hxxp://www[.]amt[.]games

Analysis

max time kernel
288s
max time network
274s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 22:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://www.amt.games

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3844919115-497234255-166257750-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4036	firefox.exe
Token: SeDebugPrivilege	4036	firefox.exe
Token: SeDebugPrivilege	4036	firefox.exe
Token: SeDebugPrivilege	4036	firefox.exe
Token: SeDebugPrivilege	4036	firefox.exe
Token: SeDebugPrivilege	4036	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4036	firefox.exe
4036	firefox.exe
4036	firefox.exe
4036	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4036	firefox.exe
4036	firefox.exe
4036	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4036	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 3868 wrote to memory of 4036	3868	firefox.exe	84
PID 4036 wrote to memory of 2164	4036	firefox.exe	87
PID 4036 wrote to memory of 2164	4036	firefox.exe	87
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 644	4036	firefox.exe	88
PID 4036 wrote to memory of 4616	4036	firefox.exe	89
PID 4036 wrote to memory of 4616	4036	firefox.exe	89
PID 4036 wrote to memory of 4616	4036	firefox.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://www.amt.games"
1⤵
- Suspicious use of WriteProcessMemory
PID:3868
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://www.amt.games
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.0.133266122\2045417882" -parentBuildID 20221007134813 -prefsHandle 1896 -prefMapHandle 1888 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14266853-5fd1-41ca-bba9-e7d057a9d834} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 1980 201612b8b58 gpu
    3⤵
    PID:2164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.1.1492492927\1179301676" -parentBuildID 20221007134813 -prefsHandle 2372 -prefMapHandle 2368 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8da30498-b526-4cf7-97de-aa6e1e96ea8c} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 2404 20154772e58 socket
    3⤵
    PID:644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.2.975445247\1210040293" -childID 1 -isForBrowser -prefsHandle 3108 -prefMapHandle 3104 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2041c67f-c56e-47a4-aafc-689f9d9d8084} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3120 201653ba058 tab
    3⤵
    PID:4616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.3.1467428652\555185121" -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee03b4f2-6ed3-47fe-804f-089e9537eaad} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3960 20163aeb658 tab
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.4.313663120\810520686" -childID 3 -isForBrowser -prefsHandle 4868 -prefMapHandle 4864 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5173d90-8a8b-45e0-9ec3-4c8a6f625674} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 4876 2016766a058 tab
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.6.1033487790\387172820" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9caa51c5-0eee-4025-a3df-daaa2f0a069b} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 5172 20167669458 tab
    3⤵
    PID:3660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.5.166066891\1860455407" -childID 4 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {39a73478-1460-405a-8e16-d7b98a069738} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 4976 20167669158 tab
    3⤵
    PID:2228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.7.266751749\14281896" -childID 6 -isForBrowser -prefsHandle 3292 -prefMapHandle 3280 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2f00f32-837b-49c6-9149-16d2d3adc760} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3288 20164bda858 tab
    3⤵
    PID:3188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4036.8.1551167267\675061664" -childID 7 -isForBrowser -prefsHandle 3316 -prefMapHandle 3128 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4088094b-43bc-496d-8646-62126cdd9c1f} 4036 "\\.\pipe\gecko-crash-server-pipe.4036" 3328 20167668858 tab
    3⤵
    PID:3912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
3.6MB

MD5
a34cd4758d0d564b439b9905d8cef2cb

SHA1
7891968a0dd6789a7ba7d6efd666c97d47fc2a05

SHA256
a63873e96b067bd7108af79e5eb58d222b06d6c6e56d1c2f1ca5747f22724da5

SHA512
a1831fd7ae8690a8b7a39c86ff2f784d6085c69fc2dfb6112dccaefa57419efc749c1aa253f704364d69510fd61d45a40cee6146e5151a64878f2b86bc66a0e7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
2882538cda8062f48479fdf5d14448ee

SHA1
946df37358f544c8456f1338af15f1d8ba44ad6e

SHA256
5e6ab620cc52f99f5757fda581877aa72608af7877201f1a4e13c34d689f19c8

SHA512
7cd4f94765c7deaf45aed54ca68e269006bd1dad0426a9725a9b9cc69ae73b7f4790970d75a7e231423a8cf5822aba9935577334b7875fb3c4730a78f285a3f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\bookmarkbackups\bookmarks-2024-02-22_11_PDfVePLmNJirsjum4Zo-ow==.jsonlz4

Filesize
951B

MD5
f3f9645d6aebaead4a35aaf568efd954

SHA1
05cf1cde0f49e493a111f7d7a15b6960b00a97a3

SHA256
896c5ed810c640f8d5837b59e2b486c6f9ae97f628c4eb023155bdcc109acbe4

SHA512
5eacf9b03f7864ed12c7d64a6687efdfc9cd12903e9af08ceb10a9d88c805286457b9c8f01ce7aec3b43d4c4cca2468188fbdb1724a5e8142945fd55f79cff4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f63c3b7518b8d2f51165ea631590d9ba

SHA1
7b294005032ee1bb16a9c3e49d8c89e2d96b34d2

SHA256
7e1a877570807d857ddbfeb3795554b37022a1875ff8150f6f61bf09c8edd378

SHA512
dcb6ee3a8c11efa7d0f126d5118a973b317ec0487f786ce6ca963be409af9f683aad88bfbfcf7b9316040f32117a8fbbb588089eb844854cae1f410586dab1d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\982bfcf4-d8e1-438b-a82b-efae86e1ab09

Filesize
11KB

MD5
d956c4ec29128120c399391524602f04

SHA1
ed3741a78a8b41c30c75565397ed2d62ca8961ca

SHA256
f38ef7ae7d26a48ad5a8fa6e60bfd3a0127a051a37c88b63066d4b3ba604a2bc

SHA512
26735b0df2344cacaba4de08df959de9a11043b5ce11a4c89bb185e21a593c0cb4700dbcb288b3dce368d0cd162f00cad9753e371b91f6a927984c520d3610ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\datareporting\glean\pending_pings\9ffd4d85-f719-4974-99c6-504fc01b1e1a

Filesize
746B

MD5
610401aa8fe91833dd4be40a506c3b90

SHA1
8273a6528c3898e033473084d9ca7ac1b9fbbcf8

SHA256
d596e0e0b044f1543456c0c7033d10a7de79adcb534a658e1dbf948f1b25018d

SHA512
e0021e1e34ae2328300896ad4e6f8967886f47e1b09c23d8de442d123c32fc1ffe58623d12788a30653b48326c3627e9890612ff7caa884f4971d62e4a62870b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
4.5MB

MD5
244409b44f02eb57bf6c543d5d23cb1e

SHA1
440bb3557f1068cef6b8220760727e038fc85538

SHA256
6525242e2511a1db560ba1723fb668fe4961f473b99b18102b50ffaec26eee00

SHA512
3109eea7494fa9d807d017caad384053b5250e6fb52867dff635d6c0ae95aacc0d7def34a471c6147873b706960579e27c5fb0917d56c85975d02e04866b3eb6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

Filesize
6KB

MD5
487e7631307103ddf35e9cf49fdc489e

SHA1
00651dbf2bd076d955b7778ffbb1111fa5f156e4

SHA256
7473f22464cc2f8a914800d7f27188f720c915382e70093c7dbe7784e3115031

SHA512
810a516c8450d3a810fd618251df8b889b5f099001b1d5e90d64a62f824487063205b0c9a6782c62d661ce193fa9ee4bc28c1dcc1c00a29c3e96c4cf5702d0bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

Filesize
6KB

MD5
69cebc65d9a9da655fc0b0214ac5bd53

SHA1
3ef0b0b9dc1a05e65ba055334d5b8ff3aa33e424

SHA256
19b0f9382a664f85117b36f119a5e23b1de64094178b37e0cbdd0d93cb78a125

SHA512
e01cb422ae2e0aa07a05ec915e3673e97e37188b334fa4eaa9a2b268823c4b7807d9b2c767c7c037d4d0e830b635eb7e59416b31978da49ed62572f013736616

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

Filesize
7KB

MD5
bd9f0cf0ce60d6ca9cfa31637ca4f594

SHA1
f92f6fa0b051f8dabb292d9eec2f482e29ec5a85

SHA256
e3d0fe2f3758cfb500af506ae5867019df597887d61d3af79151c9f74fe8a52c

SHA512
2a00186b9c3fa158cd3bafcbb986370f2fd5ac7dd8747eb29b541f850a1f3a652eafa573a96b448d2a84c9aa02f8369518f0cf51f248b762b5d7da9af25c54ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs-1.js

Filesize
7KB

MD5
691ab3ff66f3650df56cb0e6d032fd3d

SHA1
ed9f530ea7bd26c52887d6bb98e58cb5130472d9

SHA256
1d3fc5df79975e284b09cbd5f5123f59dc4cadc99c5c89f80ae7d717753fdac1

SHA512
a09a44232dc003b37c548eaac21008510cad3272967333e4489805e0606d75f3bbaa001308f3090181ec35c1d62c1784b2b9429c9bed62869777129ec872121a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\prefs.js

Filesize
6KB

MD5
8b9ab26c17bc6e65ff3696d169310e5b

SHA1
db44a918d55d617c4322f0608ab62435fa468da2

SHA256
e8f86fd85ae9118040f5ba7c02e70eea78fa4bbe987f41d61da91339f0ec6a87

SHA512
c6cc27d66b62e020b0cc3928e27b798cba3468ef8f97b64f45a09e483e87c808c526af060ad5b2a80013582531ddb8d184f696979d882aae546eae44aaed8f3a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5f46339025ce8ae48162ae9aafcef84f

SHA1
e44564dd7f16806074622c4e33a2d7ec518cae95

SHA256
be9fbc3f76cd2a08bc87bb3c159fdbdcb892853dd1b1bc4266f85d8c2879922d

SHA512
523bf662a7fdf97ea11d1b5feca6186db711d26456f0965ce294da52ab31fe743741a66a2d166b505340f9172b8f09d6a2139ea40d7d4e759fd06cbe790e1e1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
a797075ca78694869800cfdf54df4dfc

SHA1
3e2f3ec305de72d17b465f03a9bdf8f7f6ed4a6d

SHA256
9ea8fd5ef227b5b7b321fe655e3b49bb9cff6b0eee9990dcf5973afc7365e566

SHA512
8c4a5cb6f4f6b4ec58da9f49dced72f56adeb7bd03ec2986e22d5a4fe0feb528a3040a4b07335ed60395ad2e4d13a0346f272373871ad3b16ddd8a9d260259cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f9fb9c5ccec5335e5684792705ed4a2c

SHA1
1bbd854869c00eb7113dd74e8b70896f66dc9caf

SHA256
37b1fd982a21fccd3d8318b1c9835dd0c27a6492ca8e19dc78f20ba22260bc6e

SHA512
58d66272330258a7a2fbfd346ade03046755dc16f1499bcea8d0b6034fd93c201d58cff16adfac1a18734d6b3f42caba32749190226fe25b571d9631c9fd6629

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7b571691080fec0b3b493d7737ab288f

SHA1
98d94033fde4da40f00e161ed052807a4a77f64d

SHA256
189dbfe1faa7c6be5fd1a50fb12c0a4f1f10a02ed7518d4e62ddf069f20d4d79

SHA512
c22d4a039c7d811c7d7f3e6e5b018ffff1a2cca6232e6bb70a818a20d54a47ef9af2ed0aa3a6595ecd6dc6727875f989690b81caab68b381758fbdf85b960af9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
86731107b7b091115277b53faefa1387

SHA1
eb86b66d4d55a4eeb590a22a5a98f78437f0c68c

SHA256
820a55b24e5b71b058a065f424409d45cdef66ad58aaee14db2921d04cdad663

SHA512
bbda1703afeca23d12a83cd570bef026f07abd0e3c50f7235e214ce00f17e0df8e407f080282b39b1a312d83ffc1772089729db6aab7186d206bcac805af6c6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7e1c6ee357762d2179c933d8fb396e2b

SHA1
f72b27627fbe8046d8f8c55c13aa99b54dc5a652

SHA256
1701d2d06aa8875e5cf3da361068e151846270b03309de14b4da5ee6d2db4d7f

SHA512
8d1c2fdad5be2884c5c2226fef42817a87e9f4c532fd1651435c81f8cf0cefdad04b73e4ccebce2098f0fb4acf08d3c7a8c330d54bd582cba26cb755e4b3dd26

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
27c3b42a56c1f5907dd6570c104b663b

SHA1
ec3cee091caaa0417a03710c74b68e52c5a522a0

SHA256
354af9ade903c83b4e6dcd8b80d4cf0f5181867c030164ae7f9cce5db3923e27

SHA512
2882bf791d311b0a9a8c9700de58189d578d8a24ae349551b8d37561d80e732d5e77d30aeb23c113a6266ec56e744b95ca9f06ffae7eb2018c25302162901f78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fb904338e6706c078a508dc4f7d6401c

SHA1
a10d24ea252f960862f13d8d7e0672f85f7485f1

SHA256
e79cbf6c5e0014315ba5ed28b1d4d534081a64696bf82fb536eec99c52cc2b81

SHA512
22e6fbd9a332cf4aed3a2d737aa73b2caeef35f2c07d59cdb1737472153aea1e50088acd2b0415af3400d280ae2a15dd3708822019496f4f36d4a050347eee8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\e2sf79v1.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7b0234fed463901b3f3bd57921cc750c

SHA1
baf70d9541155a125cceb1463413e54a24164d01

SHA256
9e66bf52f14213de75b03086be9979f4508f73d34582f47351af7cdd38a7156d

SHA512
3d38ebbc433f02fb89e82c2992309da28787fa33aca85c0eea530e1ad453f96f971ae2b6906338312994dff20cbdeb5e00bbca01d501b37ca3a2a1647073232b

Download Submit