837ec0e9287fcb56331695971c618ce18f14dff0107ccd5749bd51c75bccc6d6

Analysis

max time kernel
299s
max time network
302s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
02-10-2024 19:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wwwroot/index.html
Size

1KB
MD5

5587edbdd1593630af1909c4ce765310
SHA1

095e1db9c21d23166af474eff0b1245242ab1970
SHA256

65b8865da440a06e118badbf65f2028f29a9b8802f7b03c68b99142a35c4456e
SHA512

c795db9a6c30681c8904d48ac4170e68412d3c04cf558831b5d116d3677e2a77ead9feffce9a71191d54c22bb3cf70943dc059d4afa9de6613c74caf82d0c1a6

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe
Token: SeDebugPrivilege	3704	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

3704 firefox.exe
3704 firefox.exe
3704 firefox.exe
3704 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3704 firefox.exe
3704 firefox.exe
3704 firefox.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

3704 firefox.exe

pid	process
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe

pid	process
3704	firefox.exe
3704	firefox.exe
3704	firefox.exe

pid	process
3704	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3188 wrote to memory of 3704	3188	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4656	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4656	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 4860	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 3956	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 3956	3704	firefox.exe	firefox.exe
PID 3704 wrote to memory of 3956	3704	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\AppData\Local\Temp\wwwroot\index.html"
1⤵
- Suspicious use of WriteProcessMemory
PID:3188

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\AppData\Local\Temp\wwwroot\index.html
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3704

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.0.462660002\827167985" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1692 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b1a48af-1b0a-4ff5-85e7-7cb21a62983e} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 1796 280c77d7558 gpu
3⤵
PID:4656

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.1.472236385\316887919" -parentBuildID 20221007134813 -prefsHandle 2160 -prefMapHandle 2152 -prefsLen 21608 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b2923547-056b-4ec9-ab63-17ec0f49dd25} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2172 280b5571758 socket
3⤵
PID:4860

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.2.2113240943\1974191648" -childID 1 -isForBrowser -prefsHandle 2960 -prefMapHandle 2704 -prefsLen 21646 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c594e840-e00c-4514-8da8-6aa2498c9e24} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 2948 280cb7cfd58 tab
3⤵
PID:3956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.3.1880719234\1192789343" -childID 2 -isForBrowser -prefsHandle 3380 -prefMapHandle 3376 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ff90e0b6-8170-4fca-88f5-21b3496fdcf3} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 3392 280ca0c9e58 tab
3⤵
PID:368

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.4.38488432\1862273122" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 4632 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {629f260c-bc84-4a2b-b135-b669d3eacc9d} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4660 280ce11d958 tab
3⤵
PID:2624

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.5.1236209799\22755787" -childID 4 -isForBrowser -prefsHandle 4800 -prefMapHandle 4804 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b6a8eec-fcd8-4f41-a67f-e3216c1dfcc2} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4792 280ce11ca58 tab
3⤵
PID:2824

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3704.6.708607180\417446514" -childID 5 -isForBrowser -prefsHandle 4988 -prefMapHandle 4992 -prefsLen 26343 -prefMapSize 233444 -jsInitHandle 1312 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d3f31f3-e0b7-4d21-a89b-2c0b072b4222} 3704 "\\.\pipe\gecko-crash-server-pipe.3704" 4980 280ce11d658 tab
3⤵
PID:2888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
be54c5188ad5848735a28ec962a6aec5

SHA1
34fba4a97166c32eb7cbddc4e3f7ce1442bf5000

SHA256
653dbf036bc32e0532db03e385fcd673b7df6f9aee2f8d8467f8d3bbe965b9a2

SHA512
5e890c90b06ce8b8adfe10b112983e47049e1addb7c3ae3ef82cbf69af0caaa25dac31b4462828189da75f868fdc3c90c96472bd4f68d7dc62d04fa49f8bd7b0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\cache2\entries\22386449CA13D8975B935875780066C6EF52CE37

Filesize
13KB

MD5
5279be038776c536f04b3212108366b2

SHA1
29cdb78b4614c7305dfea096a4cbb23c47757059

SHA256
f56a2ccf40abd4c22689951468b597d036e825bf74aba6e2b2295754d1587659

SHA512
3b4a3c77085daf164ead2f50a40c76efb6aa6d21832e46bf1c9f4e9a810381610f230c7a8095f6bde1b012f54516669872d85316b5286dc79ab4ee5d2c9c9355

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
47300f16c3ab56bb5724abcc69f90f75

SHA1
f489387028da3f99b76aade455c764e33e6d1512

SHA256
afb40727a3ee60f1552551b8b88a9e5b67a08cda1d468ca607bf10d487eadf9a

SHA512
b754d52205e9668dbc772cc177141b736f0e1532e245db23654bc25da37a4366558ec9b5a9642d9a989fa79040c233a5a9b59980552baa8071512616ec60cbbb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\bookmarkbackups\bookmarks-2024-10-02_11_zkyArsjCOU--EPr8Tsic3A==.jsonlz4

Filesize
943B

MD5
78124222403db4c8e2ca3bf935365332

SHA1
2254fb36f2c34312a92ca3ea3cb5f87d6722abd1

SHA256
28a46f0d7961fa57b84cd7f2c66de99cefc6b36b106b3c9e770373acc0a3d95f

SHA512
5fc58f9dc76d8b677e86d0a7c32b64a6e11b953176f175955cad3edb85f9cc4ec6d057b6fc2d3080d0b7cad11facb5ca5362a3aaa081963a45fb6f2bfd07c78e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\broadcast-listeners.json

Filesize
216B

MD5
8530b59b20f897cae00667eb41d53bf5

SHA1
33a483414cd89239d5cb0f8a5a84874e30d4d4aa

SHA256
9de043090650584200062fe1325411f9fa272700e8b5c140488836d8ef62a698

SHA512
13b3b1df9dd3a21911a0343e2e309935a04533a02af7b19d457e4649658f6b46d62b7e96374089e22ce6e9acd99f59f5ca8ee8658975547b4122ce34a118c66e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
4604a4280b5b52384cc2e195a28dfb33

SHA1
5a95397d0093dea9ce926b48c8f7c6d42b438900

SHA256
d636fec12052a8ffaee365a7d20da5117557330fd410f4fcb0fb4380aea5cadd

SHA512
c85440ce9ac0dcf9957c4a4557e8600d93d8d8fd40daecc3f946f566311b42a94ce4612d265497fa8da930d4211c623a27c3b091375ed69a675683f90ab36d03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\61116db3-02c7-4271-ad02-5660b7236288

Filesize
10KB

MD5
94e907705427ccc893c62e1956e55960

SHA1
b433eef1d261db091772998c953c8c674cd3c2c4

SHA256
02fc8d5142b767d6d6b9a4fe109f712bee348b4a6f1af956da19151c24eb0902

SHA512
b57bbf131e3dd8eba2353e5e85b5976afde8d726f6cbcfb881e0891ea7f5808457158c6e8df6cccceef032d67074dbf0d22f892361527a2f02f230b284af14ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\datareporting\glean\pending_pings\e8a0bd4f-30ea-4513-be80-620076f6cc00

Filesize
746B

MD5
f4df65a8f7265ce950afaf7e6d569786

SHA1
30136a03dd2abe733edff1b9acd750606f9260c8

SHA256
cfdb7ebf3551abd0849a4990b7626d4ffa4106489e7db05559ec11de9d8a5fcb

SHA512
e2089d47ad07518b6c27a720240e6b2771989a8f50d772fe352538b640d81f59e449a95ff269b8790172f92f77fa795410cbf1c63e6df47b370c7170b9086278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
10KB

MD5
857c254fbf5aa41875671509af186f08

SHA1
f39c60f4398c23b0ab1ad161b5c29df32646f82c

SHA256
03fb50f12948ff5fd3ead1ec0af22f241e7d03a9cb4ec3a16246cd83ca3a83f6

SHA512
7f8174dcdb7a20d6681df5e2eb114a788580b9d508e2c3a57b238846a510abc1441a5a9bed962a02b25dba0687eca4ccfe96803e377d199a9c0b44f929aee4b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
9KB

MD5
18e5ebcd19d932261ca8095f40c72955

SHA1
8d6264f84b73e00056d43ffc262e04ca45f8b866

SHA256
77638c3d5d0a83dbde15108676c611609687b8d51dc86d6ba56a90f626051bac

SHA512
7d7b9ad77787ec427982a930c6bc578dbdac5bee321a54aed6c0c5ae4a662d257254f0a45964d46ead01f60fff660cde00be0c23401fd9c9923737b52b3e10f7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
6fe7abbaa7d483979c18370d85c04f4d

SHA1
d0c1929978eb20d707284d3f5e6d7cadd51c7df0

SHA256
72a6b4512357bbeb5598dac874602dbab31e0487af9699897f3241af8fa0a31e

SHA512
a09ba8db5ae53adca9ee2bb7c6757d5edae239696c7532f2c0fede15911d046fd9ede561f8ffc7905150d075291734887686c51630ef2a6b77530d2c3dcbae50

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\prefs-1.js

Filesize
6KB

MD5
39490578d9cfd3f742ef2282454c7f14

SHA1
fa20260a7b8bdb04922572a601dbdc643d21469e

SHA256
c71d8983d320a9eefa96215bb77c738d71d498c7bbd70277ea8f96edc8879f5b

SHA512
25e541cc4ab2f36932994c0a67474323337ae539d635a61e22fd2a35391f86ce985849741817b3725538bb3c11689b4d7eff0ce480a1aa41dc4c21cdf121d942

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
0af19e605be1efb54bff91ad3afc5437

SHA1
ae264ed00cdba38043cb8c3f04553308f329e5ec

SHA256
a5ee18d497f237b3e7cdcf0008a03bdaf39be9200ceb6d6a88a6e6d957d32020

SHA512
baa1780151cc87a1bf7733f1d7789eb1b85c3e9663ebd3ff5d9ceaed2a8b88ff80c404e9f77b1ae584c4f0cec9ff8f3e03b02d6a58c149ebb16387b56739ac9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.7MB

MD5
28951b054fe7cf5c5ee5d9f37f3f0358

SHA1
90da17f7ad22fcf87dcd915ac8275ddfaef6e85e

SHA256
b502e5ccf13bdb1927759b60be2a7d04d513745b6029c4efa988822056094f2d

SHA512
32151be46900f76570b009d0feb36368a2a0b9c292f752135ab3608d73891b4a44988dc80df0b794d90ba85090f6188341ca4dd49b8118cff143f107c3b3d010

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6lk2b5bo.default-release\targeting.snapshot.json

Filesize
3KB

MD5
64c273396a767fa3d12d314aced79059

SHA1
97bb939784b699b7b35c27970812763328812ecd

SHA256
912b7ab1982692e53329f757b8df2c2079f49d05460f291a67edbb75539d1946

SHA512
8716485f05c29a1bbfa8cf32d366d754b4aae5caf6a4880bd5a1b4e4ff78952426e80a634ccb160cbb56833ec7628938097a91ddec0f6b9c33c3ff308c53f560

Download Submit