hxxps://tastecoffeeonline[.]exvn[.]com/page[.]cfm?article=0x7213fdaf2be4199b9ec2c36dce51b7b2[.]0[.]191338

Analysis

max time kernel
123s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
03/05/2024, 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tastecoffeeonline.exvn.com/page.cfm?article=0x7213fdaf2be4199b9ec2c36dce51b7b2.0.191338

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1474490143-3221292397-4168103503-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe
Token: SeDebugPrivilege	4820	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe
4820	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4820	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 2140 wrote to memory of 4820	2140	firefox.exe	80
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 1776	4820	firefox.exe	81
PID 4820 wrote to memory of 2880	4820	firefox.exe	82
PID 4820 wrote to memory of 2880	4820	firefox.exe	82
PID 4820 wrote to memory of 2880	4820	firefox.exe	82
PID 4820 wrote to memory of 2880	4820	firefox.exe	82
PID 4820 wrote to memory of 2880	4820	firefox.exe	82
PID 4820 wrote to memory of 2880	4820	firefox.exe	82
PID 4820 wrote to memory of 2880	4820	firefox.exe	82
PID 4820 wrote to memory of 2880	4820	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://tastecoffeeonline.exvn.com/page.cfm?article=0x7213fdaf2be4199b9ec2c36dce51b7b2.0.191338"
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://tastecoffeeonline.exvn.com/page.cfm?article=0x7213fdaf2be4199b9ec2c36dce51b7b2.0.191338
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1932 -prefMapHandle 1924 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9ba7839-2ee9-4df6-ab62-272f94295cd2} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" gpu
    3⤵
    PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2380 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ee517f8e-f9a2-4f1e-965f-bcb7f916850f} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" socket
    3⤵
    PID:2880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2996 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {21e6d446-8821-49b8-9650-40fce6b9e03d} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:3340
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3636 -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3524 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ef841de-65a8-4170-993f-e3e493223e8d} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:3240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4748 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9413e5ea-6038-460d-8b15-b30e8b54e48d} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" utility
    3⤵
    - Checks processor information in registry
    PID:3756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 4660 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {68bdd645-7f7e-4b74-a4e5-af310fc66aea} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:3748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5320 -childID 4 -isForBrowser -prefsHandle 5680 -prefMapHandle 5676 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8e666da-25f8-47d2-800b-37530817c30c} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:5076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5824 -childID 5 -isForBrowser -prefsHandle 5832 -prefMapHandle 5836 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f56d90f1-379b-4fbe-bce0-6da4768bf851} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:3572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5976 -childID 6 -isForBrowser -prefsHandle 5984 -prefMapHandle 5988 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abac1827-5aea-4df7-ace3-752c4d6132b2} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6172 -childID 7 -isForBrowser -prefsHandle 6180 -prefMapHandle 6184 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce30b087-48f0-4c91-a01c-8b5d15a6b422} 4820 "\\.\pipe\gecko-crash-server-pipe.4820" tab
    3⤵
    PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
ae067865c26253da9ce17f20f5895b31

SHA1
6e748ace9d4edc211325879dc11477f2103e82cb

SHA256
f4fcae6b73cd12c6e0faa3e5aa018a44bdd9b8afa4481031101ab542e2e68fe0

SHA512
15421e00b9704e944ae9d7e84b292d6380f2939b17d928d6cdf813734737ad02eab067a5efd2c80aff7d1cf9176b72109375e6c625d44cd03a8574770c07f3af

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\AlternateServices.bin

Filesize
7KB

MD5
5f55c70cb1238f14814098676fc6fbb0

SHA1
d9d61de2be647a9469d43ce435fa56015c3458c6

SHA256
89e45c32a210b138c6f5d7e13640338f1275f0309ebbe476bffc128dcbf0bab0

SHA512
89db192678611f6bbdd467b71a2fc2e54566b37bfd8ffdba281eff9472348255c5f2167cd46115b5dfbcf81925c74dd9e7c979bf6a76caedbf0830e9c8ae194d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6872bf0a184262c4a7683f2dace511ca

SHA1
8a5ca4891e8d1acbaaaf0f7c12105a3b7c205894

SHA256
589ad1f2be6bb8672d6ef6d4574d3367405562f18fd537d0b377565d27b0f29f

SHA512
b874edb54c33af353fefca25ef7d334c4341d282ec2eaacbf42c9141f7aeb1299c4411da0ba437a59578c579f4b9d4b36a4e12ffad38de621c62d89c0f0b80b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
bca47c9ac5b6f5aec45efa9c44821603

SHA1
4f160aa3750437dcc1619bf06aa6e821c0412544

SHA256
8e1d471833d9417b3a34ab613b61032c6c22e0b4c63b8170ca86e7de6ae9eb0b

SHA512
119bf8cc5d79188d50a687d0ab09a459d7a241b542120065b0315d9699d8cd098224749553a88f3e7b3153fad5f5e269a5922c2b278626a1eb2dccdbd75e5572

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
16KB

MD5
8a5db2b48c2412ca539bf6c4e0b1f0f2

SHA1
2146261eec96b08eb5e8e26b19ee219155157c79

SHA256
d0b7a84feb89cf4edf704046945e4661b77884015c769ceccbddd4469f615681

SHA512
4135650f93c306ec078caba728b30ca724d138dbf4fde23661a8c6083f89d22314d0d43b73590a5098d09480b81c954e27cdf28b5f980232fcba853acbcf161c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\64346512-2fe0-4190-b22e-209d0bab1313

Filesize
982B

MD5
a3ba42a2c76f54cfd7ebf0bc3ca21a33

SHA1
65b9cc875949e7620ddc58ca2480ad65126b0e2d

SHA256
19b0553c6572bef530cf010a6efc9b8c498d981e0fb4d3018d2e00292ddd8f08

SHA512
69ab5a9792d9afab972441c1fc4669e4143c07e33b3fde9da27ef8eec1ba1aa11bf9d92f7d85a905b22e816205d897e998de4b3ea464a2671d8a4241c47b9100

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\689ba262-8749-46fe-96b1-68d0dca57973

Filesize
24KB

MD5
b5447042fb6c3c1253dd24aabeb4e244

SHA1
03a68472000f847b0e27f94ef8bca7ee9744a8a0

SHA256
11e0fc0e782669ba6781a96241b92bc81b509875348c0c28375fc80e8eec6ce8

SHA512
f3de0711ed2d25deca0a43795f1693e407f7f41fbae64d2ed075cb66344dc85c8ceec14f0bcc2db45e5a07aba2cc094d5e65bd502be34c8c7ea04b62a5562365

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\datareporting\glean\pending_pings\dd92c6f1-f1a9-4776-b46c-6c9d95a66d71

Filesize
671B

MD5
c44fc3285cba88f1513d90a54b5c2361

SHA1
ac1f961405ac569f31895aaf512fb89bfe86dd3f

SHA256
8fdc47846b35c87efb4d62a22a9505743d9a1cb872ff66ef1c98df22916b44c1

SHA512
1a4861b739eca90b4c48703565673490086fe47455048ee749d92824debd2388d46d03817c2eb9029125c96cf698dde1f44581217e12db46b66419fa39367e53

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs-1.js

Filesize
13KB

MD5
30fcd715672d7f93611364b4d5c54c30

SHA1
bb762d0028bd9d4accabb3a9b23670479d3ae04b

SHA256
2eb842dde527adabd0453ce196e530fe583baa69f40c3489c3fdbb95911e0b3d

SHA512
cb2a704b08095f584d46891554aa9c2ae90efb3dd9db3e9049aa89585e289becbaafd8907de7ab557db4bd9e23cfb2be649d5a2cd39db0ef388b5c427f6a80be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
8KB

MD5
8c6e6afc5ab44bc13cd5769a021bea1d

SHA1
459b42d20129c677dc5fb52c7c4805b03f0bf6e0

SHA256
5952855c5179313abca3257a4f34b3baf332ef246bfeabe5850d4ef614870b68

SHA512
71955a33d67011f2db514af079ee4563fa3931723c73c858b2b8072cb691674e1c43b3864f7ef735f6bbe214d8b441e32d085a5317811cb60fd80108d15f9251

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\prefs.js

Filesize
10KB

MD5
adfc7360e5989f1e3a005c592888e12f

SHA1
c524caba0b8fd6c6f9dad48e2c00e937030d330a

SHA256
7b6136461fb72b553d11fe94dba4ea6c5b8ddd3dac64b80a10e71b33afbc0fdd

SHA512
22770d8775f52461d409e75c2e3fab565c4565635e69d19c4a827fed9e8ef4b396bec30716ba573f13e935579bf176fdd79d375cf53dbe381fbae08858190cab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
5e290a0ca3a4b06bbd5c16bcbc286c19

SHA1
77291afc2a0d86de1e71308477ddbef6ddbcc5ab

SHA256
86598209a53579dde404549f17de3b58e4fb6734eb602a4bbcc50f109df36e46

SHA512
57af4dbdcb1710bdc3b3a9d54eee8674ca376be1095454d64a9357d74fc1e471ba41f46682ef6dbe86430c049a1f189b18d8208d74f05d4e32f73f89d6fab95a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
891f1b77ef4c3fbec09bf51cd28ac145

SHA1
4e8c37cde81d1ce22ceeed98bbbc5fe145554891

SHA256
7e317138d87af1b48aa3f9ade90b13fe8d45a0470fce7fc93cc6c0a5d10281f5

SHA512
ecdf2f19b0ad032677611ec838a11f9f8d774d98279dc0b1a63da7a25de8c4b2aca06a8f82f4ab9624524befba5579a7a45dce086ed41b3142ba09b1632e8eec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
fc05f7c142217dfcaa06afff24a1eb74

SHA1
bf1bc3f827f57020808d1fa7a86a2db6a1831f54

SHA256
8379860e6bb01c9ee90fc931134fb475ee920ee9ea5689feb935a398d49ead10

SHA512
33f24a1e86f0df0e1f9403afab45a5bc8e060812cbec85c5a4b2c190c72b3d469a3474e41d3d8c5a0e5509ca02c4839767a8480592493a562be550098cd97474

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
6ebd31b6e9c349082a6364c998c7ab45

SHA1
ae22c93909270f75704741c4e79482c733f286bf

SHA256
a4cc0fd36c4f3f19e50d05994e4cbf68206b4a4da287df8e2b8ddabcc2d09f7e

SHA512
070825285f0f0b5d961a08f26edfe6395764290864fb3424ae9e3eaf5197e81d17eff6aaa95990abc345d626e755b1a70079dfc0317f116b597f97d23cadcf37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\sessionstore-backups\recovery.baklz4

Filesize
2KB

MD5
ef1ca3b931a3bbc42917354cfeb1ace9

SHA1
16df9636e62f8da3d3ec70aecd494d8d68a2b4a7

SHA256
1d51c35ca4f00d9fe930bb7cf23e4eeb30d52015039e05082d9358402320991d

SHA512
47065177869ffd56e02bd412bb6dc8ec2e60097cb11028b4faf9ffaf1a10fb5615127cef295413ede72644f087e87ea84536e343f1eef949806cb96da127f5de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\pz5zwzp5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
984KB

MD5
6c2a5a57615aa56a8ca85861d6eefae8

SHA1
5c33340f6fb126f67b5db0deaec4127f9b14f162

SHA256
b998d0e744b5b216caa10dab7273b3ef302af89d5f67339bf146f2331d955eb2

SHA512
1547cd06e5c7ea29b8ac89fb71e575b0ad16dd02b2dba342e24ade1b4ccea48e2270c4a4dab726c16dce0d854c9db298ab6bb85ae2126cb05c9f097638a5165a

Download Submit