3cc1badaf474652682b537310b01a6934dcf7c3a52352746a9e492558007b950

Analysis

max time kernel
1512s
max time network
1593s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
21-08-2024 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

i.html
Size

1KB
MD5

c2f6eed73bc2a0d1d0a712d820fa16b2
SHA1

610f085de8f6d6c8c53c8e9b3c4e79cb4f04f4dc
SHA256

3cc1badaf474652682b537310b01a6934dcf7c3a52352746a9e492558007b950
SHA512

e49700ce1ee26b91067d444c0bd0aea21411c46ac07169f4251218430ac8d77232b3f9d50c9c624c2656ab00cbea048e726a4356cb6ad388784f48ca8fb46435

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2120	firefox.exe
Token: SeDebugPrivilege	2120	firefox.exe
Token: SeDebugPrivilege	2120	firefox.exe
Token: SeDebugPrivilege	2120	firefox.exe
Token: SeDebugPrivilege	2120	firefox.exe
Token: SeDebugPrivilege	2120	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2120	firefox.exe
2120	firefox.exe
2120	firefox.exe
2120	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2120	firefox.exe
2120	firefox.exe
2120	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2120	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2516 wrote to memory of 2120	2516	firefox.exe	75
PID 2120 wrote to memory of 1744	2120	firefox.exe	76
PID 2120 wrote to memory of 1744	2120	firefox.exe	76
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 1852	2120	firefox.exe	77
PID 2120 wrote to memory of 5000	2120	firefox.exe	78
PID 2120 wrote to memory of 5000	2120	firefox.exe	78
PID 2120 wrote to memory of 5000	2120	firefox.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\i.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\i.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2120
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2120.0.199028864\1325808516" -parentBuildID 20221007134813 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0a936c9-8edc-4493-aeee-710246fb15ea} 2120 "\\.\pipe\gecko-crash-server-pipe.2120" 1812 1b8526d9e58 gpu
    3⤵
    PID:1744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2120.1.1569670974\524811976" -parentBuildID 20221007134813 -prefsHandle 2176 -prefMapHandle 2172 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {455094a9-b02f-4d1d-a960-f8d5678a9ed1} 2120 "\\.\pipe\gecko-crash-server-pipe.2120" 2188 1b8525f9258 socket
    3⤵
    PID:1852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2120.2.249735333\412878595" -childID 1 -isForBrowser -prefsHandle 2812 -prefMapHandle 2808 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {609f98ba-ad06-45a3-b426-0b2e18238745} 2120 "\\.\pipe\gecko-crash-server-pipe.2120" 2784 1b8567d4758 tab
    3⤵
    PID:5000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2120.3.502975641\1122771434" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ab6970f6-b1c8-4aea-90b0-0772fba9bdcc} 2120 "\\.\pipe\gecko-crash-server-pipe.2120" 3468 1b84035f458 tab
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2120.4.250034637\1465691163" -childID 3 -isForBrowser -prefsHandle 4760 -prefMapHandle 4756 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {51e7c7fc-55c1-4969-a715-c580b7853b84} 2120 "\\.\pipe\gecko-crash-server-pipe.2120" 4768 1b857944c58 tab
    3⤵
    PID:4852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2120.5.729605429\1585768071" -childID 4 -isForBrowser -prefsHandle 4788 -prefMapHandle 4784 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {96f1b975-abbd-4d57-ba16-8ca0ae46577a} 2120 "\\.\pipe\gecko-crash-server-pipe.2120" 4668 1b859150458 tab
    3⤵
    PID:2924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2120.6.1856693254\1155100368" -childID 5 -isForBrowser -prefsHandle 5068 -prefMapHandle 5072 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1328 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e72b87e-c12c-4196-a231-76467102d604} 2120 "\\.\pipe\gecko-crash-server-pipe.2120" 4768 1b859150d58 tab
    3⤵
    PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\doomed\13613

Filesize
15KB

MD5
c90c92a212b71b146db3837c2689c09c

SHA1
cda975bee06817e850111695d5515acb47ff59f3

SHA256
5716390e21c6d1cb247d15182a8e341518175e709c757d3f36a185d6002dbcb5

SHA512
868249d538395f5572134222e398a68cc6b10b73bd8720034b98c4543fdaca592191a967d7de8acdb738a19182a74db280b9181e3d77baf4eaa452a609944196

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\E449899591A9BC91DFBA673EC0589B51E541A88B

Filesize
13KB

MD5
11bb7996edce96e8c7b0cdb8dc66f863

SHA1
d038c7e68e088e09c6aa1a8f155700f8282c8a2b

SHA256
54e394f7dca3fa1f4b7d5c6410d3afb97f730874286b0c4de286deede4d10a8f

SHA512
adc93625e9357f4011745a8a98527d00028aabbf37eda536994f064d9a8290fe617a36a32c4f78d40248c434097dc95b45c3ad1e37cf4bb3daf0495208eaf934

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
646e2272d9c08e84c59ccd46df0d4dd4

SHA1
4f311cffa48b9b99ac9203f7350ddf6dfb1cdfb7

SHA256
d2a4c43fcda6aee8669a62cc803f75ad8c4a0b6aeb346f92356d76d706a2ba54

SHA512
1460e2d91ea5d370030e4aaeee2c0d3fa29f9ac7d88583af741822d07cb7cbf2608831529ddedaafe7e6c45fc38f21fd941137836a8eb0b7684bc654c84e4520

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\bookmarkbackups\bookmarks-2024-08-21_11_ynjabA+xcPNHPZU1gEyrew==.jsonlz4

Filesize
946B

MD5
bc3030c50bf86982219a2ef0685a4342

SHA1
f5959d9850ba5f1b0e7ac71cfa35550c0dfb6c85

SHA256
5e38cdcb2dda5e8038815eb31f05ec6bf9d4db0718af6443aa4247fb70d888d6

SHA512
7970c02c7a335c3b1ae73f9363fd3282f495ddb8238947af59828eca4c52345e5ed2801e2b766b86d13f1fd784629ea86dba711711cc0760fcd579e11c0dae8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\broadcast-listeners.json

Filesize
216B

MD5
d4cbef6b538ea1b2b7f8e89a3af2adce

SHA1
eafe7fcb62669b926c86b41fe9db7d62b29c4434

SHA256
5dc378f5e7a2cb0bba0019b28a4ecb4a4e98bda9bcf83670c1e714cfce890416

SHA512
06c9b5bbaaf2111adc65d8ce913fa50c253bedfa1c8f1d1c0680d0e535dc3b547e37b7cece422f4f353aff0b714aaecac319301efb9309cd3cf8e44fdaa771c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
b92f846651edcef325efa9c867c43c90

SHA1
719b9a67a61c75cf2b459b39d39af2f25f015d89

SHA256
f19212ef7dd5e19841041cc0ab79c553d2e326f79e3b50315a286b2ee9295e01

SHA512
7e8e5ba86dc86a15163edc2562eb08204708f822164eb3b630542312c57295cb8468613f20d053add438ebc2f97fd3275cea9ad694364733a247dd1970ba20a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\23b5eadb-a386-4367-a95e-71ff214ba06e

Filesize
11KB

MD5
017529f00b8b81871733f7addcc2d774

SHA1
1a7a369141f8e50d1b879336b7f1e054d13e5d13

SHA256
5ee6e489faf3e29d49617285bfa91d399bfc38f77b8aa8970413fe438eb50a13

SHA512
d4e5f32bb019e40dba30d9beead7fbcc3d84b95b6743fa18bf9dd11778d647c62b3752169c97414b03599b34bc7af9d90d6de481e09453713f033d219115c745

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\a95b9943-548c-492b-88bf-93513aed97b3

Filesize
746B

MD5
f3d970e528f3d63990b5ea4fda4a48c1

SHA1
a7418cf443b405abe798e288894e692c26f294e3

SHA256
ba2c4dd640ac1b86ecfcacdf141d7188236c9dbbb61a1c69c23c2ddc7009d250

SHA512
5e2eca3d4c45789bf6c2aa6aa27cd24c6b6157e8dcfc34de365d301d87d9d69dde6ca7824d643a677a4b9c08cffc7106573f16bcb87b1bd9472ced42b729e852

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\extensions.json.tmp

Filesize
34KB

MD5
a30d64ec4e3a5feacdac6da0384f1cb7

SHA1
a6d14eac6334111fc56c47e083a6a83c6e38c570

SHA256
6d0240c279a34f95747636cc226be50f30f045a2276717a06e21e3f8d5e497c1

SHA512
fa0542462a83160c00dc68a763c45830486a4e0c4a54983c4575e082615c6748649cebbe2b72dfe9012669f22600b2edf8be34e44f14c7db06db17560a48bff5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
10KB

MD5
26c0b2725358199754bc0e93c0ee5ff1

SHA1
2a2855bbc24d022befe2ddc2f311524e27664fe5

SHA256
0c1d77a3a22a7267738925ba6a7e1721507a98ada33e4a92496be32815a377dd

SHA512
9c7eea26007f6c34a623fbb30bcbf8b8c0122b5ee8848da701162faeba39c126e72ed50d034149317050e352b353fc36a3d713cc0ac31e1efdfbe166ac65436b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
10KB

MD5
191c94da99289af96e7738c3744d724c

SHA1
7b30bdce7924148903893a9e65fdbe2966b1d000

SHA256
aa57b9568e928f53f63e8c93af3c18d7a4d51613f65e4dcd04309b9ecf2fc658

SHA512
80f28420e196cc3258f20e417cf06e087ec310e546b423f724da81db40ffae1c4bd8cfacfd04d6b03efbfe21ece392b7d0743b4c650e3214a6232e86c5f88e66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
10KB

MD5
f02d386875b2afe4b30c07744245bfc2

SHA1
122d5da01c8c3c9ccbf23bd0b39eb0c34d80abfc

SHA256
a71622385d7beb18d2b8568faead44dcbc3e2e60b5186469e8202d5fc226612c

SHA512
1b5538dfeccad08fcab62713dce6923d798b4814377b4bdc52c66db15338677dafe56aa8c758145a9bf6e08c53ab35b5c28d2cb9b0d65f4d39a88101a6236928

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
8b04d34f7cf9b0cd8919c587cf139575

SHA1
4a0925588b724dc94a544910fbb8d90a4f17248f

SHA256
f5dcb3417b0ceaf3de82a8085b1a3a56f37593f5ab415706fb7077d60ce1a1b5

SHA512
3c14fac10365e3f051bae8e7a7185596e79c014981645278589840f5a41dc2c76d23b7e31af671e858435fc60d3009d8e8dfcc0d1d81039a49dd79854a5211f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
25bf00044f6efaa5ebf409247e041dbf

SHA1
3084741b30ce492a090e11c3514dd0da6afb0230

SHA256
313b70af51128c0031cc23b3accbb0bcf66b1f2d784406d0242e337cf20a39e3

SHA512
056f1d6045b5a3d80db2a5d225c9b33eb367506a5e45acbad95dbd87b3b7f0d40d1a797765111f51d38588773a6a6248d67825f36e2a07a856314eafb384437d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c0ca4af4846822f05cf39505cdc6e3ae

SHA1
dd0fdd086b732f7192348aae255c85426bb949a7

SHA256
099563bb88b15720f97350c81d65c792d3537d5c97e53bfa19b57c6d31617cad

SHA512
ed06520ebd716136e63fe5a0b5ab8a88f05d1fc37a7e6c5ca9c49ac70866dd1be5e5510af8dff133f078f210bc0288c912000237175d149d7726a7f3cca0a293

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.9MB

MD5
4af2b0b4c2644863a9bc82ef8df66d0c

SHA1
a1d729993df4b8e27d10690c0d263bff2f2744d3

SHA256
9464d214737123008b79301b5d100878ae731191b22dcbb38f1db816ca5d2f89

SHA512
76d6f2b26c076c6d94ac4624e64f039dc8ec14217f0f6dffcae5decdca3af1e2178f0ce2edd22744d8f14953195f5d018c27ca8f7b0f9597b66a3dc428fbb2df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\targeting.snapshot.json

Filesize
3KB

MD5
37d3e900c6cf4bf868e32cbaf209c48d

SHA1
eaac69b57a268b9af005c074b00807cfcd1dc199

SHA256
a6d4e7e4e4e1142a0f9ab6c51d4422d3725b67c2814937e07f2ab6d1a20b49de

SHA512
51ade4eb88bfa35cef591c1f1bfe42e220341658bfc1dbc9dc3fc32ba8fa94e0ef8af6bf7fd7a548407bfdef8a62cda067d3a29490410b9fb4291c88400fbaa2

Download Submit