1ca93fdcc11135777684369edc2bb27d287ffa05d09533c69107e88c153d96c2

Analysis

max time kernel
300s
max time network
325s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09-04-2024 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave/dist/client/index.html
Size

642B
MD5

dc0297e1499d6be4efc3d519623623d9
SHA1

3babddcfc55a2e33f4f21bedd8d15097fe26e8dd
SHA256

4988e09362697dd88b69e9185f884145ac1b939c1e883855dad7b80479465c17
SHA512

7dbcdcf74a4569b2d188b5ffca867db82acaddabf3c7ba184c62250cbcc375475f31a89607d799021be918dfdf76b5b7a215a87e1a7a157a433f1b8c21f5f61b

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2768987046-1485460554-1347040953-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2768987046-1485460554-1347040953-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	4884	firefox.exe
Token: SeDebugPrivilege	4884	firefox.exe
Token: SeDebugPrivilege	4884	firefox.exe
Token: SeDebugPrivilege	4884	firefox.exe
Token: SeDebugPrivilege	4884	firefox.exe
Token: SeDebugPrivilege	4884	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

4884 firefox.exe
4884 firefox.exe
4884 firefox.exe
4884 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4884 firefox.exe
4884 firefox.exe
4884 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4884 firefox.exe

pid	process
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe

pid	process
4884	firefox.exe
4884	firefox.exe
4884	firefox.exe

pid	process
4884	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 3324 wrote to memory of 4884	3324	firefox.exe	firefox.exe
PID 4884 wrote to memory of 4804	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 4804	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 1656	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 2488	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 2488	4884	firefox.exe	firefox.exe
PID 4884 wrote to memory of 2488	4884	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\Wave\dist\client\index.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:3324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\Wave\dist\client\index.html
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.0.108013249\1789367420" -parentBuildID 20221007134813 -prefsHandle 1752 -prefMapHandle 1744 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33d8b4ad-18c2-4faf-b95b-0f8709a9033d} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 1828 1c1577bd458 gpu
3⤵
PID:4804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.1.1449102656\1697836290" -parentBuildID 20221007134813 -prefsHandle 2192 -prefMapHandle 2188 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1b04980-8959-42f4-b49a-db5559c4533c} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 2204 1c145472b58 socket
3⤵
PID:1656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.2.1190759287\687130793" -childID 1 -isForBrowser -prefsHandle 2824 -prefMapHandle 2772 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdbd44c6-feea-4683-9c42-1fef083f5e4b} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 2832 1c15b7a7858 tab
3⤵
PID:2488

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.3.999185659\508882146" -childID 2 -isForBrowser -prefsHandle 3460 -prefMapHandle 3456 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78050f41-b77d-40b1-95d1-c811b3f9b559} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 3472 1c15c76b858 tab
3⤵
PID:212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.4.1474933666\966252341" -childID 3 -isForBrowser -prefsHandle 4600 -prefMapHandle 4632 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {252aa727-d706-4856-b896-e11a3046400e} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 4684 1c14546a858 tab
3⤵
PID:4256

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.5.80166336\89443287" -childID 4 -isForBrowser -prefsHandle 4820 -prefMapHandle 4824 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f766dbbd-ef40-45f9-ade1-237dda045d03} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 4812 1c15d739258 tab
3⤵
PID:2012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4884.6.884457135\1048241654" -childID 5 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1336 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {84045c0f-f6c5-4232-9295-f1952921295b} 4884 "\\.\pipe\gecko-crash-server-pipe.4884" 5004 1c15df7e458 tab
3⤵
PID:3712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t1e5jw95.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
4f98229d94b12d3daf6590ad94a112bb

SHA1
a39bb26b9e215dbe2be9851efc42a93f77eec616

SHA256
a29654d7abd7f094fd499cb8c7a1a041bf6b7ec0d2f01a88975a9bb41cc96449

SHA512
306e5de97e7ddb0cea8b8fb5e3bca7ce508df47ed1249018e2df721fd9d83fc0c080426aa1ac758268325a2ffdbf4479c648ad6b747f2982bc6f843c02c471a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
03894c8941845dd8ea1bfba70901b264

SHA1
f67dffbbd5f18f0262bef8f61c3785944b1653ad

SHA256
6b6177be7ac9772635e1703723f3211c2694471008a8a634d285de19c9c390ea

SHA512
52c28249a369bee6c9be674cf54a36921c4daedb38606bb207d9f9609bac0d6bcbe9d2d8d9341bfbef8bfd0012fe240884b22ecc71bbd6fb3a3b7151117c9f5d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\bookmarkbackups\bookmarks-2024-04-09_11_HZedhjzmBBEDho83FJTNUw==.jsonlz4

Filesize
944B

MD5
6f325bb13d145ba892d592018bccc618

SHA1
b1a6890a918d1ff9c3540bb368c91febcd386e5a

SHA256
d5d519608ec0e74d7fc5a6fa659c8e0c7cd74193713fe5e810f6ce6dd196274f

SHA512
897fbde87fdbc387a5827deb6fa37a18b03b39ac63cb328cf68d2872d369aca77704b38caab73c836be75bd88a636ff295d5fc6df3f0b595b30a41ac06584f85

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\broadcast-listeners.json

Filesize
216B

MD5
65213e7af896d1b869f0bdad89e21952

SHA1
fc830d8af5bb2d4bfe03683de3fbe10a4b3c6b08

SHA256
6ef1926569123d8ef2fcb7005b8fed5a2e30688a656ce179a586c36f6c9b58e1

SHA512
807211845737ae15cb8207e0eea6d5980a566ceae15b2e89b5bb1246701466862ceb0a0c32d2a9b4bfacd34ee464cfc4cd22c0f527687d025e02f5e41c09f2f6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\datareporting\glean\db\data.safe.bin

Filesize
8KB

MD5
6a716d79d92c9ed6e89ffda0219a7294

SHA1
ce7b6cd603c02af1dfea1ad633d20ad7efecc48d

SHA256
6fe29a2c025ffec45df0a325b62fe183983f87c936dfa4f8b1aad019dbc67315

SHA512
23616186ee6a66e33aadd24bf27cf4d476433410b37d83323e081bfcceeeca813fc63d1d0ab1282ccaa7cbd77e4fb2700ff59c76d223f3f329f912e419e9d76d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\datareporting\glean\pending_pings\a5e65e9c-f054-48d6-9d63-d51f765fe0f4

Filesize
734B

MD5
12fa6e93c73b7098a1c8546c664eb2d2

SHA1
5fdf3fbc8269f198dc1618908928c6a20b3e4c74

SHA256
6bb3b2d2eacae0699e0e9caa6850de645ba82239720dfa1aec2d0cf5656598f0

SHA512
a4022e67ecabb35ebc104ef60fad3e463ed34fadf33afee5a9b5680456c608881b683cba23a57b11cd30d78f89d370c4d016ae9c9dd6aa2d8f674aed075eadc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\prefs-1.js

Filesize
10KB

MD5
9686c523e64aecd8a570969deae4fdf4

SHA1
1eb675aabb6b5b053bc6e81d4f98467bf1c2ed06

SHA256
4a2238094be4d757510856403c68a7ff2d4a33ccb244e2fd2ff71e266eb009c6

SHA512
73f1c5a296ab99b11e43ce740c9064217708a8a79c2ce85447d3f87f2982259df2e8cb46881658754db79026d52c88c7397b6acb0672f1e8ddc142b3edc4e7f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\prefs-1.js

Filesize
9KB

MD5
8633ee424102082f9e389335b7390b2a

SHA1
c8918a0837ed5c2c1affbc0747f0231a74efe8a3

SHA256
93508c4e15886d09529597fe65f69a1bdaceacb724858efd4cc78f5ddbe1ce6c

SHA512
300e8c3c9494df27bb76a536259b3355f96b38dfab384d0db04f3d77104282993f225e4fe893282a6211b4c039be0736016da0749beeb8b2ee4788648f690a3c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\prefs-1.js

Filesize
6KB

MD5
41a10acc8603bfd5f8e351188d7c0db2

SHA1
5aa72c22f121fd22433a8227a6a1a3b52b593aa6

SHA256
12e9b3657247d6861ee3f84a0c613652325be35e83582d1b859d54b1446d8809

SHA512
3231ee8d5ef5db7e2d04f9ac80c4642129ffc96ebe859a233adcd2020273353ec95394e8b5373e80cd6d84124a701e4743492f82f811296f42cc632270a6e310

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\prefs.js

Filesize
6KB

MD5
96d055f9dd528f89a726a3096e52f988

SHA1
5972c19cab239afe325de505b71f0dc723cb7a35

SHA256
27afdd1d4d5ed81a1ccb77b5a77273b18d6cc339a137b8dadcd75caecc8aac58

SHA512
faabdc7992de00780bddd5ba752dd1203926734425f7df7ff47ea211317ee16b4332c18e0c68fa41002e0d8f2633d211e74fb047488797e41f0226174b33133e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
0b775b7e62498ea341cf9df3a49decf5

SHA1
b3f935a83b23037d76b2a75bc60a1804fd893007

SHA256
164a07988bb7ef1dde2e77ced75ab292d32c6ab8b741e532eefbec5e74a82a9b

SHA512
d4ffde5a7c17b4759c9447d35d78e240e3df0e4471a27b0b78542de990ccb2130ce55c7ef7a5e0b4bf4082a7d4141974f1a496e48a9b06a2b69b5fdeed529d62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.7MB

MD5
37e8b002c7437fbcfbcc69645f3ed8f8

SHA1
83289c19ef90c667c8d0487e99d889a22451b89f

SHA256
7887cb3143022dc302cf77c70d65076b327bda9b840ffdde20ab73a99b37112e

SHA512
9f7e3f57d671c66a31d8062a6cb373eee2a2b989fbbf02be14d2bb7a82c532bfce0b9ad527a7bd15de7e15a078f10484d79a8d37f90cefc040fed2d0002cd6a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t1e5jw95.default-release\targeting.snapshot.json

Filesize
3KB

MD5
bf9b00012b4f776ef431d413698f5b18

SHA1
dcd32edb1b2b9a3e73e3a159f0cf23e0847c571d

SHA256
eb57a0e8778cd2f33d52976fd73386fc36e560fb5944b95255618748aebe092d

SHA512
ab787e81d75ff54dbba26c1ece3f7d3d436d9876d65e4461f6831f90c7bfa81582020aa415e99a47c585af4b833b7d0eeabc149e9af4bdeca7067bac74e5d2d1

Download Submit