788a4eea7277e8285060d1f1944160ff40c3b94bf10fb03f05e899a34c50b0a8

Analysis

max time kernel
267s
max time network
283s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-11-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Crosshair-X-Crack-master/Crosshair-X-Crack-master/lib/screen/login_screen.js
Size

8KB
MD5

319538d10d4e547074cbb221c2c4eb9d
SHA1

7b6b85885e5038fdd89e5244db8562554f84bd8e
SHA256

a32e8dd794f332e175a689a8b53b2d3d178396b7c2274b7e5607a142dd2543a7
SHA512

c9998977626c747bd455e77453db52fd66682b7f3d8ba245bc46cb2f6aceac506e723c8d702ccc5bd74aafee8666aac61c8e1649af95296e118b1711ad4752e3
SSDEEP

96:5aobJgPuFHuzw2TTklyy0UTwqo7IAFBzgAkqDzUl6kU49iH48R4T:5aobJCzw2TolNfTw37hBzgwDzs6kBig

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

firefox.exe

description	pid	process
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe
Token: SeDebugPrivilege	1236	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

Processes:

firefox.exe

pid	process
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

Processes:

firefox.exe

pid	process
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe
1236	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

1236 firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 4128 wrote to memory of 1236	4128	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 1704	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe
PID 1236 wrote to memory of 3160	1236	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\Crosshair-X-Crack-master\Crosshair-X-Crack-master\lib\screen\login_screen.js
1⤵
PID:952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e482f83e-fc0b-4ea5-b794-c3a162d1dd8b} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" gpu
    3⤵
    PID:1704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2364 -prefMapHandle 2316 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56705472-f78c-462c-902f-392e3238f1a9} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" socket
    3⤵
    PID:3160
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3096 -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 3084 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f06d8966-1c4f-4796-bfe3-1a8ba39dfda0} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:4440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3676 -childID 2 -isForBrowser -prefsHandle 2988 -prefMapHandle 2692 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71a60526-fee4-4651-9955-e668cddb6b7a} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:2772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1588 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4784 -prefMapHandle 4872 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {95ccb990-f00b-4b0c-8831-6a1bf3993df8} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" utility
    3⤵
    - Checks processor information in registry
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5260 -childID 3 -isForBrowser -prefsHandle 5388 -prefMapHandle 5384 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {36e76826-da87-4c20-a194-493b5a0e6121} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:5852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5536 -childID 4 -isForBrowser -prefsHandle 5612 -prefMapHandle 5608 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {659fcfca-763f-4518-8afb-4489013d38dd} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:5864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 5 -isForBrowser -prefsHandle 5640 -prefMapHandle 5728 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d8eea997-cc86-4f02-ae47-cf7b964fbb8d} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:5876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5640 -childID 6 -isForBrowser -prefsHandle 5580 -prefMapHandle 5584 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1248 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {81908264-39a3-4052-91c3-151e1eee5ddd} 1236 "\\.\pipe\gecko-crash-server-pipe.1236" tab
    3⤵
    PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n4zftpal.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
aa2742d625224565fd9ebda7e8a94214

SHA1
fd346c611faa9690cc617dfc2cb706156b518899

SHA256
671b837fedfac2e4c148565caba91980c629b8f61cc3f89c2e0bc3b619e0ed60

SHA512
dcf6832b789d9a008fbc298fc1229acc02b22986c5f83e7008caf72db5d7142eb9a5c199693498c7913955137c8e8deea061e06e71a39fccd420a17ec1407670

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\DD2VWM1XBYLHSNVKZTMN.temp

Filesize
8KB

MD5
bde1b720bb5046d49920e1fa09d4875c

SHA1
fc506901e10bbd563f80a95a2c261f8b2fc9397a

SHA256
32d2d11e40816c85aba20236205af401809891ef1bfe8872e514784c8df6eaba

SHA512
0333d186443bc63edce916b77a0820d922127c92dedbe29060349ba658ce327b6a69a08678660e664283da8943bd1f516e31299eb1173299cef9131bb8ba9217

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
6KB

MD5
d2c28a6688a9a77491379d1c6fbd1877

SHA1
56b572dfb84ee2b8bbe9a31b30c770c01e6318cd

SHA256
2f0182d1e25efb1b4d73581995e4077c2cedf51db47ef15817a88f44b75b6576

SHA512
b9bcde64c131586b6c0b39bb274272838fe3b4e50031813afa32b105cab8359f87e96322c5f9be7f9677f1a666275777da0943679a1ad3002fa4d86a5492c1aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
8KB

MD5
10835d762b8ecce929f2deecff55663e

SHA1
db259c696cfd570ea563b0a49dbb91b79d29b2c6

SHA256
3b568671f44ca9b20211a849ce95defeeae892a884059ac886b195609819d9c6

SHA512
886be13fe4c75d8ad0c91d6762df06ca44b2568dea634f5383ebe17c626c483eecbfd941cf94dc5f20ea78ffa1dd61d3f2bbd86dec0dc22b1dc1084fff9ce00d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\AlternateServices.bin

Filesize
12KB

MD5
83e16a8768b5aa08ab9af0b6781be23d

SHA1
aa63c64f40203974ca3782ffe21837379171a943

SHA256
4c5055f25cdcc9831b105556a6f44ffd5f41d51c8d5b42ae22e294a23ce9dfe3

SHA512
f4bed751fa8752aab4f2cc6bccc265f58f23a8dd6ed4e31b71b4bcf1b22875011554abfc1c9540212f87788e8acdb106c3c186dbd804412aa798392e4afff3b6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\bookmarkbackups\bookmarks-2024-11-17_11_Ki-IDsVWGcvA2qt2H+hW8g==.jsonlz4

Filesize
1008B

MD5
c9c35a888452e9aaafe7c8dd2f8da661

SHA1
35d92692f9fac18ecdb052b94d06e399b44078f0

SHA256
038552933fb4613a745782c6d5fbf7ca6645e81a532fea0d69205a81d2532d32

SHA512
d310c4c15440af018479d9a85d57c974908ab7a37ad509f2bc1e99254425343d6e1e980cd636cf8423011bf997f867dd315fe6027b7c330353af09390888ecf9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
116e614ccccf8f8dc93ad7fbb5484f50

SHA1
7b050f78c9340867a692c62bcb53cb7df12a956e

SHA256
b666d8325eea5fdcec873e4c7b8fd5a8157d06401d9fe145e58c0f2e6e2bc8aa

SHA512
24d82be0eea4b68436227a82a2f39255b170bf0f1daa40513790e5d1329ad25c4b26ee81f24a6ae5ff5ef338349bccafe02448911fdc7a5d128df66933b3d0ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\db\data.safe.tmp

Filesize
17KB

MD5
0b21f468ff8ca0d7e78d9f8c7a15c19e

SHA1
80c8638f73d0a4e59dcbae53e09473312a371b26

SHA256
ed8af91aea9e0a9082daa14f6909a78597bf16fbb5acd4b825f1fed35aabb99f

SHA512
331b876022e7ad03f72a848013e25f24a2b35ec08964766d01a7bf73bb7ed2065e86fadfcb1c4825f63d3d930c41a9e0fbd26491b01408d377c84e93d51aa492

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\113f7a70-1b03-47ac-8492-12a2f00ede9d

Filesize
25KB

MD5
47db3b46bea8ce08e93d61b3f2081fc0

SHA1
6e86290a30d893e85275bb929ddeb555bc76b7b1

SHA256
e7c327b7520cc1017f276150f4442bd1bddcfc00e947a764e82ea86cb57b0ec7

SHA512
816cb088b6bb14f5954c241dfd253be1f9648bf81754196cc2b8a2565f658e7c604e5aab7f3960d366e11644cbb60bbbd5e93d20e55233636824a16dd55e0f08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\5e74fe30-29ec-452c-bf1e-c63c4706d43b

Filesize
982B

MD5
4678f5c95a1c84c21b2584f2b2e522a4

SHA1
fef2617b6ebf91c4cc14729ae8a311c227ea834b

SHA256
593e4e449c7497f05ff7e6e734d9cd3b52a4a39ea7c4915634f13fe9df210a8e

SHA512
fb32f614f342343a1f281f7ce12f22371c7cf6e39d5188a04ce95ce0d55bf610bba99a014ba3d6cddae7f5d103fb65a80f5694ca3a11c34859ce38aaaf9fa8a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\datareporting\glean\pending_pings\7ce23232-2c4e-4dc4-9548-55bff175407c

Filesize
671B

MD5
06b0ef8778f1ca378f80ed4d155261b3

SHA1
f3cfc9655e84373d0dcf0651f928f3b301564eba

SHA256
0286d1fc3ac1a0e872f126695d48077b508757bdb6670f0cb09ffb03617057b0

SHA512
1987a74d0c6bc0719d812fc8d591216167baf28789861cf14c1d6319c15251d696a3b67bf7797012dbef6f359d96a0f90e60de4cfea11c6209e51d65655e50b5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
12KB

MD5
a257e60e19b0539dff2a65b78ff43555

SHA1
6589e627ea4c84d765ac223def879d60200a0015

SHA256
3a9bccf1187f6604c1e77abccdf3fa6d7604cacd0f6e287d8e430da948a87699

SHA512
7b2ab4357f58ebaf98de05f3f6f32ae8611d4aadc4133fdce6c8bef75d9d4ee3ee6984acaf54d778f5aec210b3d3b72b2814fefcab67fdcc5cdf3c962b0510d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs-1.js

Filesize
11KB

MD5
46475d49e06763689a83a36d6470506f

SHA1
f8453ddf018b2da04d34c14ac8ef84e3360cf701

SHA256
251206e38a07dae0de8923c33e817eaac90f860247558bdc8620ba316dbab9cf

SHA512
4be1ffadcd895f93755d35f455ea61b01c3f956d993697094251f5f0d3ec7c12860a96f4fb68b9769b5fbc2d76b3c3a1a8e70b06bd946f756af2be591b1e4393

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\prefs.js

Filesize
10KB

MD5
7c45274e0a90dc040f5ac578d500840d

SHA1
349b20a7ed782ec91130f897c30299c27565225e

SHA256
e56574abeaf8aa9c03beadc8e305707f5d67daf0b5f2ab20c95bd2181bc67d58

SHA512
e790065b4634d0f19083efaaaf79d2ba6631c8762ebe191c0200860505f571acc6fda932b5077a8b85a89cd63c5ddc4ccd4ffc13c9236c10dd6d5485b392ce56

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
d511f8aa1e5080014ff3f23d8845369f

SHA1
132b1fe1399bb07027a3f3a566df7715ba00dce7

SHA256
0ea2885fd78be2f0c7f4defd0452b39fd3c4a490c30592a93346b895492d9dbd

SHA512
8d6fd9ac36ade11d75637e99e4e45d09d2a83d3b0f796e07cfaa83e5f6ec4f3e81e5f81c5032973317483994bcb5adde694e441b2d38864a5af49bef6ab927b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
13799a702b8e661bb3a2e656ff663c0a

SHA1
f758fc92d3dbad394e1a2450e929fdbfb6221d58

SHA256
67c16b6bbf6ac0b31612d92c96deb3230072d60f3c2621b6a69dbca4c8e258ef

SHA512
800b876f15d8ebe9ddcfaef2e9af9e35692078d0c95b2248b6c720898f00debb2c2abb243e114efac894dab85a331a27ac55f40bbbb219423548a76f3a9c9341

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
987cfa46fb16a29bed96d768d0a1be60

SHA1
dec0497346cf00eaa06ad59c63d362966f5f3667

SHA256
b6f703caa5b6b7405bf757a5b12541fbeac436c8f5baa1b3295984c42f0cc298

SHA512
d71e8f2a03425bb43b8f49bcddf71836965cb9d6d5d7589265fb1aef0b667cb7137cf60701e9cc6b52f9d4559daf07741bdc406e4c781c3accaf80459005fb2b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
7b234371aea428ece1451d3d35e1fbc5

SHA1
67c222caff92668c9de9180c2593524cd91d30ea

SHA256
a7c43a830e93f948e0f03245be3138bb43c793a3d24919c44c16aa6c23e92f0c

SHA512
0c80b959f4303cb5a85334c213db358b79a69b0b236845df9f1f46fbefd03f5f94a3775264ff07ca0638d8a1809755eea8b1c6c761d8c1f817f0bd9b24f575fb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
b86a323df0a10af9ef1b3e3b8f27d7c8

SHA1
b9e97d66e4eb9de7b7deeea61854c197a305beaf

SHA256
35f49dbecf59ce737e3df1eae483252c83e24244a3533403006d6b37fe436751

SHA512
bbe8b81363b371c42e4194e419ec8f82e955002c906f51104f0b8db957021044bd513fa75510a2e7720048cdf3128667f4f6df23fa8b1d0d1f33e0f9ee0dd7ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n4zftpal.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
06e2b6bedfbd7e9cd8738ff24d3ea684

SHA1
d3d1dfd662744be8d6b16c2746fdf3f46d6313ca

SHA256
39921fd94399a5e3aa68da170a1a07fe18184d99fca3ff35ba205194f09c2326

SHA512
753ad001b7a55aab676e98007a7839b7f8d35cae20e1e505f4a4e07954676a0fecbc62393ddd051000ae3d9cc81af53794b92f71d59ae788751ae555f8eb36be

Download Submit