44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Analysis

max time kernel
150s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-02-2024 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

persisted_first_party_sets.json
Size

2B
MD5

99914b932bd37a50b983c5e7c90ae93b
SHA1

bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512

27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 10 IoCs

Processes:

rundll32.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\json_auto_file	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\json_auto_file\	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\.json	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\json_auto_file\shell\open	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\json_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_Classes\Local Settings	rundll32.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\.json\ = "json_auto_file"	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\json_auto_file\shell	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_CLASSES\json_auto_file\shell\open\command	rundll32.exe
Key created	\REGISTRY\USER\S-1-5-21-1650401615-1019878084-3673944445-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

rundll32.exe

pid process

772 rundll32.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 2664 firefox.exe
Token: SeDebugPrivilege 2664 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

2664 firefox.exe
2664 firefox.exe
2664 firefox.exe
2664 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

2664 firefox.exe
2664 firefox.exe
2664 firefox.exe

pid	process
772	rundll32.exe

description	pid	process
Token: SeDebugPrivilege	2664	firefox.exe
Token: SeDebugPrivilege	2664	firefox.exe

pid	process
2664	firefox.exe
2664	firefox.exe
2664	firefox.exe
2664	firefox.exe

pid	process
2664	firefox.exe
2664	firefox.exe
2664	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exerundll32.exefirefox.exefirefox.exe

description	pid	process	target process
PID 2940 wrote to memory of 772	2940	cmd.exe	rundll32.exe
PID 2940 wrote to memory of 772	2940	cmd.exe	rundll32.exe
PID 2940 wrote to memory of 772	2940	cmd.exe	rundll32.exe
PID 772 wrote to memory of 2656	772	rundll32.exe	firefox.exe
PID 772 wrote to memory of 2656	772	rundll32.exe	firefox.exe
PID 772 wrote to memory of 2656	772	rundll32.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2656 wrote to memory of 2664	2656	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2424	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2424	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2424	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe
PID 2664 wrote to memory of 2776	2664	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\persisted_first_party_sets.json
1⤵
- Suspicious use of WriteProcessMemory
PID:2940

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\persisted_first_party_sets.json
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\persisted_first_party_sets.json"
3⤵
- Suspicious use of WriteProcessMemory
PID:2656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\persisted_first_party_sets.json
4⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2664

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.0.156024122\134717680" -parentBuildID 20221007134813 -prefsHandle 1236 -prefMapHandle 1228 -prefsLen 20671 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {498b696d-14f0-4642-a8b5-d8ea8200dd5a} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 1312 11ceae58 gpu
5⤵
PID:2424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.1.848383802\827831252" -parentBuildID 20221007134813 -prefsHandle 1504 -prefMapHandle 1500 -prefsLen 21532 -prefMapSize 233414 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b32aa49-7f8a-4e29-a5d7-0a078e1b8d6a} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 1516 e6fb58 socket
5⤵
PID:2776

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.2.2071160316\1099118277" -childID 1 -isForBrowser -prefsHandle 2148 -prefMapHandle 2144 -prefsLen 21570 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbab1847-d468-4712-99a7-cd2eeedb081b} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 2160 1a1ebf58 tab
5⤵
PID:568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.3.586319835\573469478" -childID 2 -isForBrowser -prefsHandle 2824 -prefMapHandle 2820 -prefsLen 26033 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b5c0da1-1695-45b1-95cc-af825295f5b2} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 2836 e62258 tab
5⤵
PID:2120

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.4.1215675718\713056345" -childID 3 -isForBrowser -prefsHandle 3616 -prefMapHandle 3612 -prefsLen 26267 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {86125869-46dc-41b7-95db-c1e371659c1d} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 3628 1ddbb858 tab
5⤵
PID:2564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.5.1659709789\1624782410" -childID 4 -isForBrowser -prefsHandle 3736 -prefMapHandle 3740 -prefsLen 26267 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bc47266-2881-4573-ab4e-ccf524eaf7b3} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 3724 1ddbbe58 tab
5⤵
PID:2288

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2664.6.1699250543\697031248" -childID 5 -isForBrowser -prefsHandle 3904 -prefMapHandle 3908 -prefsLen 26267 -prefMapSize 233414 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a40c3f7b-9668-4a7b-b715-44ab2016a17f} 2664 "\\.\pipe\gecko-crash-server-pipe.2664" 3892 1ddbd958 tab
5⤵
PID:1640

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ru80b8rf.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C
Filesize
13KB

MD5
9adbb1de06ef2011fbe0e045732944c9

SHA1
753de6fe40e561b482073571f9788aa3c59ee5ea

SHA256
be112149b71a9412485b5eaafedf1ef9f263eda332c44c2272a22b2e1382bdde

SHA512
bb2e23fd8aa28f73c65844f100e2ad81ce5022ce69404cf6e146ac1cf39e99a75947c68872a7c7b73d6edf6076af90ea8c11d98f82d72529d5ea58ea52edf83f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
3.2MB

MD5
ad46c7075ffd66b48818e52132419439

SHA1
ec9f404354411de53cadec6b37b9e09e572b53ff

SHA256
65083be9ecb9e428ef60cf81303eba11dff5512015022dd0afab76606d5f7405

SHA512
e672836201e00f760e63830c38b961ce0d441728a99220fcc8815aa2817d0ec733157475bbdc00a4208d05084f973ba218258f036e7929aa37293fb16ba629f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
ac72a0720f73783f261ac86f4ad74e2e

SHA1
5a471c3e7da852e3913951b1f0d8bceb3560cb06

SHA256
c4607cfbb997549acc4066dcac76d203bbb8a36d2eccd57f1e67cfa3359e0f78

SHA512
c0399362db251423fad32436c624dc777915fb15eda74a5470bff19aee59cbc652ef6ef8af9a66dcf0915a62fef8a38dcf39d9e33f0b2472e61a20774fcaf6be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\datareporting\glean\pending_pings\9c288dc9-1336-4c3b-a624-9cc1e1872ea9
Filesize
745B

MD5
cb3f67b171f81b565d6388428e9c1a0f

SHA1
e223371702eabf7b8d7319020b00a59f8e8f56cf

SHA256
8c5cacfa8015dd3307935463a2b959de70b780e2dccc0e2be07e96e05d72542e

SHA512
f255943fb63c469a3d82a40e906801119907777200a08ebd48c6a9c6bd0d4f54bb727b0bd99d2d594868ccaeb0d641683c9b7b82b82237eb11a5a283b00a4d78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\datareporting\glean\pending_pings\d31cd874-e728-41e6-93c0-551cdaa6d10e
Filesize
10KB

MD5
9f6c99576f09107ad0e603aceb2320de

SHA1
358f64fe701f45af8bfb3e34eb7b21194360d39f

SHA256
d696dc18f4bc0c8646ff3c2e385ca540ff904b85a34d82b0d69cd50973e38162

SHA512
c46e091e2d507388ae1403bb07ffbf17277980763915f37d120b43538e0ee0f713907f4f9ca71482821a7fa2b91e46e9b92efc027af0f04cec9571dda6325a2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
1.5MB

MD5
ba4246dc7d03779d436a7e3e53a75135

SHA1
78632847ee9dea64332592eed2e2f75cf57c7d03

SHA256
c050ab79fca1a025260e5997d9a2e5168e68eaad830a7e3d9acaa1bf486fbdda

SHA512
8b71c2d842913255658332df53115543d96a6dd364b9e8f810bfc673e9a4fa1b886dc07082b3088aeee39d5d2add42361323a3ac98b6650bd5abd70d2df975d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\prefs-1.js
Filesize
7KB

MD5
c933daff0aa1f3de197d0468f3189359

SHA1
9930deb64434952199dd5200e13c82c27775d0ee

SHA256
eaf30fc7795f5b548a90584ca8970eedc899d79e4454187c6420e01a6b3bb8c1

SHA512
75eb2b8df0368a1c04b1de6526c77cdf3ab90a1e3d4a4952ed4fc4f0c65db360eee6d1fcd561ecec86e099de303e1350e2af122fe7b11dccdbe7b22e4acb4735

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\prefs-1.js
Filesize
6KB

MD5
2fb290c3a22f2bdf25fd354533f36be5

SHA1
c51bbee518dd996f22e64c5f5aeb091bdaf27507

SHA256
a3b3cccbe14745874a1dd1988cf1dd5d70124262d3c159d757b2fbfb9ed7d7c5

SHA512
6e6a5cd269d0c66ddded06efaaa75d6805515c3809dde7aadc5af1ec964625fe93554a3a08ed6e600bfdb88f0ce17227fbaab61a40356a81335008959cdf5633

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\prefs-1.js
Filesize
6KB

MD5
062f3756846f810f55a809e1789c3649

SHA1
dadb4d1d260fa64e5cffc83b6aaa5ffe540f01f2

SHA256
79e1fd9dda814c0377bacfb7f97c0b4dfc0806a517d11b7e79ea29bd239b5caf

SHA512
037cc6303c02192d758b60f68a04b078339ea2fc120e66794228317b11991cd342d8ed048a6295ee09fde2870fe9f213ad252322d3f92b8e0172a1a3e70c12c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
fabe83c43f2449bbbda6ae10e9d05b31

SHA1
90e382975511168fb3267c0a0af51ff413fb7107

SHA256
98d1f489134d0275fa0a9728d8685fb554cb75a818c2090d81c45d68bec81f72

SHA512
d0ed3eb489a7dbf2f2550b635f69743b54ee9b371ac64194824eb79dc3f8b2c68e681ddf64d1a5ffb4e6ede4c4f97629430bc5a4179344dbe43d48fefabb953d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ru80b8rf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
4.7MB

MD5
09b7d2e4c2c7be4dc538e92d020af121

SHA1
eeec853ce00e513696492574f2138ff62cf30784

SHA256
239be541997b1bd82c7b84c137f0b6c8016556d435e79c57143ee26a954d6567

SHA512
6ee6e125fbb5a4c8eda872f5bad5da862003e51959d08cf7e8a48c2af8bd139781eb9d2ad3f7f9bacd1eb14836f4be662ea0c860cb4e35b026d2c41ff6bbec71

Download Submit