hxxps://github[.]com/Endermanch/MalwareDatabase

Resubmissions

10-04-2024 22:59

240410-2ynlcsgg71 8

10-04-2024 22:58

10-04-2024 22:56

10-04-2024 22:53

10-04-2024 19:14

Analysis

max time kernel
1513s
max time network
1504s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-04-2024 22:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

52 camo.githubusercontent.com
53 camo.githubusercontent.com
61 camo.githubusercontent.com
50 camo.githubusercontent.com

flow	ioc
52	camo.githubusercontent.com
53	camo.githubusercontent.com
61	camo.githubusercontent.com
50	camo.githubusercontent.com

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	1812	firefox.exe
Token: SeDebugPrivilege	1812	firefox.exe
Token: SeDebugPrivilege	1812	firefox.exe
Token: SeDebugPrivilege	1812	firefox.exe
Token: SeDebugPrivilege	1812	firefox.exe
Token: SeDebugPrivilege	1812	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

1812 firefox.exe
1812 firefox.exe
1812 firefox.exe
1812 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1812 firefox.exe
1812 firefox.exe
1812 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1812 firefox.exe

pid	process
1812	firefox.exe
1812	firefox.exe
1812	firefox.exe
1812	firefox.exe

pid	process
1812	firefox.exe
1812	firefox.exe
1812	firefox.exe

pid	process
1812	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 3628 wrote to memory of 1812	3628	firefox.exe	firefox.exe
PID 1812 wrote to memory of 2572	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 2572	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 1972	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 5052	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 5052	1812	firefox.exe	firefox.exe
PID 1812 wrote to memory of 5052	1812	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/Endermanch/MalwareDatabase"
1⤵
- Suspicious use of WriteProcessMemory
PID:3628

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/Endermanch/MalwareDatabase
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1812.0.1870542700\1577459" -parentBuildID 20221007134813 -prefsHandle 1928 -prefMapHandle 1920 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {156f658c-3f4d-4a87-8520-533c013774bc} 1812 "\\.\pipe\gecko-crash-server-pipe.1812" 2008 177eedd6758 gpu
3⤵
PID:2572

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1812.1.1720856460\335704798" -parentBuildID 20221007134813 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f90c026-0b8a-49c9-9bd8-cf079113468c} 1812 "\\.\pipe\gecko-crash-server-pipe.1812" 2436 177db073b58 socket
3⤵
PID:1972

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1812.2.46437709\1912354421" -childID 1 -isForBrowser -prefsHandle 3116 -prefMapHandle 3132 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0d9f5e3-98cb-4d20-ba05-10e1298ca34b} 1812 "\\.\pipe\gecko-crash-server-pipe.1812" 3092 177f2cdf958 tab
3⤵
PID:5052

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1812.3.1291513153\1555793853" -childID 2 -isForBrowser -prefsHandle 3264 -prefMapHandle 1748 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e17337c9-111c-43e2-af3d-690c51f131db} 1812 "\\.\pipe\gecko-crash-server-pipe.1812" 3456 177db062658 tab
3⤵
PID:4544

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1812.4.1677640746\1808645651" -childID 3 -isForBrowser -prefsHandle 5056 -prefMapHandle 5020 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb6b8f7e-3043-49f3-be0a-2c2281bc5c5d} 1812 "\\.\pipe\gecko-crash-server-pipe.1812" 5068 177f5e0c158 tab
3⤵
PID:2928

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1812.5.2044898956\364011899" -childID 4 -isForBrowser -prefsHandle 5200 -prefMapHandle 5208 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {03f48974-78a4-45fe-a1b9-0dfd56c19a05} 1812 "\\.\pipe\gecko-crash-server-pipe.1812" 5084 177f5ee7758 tab
3⤵
PID:3892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1812.6.2080213540\1937469356" -childID 5 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1412 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8df6566-2815-4ebe-a9b1-d40f5517bfd4} 1812 "\\.\pipe\gecko-crash-server-pipe.1812" 5416 177f5ee7a58 tab
3⤵
PID:680

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\14829
Filesize
10KB

MD5
588ff95400ca13456951f3e6b4500e0a

SHA1
7d25e9fcd6bbf9328727cd56cd468e5e3dd57f5c

SHA256
8e213e27fd70d2548af27d7374968b08bab6f31c653d01d57e67f81705298ef9

SHA512
698fde2357ca90bd00934152dc70e1498f6e39291f8e3f3b3623147bce85c7c16e23e8b8f7bf05d863bc4104a7ff6afa2d8c4497948e973c11866acb370b3dd4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\on1px6pk.default-release\cache2\doomed\5184
Filesize
10KB

MD5
2d0cd039ff6cc25a862ac0c54ca30f5b

SHA1
ab2dc088794135674c2a462baf4fb9a6e1df4505

SHA256
66c38455ea78b3b47ce441e5dfbe2880be96d6833b96d7f2a4e172a453eee8c8

SHA512
70bc00a4d5b449128b9af06952a548942ce4c976fd606bcda5b00077df185895c88d8f53ba885807510b30d232787634d35da308cb4c8c84a7b37b95204b7e6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
Filesize
7KB

MD5
cb2a3118663a13e98bac69e124efaad6

SHA1
6fa203be975fa3a9694c3ca0e994f7623719c046

SHA256
6daf28c760d6c325d7adaa641a851a9d77f3b8da3911abc72d1cbc2f21b9ed2b

SHA512
9118f3d997e3bbfb2b5b001ac35ded17b4ab99cfa460b831b68797370220346c95ddc19db0c45c9ccb348892b3d9c3d6c8798e94e878d7a3560194996f9eead9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\bookmarkbackups\bookmarks-2024-04-10_11_CCpZVMvoZkGDpI3NsstdiA==.jsonlz4
Filesize
945B

MD5
50a70a8bf59da6baf28287acbd719907

SHA1
613c5fb4908c603026a6d1089e2d3b10e48c728c

SHA256
9e785279d1028bde50501523b5da6ebe1dc70046dd1209fdbea49f4a0386185e

SHA512
df5177bed3498c2bad8a4645d3d4767344644156856599fcca4a777c753e4739dc669fe31eb281f0c3933c4b732455493e43b4ab110abde4774128b91ddab2b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\broadcast-listeners.json
Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
93171cc1b2661f6db53c671b5a36a80f

SHA1
329dd301c51d9af966945963e646d26b07871d6b

SHA256
7763a74fdb0826858b4f91f4c7c9d5ca987a98fb472fa95593b8dfe307c85a04

SHA512
e2d526944aac99c4ed22e09f28f00825626fa732af79021245e3d0e490072dfe454049ac3af1afefb102e86af8f1b201f2bd5dede76619fdff0d29dafec51536

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\0623a9f2-f388-477b-962c-26ecd0c5d185
Filesize
746B

MD5
6ed687841d36b331622a82e25ea54f6b

SHA1
749d162cf2bc718b125c874ecbc114a318ae5174

SHA256
7d20bcb3fa602b838f1ad67f75490340411af259ec0ce44e678ad9daa97aa93d

SHA512
a4bbf127979b776783cf6bf334c8d3b1247a6be2f5f1932c929bf7198aa83a978df82bbcce78ea8f80ee192cd95bca1fe1489776d86466802806c82e2789ef72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\datareporting\glean\pending_pings\50c70feb-2edf-4c3c-98c6-afed381863f0
Filesize
11KB

MD5
d96c22f07e838131b9b363fed400421b

SHA1
361607be635bd96bc46d8f6c30e869015f3da5b1

SHA256
b6c4b8083d5590eb7cf97e55592eab05eff57a2754fac1dcc362ddf9c2424dc8

SHA512
2ea0ea1b28ca312b2c449ac41c86b933a6c975a92ec166f8d499aa66b8ff3761e6a321412f58bab95ac8491a0e97b92d18a7cae5b48d89114afabfeab613aded

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
Filesize
7KB

MD5
3112cab519e7a04bfb0daef041709ff7

SHA1
1ae47056e4fcb84b26778557b8b33b0bf2b673ca

SHA256
56d4e423d379fe51bf93bb7078fefd0ecfbcb0b89e314bc3a3bb7677d2fed2c1

SHA512
69827796a3d2b4c53f668c5f316b6e156128afb6c58e907f66cb4cad19fc8f348eee62c54a1d9acdca74adbc7edaec2062835026268d7d655eee861a0acc1c24

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
Filesize
7KB

MD5
709c5027a0e6fbbf24773c6fdbf19a61

SHA1
5d6789929b603aa88bcca822b8c4e2cbee5a2a10

SHA256
9c205ecfa0c4afec17d5f9486afe3f0532c8065f8bda14fba013cfc2546a2391

SHA512
e1f8f0bf50fde19c7e0982877dc8c9959e9cdfa494c526c37bc75bef609d26678f52fab1552cc4260035c586a0c90adfae3fd209f01816a13f3a56e297083a97

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs-1.js
Filesize
6KB

MD5
9c24278209d85a4c7dcd0a52700a33c5

SHA1
2e6ea60d442f96d493019479f4da3a8360822818

SHA256
499e69e92fa26da83aba525346268b0ce7c36c77017524676444216aecc27c1a

SHA512
5b516f56f0ff002a48d8b0397a661aa7d919b18d6c788843bbb21f4bcc7f99b00b488a5ea1362677da18c48d50ef6881b0b57b85f79a1a67a51d22b3dbac447f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js
Filesize
7KB

MD5
6bec6085d5dec9132464191aa74141f6

SHA1
5f5462f9fb7efa09e6719c335af37e677ed19cd8

SHA256
4c9dbb263d62ea114af1542a9ae56de570bdf635b23830a7163627c5f045204d

SHA512
0293a13b49383a28a2ce3d568febc43acd285b98e653996a680bdd86791086b635bc8ebb587d508e3257e53e4dba880a7aea57138f6c6e319086d3a925ee502e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js
Filesize
6KB

MD5
855b5fa80a03929fc57928c6665dad90

SHA1
c8f937e54806f95de8700511398b04c5ee08d873

SHA256
02611225dfb45b712da8c8d4bbd3141eb6e4c66dc511663e2d65bd728cad66d1

SHA512
3b8e6f49119e02c2e3bb4c16cc38c4ca741823ea9e43dab9878919d190d3fbc4d39ede52098bbee2d5ae98a2accdab88843cbc682f2e5fb28d7b737e60a7fae8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\prefs.js
Filesize
6KB

MD5
467b7d316ae946d2483054b32ead96ef

SHA1
aaf62f3461b0c94589b589cebe3620ef541a5734

SHA256
29f8e94586a30276da4c5ba3644957f2372ca0c3c4e08c813455c2a040188de4

SHA512
9d89a5c35191c74c58672d201f2e892d013d69d339a34fbc67453363db7454cf059d26d9d9f9f4353517cbccbe8d5c882c1b2a76aa886a7ca6abb70de6e4bd59

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionCheckpoints.json
Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
027da76cb7d2f110452163de32113e62

SHA1
36c69985fc973b34eca73254037ba32c8458b7d3

SHA256
4f70c09be063fee4138c046c314c7d1d34778dd45f9576bcc23e434cb33fb867

SHA512
b955fb9fa9814d1a6373a9db7f53f7374dfb8e9ba0d67ca35672af095e2368d07361dc20c964208823544ca29aef4d36366a508c529e0cc114131f3dba264600

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
b4c1d361b8e2919092ca3b598a7e4e0f

SHA1
6fded0ae6ad5a54ee9ad79cecf74c24e97f0e745

SHA256
ce0220f76a8a01183d4c4ff147dc537dcccf9d204739834640ddcebf1598e139

SHA512
898c43ffa082e49e50b1d7a82545b48328e5e0762e0bba924db8e663c949865a11b0862885e071436474c557da45b3a22728687efaf218a7a1cd0764bc5e29e8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\on1px6pk.default-release\targeting.snapshot.json
Filesize
3KB

MD5
a160ca758fcbe7f24eac14274260826f

SHA1
c065f59ef46c6907bbcf1a57e6406d4343afc549

SHA256
c3bdcef1e516d557d614ddac3937d312cb40491d885fa7f777d7f3976a97cf0d

SHA512
7a0828822b7802e396e2b59ea21d78b13cb6db5feaa136afdc66a00d9cbd50cba2a3807218c08e74d8f5dccc917722cd64aabfd3027747ac4e09f098ffa0d537

Download Submit