fe526543355c21e6168d5d97a4e71e097b4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\prefs-1.js

Filesize
6KB

MD5
c56809eb9d6af4e90c375d5f5ece6271

SHA1
4e764335f58f4ea6b0b3dd0cfedd6ad44e6b07aa

SHA256
d2e30d4e8de2b12c27d85906e3644421a35f6365dda126012b2079e17c6fbc3b

SHA512
3fd2e1d4c882aac412ec1546782eb8b90c51fcba9c982afe4317b2f3cec1c4ae66427f1f7d2d049aee8df8d8011b38e720e237f0fb22618c9a13c222a9babf49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\prefs.js

Filesize
6KB

MD5
1ff4ce7712b5634d5af22bfc2ee24ce9

SHA1
81097ae8662bbd6de75834cd27d0631c33903409

SHA256
cd13382e5d049722991b58b4ca8971823e2bf50f09a253f7408e677281905842

SHA512
a42caa9d484f5889f061c7bd83e7f8ffea2b2fca2da2ceaf00b1da7258848fb83c3d7a04b2110563a5a0126026acd0bcd8fd5445e15056a66125ded6429083bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
ce72189f29b650bb3f1673a0ae9fb774

SHA1
a564c3381bc45cc2693ef3efb42d7145795c0be7

SHA256
d3c58acb93d2acb020c9f9cd132c7b980e3d7d30e581dc569038aa8e62517d0d

SHA512
5eea9fa45ebe128f7115b1a335955ca725cab3730a17d3114094236bb99494009a7d71ab2b2d644a328246ce5590dbbd041a6402ca94ca49b8a77081bdcde6bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
8511c64d5d5bb349b33f5de1c2cf31e2

SHA1
0079a1f8f8b0d8626a9cae86eec47179af60eb28

SHA256
12e239c124502b443cf87e6d9108b2986b4926642e0c85d6e1148cf22262593d

SHA512
b6f95b6bb3ae3d1f5f5871bdc839ce59cdbb965e0230f0b5f2a1bafbad716a0aca12b9b41a6c3d9d2d13aeaa6b2dae99fb5c4e32e304c0e87d57972f8c6cc0a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4idil8qh.default-release\targeting.snapshot.json

Filesize
3KB

MD5
697a222b59e176886c8d58e05ffc01c6

SHA1
b46baf253be080b61c76675b12774e317b345c80

SHA256
46e0c6ecf1a02e68321a17f34e1e2c386986581b9787e84e2d2feb329593d965

SHA512
b4f6a0cf8f0a13cea7e660c0c823877d66af0e1b233c438494b597aceeff0e382c1e4df559e2d5b90a794cad59da3c7bfc3f2949196b958efd4b4f7dcf392ed2

Download Submit