hxxps://www[.]puzzlefurniture[.]com[.]au/brou/brou/

Analysis

max time kernel
1190s
max time network
1199s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
07/03/2024, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.puzzlefurniture.com.au/brou/brou/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4148	firefox.exe
Token: SeDebugPrivilege	4148	firefox.exe
Token: SeDebugPrivilege	4148	firefox.exe
Token: SeDebugPrivilege	4148	firefox.exe
Token: SeDebugPrivilege	4148	firefox.exe
Token: SeDebugPrivilege	4148	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4148	firefox.exe
4148	firefox.exe
4148	firefox.exe
4148	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4148	firefox.exe
4148	firefox.exe
4148	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4148	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 3036 wrote to memory of 4148	3036	firefox.exe	95
PID 4148 wrote to memory of 4572	4148	firefox.exe	96
PID 4148 wrote to memory of 4572	4148	firefox.exe	96
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 3980	4148	firefox.exe	97
PID 4148 wrote to memory of 2060	4148	firefox.exe	98
PID 4148 wrote to memory of 2060	4148	firefox.exe	98
PID 4148 wrote to memory of 2060	4148	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.puzzlefurniture.com.au/brou/brou/"
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.puzzlefurniture.com.au/brou/brou/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4148
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4148.0.298608534\1226999207" -parentBuildID 20221007134813 -prefsHandle 1864 -prefMapHandle 1856 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cab882b-694a-4fc2-a15a-dd71e133fdfc} 4148 "\\.\pipe\gecko-crash-server-pipe.4148" 1944 220d59da558 gpu
    3⤵
    PID:4572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4148.1.1654341593\1297528873" -parentBuildID 20221007134813 -prefsHandle 2356 -prefMapHandle 2348 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf39c5fe-5c1d-4a67-8bc5-38d577efbda2} 4148 "\\.\pipe\gecko-crash-server-pipe.4148" 2368 220c1e73b58 socket
    3⤵
    PID:3980
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4148.2.804379861\975321943" -childID 1 -isForBrowser -prefsHandle 3228 -prefMapHandle 3224 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {af01430a-0d66-4690-aa07-96fbf923aae9} 4148 "\\.\pipe\gecko-crash-server-pipe.4148" 3144 220d9bdb358 tab
    3⤵
    PID:2060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4148.3.1477107516\508417137" -childID 2 -isForBrowser -prefsHandle 3920 -prefMapHandle 3916 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2a36cae-7d45-4dcb-8ed4-489775e38180} 4148 "\\.\pipe\gecko-crash-server-pipe.4148" 3932 220dac66558 tab
    3⤵
    PID:4924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4148.4.1408478712\742127983" -childID 3 -isForBrowser -prefsHandle 4952 -prefMapHandle 4948 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4bb03266-5ee6-4bb4-80e1-aac23f8c4b6e} 4148 "\\.\pipe\gecko-crash-server-pipe.4148" 4924 220dc4cc058 tab
    3⤵
    PID:2224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4148.5.742164754\966446250" -childID 4 -isForBrowser -prefsHandle 5076 -prefMapHandle 5080 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {be7f1cb6-37b9-4b2c-8997-9d249d9afef3} 4148 "\\.\pipe\gecko-crash-server-pipe.4148" 4956 220dc4cb458 tab
    3⤵
    PID:1568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4148.6.776967010\1380372711" -childID 5 -isForBrowser -prefsHandle 5284 -prefMapHandle 5288 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1344 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4cfc93dd-982b-496e-8830-9d161ea9abf6} 4148 "\\.\pipe\gecko-crash-server-pipe.4148" 5276 220dc4cd858 tab
    3⤵
    PID:1804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1416 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3924 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\30042

Filesize
9KB

MD5
e3473bbc7c25b550fd08708ddd189ee7

SHA1
bb6be78c4c5deabe0f3159ee1b06cc48e76e9e12

SHA256
1d7db1dac9528a7aef94652404ceb308b5dd1129896cf18dd830338c8184e815

SHA512
cc8b88a85dcf27f92718efd98477571305ac9753983f71ee9f79a82fac184b4147023b7afcad0951f5a87301287bafc31178a455e182695309984b2d7db15433

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
3.3MB

MD5
f5d1b71241c631445b24c1440acf230d

SHA1
e16e5779d855860fc47d573ff4a68df2fb6afc35

SHA256
71b12054800fc9c17afc787be5bebf633267ff07d0a1e69fd16e38a83d227733

SHA512
c7cec7325811318a93753432bc12fdb40a93648feb68140aa5e3bf62b4911f9a25f38d1664e54bc35cfcc2c00d9d97b6c74c9cc5a7758efa375f409cf6625d26

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
7ce8cbded537bba79d25ad3b511eb37f

SHA1
32ed35acf1a7501a0f04e0c1f6d8cb2856f320a2

SHA256
0de6c31c5baa72cd884477b5fdc613d84e12b1cf50bdd494328eede0a11149a2

SHA512
be22e5bd5177453aac8f3e2cdb2f0c2d9ffb221dd9043f03ee3be3d409b2704972f24e1dee8d1af78798de7f357bc62f5b1b1bc18fafb6e673b83e768cc68889

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-03-07_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4

Filesize
950B

MD5
4f250385aeaa84a357a344af5ad6354a

SHA1
4f1ca11ca083ed02b315c489223a20017a6ecbc4

SHA256
1496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264

SHA512
16e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
0bdf2cd42346923fb7d409420a853ccb

SHA1
8fcd65c97bb775c9432a1cfa133eb29b022952ca

SHA256
1117882a4825dfc5ec1bfad4a5af4752c689cd649620772749fe3696611eef8b

SHA512
72f2c04d4c106be66fe9990eca1f8d9be75fa464f6a93fe45b5640c98bbf40032050f8431113766517e8c5a778d8b7b5247b8534840f33c707817b0b726cd984

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
fad20172051ee73e278e0139cc19062f

SHA1
af8e847e741224ec484111073352ccebd325be4c

SHA256
419120c2add8f916ce58986c939f153070ca385fab0f0097855f799c0888e3c9

SHA512
8b79547b5fa0cad8cefab0b733aa1be39b687cd29fd189a6528bb55bbc6dedacc01a83b028f162d4587de1dbec35c90119f5393c8b90a11038d869e15bb786e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\54af55c4-c5e0-4550-9704-2a732f553b30

Filesize
11KB

MD5
89db64188b1e29a059c148ec090ebf0b

SHA1
7b5c9bbbd7479fe5161bc61c72f463e295e99a09

SHA256
ae056f019c8bb64fd7d7447aa39dc99c5d67706d053e71134f99fffd07e07a3f

SHA512
39f58b17c29a94b71171a94e042d3896969d0d895f9863ade01e5a8b24521feb626afd71faf7d7f28fd97d584d26319083d10ad071d2279a5c85e660dfd604d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\bd75ec4e-9cc5-40f8-8cf3-2abf527e516b

Filesize
746B

MD5
731825f2f1e9208e1d3dac6f7c2da45b

SHA1
37d9f8080c94e6139dd798f540a8dd4757434c0c

SHA256
e6b4cba89bbc7e7387257f4c25c93692100d4dc6eb60f4b173b5d9214e0fb5b9

SHA512
01107da072274cca9f074ee93e8267655d4312ac3971207b946f91a0fca5968318408513bdc5891d051b02e1264dc6c0e70254ed311715d135972255d8e2d563

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
2.1MB

MD5
7e8b7b63bddb63d5793c00a900d92dd0

SHA1
97afb782270432ebd9d3a275ebe9da145f2449aa

SHA256
2a958470aab6e6a1521b8637275b0c34c54fc0f4bdcf87f09e993b6191718195

SHA512
a97a0dd771375430b4101b2577e6603115e9cf9f5c7c09a7a307892af9e28082038fb342dc4b4dd92d398a728c0a4dcb84dc30e3dfb6080f7540bc49f17f7ba6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
112439ec3687ccde51c2281ac866eced

SHA1
a8122fa0b3e1f0e2d02cfe57c60927086b485510

SHA256
1da284f16849f4ccdc3c8c9a25888d9b527e43c58a5619fcb26352f9e4979881

SHA512
2e29addc14cbe2e6325c5cc6320690a0d1eacd15a9c3e8133c236743c466361701edf2e525a5936ce2472adec4e6a116fa4e8ee87ba5fc8bf855fc6b411c09b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
c3df580663fb2490f0356200ab5360d3

SHA1
9ada378afffc647c61064bef868b7d850da2ad1f

SHA256
1ac2f688092e7732455366da6d4d9cac3e25e38eca09ddb89136260543baa639

SHA512
4eb00e98f344aa846da2b7a477e6e54c8231127541b4281f50362220c6b464b988ce773b78004f5a393b16932ceccf076e57d62fa525775abd5abcafd8804a31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
06dcbeeb53f619bbfb5312aff7bb9972

SHA1
df6fefe2ff4511743b8e81154bf6700552c35809

SHA256
259dde0d21b6457ddbbb5b4c8e556496fb2657dc7214c0274dd104a01b29b159

SHA512
53e02506415474f7618dc01eefdbdfed83e6c5fca69aef8e65e7f181977773e2e70b0b8d78736eb36687cdbadb749b3d42c91923e2b58a9366067aed61a02e85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
7KB

MD5
e5b01b8a83aaa25a329db9505633fd1f

SHA1
9b8751a9f2d1c93aa2b6e35dce5ece9fdc29485d

SHA256
1c55d5beddc0bdfc6d504383f4758e63759ff5a024a29fc7012617d5570fc00c

SHA512
c8a6f7af96a1fa41e9e7b2f39806c9f6ff692db806bc2e46311de22f64412bc76f177acf2cf1eeb75ad7136292b9ac859ec3decf6523ba2e6e28af2672e9ce75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
3bd8600457fd0561f67d1b598ef6aeec

SHA1
0d2b4ae81668988d55067e3f0c0311256856bbb7

SHA256
fbfc635d66c0a25776ec76cdf754eec397e23bf57b6ca4d3f633fb69472172b2

SHA512
ac1ee6358bda5673f23db8b0cc0fd43af3784f0a0854b1d78cdf886f5f697c8486e56c8594522570f69217dda40d8d384184e6ca8540752eeaa1bd73fa2aa866

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
9160bd66aab0a51de97acb7c25af5c24

SHA1
48e3a46225c3f0f82a8ca694d77190acf680f573

SHA256
47a665ac94f95cb61abaf64fc44de37dfa8f39f0527e2c7177f62e1720371a0d

SHA512
12851dc9e0522a6bd507a1d721579543bc9e713db4e98d96eb155c34a7d52056e4db8ed385e43c2a9ac91965be181fe0d0c8a5251fbb63cf0970d35afc6c87f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json

Filesize
3KB

MD5
355035a95230da3fdb50a0fc2ad3f47b

SHA1
5287c861000cbc8063a4fe0652e844e585955777

SHA256
84abf9a8ee02717934ae360a0982f2c33f677095df6a0f080a44d6a540785e6a

SHA512
65f0079a92f5887cb7dd946ceea3fcb4c21622a74b7e6e0875f8751f9f8b0d6589144490039089957f312250ea59c381201c280c56990c9a157b4ecc6874423e

Download Submit