1361d2f268aac9c6373d1f0800155d798f03ca291114e7c81ba6a714474a7a98

Analysis

max time kernel
2634s
max time network
2642s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
30-04-2024 14:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-03-27 162346.png
Size

355KB
MD5

564bd49fa90bcc9c2b63cb14b6dc6e49
SHA1

121b6908e87d879bc47bac081ea9977b9cf43304
SHA256

1361d2f268aac9c6373d1f0800155d798f03ca291114e7c81ba6a714474a7a98
SHA512

cf33a782f552a4367f4c08a47798ef25485277f62fe718c1ce492d934150fbfa53d0dce70e26f7e60f78172d1a4e141f81ad03c9eae59222429b763be13c4e9e
SSDEEP

6144:XYsDrmZt5DFKLUd6tuI88Fi22+xZ4jHFuURCSKXwo2CeydDtTvCrI2vUpixs68za:X6ZrFMtujSt2+xZ4jluJSKXwTkDlvyRr

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe
Token: SeDebugPrivilege	5056	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe
5056	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 4440 wrote to memory of 5056	4440	firefox.exe	96
PID 5056 wrote to memory of 3572	5056	firefox.exe	97
PID 5056 wrote to memory of 3572	5056	firefox.exe	97
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 5104	5056	firefox.exe	98
PID 5056 wrote to memory of 2324	5056	firefox.exe	99
PID 5056 wrote to memory of 2324	5056	firefox.exe	99
PID 5056 wrote to memory of 2324	5056	firefox.exe	99

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-03-27 162346.png"
1⤵
PID:1868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.0.1499609804\1420500911" -parentBuildID 20221007134813 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa961b22-a9e0-4d47-b608-46dc5dff7d59} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 1964 2d433afb158 gpu
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.1.2013777066\1682964583" -parentBuildID 20221007134813 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f8761bca-8c07-4ab9-a58a-ab71e85e477e} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2364 2d41fc71958 socket
    3⤵
    - Checks processor information in registry
    PID:5104
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.2.940437012\304967652" -childID 1 -isForBrowser -prefsHandle 3224 -prefMapHandle 3220 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b87a713b-f89b-4a35-bd13-ed50f8127cdc} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3236 2d4365c2e58 tab
    3⤵
    PID:2324
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.3.1589747421\17478075" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fece0d5d-050d-440e-a025-11c75351a215} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3476 2d433a71d58 tab
    3⤵
    PID:1128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.4.2005157350\10177250" -childID 3 -isForBrowser -prefsHandle 3612 -prefMapHandle 3616 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d7c76c1-298a-4bb3-a410-fe1b6f4c6517} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3604 2d433a70e58 tab
    3⤵
    PID:3128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.5.1216029708\1692239896" -childID 4 -isForBrowser -prefsHandle 3820 -prefMapHandle 3824 -prefsLen 20929 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {411ff269-3b4d-4edb-96aa-85977a38bd02} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 3812 2d433a71458 tab
    3⤵
    PID:1408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.6.919916587\1554791074" -childID 5 -isForBrowser -prefsHandle 4608 -prefMapHandle 4604 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {911fcaa3-137e-44f1-b315-d0bbc330a9dd} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 4620 2d41fc62258 tab
    3⤵
    PID:3552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.7.1420694118\2026864120" -childID 6 -isForBrowser -prefsHandle 5720 -prefMapHandle 5716 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60c9c44f-ea17-4c42-855f-83fa8df0c93a} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 2728 2d433a70558 tab
    3⤵
    PID:5796
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5056.8.1377379234\919618330" -childID 7 -isForBrowser -prefsHandle 5908 -prefMapHandle 5904 -prefsLen 26285 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {20449387-7ccb-4865-82e1-d6296cab01a8} 5056 "\\.\pipe\gecko-crash-server-pipe.5056" 5564 2d4384ee258 tab
    3⤵
    PID:5864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4060 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4236 --field-trial-handle=2328,i,5873823382323802923,13134441441264702821,262144 --variations-seed-version /prefetch:8
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\6349

Filesize
187KB

MD5
a04bb83a46e07d31ef7f09968088c398

SHA1
d0aa30eb3a35ae208ee40b2aa020bd470a8e9e0b

SHA256
a21f694d395de52975fcb0ea46f4a301628d4c25c655c50fa967d98703993ea3

SHA512
853f54b706e089ac913f341efe395e69b35ec8f0107ea51ba2267456b38e1e794091877d81de83476441f14486460424d45ec3d69e2dbb5209bf95adffa2c5a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
c25fce849f9dbb97119ff1737b0283b1

SHA1
d0ed7564f0840f5fe4a002426236ed131853dae6

SHA256
94485f819469e32c06fc469ae7f29714b495b9bbc35c35741fb309fa7d1cb87e

SHA512
949a039a6d414e009f5d88de31f92a326ab257abdecaa9ca6b53dbec268490b85677e9432006dc119eaa3e92c8b603107c674fc48b8f90e776d4e26909532c50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\3898c725-78a9-4926-995c-78b971a1cfb5

Filesize
746B

MD5
27e010420616fc062cca450c99045a83

SHA1
6f1b31c35909c585e872482b03c3fbf6ef7954e3

SHA256
9e2bda931e2267d2aa19664e654a494e21262d975c9a96d1d52ffb1643574da4

SHA512
fe798cb928eb144574bb3842896d61766f5b064f15d2522da5012e1c39372969f39eba613637a5e32906dd6a5dbb9797aa31f64d199398e781c30a2db2bdcd94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\e6e8d3d9-c045-432a-adeb-69ef93e38c55

Filesize
11KB

MD5
0c61b71980822baca207ebafdff32b32

SHA1
6498fa23970ff7ef835261346c10091c41daed05

SHA256
f0903dab922e2da276f2b4d0b478476347cbe0eba706889fd5505426460920ce

SHA512
86dd046b5e8d216695c1d36887593399fda8001a19c47aaa31017d8e745fa432a1d03236c85ffe538e8b18b0aa4fc5f495cc2160a1c607c23732ea77444f0621

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
0d217269bea07938622c4648f4d7536a

SHA1
15586385a00353318b4a8398b88ec4b0093c2459

SHA256
e89a8c613c17b55ecbff42dc5c5d2d18ec4635e9cd82f85511b04c9c5b93911d

SHA512
093314c65c832c5eef0015940b7f0681e881186b3cf3ebfeffaf38718d949bad905b210f9a5ef8929c63aa4265c88381e42dfbea7896bfa6211fa77d99b9d4b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
afc11debc41ae1490117513a45a4f438

SHA1
ef5dfaaaae04379ece308ff3103ee6ff4c9b6a2f

SHA256
62924b01789c848be6cb33c0e53e75d09c055d0cf996eec2544467b87688ee0b

SHA512
02b592b0d10297a0b0119691fa50f921a29b4c64166202c1b2163a8a3b89064743fb5714c3cb50ca37a49da41d7cecb3d1def58e26e7346b64f848a63bb61b27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
09e8df49c4567090cb918947fddcc0d6

SHA1
3993aa4bc39448c01823d2ddd104b2179fa5ead2

SHA256
4785907a35569419730a1cd9b4a101585e50413ff1c41c15e9f892a090ca11ee

SHA512
3135857d0b7085ea02c97ff4d190b7e8948474b984ac605bb4cc1411b50c204910ea69667ca1320f1a09fef8844abbcc935be00709ac7a4c94831f34b943c29a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
6fc178b7c419bb1ca4f1246ff366dbb0

SHA1
a7a56de2e1e400feb079c1b0cf5468234682fc2c

SHA256
5cb443efb23d1f57b0b5a5c9856094808ebdaac1a934443da48b1b50062e9d2c

SHA512
8f86cf2a278fa220d410578b8d6b170d6c52d4b53aea2c84aaf0272ae158a353997cddbf6fdda9759296e2daf46491960f215adf9ae2ae113424c3993b8c052d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs.js

Filesize
6KB

MD5
8e0a3c381d7e67c57384a02ae111ec01

SHA1
97a5d8861d4e7f800d7466bf37c21f7d094a3ed3

SHA256
bcb3b1833e05eb421158c9e3d3a8cb3c0df78308b143840179aa29373116adc9

SHA512
2cf21941b25b49abc0d5c535e88c4509ee9603db7ec0c2e54b8ac1699598bc41656241e8ce9f2e2bda80cfb007f58af3561fd027b0effb43708625dfc8a04da9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
8d1b8f21fa8fa0ec375a4fc85d28a612

SHA1
fd68e3c6bb96faa1aea3cef0e42da03389ab55c2

SHA256
9bb07afb17a571783c0ef9e4c3066b9c0e59d54805f5a06a5b6437e434ea8e2c

SHA512
7e1b0cc89be30da59901980792704afb99aa88f5b134c31f65837a032649409137ebb5efd6e10e441ad56e083525a6e7858f583eacd1507caebc425ae11a7caf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
76f9644c98861db7e42a9dc7c263f99e

SHA1
9d522d80ea479a5506f142fa80b767d90aeb4fac

SHA256
3edc343ebf767960a1e0bcff60cc0d239f005da3495cee8405617aa02440208b

SHA512
d2f4c285a6916498483b1f715f5b806561db825e2f33f17fcc4b2eec0a1084842254d540039156c0d0506f41194c794e4362fba5bfe4b59c9f4c09a24544e244

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
17KB

MD5
191cd2779e36ef67702d5ebddc040b9d

SHA1
2db078c7467ecacde5a422f21bda317487b5a2a4

SHA256
68c9b0b0280df436959d1f304e2ccb4886e9df4a35e1b0b44eb6ca3a34cf0b23

SHA512
dd60cc4b26df8abdc067dc331c90276de013dc421c99530ce6d2b77954f826e65f117fe6b79ec097116d521f5033a8c14f7387b08523f631b92a4de4a4c184e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
5aba94d519eedd66e23956fb2d1ac726

SHA1
25851197cab2630cb4e29ce8871f4e1d413913a4

SHA256
9f23b3e36cf161703203229f24e84b5d7b6f50a3e010faa3770b2d5d016a8399

SHA512
335aee11259394f9a8f19299bd0784b2643a46259e87a83689bd54d05363849fe987ff01eb56aa6dd69576203e232b42ece9b65d55e6e4b9d6f1272c918b4c84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
c7534f5c917445f47f267d9c004a503f

SHA1
803cbe1926a2779911ec027f52f6e1a2675d49d0

SHA256
a602aa632acf8056914c1b533fdb58d6b9a78cfd2fe96021729c1b33fe5bbaba

SHA512
61f1e598318fa92005bc9bcf7a5040d299dcc3c25d4efa21935287ea7583f47cad472416683aeddf4228c9e9e6db62f293561c0e5538c042e891222583b7481e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
8ffcc44ab7e9393e75106ce94b70e674

SHA1
4987ddd2f64d782217398fd6adbb4f2c981de7d5

SHA256
b4a1252db37064e6a97025ca14f7f93630d6999d513983a5ed2e8d43e0a9c0f4

SHA512
48560641c017b7c18f85b9d719cb09e08643b244e28594d82cee57024d05f8e9c2ded43f4472b73bf79d8c458cf707d7196989d99ad6e4d420ff6a3d3a90922c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
a5f675bd5ace4022a4d1dde3bc15ed01

SHA1
b072356e68fbf42e0612e7986942903bfe297a27

SHA256
6be369ac515220594757c5f44583ca68d166294b879375dccd884235ce5a470a

SHA512
0ef7066089350da2caf53d279f6a3fe5085fc9315302b70a34a99a1dd6e3aa640811b77f004c8141d1cb419402c2b15af2988df02e9db95c298259a97ba46d92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
9d9ef5f624afbe148d096e4841c0eb1b

SHA1
07bc8b252db92c420d460431f43f4a06e9cef3b2

SHA256
584c176236bf19351598bead38f27334c3aca8151ed67366efd66bc8a70975a0

SHA512
1cefea05d45466a43acaf3dd46f9620887b9f820cdda640659aef2eb4ed0d13ec2f5d1630a0c9c9ccc47c674608e2aab3142e17a57b5020ba077333063bd1d75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore.jsonlz4

Filesize
15KB

MD5
33e89ae53832b5b94f00f7deedf201d4

SHA1
5729cf3cb1d30780e341ba72c37d84c7c564c1af

SHA256
75b640cf38d199611a94361c859c4791e2b034c887edc8bd4f8db8eda06c364c

SHA512
7c35e07af0ba68b410d608c825abfc5e65fe728fde041d0312f81ae097e52b2e98b39337d9dfe00c891641a6ab6aa09f2a653872a0578ac3324f2e5a9c772248

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\default\https+++mail.proton.me\idb\3261206832EBSD%A33A%yDS34%-DN3L.sqlite

Filesize
48KB

MD5
96806b0dc889b93a147f6ea2d0ef3810

SHA1
f8e77e213ab54a6160c6bb41e5c96676d3cfd95b

SHA256
84ae395f48bb2caeeef714652897370de87d6dfeb69d0609c473877ae9ec00cf

SHA512
6ac3901b40efa09d90a270894539722877358c8d721e8ce7d1fbced1277800ab735c8c5d6390a868d8f5056b4e5883a909c0754bd4e42bbc3d1c21d1c76b5401

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b01efd0877d8bb4a5d754d6d5a5922cf

SHA1
6dfaecd4219afbb206185171c64c777e9c73ae21

SHA256
ef1ebedd446ce18b79317f09953ff8a6069f92749188b45945567c315388aa90

SHA512
6f5fce89b6dc7e6979fdb01493c0811bcd55cb945d7665cd9a23e93419a5aa28207b3f614461103f04b0406741e8020c35252fda5529e41e3e918e42fd89c086

Download Submit