56971fa5d09acc74a2bffa88c4f65ea55623d617cdf0e09c61bca65d5d4744a3

Resubmissions

23-05-2024 04:38

240523-e9sywseb42 3

23-05-2024 04:34

240523-e7j8zaea73 3

23-05-2024 04:34

240523-e7apjaea65 1

22-05-2024 23:32

240522-3jpesadc6v 5

Analysis

max time kernel
149s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-1.html
Size

10KB
MD5

5403ffd1d2b7a8065f74987f024096ef
SHA1

f89a6f847db71a21da4e3684a71c10656bf94484
SHA256

b8a16118d9b42f09320223adece6320973035c655e51fb51bcdf08c4ea02fcdb
SHA512

155b8d5386e599f736c2ee316c323118d679706f49bf03ef7da208f984934c6bb9c966ed329ff8c1d1723596e727ca2405c685ef71db9ef1658538103d44cb99
SSDEEP

192:DXJzNS6LCSrkqdhCKwIdcxmKktCzYgT9f:nKIdcxm+YkJ

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 2396 firefox.exe
Token: SeDebugPrivilege 2396 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

2396 firefox.exe
2396 firefox.exe
2396 firefox.exe
2396 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

2396 firefox.exe
2396 firefox.exe
2396 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	2396	firefox.exe
Token: SeDebugPrivilege	2396	firefox.exe

pid	process
2396	firefox.exe
2396	firefox.exe
2396	firefox.exe
2396	firefox.exe

pid	process
2396	firefox.exe
2396	firefox.exe
2396	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2228 wrote to memory of 2396	2228	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2616	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2616	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2616	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2644	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2700	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2700	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2700	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2700	2396	firefox.exe	firefox.exe
PID 2396 wrote to memory of 2700	2396	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\email-html-1.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\email-html-1.html
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2396

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.0.1743419029\2052570643" -parentBuildID 20221007134813 -prefsHandle 1196 -prefMapHandle 1180 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2df61d54-41d0-4ce5-ac68-62c4e4796d8d} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 1312 108f8758 gpu
3⤵
PID:2616

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.1.1804260971\544020438" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f639c100-b492-43d7-93cf-268cd7b8c848} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 1520 43cbe58 socket
3⤵
PID:2644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.2.900352627\1754839375" -childID 1 -isForBrowser -prefsHandle 2068 -prefMapHandle 2064 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 684 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c37c04fe-2f60-44d4-9ab0-c33a59f4a7e6} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 2080 19e89a58 tab
3⤵
PID:2700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.3.1916609781\2042167939" -childID 2 -isForBrowser -prefsHandle 2472 -prefMapHandle 2468 -prefsLen 26046 -prefMapSize 233444 -jsInitHandle 684 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {24a27e03-df6e-4276-a1c4-b581e8c75fec} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 2484 e61658 tab
3⤵
PID:2440

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.4.1356664271\1742713265" -childID 3 -isForBrowser -prefsHandle 3708 -prefMapHandle 3596 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 684 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e169470-48cb-474d-b0a1-9aaa76516f65} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 3728 19e63258 tab
3⤵
PID:868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.5.320088853\530970183" -childID 4 -isForBrowser -prefsHandle 3836 -prefMapHandle 3840 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 684 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {61c745f9-0651-43eb-a8a9-c0ea13fd61be} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 3824 19e65c58 tab
3⤵
PID:568

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2396.6.570119481\1267674562" -childID 5 -isForBrowser -prefsHandle 4000 -prefMapHandle 4004 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 684 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b986d097-c3c6-4838-9ee9-ef18b296a7d5} 2396 "\\.\pipe\gecko-crash-server-pipe.2396" 3988 1fe35158 tab
3⤵
PID:924

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\F4EFE37A30D0F14C6AC03FF7949A51CBC2EBC649
Filesize
13KB

MD5
3dcba0b76793202fb0c908e3795a41a3

SHA1
01811be0aa32f1d77dc354d871874d93ed476bb0

SHA256
89037c8232b612e9574db79aea89188d4e318c3e72ae35c9a7b4b86e41106d2b

SHA512
d9a7f29a8b8aaef1d8eeab0b720fab3a30330bdfa68fe9250f310165be86b40c8e61ae055620042fe9e5940222232fdc5970dcb806acb42691bdcd71acac9099

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
Filesize
9KB

MD5
4f69577cb5835fcd2279b840447206c4

SHA1
a60bf200e12474083a6ea6672ec5548a233dc853

SHA256
c38375bc4871136df4ddf79d77b184da82be6c8974bc6f57731d531e57f8ed9f

SHA512
5bb989fe793cd7f06088a7da4d8057628c931fc48c8af572fc5a93a51134cb9aa10d1e95267b65c6e7341f04990c61693720a3b15e5fca98641ac5460acdfebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
ce538f3e72a99fc8970479b52e7b0908

SHA1
713d8ef86fe0c2a899544cb5e6ba600ff238b3ac

SHA256
adff6086e061d5be35764af8ce95ca302186aaee76ff2e74f6be715245e9e44d

SHA512
7d1f50d40969a142690543b809c27636c1400664ab9427e70d814853813d710e93222a89eda90825e9105db92a0b7e296554c26ce08b1c23802179e847d13c8e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\8455ecd3-6b18-4b5d-bf5f-7f1c8cd6a677
Filesize
11KB

MD5
d135a017783c8c885337c51dbd3f346f

SHA1
c3eda77045143e8861b24a831eefddf82c414c9b

SHA256
e764c08e5c1e6148c6f39688c07da5484829848747caf43b0fc7a1ed2e290070

SHA512
d639879784457d363354dfbbae789424b274b556637b6064e6e591e71bf6491443bbed262d7a09e3ed9eb7c15338d28824f753f4bfa1c50ec48d2ab67c9cc0dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\datareporting\glean\pending_pings\cb708b87-be6b-41f8-a75c-01f5b6ee8293
Filesize
745B

MD5
5e57ad51c8d04ce67c04f1a2e7d562bb

SHA1
164f5efaeba29ae298e9b926d075a9f1f06d6556

SHA256
f7947ab8134acf042ed5b8689bd2c9255451d93219b3b3281f155fca16906ca3

SHA512
71dc026f5fe72f42dbaff7c21723b3e3ec7e224ce67df1dc5c241bce5a3048aa418d7a3c7ab3f0ef359144851004cf7c8451888572572db482d6fdb280207a50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
Filesize
7KB

MD5
834fa845c03dee9b8a86b85f186bb9b7

SHA1
85851c23d33538da5493c640f10f0c2ed3266bc0

SHA256
ed78757dd79edd891128fafdb71c31a1f3b242f7a6d0f675d347d160d0b82f41

SHA512
fb72266ce3607be142d0cbd6e54ed1667db5e11f7cabb248705aeadd9dbbd9da43271ea0b47ced7feca6c6eb2ba0d28371528d83230a4158c6a40b1c25f58c5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\prefs-1.js
Filesize
6KB

MD5
e8f87a467ee4d47775a617010010665b

SHA1
115cbfc67c039996e8f90fbbb334b8db8a426285

SHA256
e19c8eee04dde3cf64734999ef2ec0250d2275f6410f0b020bb92de4e06b3078

SHA512
3e9732e7e51120f45101b700be07de3eccfaced311e31fc54ee1eeb02b7f330d7758ac9d4a9fa5ffc3ffa7f2916ba69271cd538ebcb350aeaaaa9e8e5a4e9999

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
6642958734e9b227a3963fdd76ff2bb3

SHA1
676613cc80a4e1824025a7a599395ba5ab106de4

SHA256
822a8d1df5c5481225864c83ad3d102a85a4a49d64f2bba3b5fd4e83f02548e0

SHA512
44dbb5654c11621a2b89d40ab995155de55201365c12d76d797530a9792f02a421407e6e4f657122b738ec09ad5e8bf9b332ed8741b9803fdaf5cffada14f470

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
fff27429fd7b5b59228fd4ef44055863

SHA1
230f9be98f1de0150ac1591ec426d18a75d95767

SHA256
276d271e5f3bc26b81168fa64ed02c10f8b998d6398ea34e5879d189e5ea87e0

SHA512
3c4653fd9abea42d2638bc7d5394377815ad556419e649bf311c0059aaab2dc0bf805bfc61b74249208d92df54105b15f24eedcc69a60032fdef6e130cb9cfec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
dffa2287f0cce9197984799038db14b2

SHA1
7c386ba93fed6795f4e01a414969c199370ceb59

SHA256
f57b77b424ddf2d17d492751560216cad37f16e3b010a9959ea9bf07d1873a22

SHA512
4ba8c67bfa88e8c45abc8050e6bf2ca5cb54c8d761f64e4ed44da5189a26c1024feedadcd3512f387ad3b5c9087589d44c31e4da95a35d21643b3fe8295fb727

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
087702871014ba71fc787de080b6e482

SHA1
856c400a020939c091bc3c06a34f2c54292fd6b5

SHA256
297927587fb27904572332d925adfa560eef73e3bb45a0d8cbc65e6a1cab9fe3

SHA512
6a6fe15c8ee62118dcf55bdd0f4157aa6d53d8e37c734e16febf146f74bab3ab66ac53508a1e7a57e445484fe26f8dc25d2decb2a666f2202cf5b60ca84bbd84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\u7g6zvo6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
7.9MB

MD5
5a2fbef411d13793bf94fe7f5e4e2228

SHA1
b2706feea5aebd006e82926a5a8f3f71cc7bf28b

SHA256
38b38bfaa973dbc95b8f4cc1fdbb9e21afb1df975986a49165c092f4be5e4a30

SHA512
1603026d8560d301700ba678ef067643158a93782ff0de222757942c107403efa390989163f39c0bf4bdc013f6ddc27544678c9d493726b6cb62e58bee2fef30

Download Submit