hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbEZoZ2pEbVdoS29relFlMVpvYnhSc3p4U0dHZ3xBQ3Jtc0trYzZ5c3g5cWhQZklBX3BReVZvNDZZeHhaTERMcE00MFJnVTFfQ0p1Q2hYZWZCaWVRQVNQdGZUV09FczB2Nkp2Zl9DMTM2WXlpLU9IUXRNdDhzZGRKZFhrLUFzRGh0MWMteks5cHFWYWZUUzc4TDdmWQ&q=https%3A%2F%2Fgithub[.]com%2FL7NEG%2FUltimate-Menu%2Freleases-&v=AmEnynrhiTc

Analysis

max time kernel
578s
max time network
583s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 17:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbEZoZ2pEbVdoS29relFlMVpvYnhSc3p4U0dHZ3xBQ3Jtc0trYzZ5c3g5cWhQZklBX3BReVZvNDZZeHhaTERMcE00MFJnVTFfQ0p1Q2hYZWZCaWVRQVNQdGZUV09FczB2Nkp2Zl9DMTM2WXlpLU9IUXRNdDhzZGRKZFhrLUFzRGh0MWMteks5cHFWYWZUUzc4TDdmWQ&q=https%3A%2F%2Fgithub.com%2FL7NEG%2FUltimate-Menu%2Freleases-&v=AmEnynrhiTc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2200714112-3788720386-2559682836-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2076	firefox.exe
Token: SeDebugPrivilege	2076	firefox.exe
Token: SeDebugPrivilege	2076	firefox.exe
Token: SeDebugPrivilege	2076	firefox.exe
Token: SeDebugPrivilege	2076	firefox.exe
Token: SeDebugPrivilege	2076	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2076	firefox.exe
2076	firefox.exe
2076	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2076	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 764 wrote to memory of 2076	764	firefox.exe	31
PID 2076 wrote to memory of 1472	2076	firefox.exe	85
PID 2076 wrote to memory of 1472	2076	firefox.exe	85
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 3392	2076	firefox.exe	86
PID 2076 wrote to memory of 4604	2076	firefox.exe	87
PID 2076 wrote to memory of 4604	2076	firefox.exe	87
PID 2076 wrote to memory of 4604	2076	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbEZoZ2pEbVdoS29relFlMVpvYnhSc3p4U0dHZ3xBQ3Jtc0trYzZ5c3g5cWhQZklBX3BReVZvNDZZeHhaTERMcE00MFJnVTFfQ0p1Q2hYZWZCaWVRQVNQdGZUV09FczB2Nkp2Zl9DMTM2WXlpLU9IUXRNdDhzZGRKZFhrLUFzRGh0MWMteks5cHFWYWZUUzc4TDdmWQ&q=https%3A%2F%2Fgithub.com%2FL7NEG%2FUltimate-Menu%2Freleases-&v=AmEnynrhiTc"
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbEZoZ2pEbVdoS29relFlMVpvYnhSc3p4U0dHZ3xBQ3Jtc0trYzZ5c3g5cWhQZklBX3BReVZvNDZZeHhaTERMcE00MFJnVTFfQ0p1Q2hYZWZCaWVRQVNQdGZUV09FczB2Nkp2Zl9DMTM2WXlpLU9IUXRNdDhzZGRKZFhrLUFzRGh0MWMteks5cHFWYWZUUzc4TDdmWQ&q=https%3A%2F%2Fgithub.com%2FL7NEG%2FUltimate-Menu%2Freleases-&v=AmEnynrhiTc
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.0.806463236\22607949" -parentBuildID 20221007134813 -prefsHandle 1848 -prefMapHandle 1840 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {12659714-9419-4ca8-b201-bb6a98fb3764} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 1936 17ce4eef458 gpu
    3⤵
    PID:1472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.1.58800111\507515955" -parentBuildID 20221007134813 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3339dd5-8607-4d7a-b41b-5ef411fefa96} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 2400 17ce4de9158 socket
    3⤵
    PID:3392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.2.1547589390\1100341766" -childID 1 -isForBrowser -prefsHandle 3144 -prefMapHandle 3048 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {384d790c-3a91-4a8b-b3d5-d684ec4569a6} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 3012 17ce8fc5058 tab
    3⤵
    PID:4604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.3.796606171\150551652" -childID 2 -isForBrowser -prefsHandle 3644 -prefMapHandle 3640 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f92fb69-4150-446a-b68d-cf8fe9fe5c22} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 3656 17cd8574158 tab
    3⤵
    PID:4736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.6.2001634155\1414270863" -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6194c09f-ece9-441d-a8d9-ef2f4009d675} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5412 17cebb60658 tab
    3⤵
    PID:3424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.5.545291905\890940861" -childID 4 -isForBrowser -prefsHandle 5228 -prefMapHandle 5232 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0bd3454d-946a-408f-a609-cb9f6235bef1} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5220 17cebb60358 tab
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2076.4.824387582\1991099958" -childID 3 -isForBrowser -prefsHandle 5072 -prefMapHandle 5068 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1104 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03530805-fe9a-418d-a32d-a3b4c38fd36a} 2076 "\\.\pipe\gecko-crash-server-pipe.2076" 5084 17cebb5f158 tab
    3⤵
    PID:4152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
7.6MB

MD5
e5bff0e35e8273258f03b86a38c3bc19

SHA1
67d9e3499ba5a378cdbe0e68bda14f8e3e9fbd8e

SHA256
96f6a186bd8924c3bd0f56fcc75b7a934f4a943111aad137fa45ef55ea4bfa39

SHA512
82e025bb818af773ca7da511bff9c2a92584e7c30a48bacce9ecbf33d050f3fe68860d3a956f7e9e1639394f6cd11ecb31b58e7d681653c02c0c954740a94ee7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
517590b828994f93067ef8cb43f45288

SHA1
97796880269f8891ac5af2e6b40846a0e3376868

SHA256
3dc1988902a5c38792feded2f791203464571be04e3837b61c8506b751ff58f8

SHA512
8a305c11ddb4ad42e486a341be88d62ba1b26143d9de14fded3e3af14e377db4e202c5657790f8b09d43f32784a071a9f3932d776eb31db55e7e97a49e973c02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\bookmarkbackups\bookmarks-2024-02-21_11_RxpgHb-Ntadbgy6OR4gghw==.jsonlz4

Filesize
955B

MD5
59c44f6939bba9a18d967f6406410040

SHA1
04e2d17fb77e242d90f479afe48d3a0b0bdb0c50

SHA256
44ec5a924413467d9c7c3a514d570da26c71ffdb2de6b5c86917ec94ba8694a0

SHA512
36a6b7ff83a9106be690f22fc3430ee9bbdc14bb1ab9960244814c7c0c0d8660ba9db5f077be623274ba7599555ed24d4ecfb63747d96a590becfea4d813ffab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
ffb8520dc9549260192c482b99a227a2

SHA1
fd7b3c553f4772181c4f8b4fb0f3eed1191c78f2

SHA256
2dcaecce1604f915c8697b06ebdfb0dd33e5d5117b5e6382e78c98216d284943

SHA512
d1c78d0d585a57b7134c0ece9de8b0ca82fdcd3ef40e624cb74e8be1aee5befdb6fa354d9c019beb0c86723d6bbc7cbc31333db03ff451355af45ca05f73fee7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\datareporting\glean\pending_pings\1c6b7abc-8284-4265-8fdc-6947aca47266

Filesize
734B

MD5
0f74b8b4d626ab04f36c11817c4df8f4

SHA1
a7464db7a7bc7b42f2b27621f6f96159b0b8e7e2

SHA256
a66e2ee1fccd7b82eaf0084d744747e1e4a020b9664a1ad93fc24c9219a90f18

SHA512
bbe6ccd9563e554c480de93f57eb0ce9a0740a3cbad03edbfd7f69f642fa01ca176bd0ce0742f529877d4e43ecb0965177f064d7da62b32528a33410fb016d4f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
8.1MB

MD5
f78c6ef34019940be9ac66089c8b8663

SHA1
55c6a0a7afd1937a2ac6042dff574331f6cc81c7

SHA256
089945f4ce16cf3e924228e34397b6deb28d77aee6967e932aa624471642d76e

SHA512
9207f8431648d9fcf4c0943477fa2fb55b54705a71dbd037550519bd30e38019b8e7c6de6a394a67c8a32996edeb03db9a323f763f5de81a64edea982b563e24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\prefs-1.js

Filesize
7KB

MD5
1ff5fbb52446f78ae80f068460964e2f

SHA1
ca60effa4662033d9f4858f2a36a6b32491258eb

SHA256
b021473e093fb2148e37be37d9a3717e343b2493882f03aeb8b911ae0e2ed517

SHA512
cdda2b3438f34f38aad2cdb9e6a152cd0ed38fc41c7af1cbbd2078f08ecb8c509104bc0d0be3720759f05994ffc972d432c96268fa2c78eea673e7db5aa732ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\prefs-1.js

Filesize
7KB

MD5
2ac6d3d415d7fd49d798ecef83e0c254

SHA1
50562b583ae5d61d0ed26a26122ef37ce659e344

SHA256
8e47af21d6aad4f3cd5ebc6e8df4f3b1f5594309e4b65950d749560d7089ed37

SHA512
8d0a262ccbc134b643751a13efbf6e6d2e791ef57ac21163960a13c7dc0be7a24c2dee59c6db58e74d6babf2aff448bb50d722dad3b6bac764f7b9959bd031b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\prefs-1.js

Filesize
6KB

MD5
fb923e4bdab3637b04eea34298471744

SHA1
57ad110f77f7b3d8d42c55640426c41c5d1c32d3

SHA256
24c23b2281e34a5a9d56a1c64e71dc42d4acd6e74c77c5eba5b0b35f6383076c

SHA512
6ab7008101b01394d443114c8797898c6fc48615c67f065cfd324ae4e5264aacb68bfa36959d97324bdc567183383d00bf7226c874a2e8c2c73bab7d846672fe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
3bdcaf5a17f462e9d35076c86254e5f3

SHA1
a66024179603d56058c978bd8fa92aec35d2dcda

SHA256
42f1de6a1f35d915c11a3a50418a8c8a89278d0f5b9196e638d424c6355ddede

SHA512
edc104ae2ac79e5eb6ff8d698e6e5523bdf471e5d77b09a13dfb21c085a6b8683f0a8b666728433bd504a2d2c2850ba32a091b7a1220632ab0ae2433db0541f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\btade21m.default-release\targeting.snapshot.json

Filesize
3KB

MD5
0dd109f43c13d4040fcf8a37950c5de4

SHA1
a1e24a01226acf411698d219f27a71257d891201

SHA256
821fcc1f3c4851b9f8cb8f546dc8261748f505d87e6d4873a8cc85e28cd7222c

SHA512
ac0d5c30b95231b78aaa0de2b7ec8b39453ad434ced8bf2da6374e7667795e8c81521b842f364f9cf54111296926b61f7f066539bc07c9e433f588632ef204cd

Download Submit