ae138caf8767f7be2fe6f47f1663b0e2e28d903264707aa9b6f73bb7b223902c

Analysis

max time kernel
1513s
max time network
1586s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
19/09/2024, 18:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download.html
Size

117B
MD5

2dccf9a2e169c68dd4f3bd5ea163e45e
SHA1

4ddcf984285a5c544ed1132f5f6efd7a5d01b470
SHA256

ae138caf8767f7be2fe6f47f1663b0e2e28d903264707aa9b6f73bb7b223902c
SHA512

ba8e31094fda723fa66d589e229f240773f46493198b776240897e60998e7695c2865e17213fb3ed0e2756de8227c9271464ba64c5bc9448880d5f2a03cb4f57

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	4552	firefox.exe
Token: SeDebugPrivilege	4552	firefox.exe
Token: SeDebugPrivilege	4552	firefox.exe
Token: SeDebugPrivilege	4552	firefox.exe
Token: SeDebugPrivilege	4552	firefox.exe
Token: SeDebugPrivilege	4552	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4552	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 2752 wrote to memory of 4552	2752	firefox.exe	73
PID 4552 wrote to memory of 1044	4552	firefox.exe	74
PID 4552 wrote to memory of 1044	4552	firefox.exe	74
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 2792	4552	firefox.exe	75
PID 4552 wrote to memory of 3208	4552	firefox.exe	76
PID 4552 wrote to memory of 3208	4552	firefox.exe	76
PID 4552 wrote to memory of 3208	4552	firefox.exe	76

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\download.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\download.html
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4552.0.332740877\1744394933" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d939f0d9-2ae4-4e34-887f-bc7ef39e8ca9} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" 1764 2073c5bd658 gpu
    3⤵
    PID:1044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4552.1.1128844862\47572429" -parentBuildID 20221007134813 -prefsHandle 2128 -prefMapHandle 2124 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {221b4032-23d7-4f5d-8c5e-93f95637553e} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" 2140 2073c2f9b58 socket
    3⤵
    PID:2792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4552.2.232846768\474634649" -childID 1 -isForBrowser -prefsHandle 2908 -prefMapHandle 2880 -prefsLen 21711 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d96e9ec-8eca-4cec-8438-a43ce292813d} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" 2892 2073c55c158 tab
    3⤵
    PID:3208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4552.3.1756473737\1680199407" -childID 2 -isForBrowser -prefsHandle 3492 -prefMapHandle 3488 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a7ec4b53-83d8-413f-ace8-429d72021457} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" 2692 2072a05c858 tab
    3⤵
    PID:4904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4552.4.1841446966\2031137546" -childID 3 -isForBrowser -prefsHandle 4640 -prefMapHandle 4632 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2291e2ec-444d-4920-8b27-eacfcffe7985} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" 4656 2073f462558 tab
    3⤵
    PID:392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4552.5.547035870\2113635382" -childID 4 -isForBrowser -prefsHandle 4792 -prefMapHandle 4796 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {43331f8d-1fff-4661-951c-4ee0fa4cac21} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" 4612 20742ce0e58 tab
    3⤵
    PID:984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4552.6.314888267\731165632" -childID 5 -isForBrowser -prefsHandle 4984 -prefMapHandle 4988 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1264 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4fd63f48-925c-4bb0-9a67-ce6624503829} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" 4976 20742d85258 tab
    3⤵
    PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\doomed\30069

Filesize
15KB

MD5
2f306b953e6446222ee77131a9a97734

SHA1
c88594e875c8db8f5fe98b935d056d79aee36cc0

SHA256
1e24144d2896f9f46aa53b88e1ef45c88e45a422a32b185194c5c9762a4d8d4f

SHA512
ca2ab861d4d34a1e70db6af950e0dfe7800be200b096f2f1e6cc48e1657c9d289a2ccfe393c3dc7feaab25c217fe5e58f44bc0c870b4664f5e16f5bc3f168341

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\je1358xf.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
a4d26f00711d7534f5ec35e2034942fa

SHA1
5fabdb221520d26451e030bb147c5dbd01fbe9f1

SHA256
aeb966b2edf066babbf229945f028ffcaf07029f430ce0152d6123a7ad5a042f

SHA512
64565d3551e63f986642122798b468b361fa5dfa32cb3d2218494af97246d343dce29226181bbd4b2a0125016ad9995bf1306e90a21349e3f3a4d8cb068e5aba

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
afe16e23747018a0f4530248e004ae71

SHA1
1b2862ed68546a2efc99ecb9e21a8b316c540276

SHA256
69b9e4c9a75ea7b67d1d60a38fe5e209708baf9ba04189dcd9af083fae08a042

SHA512
2799dad634d65a64cdaa4a54df4cbb4b7b436700353bed59133c41827d76f0d187efad205a5ae6672d7b27376f3e766d9cad5089f6938fa6459b32c603018109

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
240ba8559eb2129c9de23ef68fb49e6d

SHA1
bc37cc5e3dbe368918d503e4304aa90006fd99d7

SHA256
b3fd0ee397e7e3214cf9076f4fc07e22ac7c89c1f15e3dbf2fdfb4f9e697b1ec

SHA512
ca97992adceb23b333c4c8fa57c28177fafe69a2472a774907a2119111c906f2b97552308c572e78abace3e1f7a61cf402f46010d8664f68b3554b2792aac7ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\bookmarkbackups\bookmarks-2024-09-19_11_MaaMR8mhAQTbCgvsLumwIQ==.jsonlz4

Filesize
945B

MD5
838d93fe7f64f4f752cc6aa88379ef54

SHA1
55f0a2bd40fd96e3a319f886a58891fd9d416c0b

SHA256
1b13e0ebb1dab164edd26588e55ea99c9909f18c56c9a3478937d96719d9a54d

SHA512
8a4fddabc8792bc2fdc4868e1873f415614c3dc08bbb50272b64fbab124b4516ab0e3be04f31cfb8e02e7b653bff231053208d1638dcf0372439dcec71d33f00

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\broadcast-listeners.json

Filesize
216B

MD5
d5aa1378f860c79dbcf90c91f26e376e

SHA1
8b75d43f5f69062739f6de0f5375abf81d917e83

SHA256
856f54d69bf55d4341a71205e908f38cf5dc9dedf86b5bca6a326f8a60c9a1cb

SHA512
d4515e0847adf1c023bde59434b7c6bbbc3aeeec704f9f640dcf529db7d3f195c60ebbf9e1b5daa72e17274aeb8d86dd64357d0b8f18114d0cbaa815b7d0e2c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
61ec1b1eebbf6882d538b1162d3951b0

SHA1
5822b8323e66462288986f02c2cd1342f5cc4f4a

SHA256
df97e799f5e741754714628ce20b83144dad43e26eac3fae6d454a3b9d62caf9

SHA512
6b07354b6c8fe9597c6815bc9ed85831c7e7e30bb24e5f3ae04e26f9461a64e8b11ffdde8588651e025daa9d9b81d69e027121cfa45631a4e7ba733afd598d02

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\48dd6c64-369d-4bd2-b1b0-c8b596b8e7fd

Filesize
746B

MD5
4df5f967f9b57020233350ef6539b3db

SHA1
a56289265a8d7b1f698444de1669e0439f336d73

SHA256
63cb359dfebd7cbbc435767faa3810804bf4aebd05184a802c04f97a4be829c7

SHA512
0c3967c8db5e6b76f2f153902a9a795751d8e4c60a4e3229da723df2edf9afb9b6c99b02de3014df713229c9258f73b53a74ca49e830f9c43808290b9cf31d1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\83f421f7-3891-417c-a9fb-9958264761e4

Filesize
10KB

MD5
9a61fee762d04eeb6dcf83830a85b85d

SHA1
162d4f953c596d5ddd54e3d84f661299bb5940a6

SHA256
ecb0cbc942552e27a31633e6d06690bfa60f4cd1ca1428abf14bfc0605a59513

SHA512
1d4035f1ddbaa90bf4a34fe3310d7b59af069f6e5a60a04e63635a08e1c917a7ba5d08c2790d034e299e059de13b60bf829df42bbacf67cd9440755fabdd9a78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\extensions.json.tmp

Filesize
34KB

MD5
f8b209c5df7a3833cd9bf79d62380f6d

SHA1
25dce57657618f1be8d98409f28537e38f0d8d8e

SHA256
ca033cb0c618bfd2e0982b404363686a79a0e6672d7a484fe97a5f1d7a74c398

SHA512
2758d26715470183d207d2dbe8c9c95698e8f1bb79a2faa0c922f701175cc96e7bd2fbc7e43a2e2fb806c4e237bdfed7dc6e1d1a131dffc071e19cc94903bd1c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
10KB

MD5
0a2f223100c4643066b210e4348f8030

SHA1
9bafabaeabfaea5a045a5d111ab02f2be0040ac9

SHA256
9c05d696cb83c4123e357f2b6c6b25243ed499480f1eee4eeea16e2016a97ef3

SHA512
1ef92a06357c154cdb2510b7f325d0c52103b26ad1dc0a7790d3bb917ba513ddf4159fd8c747d8c644494e01b8fb0961340bf13bcedc11b85614f49a1013e353

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
7KB

MD5
9835ea3833e28d4857ccb407cd5e7d64

SHA1
7b73661fd57a399521ccc755398b353f6ee8e39e

SHA256
15ea09c3d4cfd9b4909a2e00d50b45cb2f3e5e2dcc14e44057e596308a7f4ed3

SHA512
ecccbe3e96e814acb83e1f082f32276c195a982b4e5511d1d0e4c4df6d8562815afb0aa429351e64016ac79909cc6f2cbb01156244a8972e252712885ce4137c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
280359f838b69e0e200b1cc0567d25be

SHA1
5ab39a82b91d1fe1a24da8dd1a87cc8decb876c9

SHA256
3883e083038e8d33c4ec90e8e0dd50c00fa38fac1a679bf331483a2e260b30e3

SHA512
c3c13349b28eaa7792eb1b0719be82fbb6804f805771abd4f151f92810089a6174ae02b03785cfca9a600198358bca426684e296c458a5b6c86eaba066f1aa83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
10KB

MD5
0d2655450263008d13d005047946c64b

SHA1
b3e8ebc546d8851f6e3f6dddc99c487228707ba6

SHA256
d52356402aaa36aa33c04730939a2a28eb51a9e5143459807ae169df505253d6

SHA512
51a99d3b9eae97ae320cd28ae9210b0ffc1dfe876f14a138c691380f8677b4de4de40aa037d791e86d8cd32d3f663c0c5f1ea33277d2692bcadb73ff82cfb8aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
6KB

MD5
797f2b159f76b1080573455ce2b85830

SHA1
14cd00134087b976d662ebfdd64218e49f0360a7

SHA256
739c5c87b7775842588ecf964f832a4794d3b0643ab7d5d9b721011503afc969

SHA512
b0e96934aa3737fce8acc77edbbd18acd73c4ec59aab7fdd7bb6ebda17209adcac389fa3733c23c36c77612548565414aea17db3cab1be6bd0833bee2d9bb314

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js

Filesize
10KB

MD5
96d6a07c98ddb974d0005f25a29f0b4f

SHA1
aa2b7162a18bd2535f9384ee3916fe3e04c42663

SHA256
c6dbac84f7f4b2bc2e0a28449b1f00cca6ec1f0a3a0c6b07b3bf916e66bfa0f1

SHA512
179770ce97e4bd3f3e3d887eefbcf78e99faf46fbecc252b8b13d7295246d33d19609cde5a66526446915ea3dc34078ac2e44159f6cc246770ef6dfec98760ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
28f89058d366ee5e13d2a25e74d8271c

SHA1
2cac9ba86f085af30ef8a89b73a222fad8cb9946

SHA256
d9c65d54f0fa85471d2aff018e1071217162defa1457d27b6bdaac68d4037cde

SHA512
405c43b7795f9bfd944bcdca7285546b12b073021cd20fdd3677d79c94fa1cf5de44d990c87ba0f1b36e79e3dc8857ccaf8b34f28c9c91eac84c7b228b29c9b7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.9MB

MD5
9033998199e7d4cf6b45091bd0a6c956

SHA1
79aa9b73f46d1d1c241c59c14423b7709648f963

SHA256
f1d9983e67c712d886d2c6f88062d44f3eac04019f7f841c7b13d63d55203901

SHA512
dcdbbe7673ce42dc522cd5f3ea0ed9f97682405652d75317215adbdf61b0772cd433e803cb46e392ac0e0a5107245413fc5f6937b2ea30cc01d98a5c72a5034a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\targeting.snapshot.json

Filesize
3KB

MD5
7f4b70217cf415835ea77cce84c8355c

SHA1
53c79e1715b87415405cfc98b8f760bd8bb20391

SHA256
8cd212f37c8e54e66b735a8c66295f4d6466928c236fd5622d59641f19880c4a

SHA512
1b64a20b401e3a9ab3ef1cd8a1ff26a6235c4396d94697c122d46b1f9830984ea8b23bb95cc0f7ad0bbf5696341f40c35395d05258ad6516e8d6f3bdae959e4c

Download Submit