hxxps://x[.]com

Analysis

max time kernel
951s
max time network
1054s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 01:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://x.com

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe
Token: SeDebugPrivilege	3428	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3428	firefox.exe
3428	firefox.exe
3428	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3428	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 4520 wrote to memory of 3428	4520	firefox.exe	92
PID 3428 wrote to memory of 180	3428	firefox.exe	93
PID 3428 wrote to memory of 180	3428	firefox.exe	93
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3896	3428	firefox.exe	94
PID 3428 wrote to memory of 3432	3428	firefox.exe	95
PID 3428 wrote to memory of 3432	3428	firefox.exe	95
PID 3428 wrote to memory of 3432	3428	firefox.exe	95

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://x.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://x.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.0.872035696\1205852804" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1880 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2b16c891-21da-47cb-aa08-63e641825d9d} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 1980 20214ef2158 gpu
    3⤵
    PID:180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.1.1486512340\1032542012" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21565 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6dae5023-353a-4ec4-bd5d-6f351c9dc335} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 2404 20214dfb558 socket
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.2.201819636\1925567231" -childID 1 -isForBrowser -prefsHandle 3268 -prefMapHandle 3264 -prefsLen 21668 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f9c9cc4-0c57-49b4-9f0d-e5ce0086c2e1} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 3280 20218e3db58 tab
    3⤵
    PID:3432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.3.1426608403\2005075307" -childID 2 -isForBrowser -prefsHandle 4112 -prefMapHandle 4068 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9d7edbd-9a0e-425a-8052-760fae19b199} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 4124 2021a36ab58 tab
    3⤵
    PID:4776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.4.413302488\491955508" -childID 3 -isForBrowser -prefsHandle 4640 -prefMapHandle 4636 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccb45225-46d7-4c17-af9d-048805fc610c} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 4648 2021b266258 tab
    3⤵
    PID:2168
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.5.818447854\2061881296" -childID 4 -isForBrowser -prefsHandle 4656 -prefMapHandle 4652 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {beac1702-11dd-45eb-b894-faa913a360fd} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 4668 2021b269558 tab
    3⤵
    PID:4444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.6.161768770\527533052" -childID 5 -isForBrowser -prefsHandle 4892 -prefMapHandle 4972 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2a2b2fd-9691-4718-bd52-d112f10e4fae} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 5072 2021b268058 tab
    3⤵
    PID:1688
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.7.2069048739\545663298" -childID 6 -isForBrowser -prefsHandle 3332 -prefMapHandle 3344 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ebfcb64-ea16-4294-8e27-95dda4b4f495} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 3380 2021a226858 tab
    3⤵
    PID:3932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3428.8.2032320162\95641372" -childID 7 -isForBrowser -prefsHandle 5696 -prefMapHandle 5536 -prefsLen 26649 -prefMapSize 233444 -jsInitHandle 1428 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1587fe0-c20a-4eba-b428-edc490cf5802} 3428 "\\.\pipe\gecko-crash-server-pipe.3428" 5704 20219e97b58 tab
    3⤵
    PID:5604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4036 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3660 --field-trial-handle=2676,i,447940133669489189,1353734109898858672,262144 --variations-seed-version /prefetch:8
1⤵
PID:5568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
9KB

MD5
2f5b49f950b4ebd72382fa92b70e5b87

SHA1
6ba8f2d641e39e4518ae67a6916bc37e2c21f0c9

SHA256
562ad7df0889e94429edf44a26d3ab81065e6a920aeb71fce887d87573e15065

SHA512
24137f4cdbbbcf23ff14e5dd2e5bbdc347c8980f5d5b1b734a6db3dc70d2acc5d3c5b6902d32c7f223d405cf04786061b49d9eebbdd55736a3f5e07ce2ab8c4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\SiteSecurityServiceState.txt

Filesize
607B

MD5
2e01836fccbdeeb26a12223ea5c3e36a

SHA1
277fcb7aa5200e48e80b5c56143450e31a1e146e

SHA256
29231b1fb261e0d9bd819fa9800d27955966abb9bdf37ac9de5b7aaee4834da9

SHA512
1f026d8ea7c36ffc53093f80eb55f91b9b1a172fc05dadcb342f602baeea1e32974855711372a9976582422ea21eece1cb85a8ca57074692749ef9a4117a3097

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
eefc565b30b1f565871b93b959013afa

SHA1
5d8aad289d0896a37e2797607071f32118363bd5

SHA256
9b2c48678582b72ec0a97b0420841792ffda6e7c9f2da1b01c119d4e55360400

SHA512
5c0376446b65bea560c246677c470f72a4132bc68ba9b0f93bf3b98ef07734345160215b9e8d22b8a5423ffdcb90c56c65d2877b36e229c47e46139259019077

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\bookmarkbackups\bookmarks-2024-05-10_11_8isp+gHyP3QyHg7eXV012w==.jsonlz4

Filesize
950B

MD5
4f250385aeaa84a357a344af5ad6354a

SHA1
4f1ca11ca083ed02b315c489223a20017a6ecbc4

SHA256
1496d4f20935c304d2e661264713fb152b1558850d404b59353a09e7f830c264

SHA512
16e9f6c632ecb3f96663d06f567445f294a0195a922e9e2105893550fba609767602cbaa87dd5380c5888274d7988b25e937335f58200e91db9cce6cc375c0e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
c834e3a155ee5dc8456810a751da4745

SHA1
b12e8a3f208d1783ab8534134e33665177ae945d

SHA256
256c34963ad3292570d6ed76fdf5cee6639c3d23b64f02f517aee7e7ca9c3e33

SHA512
daf7d26c712a2502b34b1855a102579fef87de0572cc74c5a1a3c11ed6a2de2a1946bd437226fc3452c1dc46598ba0c41f1ca5db0531de7dfb635960430480f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\14ef6098-43bc-4c79-aa1e-97da9da4c759

Filesize
734B

MD5
4c9167dd4dd8de91c59887719065c39c

SHA1
3551403a456cec64c62d1d7737e3bd3bf7fe361d

SHA256
634d48847d8be847a19109755cdbb8166bdc94af85ac69abc8eec9453214e1a4

SHA512
f9aabf4731573b2b293b4a5b113d7d729d926d60c3f4663272a28b59482cbf9afc9a4522034d601d549fab3e81e3ae94f24125de4e64bec11380e3fd27dcea06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
8d86594dac2aca167d49284dfc8c8cdc

SHA1
1023fc6c5b0aba3c92a4e6999e6dd599df775e57

SHA256
ef3d2be37a18870b3b300a7fa7ae966d1bf358bc30e6f4496dec06e329349764

SHA512
4699a52ab79b2326f0a61f580e9c58e529be826e3aa4f820ec17a9e5e86be94e6075e467e7faf153a2e68179066021f8837a202d5582d8fd9ce68515df9158db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
b3eb3ac3f8c40e8a3fc05397750272ab

SHA1
b185b93dbecb9207f69375b7e87ddabc49ab232c

SHA256
15c253c4523b70e19d8a9da45865a2e45faeaf927d4bb5f6edebebdc49f3ce58

SHA512
afdd7cd6bca6729c5fccdb73ddae04f88ecc607bbd93ad9358c5918287fee9c69710265a986419111d297ee9cb0da6058580667a816735493832d98a4395a3ce

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
02a554c58147b56f0e27cbbb7de5e6a2

SHA1
1303d329745a2134e3cebc7aafad5124b81604de

SHA256
ea8b7f99296f346a34b234496feb8a42bf3965276bd8694c0bf4c0b0de29d52d

SHA512
3e5915154bce3723f1794c5a8234480157c8aa965ab8de92b2cde2b32e3946a1d57f420a5a7ff1c5aec0605112cd42f6363c34e242e58aa6267b5045b3f4538c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
28bb354a65c6686f284bca940d88b415

SHA1
65224ad322d5dd930d92bb20b63b0b4d2088127e

SHA256
de24938a5378d495893b3179b5ff791c646445f39a654818d946999077544268

SHA512
69ab13903e6d8d3e0d3f8566dc0ab57ace68ad48950186391c8f790e2c3b4bdbab75389ad67408e053373d9ca528c8d5e8f9f81723546e3b1205f6692633635c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
0fb377278543c9b2a4dbbf9603551ace

SHA1
de0389aec23cb86585478f8e3b9e90ea6e4191bd

SHA256
003b4765e4e9ffd7cb20f9eb096906091513afb3be3ad212dac2d6873b8b4794

SHA512
5da3f6b8763c2584166843450191973fd46dc98e711d7f8adcf2729756816bca3ad0fc32898291c86c92a9adf8620695f401654bb9d18a75c990a2cb4f4b8c00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
87497872f001de25303121e99971e839

SHA1
596844684ccca6a9540081189f753aa604ab6365

SHA256
8a195b9e434eb25ee25432533bc615c9c4678868b9702594366c5b0c88c6cef7

SHA512
8a0b4b4e603e17e17595929579787e812d1b71ffe30d58be3dfa0b8fb1fb462d351ee64fc82daad8a96a628bb5dbbd227ea1eea535b1c28b09a5f637f83f79b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
57ec46a1e75c74bc0d9250df5225b46c

SHA1
c2d01d0e661c969865980ad1faa7be1cb299a8d1

SHA256
eecda1e592241600cb3b7826f0966201d026d5da69f9c4bf91686e77ec00cac5

SHA512
567354d807ceb8bcb50fea8f1a6aa48f08b4db7ea0ef9c60f4338060b32e43bdfb74f2ddc96b3702916f779ea00910dd2aca79d3deb7dbc82b6d946f027db6a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
426e7f8fc66b89265e75ef8a2f213344

SHA1
55ac89f3ffcfb445d397c313299b4a2a63a2416c

SHA256
c55156f6c7e8c6f0eebc6d9c89d5aac2780b78281653f7456a936eb414664c66

SHA512
bc386c80c4cb38bb4ca1872af327bad203637b2b57cf4e26f920f1ef76a80f415bd123cfed5a61e8956db99c27dbe1826118a89e6348a0be315be20b3e2d4602

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
2aa555dae2b7027ff36c3f897e92c006

SHA1
c7f21ace1975e4b1b0435a29c594c6a9cd7ec74b

SHA256
db58513535b03e7fd45ff00a90512bd6c1fe335bb9a8bf9be6f55138769cf2a2

SHA512
b2f74e66ecd56cfeadca4ad24cd97439ebc26aa1d2234c2f846acd224fb3518be1b6378e41d51b47219ff49894d1f73502c2b3e5c9dc9b0cd34bfebf443d3980

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
82c560b5d3d770ac6791b63bddf20221

SHA1
c114fc5b33247f8f14f652c0e05a8c997a827f7a

SHA256
2155dbedec9a371bcf3585d66b244d777f95ade823c17e472256781a418b069d

SHA512
3662c0a95750263204d3bd2da42981d8c992c80c1873d4aaeb21d7ea19485f845d6046c585d44b3953ac845971f805a8ad467335884ca2fe310c815e8a1aafc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
a913d2e34046c4a21f2fe06f5391f9ff

SHA1
4258fe05caf1f01dd6be306af5d9f2d04cc615d2

SHA256
512d51cbe9bf50c673e1b433609ac295ee72ed2ecacb200cfdd779388edfa121

SHA512
b7f942ea04bf53c87398278ac77d0a615f3d8f5d78e56a28c995ded91dd3c977043f32751d91a8e3566480dfec7c81985ca50ac744a776299f5c8ab0eb1c3cf8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
882276598f19cadea6f789350361ac46

SHA1
769acaa36b1e88e7bbb6a5f897ee6e39096f456f

SHA256
93c8841176d1fa606cbcffd9ea8b90b39fe24be24136b66de022ae3c6c249edd

SHA512
adb1815fd3352829a635ac01e0ba1ef8a420506017f1658cd0a62e890b3e3422b13c3c7f7800b3afc7efa03b769f57d5b88c5d713b6850a0aab00fa682bf500f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
dab098a10edc90b5fa9a566fcd358df7

SHA1
0c9f874bcaaf68241843717331d38d1b6b6bb29d

SHA256
dfbcdee6acd3156528c1142e5f3b6fd74c53838aa2d2c7eb93b374f3f235b8bc

SHA512
100089264770f8fd1d8a745612e6aa01447dc9d84e6851137ea975db33da272a5cf2ac68cfe1fb8996af473805bc48b63be75a8f3ef7fa5d1c7677c018056960

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
b7a1c1899d6978bc28e7252a9e7b9d67

SHA1
2b136cf6c07e5635168310e3348c62ac6b3e9fa5

SHA256
384da7e36af90564a147b6f633282af174972c91b9a29a8a3a6d358d809f2813

SHA512
303f8718d12a0a12fc1b232d8019f25f809315e305736245d9e812e10f3399ba1d2f08c251de34cebaad11f7ebc62c54605763a90ac785da1c920e95e1c1da7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
b961e7bb1730c5f57f727bb20db37094

SHA1
67d13906116a17aec43ae70405be79c0de04d1ad

SHA256
457783c0868b6078acb4be0991eb4b1e9e890c0007fd5c7c667ffa7cb66c017c

SHA512
3ee073f4f9b4516818cd1cd9aab70d25de5dd59cdddd6e4a0f7022b7a514dadf90291cafbe659caa2fe57e03d23e2dad4487c142ef72411e4d917008a10264d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\targeting.snapshot.json

Filesize
3KB

MD5
33052f117ff9b7fe66dccd589653814c

SHA1
e804fb3b383bea9d7f20b5dd9a3c84a0cbc8dcb8

SHA256
963bc141891c273914cbe1fe9cf6239eebe3d6d2a5722df93ae54225cb8654d1

SHA512
d68756cd6ccfa00159c413f5e326036fc56111d85cf0b9b79fc8d79a466c143b0ddb701aab04e4b380d6743798b63e63a418fbc0a5db659e2b6f1d9dae465784

Download Submit