hxxps://hidan[.]sh/zu6iadk7ige8

Analysis

max time kernel
242s
max time network
247s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-09-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://hidan.sh/zu6iadk7ige8

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2764	firefox.exe
Token: SeDebugPrivilege	2764	firefox.exe
Token: SeDebugPrivilege	2764	firefox.exe
Token: SeDebugPrivilege	2764	firefox.exe
Token: SeDebugPrivilege	2764	firefox.exe
Token: SeDebugPrivilege	2764	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe
2764	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 1504 wrote to memory of 2764	1504	firefox.exe	78
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 1064	2764	firefox.exe	79
PID 2764 wrote to memory of 4248	2764	firefox.exe	80
PID 2764 wrote to memory of 4248	2764	firefox.exe	80
PID 2764 wrote to memory of 4248	2764	firefox.exe	80
PID 2764 wrote to memory of 4248	2764	firefox.exe	80
PID 2764 wrote to memory of 4248	2764	firefox.exe	80
PID 2764 wrote to memory of 4248	2764	firefox.exe	80
PID 2764 wrote to memory of 4248	2764	firefox.exe	80
PID 2764 wrote to memory of 4248	2764	firefox.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://hidan.sh/zu6iadk7ige8"
1⤵
- Suspicious use of WriteProcessMemory
PID:1504
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://hidan.sh/zu6iadk7ige8
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1856 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {71dd4200-fc67-4402-a87a-5b94e5b09256} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" gpu
    3⤵
    PID:1064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2416 -parentBuildID 20240401114208 -prefsHandle 2408 -prefMapHandle 2396 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {766c5b14-d00f-482f-a474-bff399b23929} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" socket
    3⤵
    PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3064 -childID 1 -isForBrowser -prefsHandle 3056 -prefMapHandle 3052 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {029abb2d-1ded-4076-8dff-e6be1409b203} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:1436
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3712 -childID 2 -isForBrowser -prefsHandle 3704 -prefMapHandle 3700 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f6cab01-18dc-4b9d-8ee9-177466610456} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:3740
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4756 -prefMapHandle 4748 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e29fbf7-8da1-47dd-b685-28109ac18137} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" utility
    3⤵
    - Checks processor information in registry
    PID:4212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5304 -prefMapHandle 5312 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {26bf080e-0781-4097-8b6f-d0ea9ac79ec5} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5520 -childID 4 -isForBrowser -prefsHandle 5440 -prefMapHandle 5444 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c73413db-8256-435c-809d-7b66b8cd60b1} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:4304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5648 -childID 5 -isForBrowser -prefsHandle 5724 -prefMapHandle 5720 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {da264021-a074-423b-875f-4ecc2f025aaf} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:3036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -childID 6 -isForBrowser -prefsHandle 2864 -prefMapHandle 5060 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {37a44969-7a91-4f5b-b69e-e38482c1db55} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:3764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5404 -childID 7 -isForBrowser -prefsHandle 6284 -prefMapHandle 6024 -prefsLen 27838 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {acc101a1-b1eb-4dde-b429-40bea169e915} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:3048
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5560 -childID 8 -isForBrowser -prefsHandle 5900 -prefMapHandle 5904 -prefsLen 28082 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2bb54c14-274c-43a2-b480-869994cc23e6} 2764 "\\.\pipe\gecko-crash-server-pipe.2764" tab
    3⤵
    PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
f1f4c97cb1c2196f65cb53dca03bc817

SHA1
86847dc3684a8a160b93d46cd0074060448062c3

SHA256
5c3544c000e8531122892baf7bd8b4c7088bdedbff93e1cc382ca249787b4f80

SHA512
92f6b991008ef6d06780182f5081d932653f1b183b3e5f28944adcc6a50444b59b02b5c9c15f6b6e08893fa114eebe4f9817860e7683aeaac502afb36d586060

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
79d6caf4dd8af1589894db1687c146c7

SHA1
b424681295aba41e0ea5aada3aff974659823b5e

SHA256
d41b78e7a8b0108aa20932a406a2e5e7b808a17a3952018a59781cc60f9671d9

SHA512
bfda6e343a0bea1207cfda4da20c31bbf0f65f9f69f230eb3f6978dc0181428f90ea8134a5dc119b6656798002f29f9d5de8818340adf345181b974f2f2bcab7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
11KB

MD5
67dfc04bc339efad4376508a91d1395b

SHA1
ad937cb4659ffe96faf94a809f14448fa0970acd

SHA256
8176d7a5da96b1ece7b45464c4f87c499b96c14d06bd91cf49572fda04113f05

SHA512
7f83016b9469d8ef25d83281863a7dab1673fc595ff55831862f2b46e8d756f04d57f69729df2f7b53e0b64df026dc54c1317fbfbedd434c48b411dd922e11e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin

Filesize
7KB

MD5
accbff2ab352e9bf4d1ea10d50add9ec

SHA1
4e404d005b66e766b73b8ffbec34aa4a45d4ae46

SHA256
c20fd02be2f0627957cab8644ac994757da0aaf842514124ead2e63f8195e558

SHA512
063ad293406e0620fd47f2a9efabd9200fd425869ff864a288d5e4d6ac397354fa66c44608ab73955d34880091a614bea8f79f47392bf2170598a4f62c271b02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\AlternateServices.bin

Filesize
10KB

MD5
8a8e157272a480a360ab99214956e56f

SHA1
a3918791ab57a3e03c52af8841e51900635f0801

SHA256
a5ec40dec61eb8142c903507772a19da8cc7b26331f3a0ece962957b278d3d89

SHA512
b2119f2f05927ee71d5bd116d9523b5b8591f85a537fb84307a9b5b7eb3437b2cb5f56b4c5e72ffb657e6df51173c07c7686cf498a8f4651ea2afbacd4bf24b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
55a33cbf6934c5686e102893efbea05f

SHA1
aabfe9fdf9d1e14f859712dbc1c5573e1eed568c

SHA256
ccdb1ac7a9a815b60ee5e8d04e46e35ebcf18b4e25b54e960467684bdebe56a2

SHA512
af2d05212af7dfadbcc571bf3a60ff3a5f6b52daf93c218f6309823ce5223063ad00f91105f13bc097af8824225060bda632dca2d8ffb8a830bb5c4b5dcbe474

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
29KB

MD5
d86afbf548a658118dba99dfea0ddaa7

SHA1
b3b92f7e502ec9931d0da8990eae347203d82162

SHA256
236cb2c81569bfe7b4cd0c8f15350f73fb6b97e26b86c4b2eb57149ec4367489

SHA512
5a9003020ac79fc2edbc6e5b689e976a134f3545228eccec5b709f14744ca5e89ca5bcd8f988e76e02ecb466a65f78ecd60b3040cd7399ff3e41f0550166b5d4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
c01646098cf8177cf74426d415c07a66

SHA1
a70d6283d5ff4266a3bb14ea2b300238838e893b

SHA256
8bb0d679795f285471e04acd1567cd6a934c172fce37c48b976a85bdbdb5de7b

SHA512
2b05425faa090b160df4e76ac8a5d289b6d6edd1cdbc75ec9b23d6523113be154ba2e23028ed37d7d3ef61f128441b9c4fa3a88de802209df9395fd014340556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
1939a56a7e133c4dc8857a02d6d51c96

SHA1
7e8876d50b3daa2b0aabcc0a551bf6f25a883729

SHA256
0908ad057d6aae00fdbe3000854c723f0ed2296a597450d4df8e86cc688b3a37

SHA512
a7bff664c76925d2538a53a4eac1cbb8f1802e92b1701b46393e38793c15bcf9340520b54255714ea44961263e66eea63c826b60e9e3ef71c96dbbd4b204331f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\52aa333f-cc5a-4024-a6b6-ecea9ea89cca

Filesize
24KB

MD5
30bd028e98cc6ea80dd186f789ec7ebf

SHA1
33df488bb818fed33dbe2564ecb42829f32e99f1

SHA256
486c2275dd3c45157f9b6fa12f0964e57d832cffbe4351c2adab3461a5bee467

SHA512
28f59053716f10117b8c7109a9083e16985519cf7d103aca2ce21cfa9ac41543897f3924756ab83ae83196e70f4c9add5197defe401adeb7bfc692e29db70abd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\b6616459-9e87-4d28-8e86-40bbc36db5fe

Filesize
982B

MD5
949e7a001653c9915b32db2d3e400646

SHA1
09bcccdbecfded36b778a6b49a49b4d3cf36cce8

SHA256
1900c685e93dd1007fb2e63e7ad46af1f3d6dd5034433abb16a8a8ada4984c4f

SHA512
48665b74528d29cd3f4eb700f1b23560dbe7c34878c4de43013655d61976e06c8cb2b762c1588fe600b3d4be8997120df81946ab24b55370c694668f019ebc18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\b9a5f828-a096-4447-bf4a-f53e18eb462d

Filesize
671B

MD5
54f486f077add2f0a836a6af2d4d86c6

SHA1
be3f3af67f9440a5ab5b11213853a76597bcd25e

SHA256
ddd5543f56d3f672acae49d63f57ec9ef2fca4272a87280cc3af20e408de5c6f

SHA512
b0f837bbd225dd54bdfc78d34627c7b476c73dbd8b1a382ea31512aea8c29ab232c5f20b56275983fb4ec210bcb02a25f16b47c9730a6e4606a9fa09a96c6be5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js

Filesize
11KB

MD5
a9cea17b8870f0f9df4c4d41bbe91707

SHA1
7e66b00b604b4a9c2b4eadc345d2fc21e05807a1

SHA256
c19a65c6aede9eb0562690e98c4f5a5dbcdb94f24924cf74e21c59ede6812c57

SHA512
c61eec3d33988a27419ecaa574a40a283e8ee972263d2d3762030405997b93d2c11812ce62e203f5fba0d25df58337df2273f2bad8c64c93ff6a0b03deb4597c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js

Filesize
11KB

MD5
e9a4b9863317c3223bb0c37fb7ac7762

SHA1
fa4163b53da3972d096a1af750c1d81df6b91ad9

SHA256
525abc78287ebe9295e040de533407a9c4c661d82089d9433b0cc3546391f067

SHA512
1e240167a457fdee82879aa6d594400589a7c5fec827693a9069cdc1f59f6aaa251d2d7fe32b8d63b6452946db679fd2cec695d86f01f1c933a3eae49d6db682

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js

Filesize
11KB

MD5
d859b0d0178c9cddb8bd0fb18fc39c29

SHA1
800202f1c546372f3392c368598560a9c118241c

SHA256
83597ced29a8c7eab843464ea1f320c8057e808f76a08127416d21ac982bdcf2

SHA512
c2cd3bf4de6b29b1883f7b9526073545570ca2756e50188861816c4442abc93f904f2b30de2e4974dcf368aff2c4ca96b048a7d6d23cfb28fdb0d97dc9f29e1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
b93e5aae40b00225f9f485d5d04866c7

SHA1
6a6d8428f304aeb96378d17c9063085a978d4d92

SHA256
3df685188dd3d5d951f2eb75d346c8465cbed966ee0558f82830a78fe20291b6

SHA512
cee1c73b9c21477317ebeacbbaca481980e4b1982a21b58b152ea3ec8bfebd5c2d3d2db46ebb10d1f657af9816ce9da5c3565efb155664ef0e111cd9576648b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
54f2a34abbde917806f97fa8c0b97498

SHA1
f6e0ff6f4f2d68e95e54658a4d2a1d6394b0d541

SHA256
4ea7662c65651ecd35ea3b5c3ad6f8ff94af296b0bf3a0813ead592cc4060832

SHA512
f06c9549e7ca6a7b9ae2346cd32e238aa3c97c18ea3392d6c976d5ae86c49c75f898bb51494dc996e320d2723afbe72f20653667f4ebaaec2888b9d9987195fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
69bb8ec651821a2b504d57d2fe93628d

SHA1
c8b255ec02cd356373bbb340921fbda18aa67b33

SHA256
07179d39821872c1ee3ba51abc5262df03d19aa372892cafee75e0575511fe10

SHA512
d78121f44bd8bcca09521cce54827d18388085d43ae18bd6d9fc040b60a65f2eb5729527a0df334c3e5946c4b20df8bc0c4c25318bb2561012794b3fd6c40251

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
e3c6de9c5c7ba4a9823bd227d5b0eded

SHA1
26bff4bff35ff6b52c887874138a6705a9d60e3e

SHA256
22ffe48bf3b7883ab156280b8c64ebc97077600c15e15e10d41595a917af16c0

SHA512
1035a72d28ffbee118bfe10acc5d8f2307a1870ad9c750ead6986d6ac2eaaa9b0e2f8f20cda2154e43269d1e8e7aa059a3d2f3af36217349af858972a16beabb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
315ad67a5ab67926259ecb586ee327af

SHA1
bd04052ebd8756a73794e1dffb5f350e6c5db35b

SHA256
fae84b77f929ab5f5fbaf4d2d3a71bb8ad2cddbc9178db593e81b362856dcb6a

SHA512
0439a2cd0e051f0ce236a29151ca26748f60a03012c9fcb01fe49f8f6339a94ab64c4ea5d1ae89e13bc48d1c97935943dcf55da840dec8c537e0572495468477

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
0e1fb6d6893b822ae74a7499ef841326

SHA1
94a60b863fee10065313a822a1307e9a12a1812f

SHA256
de32cbc4eb8e234509de6b725892f3d9568ca3984858f88d0b365a9637637a73

SHA512
b36033dcd472868902b05c94f5e53f518381d49fcf93e8f114fcba043317794744b9a26bee24ec906590b9fd2df4a8dc6ec5cf7e032c137d8cb7811820a0f41c

Download Submit