hxxp://h3a[.]in/jdtesc

Resubmissions

17/03/2025, 02:44

250317-c8ad2s1ky5 1

17/03/2025, 02:34

250317-c2ncbsxwds 10

17/03/2025, 02:29

250317-cyyc5axvct 10

Analysis

max time kernel
271s
max time network
300s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
17/03/2025, 02:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://h3a.in/jdtesc

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\RTGS.zip:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	2128	firefox.exe
Token: SeDebugPrivilege	2128	firefox.exe
Token: SeDebugPrivilege	2128	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2128	firefox.exe
2128	firefox.exe
2128	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 3064 wrote to memory of 2128	3064	firefox.exe	30
PID 2128 wrote to memory of 2832	2128	firefox.exe	31
PID 2128 wrote to memory of 2832	2128	firefox.exe	31
PID 2128 wrote to memory of 2832	2128	firefox.exe	31
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2540	2128	firefox.exe	32
PID 2128 wrote to memory of 2072	2128	firefox.exe	33
PID 2128 wrote to memory of 2072	2128	firefox.exe	33
PID 2128 wrote to memory of 2072	2128	firefox.exe	33
PID 2128 wrote to memory of 2072	2128	firefox.exe	33
PID 2128 wrote to memory of 2072	2128	firefox.exe	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "http://h3a.in/jdtesc"
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url http://h3a.in/jdtesc
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.0.664553724\1127478215" -parentBuildID 20221007134813 -prefsHandle 1244 -prefMapHandle 1236 -prefsLen 20847 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95778742-764d-4ef5-9235-e0bfe1930395} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 1308 10fdaf58 gpu
    3⤵
    PID:2832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.1.101017413\50702354" -parentBuildID 20221007134813 -prefsHandle 1508 -prefMapHandle 1504 -prefsLen 21708 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3dab9b6-855c-49e2-a8be-a0cfd3f5b4ea} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 1520 d70458 socket
    3⤵
    PID:2540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.2.1158716427\1309088647" -childID 1 -isForBrowser -prefsHandle 2088 -prefMapHandle 2084 -prefsLen 21746 -prefMapSize 233444 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {caa883d6-4a36-49b0-8202-8840ca06c0db} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 2100 1a7c8558 tab
    3⤵
    PID:2072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.3.167147349\172899737" -childID 2 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 26216 -prefMapSize 233444 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {754b57dd-be26-4c68-a3dc-0d8ede2ffa1d} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 2944 1d4eef58 tab
    3⤵
    PID:1956
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.4.256610091\309495368" -childID 3 -isForBrowser -prefsHandle 3712 -prefMapHandle 3488 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebb9b892-eba7-40d9-9b51-87c9fe71b743} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3720 203ae658 tab
    3⤵
    PID:2456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.5.1061813307\854618382" -childID 4 -isForBrowser -prefsHandle 3816 -prefMapHandle 3820 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {847291a9-c932-4821-b908-09691e9fd8ba} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3804 203ae358 tab
    3⤵
    PID:2500
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2128.6.764538297\252636740" -childID 5 -isForBrowser -prefsHandle 3988 -prefMapHandle 3992 -prefsLen 26526 -prefMapSize 233444 -jsInitHandle 900 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2d74390-392d-40ea-a180-cc8897ec5cd6} 2128 "\\.\pipe\gecko-crash-server-pipe.2128" 3976 203aef58 tab
    3⤵
    PID:2448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\activity-stream.discovery_stream.json.tmp

Filesize
28KB

MD5
e869e8f99a597a0d3cd6db76546edbb4

SHA1
29e5920c930ed56a999f2dcafd47c0865a277da1

SHA256
0c42dc0ff13b5ce1fd09d5d1128836e8d7a0a92f09654f6f874cf102c9867881

SHA512
2c45ad8171cd7d6104540afc7586cbe580bed5cc6f32c1fb9d95ff4fcef40eb17894c4c46ea1b1312e410cf3ecf125a421dc57c29424a89a56f5a825a18cf4ac

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\8DF0E9F84C5909278CF68CB55A683669F40995FB

Filesize
13KB

MD5
a3c3af45b960cd95e0755fa209a9d6e0

SHA1
0bc3e6756e294f07ebd21f348a569303793de2e6

SHA256
94a704829dc752f2317a75d04f0269a7f7859d991ba3814c57c18e1874de2fe2

SHA512
3daf244ac40edcfdbde9baefb035492128792dbbfef0da01131ba0c881329d8a42faea8b4c7a02c6262077fbc54e600b4e965d51aeaf6344d161fd4cb8a0d0b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\cache2\entries\CF54C2C69986FDB5910CF5EF4D901B23298C6224

Filesize
13KB

MD5
86c78cc8f9f04fca555dd73108b490d2

SHA1
9277a0aef4ef6ab22869652081dd777532e80991

SHA256
ab1c240bd251c54db6e97febfc705dd2e90cec50555323063008cc755fa3a2e4

SHA512
e323b97b7b99ceeb925770a20094ca3231db3daae1be8c2c31beaba728b529b62b32f96a28dc5b2e462091ca8aae266e27f7b61bc1fbb2a2285feec9749412d1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\n3lsnn48.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
6.5MB

MD5
438c3af1332297479ee9ed271bb7bf39

SHA1
b3571e5e31d02b02e7d68806a254a4d290339af3

SHA256
b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194

SHA512
984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
c2a26188c03f6819038dc5ddef6ee46d

SHA1
8d0900bb60b8e4b8aa94b8ec8166c5d10f8d3c40

SHA256
bd996f6c1582690bbf9444f0af0e0064e717fb33f73f4a7e3ca5bce3c6ea9fc3

SHA512
8a913638b42e77171afda82facf2ae471b4a286704047f7ba2cbd7714f741267dedfbe28409cf75bc821920d76408f2e6ef0f95d7146c587cedcb60c046ad488

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
33e022f3673e6ab24251c418e4d003e1

SHA1
253e4019fecead31363c0bb81ad269a62fedfd0e

SHA256
8375ad57f8d00d1487b66f27e7e2229796fc35c61416d7dd0ec6df05f26c1a0d

SHA512
154b5e975dc51dc25ab55e7973537d08dccab8dddbd1becf35b9392f5e9492c0042d57a2d5cbbb89703d3f49dd7d928c9d4bc212cd0ee3c7da3e3b8f1daaee1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\bookmarkbackups\bookmarks-2025-03-17_11_xTq2h+S603FCU6C336nrGw==.jsonlz4

Filesize
952B

MD5
b87efcb27c4625955a16e8cdc79d70a1

SHA1
79b8ea7edd452d86d9087407aea75e612aad92a2

SHA256
98982fa608a6d2ee9e544bfcf5856f62bc003d67861ebb4d63937bbfc23ff8f3

SHA512
97f68c78d98079c31c18eaf47eb1595a646c095a9c400bda4a31f1c42345d6f0ab60187d2a127de21215d29121923f2c4aa7fe30319d0be86a1db601f6b26a80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\db\data.safe.bin

Filesize
9KB

MD5
7adb5f2fd75e13e6ae14c672bd5c12bc

SHA1
9da363fcbc9daf0d154d3466a632ebcd8c53de92

SHA256
16ca47431e1ead43ecf40fa924e273d3062aa702bf99f1d0544a3bd79d3130c0

SHA512
012d5b2a4511d78a4d51d2d537839cea7487e2f223bbd3f695fc21fdb601e76facb7847798750fa02a352021b79cb607915b8ee693ee1c387ba41cd1faafcd60

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\datareporting\glean\pending_pings\c877fc51-5082-4d8c-87dd-5cad7b3af589

Filesize
733B

MD5
5aa35abf08b2c43afcdaf2a15218b900

SHA1
a6b106f42ad538a5c2e0855084fd67d79bc84ec1

SHA256
f5c05d4f688f0745aa37a74d300f71fc8dbcfcb6f12c6d7a0ef204bc9279cf50

SHA512
9456d5be24cef025855d0f7f2246ffe7fbb647f97abd80173b6bff4c7ec19eca62b7df96e7a76d524cd548fe7dd82989b892404215f1ec86154760925a2aabd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json

Filesize
372B

MD5
6981f969f95b2a983547050ab1cb2a20

SHA1
e81c6606465b5aefcbef6637e205e9af51312ef5

SHA256
13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665

SHA512
9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll

Filesize
10.2MB

MD5
54dc5ae0659fabc263d83487ae1c03e4

SHA1
c572526830da6a5a6478f54bc6edb178a4d641f4

SHA256
43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e

SHA512
8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig

Filesize
1KB

MD5
dea1586a0ebca332d265dc5eda3c1c19

SHA1
29e8a8962a3e934fd6a804f9f386173f1b2f9be4

SHA256
98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60

SHA512
0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
7KB

MD5
a97a42c1c39c926188a76cdcabf8f18d

SHA1
3e99b7d26997ecda10f1d561bcb9d4a051968ff8

SHA256
d222976e0ce0cf1af80c03192993775f05b4795519179d882070271150cf7783

SHA512
70439d6328fb49a500c8dd5c105b2364ba2a7270a8b768cb8d7fe5eb179edbd531a3708f971ac3ca7cbce01894874d75afd2290bc7cc8797dbaa8554d8f24185

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs-1.js

Filesize
8KB

MD5
a53edd1d65ad1e69884a83f515a62a31

SHA1
7fafe31754714f861e700019395c8fade821960d

SHA256
579dd450648b6b8f014c32e2e64d08e3e369956f60189097dae2cb0780cdc397

SHA512
e8bfe0276717e060c5dbd862bae883e604597912b7984b3baa842cd4530dceaf7d34317286e80b7a6a69c99834af17a4151b68917fa355e07c43e220832ad8aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs.js

Filesize
8KB

MD5
c2c309f80b6287568b1217d2b24fe9ed

SHA1
64299924c446220700cd992c9904eac3cc5cb472

SHA256
9e9ccb2b51568c2d710e1c221ac077c41b14f459421cadb3b2107053674698be

SHA512
e21eaba9efec95ed8cf1a1dc00cb7031a6b66bc2a1b365a2cdb4e8cf299f970d8f3533738512fefd21fccebcaea91edd02c8922eaa60c61e8da18424ec1b09a5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\prefs.js

Filesize
6KB

MD5
37dc423727c22ba2cc2a00d7217a8f4f

SHA1
95dbd46483d76a3173f948218c0917697e90d973

SHA256
625a220a85d6e02ee65222aa72db56d7cfa49e43df962db47b400155610356b6

SHA512
657a7338b5fd87b5c2a02ce3c6d96eb09ef86b6bee95b36eb14c12f2dd1585050dec4a25b3cd29755e61f36db23f01e13ce64059a1fbc4909bb29227f7d16743

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
494427da94af24969ac672d40211103c

SHA1
76a50c16e9f92aa7b15b5b07f149de0ffa00abe1

SHA256
f6340fc7961803fe8d306a06075f0cdc4c44438242dde5493eebffe7d76dd2b5

SHA512
19149af8c00136a7c672e5cc3d8f7e3f1fef1cc2e5cfcf5ddb3c5c74dd0d995cefa7517b71478869f859ba588de8e1ca89be10e2e81a36c6980389415b39d5a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
bece0acf9d7f19d01c7943c54d2ad372

SHA1
aef59ca4b0fe97f32db128e103bfb98aee3b5e29

SHA256
ce40f79585195148ac86928d18da80b963cc98d6feb83c1c2e75e8b6d6ef39f8

SHA512
105fb01521fca054766d1d1e46cf3bf177b8bab44800f7bbad9a84f388af32e745474b3cc4f70c1fd779b4e7bcf0912502860092e1824f7ba4b52c612ba5a70b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
232KB

MD5
1a4520166027ec249de66570e4a82c76

SHA1
4da7c6d4005dd3704f63988d186ef77aa3bf7747

SHA256
cdbe9ec91b953ed21051dedf9608cf262d8a7840c34b89e77501f2cd23dc69e2

SHA512
c1699cfebc6b31c69cdeedb4f7a095d81d42bb49bc6c9314998fece7116337ef146c495cd71e11fcdef468147f978cbc85eb267a9becd5e05b332a6a7e8fd75b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.0MB

MD5
488ac659c1ea13ed9ff1e0870da42d2b

SHA1
7850254a9bb91832701e2edf1476f02721ab298e

SHA256
007684ccc6ab06f8f783fb6c1545e9778350a59dc7dbd79d66961a6fe9cffc8b

SHA512
f70bd07e5475a5a21af864d113e9943ba3f9da6d6b60b6536cbb2047ad5e7efd7ee1d152ef6c72db7ca5d5c2d6008ae1be946e76fc785a8752e0f2e0620dedc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.0MB

MD5
1a01e294d9d759acf9f6cac2a389b157

SHA1
0dbba01ce333382db811159785cb2c5fa466c787

SHA256
509452d958928b3ced41eae5798cc33caa6035a89d87ded23b6ae168db3528e6

SHA512
32ee5fde4bbe4013389c6fbb27c847b1717caa509b96e668b4c77e80bc2f4ff41da4644207496caaa57fcfc6eec3ce08190423c3900f28e6a1c8d311f810a914

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.0MB

MD5
3982c5fbabc0b886500316a24586bf7d

SHA1
3162fa2b99f8730533aea1be2885bf02ad9244d4

SHA256
43b674d38e518f3f234989197d87b1a6fe569a20a45a57accc036f89dc1d8e36

SHA512
30f85801870f8971c07f3daf4d4b6e3b92195a30b986ee398b894db4acad82eeed318e2e483139153980d47eae34fc8064ca46d6355f2424308492c184abc8ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\n3lsnn48.default-release\targeting.snapshot.json

Filesize
4KB

MD5
5bc11e38bed236eea95d9efabf7583e1

SHA1
196a3bc47eef2f76e0b6536f3794d231792efce5

SHA256
3c049ad409da8e2eedb58057e462a57889518d1b3868232358a806f6df0e9531

SHA512
77fd3939595a2e565c4f72de12f0d6a4719e1f066df4bbecb0607936cb5c5a3cf750d6e24cb04dac89bf862237615afea824afb41dafa13c517afa81a3ae1f47

Download Submit
C:\Users\Admin\Downloads\RTGS.B__xuoi1.zip.part

Filesize
333KB

MD5
edb173dabd3062c273e966f9d40904f8

SHA1
fac4cc0069679796f6370b618968b36277c03a28

SHA256
ae4df31f361162e78a1244fe6879fc089b7eef4a6b78402f99285fdec73bc950

SHA512
8a501fe0332c3fc3dc36119513d8c5e324b4ceff37e34a57bbde478ade6c8f4b5a4fd784a34b2929a67088caf0eedf10d17bda0d7cf8ac8ab9566b9d4f8cb739

Download Submit