hxxp://blox-verified[.]com

Analysis

max time kernel
133s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20/11/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://blox-verified.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	792	firefox.exe
Token: SeDebugPrivilege	792	firefox.exe
Token: SeDebugPrivilege	792	firefox.exe
Token: SeDebugPrivilege	792	firefox.exe
Token: SeDebugPrivilege	792	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe
792	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 4068 wrote to memory of 792	4068	firefox.exe	79
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 3496	792	firefox.exe	80
PID 792 wrote to memory of 2636	792	firefox.exe	82
PID 792 wrote to memory of 2636	792	firefox.exe	82
PID 792 wrote to memory of 2636	792	firefox.exe	82
PID 792 wrote to memory of 2636	792	firefox.exe	82
PID 792 wrote to memory of 2636	792	firefox.exe	82
PID 792 wrote to memory of 2636	792	firefox.exe	82
PID 792 wrote to memory of 2636	792	firefox.exe	82
PID 792 wrote to memory of 2636	792	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://blox-verified.com"
1⤵
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://blox-verified.com
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1920 -parentBuildID 20240401114208 -prefsHandle 1872 -prefMapHandle 1864 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d666ad66-1ff5-48ea-a6ed-bef357850842} 792 "\\.\pipe\gecko-crash-server-pipe.792" gpu
    3⤵
    PID:3496
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2360 -prefMapHandle 2296 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a085966-2aad-40bd-bdb8-aba4eeb0f4b7} 792 "\\.\pipe\gecko-crash-server-pipe.792" socket
    3⤵
    PID:2636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3148 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3136 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0583676d-a46e-4eb2-8c95-df2bd4aaf80c} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 2 -isForBrowser -prefsHandle 3664 -prefMapHandle 3660 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0699c698-b7ca-466f-9408-d468b5650e95} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:4356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4676 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4712 -prefMapHandle 4708 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e3661943-22b9-4416-a47f-2e84aff64ac9} 792 "\\.\pipe\gecko-crash-server-pipe.792" utility
    3⤵
    - Checks processor information in registry
    PID:3708
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 3 -isForBrowser -prefsHandle 5348 -prefMapHandle 5344 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7518565c-276c-4cee-ace5-f0c538be1c4a} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5632 -childID 4 -isForBrowser -prefsHandle 5624 -prefMapHandle 3300 -prefsLen 29276 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {997df581-e23c-4f33-9cc7-6464424f20c4} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3392 -parentBuildID 20240401114208 -prefsHandle 3252 -prefMapHandle 3172 -prefsLen 29355 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc041297-8990-4855-9611-f1eabf162bb8} 792 "\\.\pipe\gecko-crash-server-pipe.792" rdd
    3⤵
    PID:3112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3264 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 3244 -prefMapHandle 3240 -prefsLen 29355 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41846236-771e-4570-970e-0b466b93c524} 792 "\\.\pipe\gecko-crash-server-pipe.792" utility
    3⤵
    - Checks processor information in registry
    PID:4284
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5980 -childID 5 -isForBrowser -prefsHandle 3244 -prefMapHandle 5972 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b52f6419-fc98-4740-85f4-18946e75f276} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:1952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6108 -childID 6 -isForBrowser -prefsHandle 6116 -prefMapHandle 6120 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b1d2b1c4-6ad6-4178-a92a-bba2674e9065} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:3948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6392 -childID 7 -isForBrowser -prefsHandle 6312 -prefMapHandle 6316 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {08ed94cf-6e2c-4224-99c7-cafbf9fc3fb9} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:3312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5136 -childID 8 -isForBrowser -prefsHandle 5140 -prefMapHandle 6856 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1240 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9051589-e675-4188-be3d-fbcda65752bf} 792 "\\.\pipe\gecko-crash-server-pipe.792" tab
    3⤵
    PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jj59r4xg.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
f43bd0b2479d7e6afea14d79420f9da4

SHA1
8c5e14da0f01ca7eadf02798d31bfb79f4b03529

SHA256
e7cadf7f7ba044ff364d62802e19f184bd3e45583bed84b80d18c5790256e9d0

SHA512
5fa69da1c62f0fa7e6c1b1c309fabc5302014b4dc252a5842c5bd2f6bdd62339e29f6d40d17ceee8ce972e8bef6e76b52bfd62e5beaddc41ec0ccd43611746ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin

Filesize
6KB

MD5
2a4c1751a0ca2163c9f9bd946d008325

SHA1
4bc18f046c5afd39eaffeae181ac39644f6411cb

SHA256
9a2f84fb478753b8d05cf4520fd4e5695817dc1563052d0f38260de2d428f653

SHA512
072e4cfa59cf3b656bcdfe1c378c43d02ebf9bee907f300f03fe304fde32b94a9933526cfc0a9f9d7a10f12fdf2777496a61cdbb0961870826011d34ddbcab73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin

Filesize
7KB

MD5
ce2d488672324cfbfcd0d5f9c76904ee

SHA1
6ed7ceb6695a2149852d407dea4739db36ced29a

SHA256
9e5f868a63a55f0456028b932a43e8e05950ec1fdb032fd6cdc237d1ff73dde1

SHA512
075d6545c782b5acd2d2cac1ce6f8950c63c1aa49d82379584a49484400d412eb7b3dbb1a69e3c8b987c11a7a9ecfa8032eb7a358c42172434eb24b802b211aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\AlternateServices.bin

Filesize
12KB

MD5
3692d85b197f48c1f7fdde4604bbe5f9

SHA1
a506daf2a9e718835fc1a5dd36e1e8e8e296ade5

SHA256
3cca39fbf8cf98dda648b8b4925c110eb4c3680bfb7f39fa3a9813573fb4e567

SHA512
3ba18e98ed518f5d382c523751f3f6f31c2e937f8088e16863683bf8400dfc24268f8bdc67771eaa2f79f52fcc2305d62f797fe14def93c1a9c41adcc6c2e93f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8b7e796d607b801933effee7a90e466d

SHA1
902b3d6164ae8f79dbe1d4086f61146bfef68ecc

SHA256
7f360ccd4a8c9f937ae9071e8deb329d2380de0f7828207ea1bfe3acb26963e2

SHA512
faa950f90d46bfb1fc93d67668374e27507fa88ecc6accde075c9984c2d8d09ed3cccf588c93485122645a15f7087a49edb9768fb991721230e708adc31dfdd4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
19KB

MD5
e316c975d6becaec9ad1b2e7e384693b

SHA1
0be19f12666045a784e8ec5b59b66d1906a81ddd

SHA256
92cba6ea95934535576cd96481ef2c51f264a69f330b6ce20d00d88356122bdf

SHA512
0e5d8e8527645dd89f868fb60bf4780e90d9318d56f46e35d253e4f97e0319ecbb16f8970e1359b7ff53104f4485eb7f150fe38d50aea048a63c11a2ef9f05a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
539bdfc76749805d37b11b313824a852

SHA1
ba6a9594338542335fd28d229599f949e3ca7671

SHA256
e1009156ffad41f1fdb8786832763b70b572ae60999d03a9c2bd9be84046866b

SHA512
b8a7d87d460ce57f1eb955557a9bbe35a5adb865ed73296f5b0eaa5cbaafb431324a36adb552fc0eabedbdd490e38e5b0a919b594c9950346c174cea75795516

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0d0a5092bb84e645d0c28ee9549614e8

SHA1
4ad222ff98c5d12549cfe17973e9719c58c89783

SHA256
3bfbef2deea4b7576141957c4c73ff09c05ae9f24e63c34c09db5605730f7633

SHA512
7cd3a2834ea1400c252522f3c386612b68b30fcc4d26ae121d8f28129b81e0bc2cfb2fb44b18795165306d903dd51688b98d900b3ed8c9c83a6cd8bbea9b5b08

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\9687b135-cf3c-457e-8597-686eeeafb4e2

Filesize
671B

MD5
46f0cdd4f100c193717c43cd70c339a6

SHA1
338683fb0f1994fb6f17a9b78eb636fc3bd1bbcf

SHA256
7fe476b1897dcaac40a0b4b7a94613293fcf8a1a62ebde510da78bb493d75171

SHA512
d549bb309a55aa2af6ae6e0dfbec97fbf220d89f633592b22fa5147b8cde8b550fbfeb0d27cc5baa35771e355d8f4ccb854848835ad245764ce476445d97e143

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\b3455297-1a8d-48e0-98af-326d3331c57f

Filesize
846B

MD5
715cb3e5c6146420786b33c980655e69

SHA1
906c9ecff2371f81eb99626680f92d13e97da6bf

SHA256
512970a2048bfc375cb48197ce5295f613a39375413cb61fdaa830b05f694070

SHA512
19292b890157ffe42b479844c2c757b0883d7dbc86209da79a5f3aa27d9753eab2c6a1de616a3c2703be47abf35f48fdfd7c327679c126a5081a29e3ebbe3ef7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\b5ee60f5-1009-44de-958e-20dd06fb359a

Filesize
982B

MD5
ebc2e81f207498acd14fa554ad84a4f2

SHA1
d9c6d4798c7d7914adb30374ea1ca9bfc558a8dd

SHA256
5af51aa86a082e4b9d80ca816eb0c5442268b2db9dbbd6795e5501e44230b497

SHA512
9580110aa83b0031088a591d8b4307e37a6b96e29decae333fd34ad2b46602963c9b94c716bc49a5b7935e2471d3fed20a9f57d714729863a351c815c4803de8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\c7e377c8-f1dd-4773-86de-842d54f3aae3

Filesize
24KB

MD5
cb6ae61dc64504076d716a7138664692

SHA1
3f07b571bcb82733efbe7fb6e91464e7450189d9

SHA256
66fd1c9160e3148bc74155d1a78046b2a0975f3dff05b145b2ab37ccd409c368

SHA512
1824d95b65ec20bc2a1c71131b4d5a750f7b007511f221f9076941c1345f22682af8e041bceac631e3646a2bc3f80f1e3b22abbd9e4e6e4e3da6ed306f1cfeb3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\datareporting\glean\pending_pings\dbbdf01d-58e3-4a3c-b050-2e6dab015448

Filesize
1KB

MD5
5ae43830c0fc814bb711498ee60afb86

SHA1
714168a0c8d2d6ad3b517d971b671846173d4932

SHA256
ed2b151cb816ca3173b8672bb7c8531d93c0c5dfdd326208053639e4edd70e15

SHA512
9c09288c9b89266639e82aef6baddd3a067a6f7dc93e37c34a71ebdbbad480c2267931dd12de61ae8e0cc43daf816d6907cc7673f6b4e101920c331fb6b2eabb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs.js

Filesize
10KB

MD5
474eff485ca8a44afb259a296528734d

SHA1
78a1969bfd48f2d660eb4e15239a83dd1cdae98e

SHA256
4dc9d950e93283cbac38d84e0cb0dbe0c3e4a7c040cd9f6ec0fbe8f00c744eef

SHA512
f8d2cafaf65ea50a379345c5f960f0ad01c6d281d1546dc5102697af699a0e0b842c864e2e6e6aa96d5655a7b70388a99a0740814bf79072b8d83829daf16b06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs.js

Filesize
10KB

MD5
26ab0bd41033f36dad45b6975fc7ba54

SHA1
13b317944957b1d400b4f316cb901e8e7a4f2eb2

SHA256
9d1ce1b4047ccc182bed28ba926b9c6ba8d80f91441318819cf5e7da247392a0

SHA512
f5c0ec9b035a0ec92915e1b657d3b1b25397e9179bcd042f63061b7510088a9dd296dc1a8c1fdb9c5dcebc4f21dfb2075b50d91068e84430d8ae8680b33002ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\prefs.js

Filesize
11KB

MD5
bdc5b4e1ac8864cb24264371cd500938

SHA1
961b0eb614f658496b236f960e4164dd30938850

SHA256
f92417496d2d2e39cc72b7425f39246e691ddb5e04ecdf2ea87ab129e0e31fcb

SHA512
5710fee5e148f619ff84b34e2dc3f3b895def84f134a03bd592f4fb928f7656773eac6aecb6d57335b19d551a15451b2d839c59830be59a8afd7fd174b4e7755

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
24a741b536f7f392abe5ca4366f18bf4

SHA1
b913301d7073001f766926f20729ed5d3533c195

SHA256
7f3c7eb3a6e55fb92aa36b09b164e42babd543f0345f8cda819dd4cdc85e57d8

SHA512
8efc5195fe0e963a08afbe01043f6d4ea94b554886379b928f62b30f518a2fbfe4ecc55010f296b53057f729359b6d8f5444bdd38e4400c603f40e352473e806

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
51a8d79c47b03bfc3090336c16941118

SHA1
a5f4f5a3b09df19bb3d31fa3900c9dff66e4660f

SHA256
08e6874bd6c042bc5a1034e3323dd080bcbbf401ec2654472d98b1c99f0259db

SHA512
7cf2422c4296fa088d2666454f5ed542e488dca8c52c88d65913f33e81d2e58ff602960b6b4db8826a2d52b06db798959460c755a3de199d6474cedb03b4e570

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\sessionstore-backups\recovery.baklz4

Filesize
42KB

MD5
f02b19eaac2a0031b0c4e0a6ede2b78b

SHA1
3614b099868a7abc256b60ab874b577c31d9e75a

SHA256
587e03f65db51cd9c15d5d0dcb7ea3ed4d4c1c1f26942186c6ad95be5652ae33

SHA512
b042957b52dac56aa1b8a3fc3f574728135797d097dc0b9af950814582601262ef11a3a53d3b209b4f4ff8de86e3eea503cd29119d980fab254529c8680b809b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jj59r4xg.default-release\storage\default\https+++www.roblox.com\idb\3140325527hBbDa.sqlite

Filesize
48KB

MD5
02d236f9da06093a698e7d5e96e2ba73

SHA1
1a00eebacdb7e9bd49105377cdf9b0bb73eb88a6

SHA256
a5612c95083eef89315427d942dd8ef3384cc0451bf812ee9e50cbf4bb9ac070

SHA512
30c9a3be7f6c8f49ca2f4fdbf01ec8e013e05685d37f95b823fc7fee5533b61440ad56464fb8b042081baf495508fa6948cf32cf290b908bf4e82b5c7c535902

Download Submit