bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42.zip
Size

41KB
MD5

1df9a18b18332f153918030b7b516615
SHA1

6c42c62696616b72bbfc88a4be4ead57aa7bc503
SHA256

bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa
SHA512

6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80
SSDEEP

768:hzyVr8GSKL6O3QOXk/0u3wqOghrFCezL1VFJdbq2QTJTw02Q:hGx8DKXE//ZhhCirFi2cwK

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-983843758-932321429-1636175382-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe
Token: SeDebugPrivilege	1120	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe
1120	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1120	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 4808 wrote to memory of 1120	4808	firefox.exe	94
PID 1120 wrote to memory of 4156	1120	firefox.exe	95
PID 1120 wrote to memory of 4156	1120	firefox.exe	95
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 1428	1120	firefox.exe	96
PID 1120 wrote to memory of 3604	1120	firefox.exe	97
PID 1120 wrote to memory of 3604	1120	firefox.exe	97
PID 1120 wrote to memory of 3604	1120	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\42.zip
1⤵
PID:4796

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.0.1270278052\1174136048" -parentBuildID 20221007134813 -prefsHandle 1876 -prefMapHandle 1868 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {55751059-8347-4c36-b3fc-9f6263f5586e} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 1968 1f27fe04158 gpu
    3⤵
    PID:4156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.1.1062419143\1677311821" -parentBuildID 20221007134813 -prefsHandle 2336 -prefMapHandle 2332 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ae92037-78ae-4e2a-9fc7-987c8736d24b} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 2364 1f27ed0d558 socket
    3⤵
    PID:1428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.2.569832473\1886191827" -childID 1 -isForBrowser -prefsHandle 3344 -prefMapHandle 3340 -prefsLen 20823 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {baccab4d-784b-45a4-ab8f-7c8a7608a10a} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 3352 1f27ed5d658 tab
    3⤵
    PID:3604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.3.1663083840\535590458" -childID 2 -isForBrowser -prefsHandle 3008 -prefMapHandle 3036 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a9bb4fd-3cf9-4848-9747-14df187e82e4} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 2860 1f20405fe58 tab
    3⤵
    PID:2024
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.4.2019658204\1763424107" -childID 3 -isForBrowser -prefsHandle 4176 -prefMapHandle 4172 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48d0fe23-a634-4e39-ac44-7a36bdc85ed1} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 4188 1f206ef1e58 tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.6.1694369213\953540734" -childID 5 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {764727ba-df4a-4bda-8c2a-d70cbd0e572d} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 5228 1f205787058 tab
    3⤵
    PID:4572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.7.1250597615\489530056" -childID 6 -isForBrowser -prefsHandle 5432 -prefMapHandle 5436 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7a8310c-0e77-4bec-ac59-c7caa6cebba6} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 5424 1f205787958 tab
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.5.555501874\1782012474" -childID 4 -isForBrowser -prefsHandle 5000 -prefMapHandle 4968 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {55c78a90-26ed-4f5b-b62c-e8ed0b7f2943} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 5024 1f204df8558 tab
    3⤵
    PID:956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.8.1661492776\966949635" -childID 7 -isForBrowser -prefsHandle 3600 -prefMapHandle 3596 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c35fb28-df53-4d9e-b0b5-b7189afb44c9} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 4164 1f207e0a558 tab
    3⤵
    PID:4468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.9.472412499\480601684" -childID 8 -isForBrowser -prefsHandle 5936 -prefMapHandle 5932 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a230f1b-e22a-434e-9b07-208af160c582} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 5952 1f2099e7858 tab
    3⤵
    PID:2760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1120.10.1027715125\1268586787" -childID 9 -isForBrowser -prefsHandle 5136 -prefMapHandle 5176 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1416 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9829d7d4-1a99-4bc4-a096-385e603c00e4} 1120 "\\.\pipe\gecko-crash-server-pipe.1120" 5204 1f20a5d4458 tab
    3⤵
    PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\cache2\entries\AAA75923EB61E35DD6445DDBF1086DEE3555C687

Filesize
9KB

MD5
9c936532726b93630e6cc06265c004f8

SHA1
49395054692af10bbe259babaf1d5717faaa639b

SHA256
97265accfa1032209460129c0573eb271f215a37eabfaa3118054182340d7e0a

SHA512
66ae39fb667e49dc4fa69a56feeeec437aa2a25db916dd15d753800f91a811d93cd78eaf4405835b9425b920246bcd766f41b42e79f8ec101b4709b5cf7dfc3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.2MB

MD5
8cfa287e42cdd9109def70b8da8e10a3

SHA1
cfd1ff6436091fdb0903f9e27d67f61020a04441

SHA256
b678c615eaa6708917f96dd68ab06c759fbaf53f531dbc65e808958bb4d94d60

SHA512
0fd92eff11100df73e6b7ec310a997642b6c1d4f5f4f38549267230026316cfaae14d3297eca429c16f0c32fb8c38f070d6479b2b369d201ff4cd79eeef5d6cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
3634edd80e1515e18bcc603f64732f90

SHA1
ba01146c0e7f7ff125417a71ef1be8849ddd011c

SHA256
a215d8d0517375d95159ad139a0eb84649364bee90f31f5eff91bd594cc11051

SHA512
3b4431390ae49182f32d91091436017ef3468599f44b4a362a9f327452340e22d62f03c6a7568e0e55dd0308893e9f4c92a25a557b17581cb892a7ebdcfde375

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\datareporting\glean\pending_pings\9c412f75-445b-440a-974e-36898e901146

Filesize
734B

MD5
4d71a325b70f1b872a71dc2eb80b32dd

SHA1
19535d78e4454cea5444e89a38d5d5ae3e68fa06

SHA256
dc7ffdaacd0a93141a49d21994dc6e2fb4d82a7a762f3539496270654fdc62e2

SHA512
da4d11b0f94578635cb3a6967d68ad8920d9fcfee61d58c6ec6fb5a1514541a4ba063f16a7fe0bfe5c9fb56eafab1f5785f4a60d6287a29bba356f76a0326efa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
6.2MB

MD5
eceddc02314746f3892fa91e63f12a00

SHA1
1c51c21baf2d266c48f316a1364b7975cba4d4b6

SHA256
b6a5d52f5b9656ac6ec75071ba379776f8941b09ea5a8d5f7947dc5e689909a0

SHA512
278bcc0ab89f4861ec497aa9165a1615f5e14e034108fa583b9c10a84eabdf219e19c7c3c4b721090e82d78657737e0c375b775df4601488080675770287943d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
6KB

MD5
ad9005b1f53fe74f9f364375eebe7533

SHA1
617f75f23ff2adaadf4a7209b773578b5dc1cdda

SHA256
419b9756f84e3a54cdae7ef2cf277e648e59642822c74e95b567c758fcf3b85b

SHA512
58992fe2406b6eb65cf1fdd441f7cba28a5e3ed37dc5499cf923cb3a31c423e6cee44dba34bd3cb1c03f2196b909e78d8ddee6ca0f8ad441df94e57e48c08d88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
7KB

MD5
6d6b76b83f70fec209ef255be5c763db

SHA1
19924fbbb61ff9144122c0d0f661bacb1b4ad84d

SHA256
602a8898ef9d38cdbbf31bc3a9f8a87d29033dda2b732b21916b003816e7c5bf

SHA512
32805bb29c0b5c52d7dc56a02dc4d065965e4f418d0e6b736496b5a67a3ad4a9160e99edfa30dfbcbb7e93561fb1cd01ef16496e91923cc91ca8c03fb68ecb06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\prefs-1.js

Filesize
6KB

MD5
af5502b46a346188cfb9973fabe2ea01

SHA1
a792f1bfd34575980aea27806455036a7577e1c2

SHA256
ddbfb5d78d31b38e84a058d27168c1dd8f3fc4657a40bb99b1be682131545094

SHA512
fb2d5abd2e9e7f4b0f2b7c1d7e91d0503ee0ff86534d986ee4e0737ad83858e1d4e131c531ac5ab736c3dedae3785217c0251f74bcfba3b02529dd6b26a43090

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e30399eb370c540f859978d1e988d1e3

SHA1
bffce23e15c4099da0e2f301fdab86cd0aa3600b

SHA256
7571cd31193d7c59aeae8385cba0bfd0f9b81d2b7044a63465ef7136ec1ab505

SHA512
ae192ff6198ab98435ce5123d71f0321e366a9177f73dbf3bc7422b5bf39d3eb8c7d2fa2c00f1e6affa5bde7e524db242c6a8de7db9eac9e44c8aeccd620c660

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1cd77a6d5933d373b0140472d0cb8fe0

SHA1
c5257b8883257e79d24ee31f15f6bc0d4c1a9bfc

SHA256
0fb7612234ba4f6551264e40c0ce8cfeb1355279ae0814bf7757ae189ef49891

SHA512
0066aac2640994b0279cceafc070bf87dd4087ffaa5d33f163d1fcb72e25dd36b2554f6df837b02f867288f164cc94cfe8119fea57bcfb4a9e13bf2f7f4d12cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
8a3ba2ec2d2878fefdde285b501a8b99

SHA1
4f044c6c9d436890d0da57484d8683b721e9ad42

SHA256
8e7540cdc2b7c6d2a7b0a2f0296acc53085fd4731fa81047c92d6956d3eb1fb6

SHA512
9a81c8a44b2a6d9657234791ade26d2e4667778c8cd3ae5a7f618cc8e38f466b67ca9b42017ee17855fdb2abf555b81c333ccfc0cbf27a14d10da234467f5565

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
78235ae8fdae17c272a2799c03ea72ab

SHA1
2e703e86dd1d1ec623b54751c025641dc9003487

SHA256
da01fbe1639c0f24f462fe2db78f09b553e7b8d8cf7e53822a09743c547d865b

SHA512
dbf9f51ad413a33a31685a6b042695b7de7240812ec4e2d402c0b3f94e0e982e3b283f595bf9fcb604b4f49aa600ac304c74c5575f0c4885ffdbf7189264de3b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\s5jf5e5i.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
98f862860298168ee217282da45c071a

SHA1
e96b11efda54e8a322fdac2f7b0fc22d32f1ccbf

SHA256
ab233bd4139009960497e1db58ebb91876464bde24e38f12c8cdc12d0c5549cf

SHA512
70ce0e143c2adbe5bf100091f8500664e1f1fad5e0084621bbc9af66279c4a5c732979d777cc53f814bea838462c3358f8ba15ddbcbb7359d276337d22ef8542

Download Submit