f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d

Analysis

max time kernel
1726s
max time network
1506s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 18:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a.htm
Size

1KB
MD5

752a1a8e638938f8e466e838b330f7b1
SHA1

5a66c6f7dc710496af18360253677a62a5bc260b
SHA256

f9753221feec9d106c5ad16120eb8bf9a6fcee1625d870373de7496cdccf4a4d
SHA512

e6f1333f3303b5c30e59e13baba529279fadb5a83b3984f0f83bffd69978146e062ab82a01e04fd7af2bed8a85aa6512acaebf24604c02a317ed8b633d736c43

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2388	firefox.exe
Token: SeDebugPrivilege	2388	firefox.exe
Token: SeDebugPrivilege	2388	firefox.exe
Token: SeDebugPrivilege	2388	firefox.exe
Token: SeDebugPrivilege	2388	firefox.exe
Token: SeDebugPrivilege	2388	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2388	firefox.exe
2388	firefox.exe
2388	firefox.exe
2388	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2388	firefox.exe
2388	firefox.exe
2388	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2388	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 4212 wrote to memory of 2388	4212	firefox.exe	40
PID 2388 wrote to memory of 2800	2388	firefox.exe	88
PID 2388 wrote to memory of 2800	2388	firefox.exe	88
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 4360	2388	firefox.exe	89
PID 2388 wrote to memory of 3064	2388	firefox.exe	90
PID 2388 wrote to memory of 3064	2388	firefox.exe	90
PID 2388 wrote to memory of 3064	2388	firefox.exe	90

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\a.htm"
1⤵
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\a.htm
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.0.1105198436\1360641012" -parentBuildID 20221007134813 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d10eb28f-3c10-40ae-b223-0359d2e66cc9} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 2004 27fefa04458 gpu
    3⤵
    PID:2800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.1.672840987\305031415" -parentBuildID 20221007134813 -prefsHandle 2420 -prefMapHandle 2408 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f741b8f-ae8d-4eea-ba75-6866e50032e7} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 2432 27fe20e6758 socket
    3⤵
    PID:4360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.2.2014211477\146075065" -childID 1 -isForBrowser -prefsHandle 3292 -prefMapHandle 2960 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {82501cb5-028e-4c5e-a4fb-cbd21d09b9c0} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 3028 27ff2af6258 tab
    3⤵
    PID:3064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.3.1344375209\1856276320" -childID 2 -isForBrowser -prefsHandle 3552 -prefMapHandle 3548 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8959269a-41df-4e85-9ad9-85700d7342c8} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 3560 27ff0ed6558 tab
    3⤵
    PID:3848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.4.1111522665\195197764" -childID 3 -isForBrowser -prefsHandle 1548 -prefMapHandle 5036 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7bc1cffd-9cc7-4089-8865-9c68a6639c1c} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 4664 27fe2060458 tab
    3⤵
    PID:2712
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.6.685557527\1685890174" -childID 5 -isForBrowser -prefsHandle 5428 -prefMapHandle 5432 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7178fcf-d2a6-48a9-bbcc-1a79ce4e7ab1} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5420 27ff4cb5858 tab
    3⤵
    PID:2288
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.5.202649656\1503770956" -childID 4 -isForBrowser -prefsHandle 5236 -prefMapHandle 5240 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5dfb8a0e-a12a-49be-abef-586edf5a4037} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5228 27ff4be4c58 tab
    3⤵
    PID:1456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2388.7.1387031344\1190122970" -childID 6 -isForBrowser -prefsHandle 1548 -prefMapHandle 5260 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1240 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adf5a759-e7b6-41cc-8087-ae62007b7f38} 2388 "\\.\pipe\gecko-crash-server-pipe.2388" 5740 27ff5c8ce58 tab
    3⤵
    PID:2860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\11426

Filesize
9KB

MD5
692bfd37d5be22fd207b8aaf75a81e4f

SHA1
ca88308494a14d59fe187dbe07e3968490dffcd3

SHA256
dbc847fec70e82d261de0683a262f0c50f8f59c2d26313efc1749ee6bf442281

SHA512
80ed4bf930d08f49df58f0d792a6acdfd53203506966f963a7e80267a2bcc53765220527736b33d10bef484897e70343c32c53709019609aba4c04d8f8d12837

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\entries\E66F5AA5E3C285C270CF84BD11111C74D38F245C

Filesize
13KB

MD5
0ca3f326b3dd75d286edc56d70308f64

SHA1
fd8d0bceab70a9bd6e9ceb033e6739fff6c0be4f

SHA256
164973e4bcdb1238326ab37fa74886b5bf88464288b70f01b7d57cf10499c54d

SHA512
5d0f370fa239fb531d82f2f7ef652cd5f4e1c6689607c47f7d5fa90a1549bf6e36eef64aaa2d7339e570c3006b24f6cbab81595cae8c3820a986346f35be7565

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
540258e1c8e841f01d4d666c2794562f

SHA1
3276600dd270c967c71dfe3b6155941783100339

SHA256
1facc709a19316f812bbd471ac0451dc3de6172100f1569cd9537ac2ea60e43b

SHA512
9510f1e475fc5aa1276ed1b214c28cb2db2437c09ac2f699593e077727a41f079effc912d7c59e7edb1ac206274acabc5cb26aededfdc6787e2231a6571313dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\AlternateServices.txt

Filesize
941B

MD5
525844c9563e3be806101484c4b3c0c1

SHA1
e317da60dc640258ff11fb5130cebe2d21572695

SHA256
3f45ae6adf4197dda2c2268fcff4ee54582f63e6673f1e873e3a023bd30a33c5

SHA512
eccb95c6a04f2b62b24d8f8f51ad96d34df80ed237efab2227551760ca92805e97981895751829793f30f2116bd39127ca1e1e3921443b93e4c8fa0a08ea4fc7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\bookmarkbackups\bookmarks-2024-02-28_11_CCpZVMvoZkGDpI3NsstdiA==.jsonlz4

Filesize
945B

MD5
50a70a8bf59da6baf28287acbd719907

SHA1
613c5fb4908c603026a6d1089e2d3b10e48c728c

SHA256
9e785279d1028bde50501523b5da6ebe1dc70046dd1209fdbea49f4a0386185e

SHA512
df5177bed3498c2bad8a4645d3d4767344644156856599fcca4a777c753e4739dc669fe31eb281f0c3933c4b732455493e43b4ab110abde4774128b91ddab2b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2666846ca405c25fa2ca1080b7dda709

SHA1
6ceca5757cdbd70d4f0dffbde9389a3e4ab64257

SHA256
4bde4190af97d65b54c141f56984e71c9ba3382ca7805b03c622f3a6ce0188f7

SHA512
36831fec3d690c8af4ae1797670385763484c3a3176b035df3e385b93dda4c7b7ad97aaea5ab580c7f6ee8566c5ce735a0bd53bd5c3548c4bed618ce66d68be9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\b453260a-1ebe-4002-9175-19d097f4ca6d

Filesize
12KB

MD5
32e8cab3d9948a272cb7993d586a3d1d

SHA1
93c334dbe369a449ce6cfe966cb8f3dfe9aba9ac

SHA256
5ccb856710504ad17ea5da400c690dd281cc363d45106ba6196a85c058513280

SHA512
e3fd4c3137a5417f57c8536ddef86cb91db0fb631e21b17579152aa2212b6a723020862fffeb69dcd65b0d6c5b1bd603c5121c44e2bd64ef59c42095b74baaf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\c84fe672-5233-47e2-9cf4-59dd4b2e85fc

Filesize
746B

MD5
fe8a8444c82f52ca488158bb3b1b0de7

SHA1
99db77220a5e46398c0419d6979abe32343cd509

SHA256
7acd84d9daaee3450f03f74532a44c74a3bde6650784a28850d6e3210b62caaf

SHA512
bfde4c0661e9b8a0adeb0131095e14320c927a3fe80e1fb8c3a5afaea2ec5ee7eeeee3c123f3f3372603900c24dbe88ad590d46a186077f9ea14e1c6b6a95701

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
6KB

MD5
2bdae60756bc2b679860dab3e0c8dca6

SHA1
5de00879ea10486a5a62283df6bb82b5855274fd

SHA256
2cae7bea67ce37ef22dc5da3d2ee48420fc1be8790e9484da5bcc9e49d0fe28d

SHA512
9a2347e32535258c7e8711eff99ea4be49a455819e4cebe0d1f87b55640c8a42d9e5fb4161c45b67481f09e5c39f7ffa23a75996044d231f3ecaa5631a0df3ea

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js

Filesize
7KB

MD5
d85bb597fcea33799caec7a0db5ef863

SHA1
415d3cf70bada5715b427ba646ca757de58e34b6

SHA256
42e701e601b7bd96b2834328e9504be9f987d4deaa8f82e8fc725061ad2fdb8d

SHA512
a5f955514b6aa2605da75800b381e3378f504fe42db87744c219bb498db8816f5b7a5cf5dc6c6047c37378f23f260fd3833e445af6160c1166d85bd40c10c6a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js

Filesize
7KB

MD5
7b17b803489e3e32314f84b54b61bf9a

SHA1
13ddd4b9a6660ce4d48f3850e24938e2f761d31b

SHA256
e6e5c3a536fda46d16c08be6887ee771f7059eb6eadc0599d27f756b62e5da9d

SHA512
f815051a0808167911459f358ee7df2f7be3867e1465f62be06a19f80af04518a95cf1dd413c4f8c55911bcb927ce742d9b04a0c1984f19bb62c84bb301453b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js

Filesize
7KB

MD5
0b838a8eb186c97ba53974675626f480

SHA1
197078cf23639d7bd5a4d9342c49deb339af96d2

SHA256
bc6710a17cf162277bb1ec0c25e7b9fbac26fdd77dcea006ccbadb10671bd6f9

SHA512
c7b2221c80d9015c25e2b16de6344c8eac62674d46ad6d48a3dcf7a89c8ce1e4275c1097a622f6f1b64df92158bd2189a606a047ff67ee3aef42cf564bdcd027

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8f8f42eb1dd8e187ed736ecbb218592c

SHA1
d559bd4af85173aaca0b59088c56fa9292efda0b

SHA256
78e96eb310970403b7969931bb269badfad8c6a7846dd04b58aa0723000b2332

SHA512
571ae5ce2c69e5b5408b063d0ce8742575cd333e961894084f6fe12f235d9083ba5e6819e770765c39c4144f8dbeadb0e8104baa1e029ce760fbe43ca0058fd3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
6aecf74a10026bace8f65c4b7cfb2339

SHA1
9fdf3af5e71615a2c20c4266898f4ad246d00a9c

SHA256
b2516193fa21a8c80cd02f6a955b8e8275d0245b5eaba9cb6bfac2b27bb5c76b

SHA512
b78ce04c24280b7b2a8225ef99c46b5aa1232a56421aad6e281f912331e63ea817852fb8baf73b0fc6afb2a5a02cbb02b609454f6db8456ce8ee0a628e6d8686

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ebc65a9d4e57307511057a0f95038d3f

SHA1
33c2babfb93214d8396e19140bac2a27adb67d2c

SHA256
3239472c6695500e4a588d210beec8dd5dda253011bab14063965a019ec45ebb

SHA512
d79908b8bed1f0c33dbab5922ebbd264616b6c8591f213dee525dcc0d276bbde98985da490440e52c00345a3034568bb6f4cf7412632d156631516fc4414d11a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
aa190c230121247ecb39e7c1daf978e6

SHA1
038b0e9c7c41844e989bd0f3d6f4009d01307e45

SHA256
e6289bb53c61830a13beb1f1413c544e5d131346923ebdb0839b4efde8c22382

SHA512
a6492e050a08dc0f17e43a61ba101b5a91201066e611fe92bbc21138a55c9d76d7cbcfc9b8dc4e43b67ab9ea00e0b65eed7194e44e224b6f5cd297167bceac09

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
cef98e209d569cd26afff54da887ab27

SHA1
15405b685970303f20fbeb00a2eadfa4bd24af43

SHA256
426973fad3e25ba7893aae8b193cd8b871ace5e80e7bf3f2118478af27da9e74

SHA512
174390cf9508217bbc79e789f00123cb40152ac0f6d32667be6f264ee409b39d290a3fb411ecdbef47eea4340b547ce3d9574a316568153f2543de4a3666af5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d34b013da084f2a259236243b6e97c8e

SHA1
da81bbe4a7702c716c4f71ffe9c11e71f153bf6b

SHA256
50f7e68b92e07e90a0e63a65dc03daccb0ee8f8cc1ddafb5c416115ceac9e61d

SHA512
0e39f8c0031db1b0116ace1677e55318c59277ea03fcf03c5f2b23cdf10ce365c371544564517ac2ff9b60f2bc3d5ce36055f8d3e3a5363d30e586991814a801

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
bbb749edb947b276158845dba5b23808

SHA1
30a42bb86001b766c492942ed1142227f51b2b62

SHA256
1ddd7507d0a5681c116eab98233037c558aa728260d7e8f114491549cf17c592

SHA512
17b3899e80208c70e187c2678f8a3608fe5ac594d6e72d1e7030c250c86e21f5af79d604eed34f4d8bd9ee8f663002ddca7bd6654835dd9e2e4cdcce51ad963f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
208KB

MD5
7b53d6357d07ef96afa9a08c2c92386f

SHA1
f070ce6553533e020df97277db5812ebf39c051c

SHA256
c58e9a35eaf38d8a38d3b30ee3ce3391b5a6afd38d0819e0f0b001473b499a65

SHA512
0f64ed785013be4bf18114fbf54d93b156df2431bc188ac066034e460854ee71833e8ab2d5978a7c7286c3b436ba93c7da185deaa6ce113ca91f5eb7bfe443db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\targeting.snapshot.json

Filesize
3KB

MD5
1664a21aac58a66456fdf7e59e36ef05

SHA1
76ba8b9b4c9417ce81ce4accd53ebe70de3c6b95

SHA256
bd6ddeeb2f15b9a98b625c7a6401bce64e075fa237e55a84b0755b646883d46f

SHA512
4168e15e32de109e3a5f7fbd7c4309b9a6bb1b40f4b4f2b634781544ec8edb8eaf48e8e30866c14b609d6623f8cf4c78e5658e02167dfe8591608c016f4e10f1

Download Submit