hxxps://steamcommunivy[.]com/gift/7656685934763976

Resubmissions

03-04-2024 14:55

240403-sah7aseh92 10

03-04-2024 14:47

240403-r5t2lseh44 10

Analysis

max time kernel
236s
max time network
235s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2024 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunivy.com/gift/7656685934763976

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1497073144-2389943819-3385106915-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe
Token: SeDebugPrivilege	456	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

456 firefox.exe
456 firefox.exe
456 firefox.exe
456 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

456 firefox.exe
456 firefox.exe
456 firefox.exe

Suspicious use of SetWindowsHookEx 22 IoCs

Processes:

firefox.exe

pid	process
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe
456	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 544 wrote to memory of 456	544	firefox.exe	firefox.exe
PID 456 wrote to memory of 1212	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 1212	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 2172	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 4896	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 4896	456	firefox.exe	firefox.exe
PID 456 wrote to memory of 4896	456	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://steamcommunivy.com/gift/7656685934763976"
1⤵
- Suspicious use of WriteProcessMemory
PID:544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://steamcommunivy.com/gift/7656685934763976
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.0.600831642\1449914809" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfdab4ee-4413-4e60-b823-a4a153164266} 456 "\\.\pipe\gecko-crash-server-pipe.456" 1980 28a5ed2f958 gpu
3⤵
PID:1212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.1.576695858\164847323" -parentBuildID 20221007134813 -prefsHandle 2384 -prefMapHandle 2380 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04762996-1d0e-44de-afef-111e4a825960} 456 "\\.\pipe\gecko-crash-server-pipe.456" 2404 28a5d8e5658 socket
3⤵
PID:2172

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.2.1113183803\1929225108" -childID 1 -isForBrowser -prefsHandle 2976 -prefMapHandle 3036 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f055897-dd6c-4c00-8f2e-680f3eb6500c} 456 "\\.\pipe\gecko-crash-server-pipe.456" 2956 28a5dd61c58 tab
3⤵
PID:4896

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.3.1802625001\494004505" -childID 2 -isForBrowser -prefsHandle 3636 -prefMapHandle 3632 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7579dfd-1de8-4414-a50e-b4242520a843} 456 "\\.\pipe\gecko-crash-server-pipe.456" 3648 28a5f168058 tab
3⤵
PID:3680

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.4.1524869458\849325767" -childID 3 -isForBrowser -prefsHandle 5068 -prefMapHandle 5064 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7089fed8-a133-480e-93f4-c868a7851183} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5076 28a64652b58 tab
3⤵
PID:4360

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.5.12583026\1858093159" -childID 4 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {418a345d-66a6-401f-8c28-2e11a1e6ca99} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5256 28a6441ab58 tab
3⤵
PID:2140

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.6.1887092670\182301316" -childID 5 -isForBrowser -prefsHandle 5456 -prefMapHandle 5460 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed69c99e-224d-4b2d-8be5-1891a4e26761} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5448 28a648baa58 tab
3⤵
PID:3216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="456.7.911178781\858489948" -childID 6 -isForBrowser -prefsHandle 1628 -prefMapHandle 1612 -prefsLen 26725 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1b400f4-af70-4ce0-a885-287975691ca4} 456 "\\.\pipe\gecko-crash-server-pipe.456" 5112 28a62bdad58 tab
3⤵
PID:1408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\doomed\1074
Filesize
9KB

MD5
a9fa9f3b512739a3e9ef1056408cf3ba

SHA1
777782b255c013f880f00cf2756e4336596eca80

SHA256
d94fa4c8eed3f8f1a1a8169a3f3083082a85456bdfa152f439983cb5a7674e16

SHA512
edc175f4f4d9df789eface202e76c66ec8085cc86db16486d20cec70e94e003b798e1bfdeb40384bf3d7b6b1cc99541abe479428ca36590e682f79cb6d769a81

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\7DE10FAF532404113132CE318850BAE0029D65B0
Filesize
1.2MB

MD5
008dec73a8e29c7f5d439b7ecae5eb44

SHA1
9539467a19f56b93089a25c3b6fcdd0fb759c999

SHA256
61cd45b951b2935f6f6aaec78e2024f9e2068d1268dbef09657d7d3f476cdb97

SHA512
ef37a704a6d1194b1ad67b2db401fc030a1eb68df8815bf213d850f62c29cbf9479f363c0c74b206ecba6e1ad5a22e828efbeadc5cda7e136eeecf5071bd89b9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\92qyi9k9.default-release\cache2\entries\FC3D293F5F6A3097565FF82491249F75FCD59E29
Filesize
404KB

MD5
912211c13e86a7206b298613f23b2186

SHA1
1becadc72602b80a86d1d705204eec6ac2442949

SHA256
a106845a44766a2d1953c9db20bfa9b5463929243c7148e6ca94504dd5e82ed1

SHA512
a4ca88f30148014a83cdc759f6fa698f23d355afd54b34278e32e1dea02b76e93918ebcc2c012a4082a37140f5b3ec8251789d87732412ef5a1dfea970719f8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
925fabcac60d9857d020a391d248d6f4

SHA1
890276b221743b772b6a97cf93a9006c799b45e4

SHA256
e3ded4f48d1731a4854c1d09512ad2192f5c81ab66c2003d8694d80e77310f23

SHA512
e168346f963f65b199b87bcceef5d6af045da78601e4b87ba768f3dacb1bdb244a0e2baad4f5566991355505c841d92fb86b6b9857f85d90a73f7570901ccc64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\36ccc9f5-78b0-49d5-9d15-17a266002064
Filesize
746B

MD5
afb69ceeac4a14dbcb66fc2435137e77

SHA1
43630fec7461e979d74714c5d15ee90b62b1f29f

SHA256
f7d43952890b282693277c37fbddd1f8d7f92d4d0296bbd79681c8403c6508cd

SHA512
76ca2cb036da3bb7ce80271c9f177f67f7bd8154043a03c07961f9220d9b32007856012b8bd4933fd65af9a208998dadf005a8c059352d82c9e02b5904f869e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\datareporting\glean\pending_pings\5fb2061f-62c1-4993-802f-9e0fe48f126e
Filesize
11KB

MD5
d78ce7999c974d6d651d056b6f373a3d

SHA1
adac4a59ef8bd6528c3daa65402475ab2606e266

SHA256
796fa14e490251e9ca07fe8029f379b89d01c9a09d227614c5a4a12998d2154d

SHA512
b6693d46e40222b421e41b3925ec3fd35e55876ba77dc4f1563afeb9defc4c228a78c0b1df7ad7c0a601187062ddb9c905e63e8b8a1b0cca4bc0fa4c43c25364

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
Filesize
7KB

MD5
e1a838ea040f8ed4c20dd07c09055818

SHA1
f154749d8c7a2a44b0781d1349e02fb7e4f1ca53

SHA256
408863e47719ec33c64700bef82f2a407a75167132807844b95668a47d0194d7

SHA512
f514bc25cc022112b149a5016f4a8ccef33872f809178fabdebdc5ad087dbf3543e9d3a5c88c5e6d285df239a64d45072e2c15eab68fb13960940462d8479705

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
Filesize
6KB

MD5
33d98c1a7a9561d0de2b3c6daa1ab19e

SHA1
2883c013820ee8d4db78e63f2d2a99a0cb017f10

SHA256
d0dcb882487901234cb31dc60f5cc1d954e8330215bdddd1f36f1c0e66b7c492

SHA512
c0ff157771999e3e77221d4e0f90b0974a420960cf9a94f1eb2b1f512b31a1ee9c1030d44226ed1148c13d293ca45182a3492bcec4f46c50e5c490ff00ac2ca7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs-1.js
Filesize
6KB

MD5
073e4323b780f80df8d603d265f1d5da

SHA1
5c28fd09526c435b4a76b5cda1837a585f1e707b

SHA256
3b88b6e6a4ae36b10a84202ba4d97aa11ac686c68b8c4e1351686e192491ec94

SHA512
6c4d8c4733bd03e47b53739505f389cba0407078072c18012424a532e0a551078eb087822258baa32f9eaa89589b28817bf3e22dccbc1d1ed70a108976e345c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\prefs.js
Filesize
6KB

MD5
80d6c86db4c8dea72999579f775b86a8

SHA1
3d333a24320788ac7750c0d6b682276d1c131760

SHA256
5ce698d4805a4d30326fb76f22b826e894f66e8c3acf24ee6775d9af843e6941

SHA512
8a379f3dd6bc45993825f6b1eed422274a5af5c441899e075f8c62ce2b4f2e203b00bad3273160f7bb8df0c6f18a9fc6b4ac7ab3d3b51f6c1cadec6a88dfbc12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
93b4394feab251bea8889e4263ff9873

SHA1
3dbb970d967969c956e89ede2bbdbe6e5caf47e7

SHA256
fd23e5378e921b06e8cebc386a63dbbdeb2feb3b8bd1ba675ebbc1dee0c69bd0

SHA512
257a63365f827bae4eb6aff66e7b8135f320852b884c3586b85fe0f0c9c2c85075a2f4fa7b829cd1f82bcf9e5ee2a3eaad76f85aba94425cb23218333bf6d47d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
65ee39462167df2ca8581f243bed792c

SHA1
277f4230745a0764d9d253e7fad5847dec264aa4

SHA256
7a47e644be6f27ed002c1218877315e0bd24e34579c39643d9a361636c87950c

SHA512
7b9e04e59c275e10c9565912362694284b448b89a3f73caff017a212d1975d839687939ea551125b8f06386665f6b72a7ce79317ca2606f4ae0eb69cb84c4271

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
6229e0f9c2b78fff2edb9f46d61b07fb

SHA1
ae78e8c4428fefa74a0e3cf271e4fe6ae9db8405

SHA256
adfe501c8b97120ae0e7c35be96c7cbccd999860c2d2e6098b2a2f497acd7ec7

SHA512
a5ef04081fba6b06f2ed38b38868d76312e1bb594a533cf0bd25367b7c970f2dfa63a5c676684b01b24998034e08d7a447e4554442da8b39e60d58a31ae3ceb2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
272778801a85ff6c93b29bdf4d8c93e2

SHA1
5b612943937f9a0d05b59f45b3065403b6c97f2a

SHA256
230496a4048c88a401666bdb72283899943e7726e561011d56390b807dc1d4a5

SHA512
ca05a0402ae9c1a43e581e3c16b8c45db0108ed82b4ee772f4cda03dcd24e897730ca6688da4f0d22e7b1092bbd65c745481ac43f960140c8cdf7d9bc16e8765

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
f66ef9454b4dcc42007a06b20c0c6858

SHA1
806bfd35a0e67d7d5fb3208079106cf168bb027f

SHA256
2cdff4c71d457214957b1ae2e5e18a8af6bdec51ed022dd299251bf34b15ba90

SHA512
be849239a6872f2c8993f1653aa0e17e743f0b9eae2488c8f4652c59d771f76c21458350ffb30b2becb0fa9b9691a5efbcefdb294a92bebf48e735d08fd9784e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\92qyi9k9.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
8eff070195653e2a131a916680cd18c2

SHA1
7f5dc88fc5d5969b25d5e75cccabd37362b31a94

SHA256
61c22934bcca9275d3aa4a9548828b028aaa84a0c1d977d50daeb889e02dbfd3

SHA512
18ed6beca1a23e74571ee365b3c5e1b92686188178fa5481d41dd4c991286d5b3599613a870a8d371eb886f82b1b5e35be10ae82b0a95452a53f9cffed73f507

Download Submit