hxxp://lunacy3[.]com

Analysis

max time kernel
913s
max time network
923s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02/08/2024, 11:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://lunacy3.com

Score

9^/10

credential_access discovery stealer

Malware Config

Signatures

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3968772205-1713802336-1776639840-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3476	firefox.exe
Token: SeDebugPrivilege	3476	firefox.exe
Token: SeDebugPrivilege	3476	firefox.exe
Token: SeDebugPrivilege	3476	firefox.exe
Token: SeDebugPrivilege	3476	firefox.exe
Token: SeDebugPrivilege	3476	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3476	firefox.exe
3476	firefox.exe
3476	firefox.exe
3476	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3476	firefox.exe
3476	firefox.exe
3476	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3476	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3052 wrote to memory of 3476	3052	firefox.exe	73
PID 3476 wrote to memory of 192	3476	firefox.exe	74
PID 3476 wrote to memory of 192	3476	firefox.exe	74
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 752	3476	firefox.exe	75
PID 3476 wrote to memory of 1268	3476	firefox.exe	76
PID 3476 wrote to memory of 1268	3476	firefox.exe	76
PID 3476 wrote to memory of 1268	3476	firefox.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://lunacy3.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://lunacy3.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.0.1694671729\972359590" -parentBuildID 20221007134813 -prefsHandle 1716 -prefMapHandle 1708 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9c4d5d6-36ee-4493-899d-c8bb85a8f6f1} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 1796 2add4ef5558 gpu
    3⤵
    PID:192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.1.675742780\432817017" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2156 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6696d64c-feee-4636-afd2-bf6eed394eab} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 2172 2add4dfce58 socket
    3⤵
    PID:752
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.2.314706656\2000689814" -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 2912 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3b90cf8-9532-4484-9fb9-6e4f5b6d397c} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 2804 2add8dd3658 tab
    3⤵
    PID:1268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.3.1359584450\542108058" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3464 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {88dafc31-c844-41ac-8713-252a9a377b56} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 3476 2adc2a6e558 tab
    3⤵
    PID:784
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.4.1712886249\1315245616" -childID 3 -isForBrowser -prefsHandle 4852 -prefMapHandle 4268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cc152dd-47ae-4ed2-ac14-f0ed1f0e4322} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 4860 2adda2e5258 tab
    3⤵
    PID:1568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.5.1583722954\1323315154" -childID 4 -isForBrowser -prefsHandle 5012 -prefMapHandle 5016 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {db43c943-be68-40ae-abe9-ff2becbfff0a} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 5004 2addb5c0e58 tab
    3⤵
    PID:1004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.6.1485851614\1557447730" -childID 5 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f5e6ea5-32c9-4f0f-acbd-b735544300c8} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 5184 2addb5be458 tab
    3⤵
    PID:308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.7.1804064592\70770106" -parentBuildID 20221007134813 -prefsHandle 4136 -prefMapHandle 4404 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63d57673-e9dd-49cb-92b1-7f56d75faa85} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 4528 2addb47c758 rdd
    3⤵
    PID:1252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.8.911519356\1556157118" -childID 6 -isForBrowser -prefsHandle 4268 -prefMapHandle 2816 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5485801-e718-4d57-834d-f7be463ca751} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 5428 2add9074e58 tab
    3⤵
    PID:3320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3476.9.1978756847\1497564121" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 5596 -prefMapHandle 5652 -prefsLen 26249 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {162fd7e8-69cf-4003-bfaa-3852a748ec64} 3476 "\\.\pipe\gecko-crash-server-pipe.3476" 5640 2addc40bd58 utility
    3⤵
    PID:164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\doomed\3467

Filesize
15KB

MD5
8b479070c4d941ff53556b28cb9d0bd1

SHA1
06e5d1a174f9169a44f7a413e8061a98ad8f976f

SHA256
ea9ade8fecf74d297074dff9559424bd8ea0869bb6ce78f3f8ab738a8b2ded5e

SHA512
2fba29600887b2bed2274e750b72cb73fd46c59c57497380db1f380886c1f073518925d79240a2fd8136a1582e6c45078f6500fb27af363bc999f9cf308d6928

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\c5nsco79.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
0d96e2d31861f053595f19c3a33be15c

SHA1
9c1be79cb7ce5e42d38384063340da0067200183

SHA256
191a41ead475b2573d6e3f603f211b41029143d56633028b9a30054930852ff1

SHA512
180521e751e042d84c59f2616a35db22c539aa09d9e067c27c6d5a265e351f188c56acbf16e86404df56ea39b1c1975d5dee8aaa71ad91a500dee4854ce4c2c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
245a7e209d61be8030d6e7fd2afebe1c

SHA1
a9f0cc05d10512e00a64462fef9672f95ac689f9

SHA256
2eaa5d21b69c9159fa24114f4fde4a0372a567ca9c938871eb5749147e28fcad

SHA512
e9ee035ca3b0918f2341b6167761a865c9189b20ccc86efcccbfdfacbfbf13dd0ddcade8b2c8a19413ffbd54b88ab23d6332732bda2c12cd970a7163610cb193

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\AlternateServices.txt

Filesize
643B

MD5
e26cde18c48bd6e8cd5b42d5d3f73dc7

SHA1
dad2b089fa0b569c826266572a5a503714e5640a

SHA256
fc36bb7997cce912291eb4dda665d2e830681e52d67623a501bcec1395817693

SHA512
1d2a71fd30999b5fc2bb991b0ceccf0af70a3e576dafd3e9ef34ccb5285738a69d6a614150fac0ae124ebf8fdc0932b70f8b6500a17f50a34385fc39a4f16fac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\SiteSecurityServiceState.txt

Filesize
372B

MD5
12bcbaef81f7796ea86f6a44e6a1499f

SHA1
39e28a1ccece2c89c2245805634430f9148698a7

SHA256
6cbcbb34dceeff9b9c5eae5a2e9412263cbf1f2b6b87e04d96a6c08dedb21a07

SHA512
97175ec16b0996d48d39c15a9aa456d56aa9d367ee955a798eae50ee275da365b985fa0f90d58b524be5ce6db876244900627a8cd7c079f909975a7bbeb09772

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\bookmarkbackups\bookmarks-2024-08-02_11_ScpUM-Ibb5LR1l4-7-Og+g==.jsonlz4

Filesize
950B

MD5
708d579bb783ed9e58c4e87173aa5028

SHA1
54dcdeb367c15a06aa620df1559de185668992a5

SHA256
3f7fa0f3a61236b17951ef95bd63347281c40abbbcce937e8fc787d31c8faa28

SHA512
1c7f8b921e5f32d67b1150e24092ab800ca4939993832cc46f43638bdcce380da1e74b44aa2f368a74e5ae29b76ca1e3a20b837517a4f0464b7af53098772e95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\broadcast-listeners.json

Filesize
216B

MD5
d4b8e34b58ebd15a30adeeb63456c229

SHA1
2aee46bfa6f2cd29affe797912929a28fae7daba

SHA256
dfda3c43452cfa523551227a9ee9913431bed32aa5d870b3cb89291c77876d14

SHA512
102c70acf2e0e9e7814472dde01881939bf57b9915500e55982ac2644c521385d7b9477ac6accc034ef7c41df927603b14bd19dd426de2ccb8a63359cecbdbdf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f6fc7e3066114e37b4396b25297fa2d7

SHA1
3903be9ba7376f3dba2d3d370912da446bddae71

SHA256
4b91f2bee83e2f4c8d12a0ac1300c2fda3c1add89ff1427bff5daf973f8c9949

SHA512
1d2c993a2a0d29cec6921745612be5d7fd069fc55e4d2f902702fa0d9682fab9244eda44bf792f0063d28c8451ce91bf0a64512f090e12bef4fb7737650efa3f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\88e40007-da41-423c-ad7f-4ec9a9f9a5c0

Filesize
9KB

MD5
5ddfef32d20607427fbb994a963a5371

SHA1
a9ac345eebd5c5f87190884a98a5b0ca30764e82

SHA256
e68a9db49eeaf78d65819d6a00f1206a362dc51e89fbb5e330f1c50ad573d532

SHA512
ef122866afbdad48d73f8f013fb52e94a5609d2be91451d84d070f5595be316de05689562842ac94e09febe0df398f4a20e77fc8ba37d48603bd08dc916a983e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\datareporting\glean\pending_pings\a30d0dc6-726e-4a4c-b378-56ea3f36c3cd

Filesize
746B

MD5
41d79d7d5a49b22a3c8469b5335cccad

SHA1
4f5e1c2315c573fd099fde5d3f2467e7215b95ea

SHA256
0f808cc0d33c6a9ab25b36045b1fe2b724140df5661e6a38e03ab0400d6eeee4

SHA512
ec302153f6729379ecde4e07f8241f9ec79da099562672096230928ac4e0a92657f767e05e9f93301f26f2044d9c06e6a656b09ff3fc7d81ee397f70f42d915e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\extensions.json.tmp

Filesize
34KB

MD5
f94c10d1870509e3cc14ce6580d3f0a3

SHA1
a97270c9dabe132fd5e5c07c548178d77a4c360c

SHA256
14b226590dc43d2b6687dc8dd45a966aee381d90bf5dca1bfb79988f1fa23fb6

SHA512
e252cb161c013846bdf0c0651501b2a383d8c39d0dc10c0051cd69aa18afae5318f5d0c4a37fef0ecf956d8edf97e2ca6b0f07528fce6a8db70e281f5d840860

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
10KB

MD5
a9c542cf8e4060b27c92d1f934297423

SHA1
e60795eb5ddffa233a0dc72e770cee970fab6bdc

SHA256
7e01a54d8612441c893791b9ccf142154cc0a90761225327fb0de39bc2f5f11f

SHA512
baf86630a55a067171942d01616e8d20f157d709d9fbad0ea609a024e3495d5a3979527da5965f7ff683f6c14def2a063e3ae7279c4495d1790b9a6cab9a84bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
9KB

MD5
fd86984921cafeda85802c894996fdcd

SHA1
9868caa17838ce0205bb79b6d50eae7a583798bf

SHA256
06ce313c70ae513c3d98eac8f69afe252f8b5a166229e347ff38f6751bb9f5ad

SHA512
9483d3c08fa863c67796f8b7f99672510aa7ed7140f4542fcb02f72b2ff3f7177912295ef1862542568c12c1d3292f3e728db19685711e579f0b6c7f083a68ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
10KB

MD5
2f398874adfd81e545baf937b1c0e48b

SHA1
7e72dedca12c34bb75e5f6582beae0235cbe21b2

SHA256
96ccc40e0fe7c98613c5f4cfd309219500f293f2e16398b2bdd3bf337a22e967

SHA512
b75ebe0ebf225bda4b214458d77452636b577e4cd363ba0e29cf6ab73110ae921991502f1b6e47a9b45269cf712909e4561ddda6d6885db0ad572740b335e0db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
7KB

MD5
59fe8b87dfd316889e5183529893db36

SHA1
d4616ec710488e957924f27415ace876d7a496a3

SHA256
04ee4aeb099f315b59f1e3e5f6b5b391fc7d0609147deb7103e391bc44ceb226

SHA512
85aaac34a5981608c8ba0c0082444f12b7b062e48c314ccdc37121344dab64d61cbeeea27ee9cfd3b4bb6b1084b52f105ebd39e0303863370b7979e46958ffd8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
6KB

MD5
d3030bd90fb4051da0bd6e73cbb9f966

SHA1
37bac59950ccbc71cd796a4992311c5ba0dd1bf5

SHA256
e056a379b3705adce983486a652e14d1b3077c6c3ca65cb14c86847bb93c9561

SHA512
ebed5afd8dbf0953fee3310fddca9fa3604d559620e41f8cb01cae6bb0340011a39776f8e9a598800788423b0984cac498aecada1d4707cba00099da0329b5b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
10KB

MD5
05727798bc7c89fb8a5ae1c517dc6ef2

SHA1
964b8bd5158dd23e3a940a42318b2bcf48aee68b

SHA256
1c582c5cc2f1b745a0d70ff62224ee5290da2067ecb747516ed597ef21d66c3e

SHA512
8dcac1ba53e749cb0fa7de233f4fc49180c5d37ed6accf64846d8ced2320a094db4fdbf603e2a1fd0bb7d774d9d37eac0b3d4e45a9dfe60c373d87b64e7eae71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
10KB

MD5
c8af4d4bcbedc501d859500c16aae879

SHA1
a6f4e0ce23f6e3da02d9e39ed80a5c5656839080

SHA256
2c1bd7b9f480bfc02a3a046aa69142579ef0f0de225b3649a72075667e6d7b62

SHA512
3628444cce658134872aa7be3b24d522ce1db5c4fad2b9fecc4607645f0b9966013a50a1db5bccff3e74db43654751ce9e71cbbbf13f29591d7ff7007698d155

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs-1.js

Filesize
10KB

MD5
6e5cea518d156614967603ee249a8b66

SHA1
ed8feec13748a6c776b801b887ea8b62dc768691

SHA256
854116b46b1e9e9635ab171045352aa3821f08b0e1c142a633823569f84d3b8f

SHA512
babd09bbd05664fd7247061fe2e4a7dc4a9049a6915db9e8a5b27473caefff298208d783fd1a1a7236ab0c180701f3bbdf4608e0cf1d8de312728c45ea28aa75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

Filesize
6KB

MD5
352ec8be169124dd066f726da82d15be

SHA1
edfc970f44ccda63ae48af881f8f3b04c674a5db

SHA256
b8bd3fe47f961c345255c85ac94502981ab591a219b64df5de59ac2d42d5a833

SHA512
750fb459cc4ead2ebcd8ec4cda946a5d21e967ea8c36629a26a0da1a1cb8f72e8cc7f2622e4c7672ff58df41a6be4fe902436bd80dfff81b16a23b4fc948967b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\prefs.js

Filesize
6KB

MD5
ee27903bd9466b35776881c6e9ea18d4

SHA1
967d264fa7c0e9df2c4967be6327eba2891e2da4

SHA256
b934996c759c9bb32010a62c7165260f1fb48177a91fea6b742642d5c044d00b

SHA512
58b35813a2c938e474ee0e2fb3d0f69bfa3bcc8196a202f43f4973399aff569b11b8858feaa6a7fb1b321576a1df43c8037e76266e50ad64135694eac2ae1e9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1dc7925d4b215e1a89ba505ad7998ff3

SHA1
4845744940b2efd8fdd0c102c781077021d9bbd2

SHA256
237622d577f11210b0da9596b5c3441c0d984f0f31cc0a9c4ff410f094946a4b

SHA512
5572cbefc76231ba5d8a555d6e3bd491558c96675e6331aac3f7dea299ff2e1f410910ac13bf4a98bedf361d00a637742fce5e429cb233ecae42e3505eb4b761

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.8MB

MD5
50fd51cf172741a7e2110da71c05e112

SHA1
d9696b9468f5d86cee296361471a8cd42a483348

SHA256
1e65e38cec11f23405cbc3745d6537a5b168c7904e13917c5024f97b8fee69aa

SHA512
c25ec4f0763f418059e35b3fa4a0033d5bc382b81c71216f8151ce31e3941b142b72e94f3fef2acf58446202ae5b958a02ebe1b1d50fd84a78d74fc962acfb22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.6MB

MD5
be74b77b80a38a8f22e9b449863920e1

SHA1
a1be1d295941b133dc6899d19561eec33a21d713

SHA256
50577797faf1e155959fb4663b0a85a26922e19845870c359a26ae57072a5209

SHA512
410d5678aaf74a73e9a45034f400858950f404d7923a66034b04e3fa6477c2fc1bb175682f447e887c34ff8ec83b113962504883a73246b445148cab734a30f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
f72c2c8a738f1bdd4a5e24326ff248df

SHA1
d60277881f6b36509d709948fcf7ed3ec3da74a6

SHA256
06575a0a693c9e0f265fcf03ee5b6ced4dd922ac999f5d767a9a7d92fb199082

SHA512
7fa2cc3e4f6e6f9c77fc12e188a0ef4e5dfd9079e1ddd2d689669513bd2e512136ac4485b34aa0ed8587c8cd519572d31eb2496b4091e229b6c339bf25c27d6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\c5nsco79.default-release\targeting.snapshot.json

Filesize
3KB

MD5
f67438570c39a15f15e4820e8e4ddfe0

SHA1
76cfac912e09f18c11d02c0b07c41ca331c88381

SHA256
7809290f3a3a40594574367d368c530a6a95b445da7d16a79bf4bcf99b58c547

SHA512
ec14ff3300c9246b78695f93b34cf420bf3a040769d588deddd83bfb91c99e7da574ad394e9bd392dd913f72d0d7820ec49dc2e26ac5218466aad750e915eea1

Download Submit