Analysis Overview
Threat Level: Known bad
The file https://bafybeicyn25qaukka5unzv6urwpai6i6smefr6lf4ob3jigdbwf7wizg3y.ipfs.dweb.link/ddoonnval.html#[email protected] was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Checks processor information in registry
Modifies registry class
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-06-15 08:51
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-06-15 08:51
Reported
2023-06-15 08:54
Platform
win10v2004-20230220-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://bafybeicyn25qaukka5unzv6urwpai6i6smefr6lf4ob3jigdbwf7wizg3y.ipfs.dweb.link/ddoonnval.html#[email protected]
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" https://bafybeicyn25qaukka5unzv6urwpai6i6smefr6lf4ob3jigdbwf7wizg3y.ipfs.dweb.link/ddoonnval.html#[email protected]
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.0.161757885\1199140892" -parentBuildID 20221007134813 -prefsHandle 1856 -prefMapHandle 1848 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41913235-11af-425c-912c-cc6cdce06752} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 1936 191b2818358 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.1.603339932\187169502" -parentBuildID 20221007134813 -prefsHandle 2428 -prefMapHandle 2416 -prefsLen 21706 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c05c91a7-e016-4266-b56a-d779e60b896f} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 2440 191a4774b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.2.1048710699\2117775102" -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 2980 -prefsLen 21854 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4851d988-e123-48b8-bed1-12bfbad6104b} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 3096 191b5624a58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.3.666508794\1219852412" -childID 2 -isForBrowser -prefsHandle 4004 -prefMapHandle 4000 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5a4a43c8-4dcd-426e-a71f-65d7514e35f7} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 4016 191b6b7dc58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.5.670545433\699726136" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4860 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8471be4-75ad-47be-9468-6396a31625ef} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 4956 191b4f7d458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.6.968165542\238162995" -childID 5 -isForBrowser -prefsHandle 5064 -prefMapHandle 5068 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1e2af9e-67a6-455f-bfeb-bc14f482de0c} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 5060 191b4f7d158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.4.708110240\258994580" -childID 3 -isForBrowser -prefsHandle 4780 -prefMapHandle 4768 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {783bd613-160a-4455-a796-a8b8e4e871aa} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 4764 191b7f12258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4016.7.1223961649\167858197" -childID 6 -isForBrowser -prefsHandle 3376 -prefMapHandle 3416 -prefsLen 30296 -prefMapSize 232675 -jsInitHandle 1500 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c676793e-60af-4415-ba54-5071fa3fbbc0} 4016 "\\.\pipe\gecko-crash-server-pipe.4016" 3408 191a4761858 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:49706 | tcp | |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.3.197.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | bafybeicyn25qaukka5unzv6urwpai6i6smefr6lf4ob3jigdbwf7wizg3y.ipfs.dweb.link | udp |
| US | 209.94.90.1:443 | bafybeicyn25qaukka5unzv6urwpai6i6smefr6lf4ob3jigdbwf7wizg3y.ipfs.dweb.link | tcp |
| US | 8.8.8.8:53 | bafybeicyn25qaukka5unzv6urwpai6i6smefr6lf4ob3jigdbwf7wizg3y.ipfs.dweb.link | udp |
| US | 8.8.8.8:53 | bafybeicyn25qaukka5unzv6urwpai6i6smefr6lf4ob3jigdbwf7wizg3y.ipfs.dweb.link | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 44.225.227.241:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | www.pedikircentar.com | udp |
| US | 34.117.65.55:443 | autopush.prod.mozaws.net | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| DE | 178.63.18.211:443 | www.pedikircentar.com | tcp |
| US | 8.8.8.8:53 | pedikircentar.com | udp |
| US | 8.8.8.8:53 | pedikircentar.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| DE | 178.63.18.211:443 | pedikircentar.com | tcp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| NL | 142.250.179.170:443 | ajax.googleapis.com | tcp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 1.90.94.209.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 239.237.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 221.5.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.100.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.227.225.44.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.65.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 211.18.63.178.in-addr.arpa | udp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | udp |
| NL | 142.250.179.170:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | logo.clearbit.com | udp |
| NL | 65.9.86.8:443 | logo.clearbit.com | tcp |
| US | 8.8.8.8:53 | d26p066pn2w0s0.cloudfront.net | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | 191.144.160.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d26p066pn2w0s0.cloudfront.net | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | tracking-protection.prod.mozaws.net | udp |
| US | 34.120.158.37:443 | tracking-protection.prod.mozaws.net | tcp |
| NL | 13.227.219.17:443 | image.thum.io | tcp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | tracking-protection.cdn.mozilla.net | udp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 34.120.158.37:443 | tracking-protection.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | 8.86.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 37.158.120.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.219.227.13.in-addr.arpa | udp |
| N/A | 127.0.0.1:49712 | tcp | |
| DE | 178.63.18.211:443 | pedikircentar.com | tcp |
| US | 8.8.8.8:53 | pedikircentar.com | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.pedikircentar.com | udp |
| US | 8.8.8.8:53 | pedikircentar.com | udp |
| DE | 178.63.18.211:443 | www.pedikircentar.com | tcp |
| US | 8.8.8.8:53 | ipfs.io | udp |
| US | 209.94.90.1:443 | ipfs.io | tcp |
| US | 8.8.8.8:53 | ipfs.io | udp |
| US | 8.8.8.8:53 | ipfs.io | udp |
| US | 8.8.8.8:53 | 103.169.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 126.140.241.8.in-addr.arpa | udp |
| US | 20.189.173.11:443 | tcp | |
| US | 8.8.8.8:53 | 44.8.109.52.in-addr.arpa | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 2.18.121.79:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hneknee.gvt1.com | udp |
| NL | 74.125.8.73:443 | r4.sn-5hneknee.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.8.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ipfs.tech | udp |
| NL | 84.17.46.54:443 | ipfs.tech | tcp |
| US | 8.8.8.8:53 | ipfs.tech | udp |
| US | 8.8.8.8:53 | ipfs.tech | udp |
| US | 8.8.8.8:53 | 54.46.17.84.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 6e88f5ba75fd962e9f9508f4196e16f4 |
| SHA1 | 7a0e7c55b15953f75bcc5cf4113fc7bacad593f6 |
| SHA256 | c6bebef084cc0a74a47492b58c536b04d1674aae6ce7380c64637e0c09d05f70 |
| SHA512 | 32fb9f1132b78902d901d31743c71a40cb9fad30e38a1a20c7bc1cc94ba4dbf7354d39a89d7b90ccdaddd431065af8ca8fd0f2f51653f3c8453f58ce33226692 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
| MD5 | 9faf7ea9b998b4538a13a1f4478a2267 |
| SHA1 | fe93844475a527baf317ac7d8168759d3b02b757 |
| SHA256 | bb60936620ca4ea9dc972689c610fbec27f49050e7322edb2f75279baf748683 |
| SHA512 | f1d3f06eb8ef9b6c9fd984958c61a1fe69b77b6eece9b79f0e6812db2bba8f189b3f1fa0768fd6bd3f3ee796a3cf8017cf274ba38ad8203540d77b4158aaf80e |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\safebrowsing-updating\ads-track-digest256-1.vlpset
| MD5 | 4f9ef3d3a71d4cb49e623e3f4b7b1162 |
| SHA1 | c2d65973b44b051d043475e9387fa7100514acbd |
| SHA256 | 48ae004f3c542ac764dd5a1e894918ec4b250b5c1f7209256c191cae13106b1f |
| SHA512 | f7017204ad37ceedbff4e8b58ab4edac75748d2f36693e59ea9d9157f637d29b53c6405d994ac9fc62712f2574013e95c4817ff49229c78dcc23cac805b13ed7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
| MD5 | 91b667c23c5f5c698b30f06b3c1b039f |
| SHA1 | 1d0450ad5d90c5c87ca14a86a8c0c44e3d974d1b |
| SHA256 | 3fbce8d063c0bf0d158900aa93d47ce1a9b9ae2b6e96289ef7be11a399e027de |
| SHA512 | 2ad1d74e39906a7bb2acbad90f77c3ef10f31e236293af3f0cdb2b57c0c591a15a258fb9f0eede39e88a17c86489e729280b251dc1b9307871222481ecf11051 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | db9052de5dd49d10030c32c815bc7dd8 |
| SHA1 | fb0a2481eaffd1c54960e5d44464946430d55069 |
| SHA256 | 97629c8c605bd2d0910fa69b76221e3a1706469bbc05f8d2eaa7bc998c684d68 |
| SHA512 | 91b3c5174f1f27d2701c2bcaf21a35cac04303bfa368ea2cdffe211aa5b6b90fed6a3bb23c731be66a508fe542d594cbcfcc3c062cb9f1d678086d12e4597a74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
| MD5 | f627e9e39e720c236fc0e1a3f8af032f |
| SHA1 | 1018389758514dc911306d99eae0449491cec145 |
| SHA256 | 8dfcdff5d56dd341ccd99ca6181df8ea9c8bb4583a7d6bafd51b26130a443683 |
| SHA512 | ef12006692e8d0169b09ab3ac257346f897c378ada0e5139c757e80d63afa6a8921f96c83d9a71eef8c618e018e55984ee5f1a9e1e03c24017b6338c4ac24a43 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | b9a54a5d60e6f1f746e7033c640bd87f |
| SHA1 | e8e17c50f41da3c88bdb093addac5f39cfe01b32 |
| SHA256 | 255b8943d484e3cd991b4fdd7246f5d9f5a843f9b4f06712199aa3af50e43b37 |
| SHA512 | 7047a14bc3a0c22ae63daf6e40a21f56fec49f64707ddd7f36f585bbcde8d110497a6a169e350bb8cc0895d2fa611828f8b667a209a5b6c455504aeea4c04993 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\58D46C4012E4AD3623A4EA72BB3C1CDD25B3FF87
| MD5 | 4f7b280fe59c5ef8627990fd54f71b14 |
| SHA1 | f1c145f8c0357ba70a09119f9f5bcddb6214fa46 |
| SHA256 | 51861a44add9e0ed414b591b3ccf31ba77714b809c0ddf84434b2d631ba6ca77 |
| SHA512 | 67adbda9a9fc89995015d646fd86166ebc8db8817e54a4ecb35bb6bdd36440ff0959caf765b9fff431fd94774d14be80485194d33c12546e82486cf04d0e68d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
| MD5 | bec68f5e7591eeed67b0d6fa52cf0af7 |
| SHA1 | 590e5432ee9a59dba5a4d6e34939a1275b8a4cef |
| SHA256 | 57df6a9834e25af71ccbf6aec587e66a6b3440747ea6bb9d85ed2d1419c914ad |
| SHA512 | f4227842679cafd8fb2dbfae70bafce4993eb9ff5a923ce17d6dcac22abae8b7c747106a59e7ee09cd868013aaf8471dd69a986ec8381b66036e01beea32a0ea |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 703652988a9ae27f9b0eb6dc67b676de |
| SHA1 | 2a296601bfb1efe624c5feb63ffb4823a781fd14 |
| SHA256 | 74d989734a5fe45b48204bdfc8e7d977f1a5d918b83caf3067ead66f700d12b2 |
| SHA512 | 8bed5bbb70daf2e9bbc60ce771982745a8075f6807a4443a790d91448ea8b9571ab0e105ce6fb32932f9aefee86763d738da2f10bb1b026cd3cc59400decfe25 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a5a6d7777675326ff436788388a21d92 |
| SHA1 | 01901473126b63de96db7d99eab64884f7e777f4 |
| SHA256 | d445e5a0e33d5282667e7fefed95838c899bf37563d62c79826edf9b9540cdda |
| SHA512 | 047a313f3ab37002776a11a9e2f40d898baeac3bdcd5c88baf5f2bc423095bc60bb0fc5526566a5c5b61918caf48fc6cf0c04c42c3560c605e8fb84ffd323c67 |