hxxp://catjw[.]com

Analysis

max time kernel
271s
max time network
261s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://catjw.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4152	firefox.exe
Token: SeDebugPrivilege	4152	firefox.exe
Token: SeDebugPrivilege	4152	firefox.exe
Token: SeDebugPrivilege	4152	firefox.exe
Token: SeDebugPrivilege	4152	firefox.exe
Token: SeDebugPrivilege	4152	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4152	firefox.exe
4152	firefox.exe
4152	firefox.exe
4152	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4152	firefox.exe
4152	firefox.exe
4152	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4152	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 2832 wrote to memory of 4152	2832	firefox.exe	87
PID 4152 wrote to memory of 4528	4152	firefox.exe	89
PID 4152 wrote to memory of 4528	4152	firefox.exe	89
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 3792	4152	firefox.exe	90
PID 4152 wrote to memory of 756	4152	firefox.exe	91
PID 4152 wrote to memory of 756	4152	firefox.exe	91
PID 4152 wrote to memory of 756	4152	firefox.exe	91

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://catjw.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://catjw.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.0.1639516641\404111883" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2040a541-05f9-4474-b4f2-a84be0f43be5} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 1992 1fe7f2caa58 gpu
    3⤵
    PID:4528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.1.870953212\1593588524" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2404 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9bc4326-bcb9-4ead-8510-ca2bb0b1f405} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 2420 1fe7effde58 socket
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.2.1064606861\2139436112" -childID 1 -isForBrowser -prefsHandle 2932 -prefMapHandle 3068 -prefsLen 21603 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8f00ce4-26c2-4e8e-8c90-6ee9878c0e83} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 2860 1fe032b6b58 tab
    3⤵
    PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.3.1682964970\2121400015" -childID 2 -isForBrowser -prefsHandle 3816 -prefMapHandle 3812 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e22bfa14-a211-45f3-878c-1c53d2beab3c} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 3824 1fe72861158 tab
    3⤵
    PID:3992
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.4.345163141\511716125" -childID 3 -isForBrowser -prefsHandle 4868 -prefMapHandle 4860 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d31ed431-57a5-4714-915e-0e80b17f2c19} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 4872 1fe05d08658 tab
    3⤵
    PID:924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.5.87121497\848936268" -childID 4 -isForBrowser -prefsHandle 5092 -prefMapHandle 5088 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95f1aa5d-f438-4fa4-98d5-74a2fac80382} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 5008 1fe05d06b58 tab
    3⤵
    PID:4420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.6.183924146\721979611" -childID 5 -isForBrowser -prefsHandle 5228 -prefMapHandle 5220 -prefsLen 26300 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7678fce0-2911-4a0b-9c24-9ef631815138} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 5224 1fe05d07458 tab
    3⤵
    PID:3696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4152.7.515382266\1795325623" -childID 6 -isForBrowser -prefsHandle 5640 -prefMapHandle 5636 -prefsLen 26381 -prefMapSize 233444 -jsInitHandle 1396 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c3bc387-475a-41f6-80b7-8276c9cd5c75} 4152 "\\.\pipe\gecko-crash-server-pipe.4152" 5648 1fe06289e58 tab
    3⤵
    PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
da9ea6573dc43b8748761829debc1529

SHA1
579c1fee49c68f1b53b6e71e20e6b548e4cb3663

SHA256
e51b605c57555717be46247e5bf0f9e11f520e050a9fa9f3212ec9110959967a

SHA512
4305e6d15c185164b1dc896a42666796d0d0b9a626becef21c3f86800b36aeef466dd0b02af72d4c9f1506d49f9183dc02810fb62f3b6f98fc92a30164827184

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
6ccc70469590f08a9410401f2db32662

SHA1
055d53c6a99695003d6223d076e99932e2319594

SHA256
aede43e879bc03dbfc785cdcd438b4d4371c276b36bcce89e5c01bc5ca7296e7

SHA512
b88e42ebc5a2131bdd45b89e79e49cdd854b7d58659d7fcda59513549ff3a712de5e65bf9a45d73fafe5ff64b455ac7b24b145de8878fb257736c757faa0ff65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\bookmarkbackups\bookmarks-2024-03-06_11_Bkue46DMJqtnj4X9ytypXw==.jsonlz4

Filesize
944B

MD5
eed3c81e7a7d7f861edc6c6b72da3e9d

SHA1
25e1e59c34894004b1bb333a410810b0d8911441

SHA256
9fb48ba9c291e61e8b5ec2a5fac312f010c4b026d9f7014fc1c0401a0e2d42c1

SHA512
47c87aa176411ea921e0a3ca6360626cd6f37ff49486fc915098244506c957e0cabcc874fd5dcb19f93cbd234088e0050d7f95345fc6a41986f2bc497d3bd61f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
2102dc8d143ec1f49bc6b0db5c6f95b9

SHA1
6cf788ae9904ab0f1ad949a1d0b85b1d408f2b4b

SHA256
d0de7e7ac13d65cb23ad05a8f66d44be601cebb0e7e823273b60fbf5e7d755a3

SHA512
ab6f02be9e1d2a6e07548a985e122a8b85c39a7def5eb3ec4aac15bac4eba4cb60ef9fa1ee9ffff59b86ca54515ba7c69657e0ea45dd82c2072896a49e0eb044

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\7d01f755-52ca-4c92-86fa-29d486c28afa

Filesize
12KB

MD5
3e78300c9372da1416430f293b3f808a

SHA1
f71925383ad17c663d436ef2c618e3a6b95476d4

SHA256
69098ba95e0eb8c9bb9ae340dd97246d5af6f6a2634448d1c786be540ca1982a

SHA512
bf8146dac4a302ddd89236e2a41cac5eb5dd688f5458efbce8b41be4da47ef4f5f25505779072ae83d9428ecb2cd46f51da92b6c3e53fb652e8f27f93024b274

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\datareporting\glean\pending_pings\8e4ea03c-1c4d-47e8-a920-ce671e57e145

Filesize
746B

MD5
af88426f69aabbad82c21065b8ef6ec8

SHA1
4f60b6189de896ef13b1fefbddaa41d4bfe1fb99

SHA256
caf85d1786691c9009d1a1cb5fc4ff39eab241db712e3879fdc27353c3612f23

SHA512
cff03e666109baeb8e8713f9768d50c3ae2f98c63bba224a62e39d909fc7af4f9922bb6f5ef5436a5365a2778014fc95b9624a8e727b165d5dc88de9c237455e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
6KB

MD5
386ccc4fab9de2f45e3d43bf1e23396b

SHA1
cfbc6cd8a9451ff269b5f8e7a62e1420174b8c5c

SHA256
90126e514073d3a036ace5aa6a0b980f4dd3f544551df0a59dbee97930343311

SHA512
a56e5f27e7fc1bddf65a06d2a5c747e655fe3a9fb88d0399a869ba225fad1d865e27787680127cf727f2065a5973310425d2a8721ec49a7a48c209155e5b70d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
7KB

MD5
ca60d20000a814e09b99b785cbdb346f

SHA1
02440a1297e11f1dc4508aecdbe37f360bcf0978

SHA256
10173f203b83adb69cf6adecb9f25eff77e0f9721cb80b0bd0355983167118b0

SHA512
ef703ebe2d19230e11b33db2b19fea59012351484517b486570b340665a9f5ee12baea2ad2b6bdcd10367ad7dbef033f53de1dc0c574d6081a7b5c2b0c149317

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\prefs-1.js

Filesize
7KB

MD5
52bce195d9df0f09d48efd14e75ae179

SHA1
05101c47ce823376225c7b2e5b17587c7a58f55b

SHA256
cdb22ebc1917d858cf21e231f6710346b39b81e07a2335b2e7548d52a5bfc624

SHA512
09663fad24c90dca34c41fab1e73d99ceb745dbec5a079e342634f161e22778d0696ed0457fc91283ab530ae35d9f74011ad6cd6a12a5a4186687e66e290f62e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ada6e2f4a239f2b0da1fa09dfe2da38e

SHA1
171f7a71909b00524f9ea8e0aec1c1d2b9b232cd

SHA256
caac0ef620181700e361f5d15c6cf81098ae23dd8628448592a823e00885affa

SHA512
3ed7d6f435368af7bda8310b9d33d342763db4484e6df5931defcc05fe467cd1f423b85ef5957bc1665cf54e02f9ae258aa556442b12fc0751791942e992cd88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
0133553c819b58aae59aec6dbae20831

SHA1
406b1ba99519642ba8976d856bc2bbea36e15ab6

SHA256
f0286e1744ae4c9e07344ae73f9899025324ab03605abe06b0a8a4f143b8ef01

SHA512
21fe1bfce8bef948efbbc06d1464f7907d09485bfeefeda303f2dab77e06cf0bfad7105afd0234108db7eaea9500aad69f1aa43e67c777e93171cc808825d9a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5700e2ea222254b08a9487cdc066d489

SHA1
1a4ab8dbd8401042232008a9fd5d93b53808c85e

SHA256
2e4c5b8ea1c9270732e9ae95bcd1dbd4ed6676f3bc7ca36edc1eae429873ecf9

SHA512
faf8c319d94e5a3beacb2037713d7100a0b61bfd44f454f139eb340d2edf29345bdf45a1c8efc3ef68eb944a4d0119a9038949a61931d4e00ce70f0467cff916

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
fb6b134402f724e0ce540720c876bf7f

SHA1
3a3f9ad8d3563d509a446be4f22a9c633740f824

SHA256
bdfd9dbdb577c42681f4fbf07f21dc0360a43156e13a216e3764f3b967071722

SHA512
342bd895a979ee6fb04367a1fa450532dce31aa1f5c2b7d72e5cdde51c3160b7fc52585f2740c3fbd57c8cf21dbdd90e69fc67b66079488b6c199bac1cc064d0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
bfa2a2446e5c994927254ddf674d4035

SHA1
d5d1815778c59c2fdcbaf91f09edc8dd7b5d8d48

SHA256
9876517f61976e204b6df0e2f81544bef851db11af3c16a0de348529d6de2717

SHA512
2a62640f1aa4ec66ee071c1afe5c2480da2b1704cf9b74cefa543c7688c376cd6cb70954e60262e2d119101c4d32d39146e0b026aa20b8db4524a7fba6641814

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
f3473e7943e534fcfd17c10f7f0230c8

SHA1
4f28b1d2249b4606c97e99ef9e7791832414f786

SHA256
abd243b0a0cce491098de4b798627c0a2245414daf32a23a7c3254bb6bef1831

SHA512
59be087efcc5f8eb0341b643263fece9ec66d313c740856df42eb8b39ba5a998a23d04bf17ce64ad0ed2f8f3b8bbd10db245afe43ba4b9cc69eb4a5e38d75d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3b9284d1e39eb1a96827242b6f1ae9c9

SHA1
7a65546ad8d3c4c9dcf7313ae31c05b3b8e93938

SHA256
ec9ac18e4e0a0e51847589354c6f606f13e64c41d8b10791dd6a9d2f88f96c63

SHA512
c2bcccef7624b3ae00f12e4819036d74ca04a31256f00137584a2d4f98af4fb695bfeea89e1c58cc8a6b7677cccd1f4c16de34fc34fae856c425f139f32dbea4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0z1r4qkh.default-release\targeting.snapshot.json

Filesize
3KB

MD5
a8b7e9776e7f141e264057dfa3dda15b

SHA1
b36bf47f938e4213b174c78a9a53690185dbbba7

SHA256
65cb205187a6aed281b6608cdd7f2256266ba271a33b8433281eab8cdd817214

SHA512
0f4becacb0c3c68994acb1eae180c31749a5333a4b8d64fe9b34980a2f483ad8db62a90372a2232589fe30b41ddddf96049e8bdca0814e6e17da94cad95c8ada

Download Submit