Analysis Overview
Threat Level: Known bad
The file https://www.bing.com/ck/a?!&&p=4196f1836626b980JmltdHM9MTY5NDU2MzIwMCZpZ3VpZD0xZTU0MTUzNy1iMzJhLTYyZDAtMmRkZi0wNTE1YjIxMjYzMjcmaW5zaWQ9NTE3Mg&ptn=3&hsh=3&fclid=1e541537-b32a-62d0-2ddf-0515b2126327&psq=flisacademy.org&u=a1aHR0cHM6Ly9mbGlzYWNhZGVteS5vcmcvaG9tZS0zLw&ntb#bWFyay5oYXJkbWFuMkB0ZWxlZm9uaWNhLmNvbQ== was found to be: Known bad.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
Checks processor information in registry
Modifies registry class
Suspicious use of SendNotifyMessage
Uses Task Scheduler COM API
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2023-09-25 15:25
Signatures
A potential corporate email address has been identified in the URL: [email protected]
Analysis: behavioral1
Detonation Overview
Submitted
2023-09-25 15:25
Reported
2023-09-25 15:28
Platform
win10v2004-20230915-en
Max time kernel
145s
Max time network
153s
Command Line
Signatures
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3027552071-446050021-1254071215-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.bing.com/ck/a?!&&p=4196f1836626b980JmltdHM9MTY5NDU2MzIwMCZpZ3VpZD0xZTU0MTUzNy1iMzJhLTYyZDAtMmRkZi0wNTE1YjIxMjYzMjcmaW5zaWQ9NTE3Mg&ptn=3&hsh=3&fclid=1e541537-b32a-62d0-2ddf-0515b2126327&psq=flisacademy.org&u=a1aHR0cHM6Ly9mbGlzYWNhZGVteS5vcmcvaG9tZS0zLw&ntb#bWFyay5oYXJkbWFuMkB0ZWxlZm9uaWNhLmNvbQ=="
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.bing.com/ck/a?!&&p=4196f1836626b980JmltdHM9MTY5NDU2MzIwMCZpZ3VpZD0xZTU0MTUzNy1iMzJhLTYyZDAtMmRkZi0wNTE1YjIxMjYzMjcmaW5zaWQ9NTE3Mg&ptn=3&hsh=3&fclid=1e541537-b32a-62d0-2ddf-0515b2126327&psq=flisacademy.org&u=a1aHR0cHM6Ly9mbGlzYWNhZGVteS5vcmcvaG9tZS0zLw&ntb#bWFyay5oYXJkbWFuMkB0ZWxlZm9uaWNhLmNvbQ==
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.0.1249361704\1219029517" -parentBuildID 20221007134813 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b6a1449-a1d2-48ad-833d-57846ba35bf5} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 1804 26ed1fd7458 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.1.355237380\722938139" -parentBuildID 20221007134813 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 21754 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7191fc2-3224-48e1-a8a2-ecf6ac5a0dc0} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 2404 26ec55e0458 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.2.1236254289\302438840" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3200 -prefsLen 21857 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {41e0edfe-c030-4ebc-a90c-c2de5c9aefd2} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 3292 26ed5be0658 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.3.614658169\2006323321" -childID 2 -isForBrowser -prefsHandle 3628 -prefMapHandle 3624 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc3db4b5-8fe4-4245-81c9-b77dbd7ee355} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 3640 26ec5563258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.4.440985460\1213717544" -childID 3 -isForBrowser -prefsHandle 5084 -prefMapHandle 5072 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f165b1f1-89d1-4480-8820-31ba860a85ad} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5092 26ed8188258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.5.1930990550\609304183" -childID 4 -isForBrowser -prefsHandle 5176 -prefMapHandle 5180 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e335661f-bddd-445d-a4df-1eca796963cc} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5260 26ed8338858 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.6.487522169\1052704627" -childID 5 -isForBrowser -prefsHandle 5452 -prefMapHandle 5448 -prefsLen 26577 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e53b523-6abf-4fa3-9f98-725e8151f7c2} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5460 26ed8363e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.8.1040263980\1125876258" -childID 7 -isForBrowser -prefsHandle 3188 -prefMapHandle 3136 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a779f222-e91c-45d0-9dd8-2095dbaba5f9} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 3064 26ed911eb58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4340.7.1190342738\47019061" -childID 6 -isForBrowser -prefsHandle 5348 -prefMapHandle 5584 -prefsLen 26752 -prefMapSize 232675 -jsInitHandle 1388 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ed0e11f-a6f2-4ea7-8fc1-fda220ff57ef} 4340 "\\.\pipe\gecko-crash-server-pipe.4340" 5124 26ed6005458 tab
Network
| Country | Destination | Domain | Proto |
| N/A | 127.0.0.1:61598 | tcp | |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | getpocket.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 34.117.237.239:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.120.5.221:443 | getpocket.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 54.185.54.63:443 | shavar.services.mozilla.com | tcp |
| US | 34.117.65.55:443 | push.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | 59.128.231.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.154.82.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.54.185.54.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 41.110.16.96.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| N/A | 127.0.0.1:61607 | tcp | |
| NL | 88.221.24.123:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e86303.dscx.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 123.24.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | flisacademy.org | udp |
| NL | 88.221.24.123:443 | www.bing.com | udp |
| US | 162.213.255.48:443 | flisacademy.org | tcp |
| US | 8.8.8.8:53 | flisacademy.org | udp |
| US | 8.8.8.8:53 | flisacademy.org | udp |
| US | 8.8.8.8:53 | cloudflare-ipfs.com | udp |
| US | 104.17.64.14:443 | cloudflare-ipfs.com | tcp |
| US | 8.8.8.8:53 | cloudflare-ipfs.com | udp |
| US | 8.8.8.8:53 | cloudflare-ipfs.com | udp |
| US | 104.17.64.14:443 | cloudflare-ipfs.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | ik.imagekit.io | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 151.101.130.137:443 | code.jquery.com | tcp |
| US | 104.18.10.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 104.18.11.207:443 | stackpath.bootstrapcdn.com | tcp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 18.65.39.61:443 | ik.imagekit.io | tcp |
| US | 8.8.8.8:53 | stackpath.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 8.8.8.8:53 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | d28h3jm4r3crf8.cloudfront.net | udp |
| US | 8.8.8.8:53 | d28h3jm4r3crf8.cloudfront.net | udp |
| US | 8.8.8.8:53 | firebasestorage.googleapis.com | udp |
| US | 8.8.8.8:53 | fac.corp.fortinet.com | udp |
| US | 104.18.10.207:443 | maxcdn.bootstrapcdn.com | udp |
| NL | 172.217.168.234:443 | firebasestorage.googleapis.com | tcp |
| US | 8.8.8.8:53 | firebasestorage.googleapis.com | udp |
| US | 18.65.39.61:443 | d28h3jm4r3crf8.cloudfront.net | udp |
| US | 104.18.11.207:443 | maxcdn.bootstrapcdn.com | udp |
| US | 8.8.8.8:53 | firebasestorage.googleapis.com | udp |
| US | 8.8.8.8:53 | fac.corp.fortinet.com | udp |
| CA | 208.91.114.103:443 | fac.corp.fortinet.com | tcp |
| US | 8.8.8.8:53 | 14.64.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 158.240.127.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.130.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.10.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 207.11.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 61.39.65.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | fac.corp.fortinet.com | udp |
| US | 34.205.236.250:443 | image.thum.io | tcp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | tcp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| US | 8.8.8.8:53 | t3.gstatic.com | udp |
| NL | 142.250.179.132:443 | t3.gstatic.com | udp |
| US | 8.8.8.8:53 | alphatrade-options.com | udp |
| US | 8.8.8.8:53 | 196.168.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 103.114.91.208.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.236.205.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | image.thum.io | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 34.160.144.191:443 | prod.content-signature-chains.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| GB | 88.221.134.209:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 216.58.208.110:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r2---sn-aigl6n6s.gvt1.com | udp |
| GB | 173.194.3.71:443 | r2---sn-aigl6n6s.gvt1.com | tcp |
| US | 8.8.8.8:53 | r2.sn-aigl6n6s.gvt1.com | udp |
| US | 8.8.8.8:53 | r2.sn-aigl6n6s.gvt1.com | udp |
| GB | 173.194.3.71:443 | r2.sn-aigl6n6s.gvt1.com | udp |
| US | 8.8.8.8:53 | 110.208.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.3.194.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 34.117.121.53:443 | firefox-settings-attachments.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 53.121.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 7.173.189.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\activity-stream.discovery_stream.json.tmp
| MD5 | 2305f34b01747d125f8d75a9bd96b4c6 |
| SHA1 | e925668915695f96ebd3ce89b24c276498ec8768 |
| SHA256 | 5c91e94775042194bd32d52ffb7d452194b1bbf2020d939216d9e50e13fb85f8 |
| SHA512 | e41037bd0eaf29f56c1b403a1659768e3b37415be69f695aae130e50d45fda5a0ae3f58cf91788128ecb1547401e152c8569617c1c2a1801a6ca2e26ed232e44 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs.js
| MD5 | 458636355e47e8c418a1cb26a063ef47 |
| SHA1 | 0d97bd70aac56cbd85efb0f51fe72ac3cae413fc |
| SHA256 | 0a0b41eb9d8b622fdb8266e5408f951ff42536633ad08f106f8ae13dcca389a7 |
| SHA512 | 70351a3f4675bb2e375420f62416b99383b198f54c65b63febfca93cc1e8294364388906c891e07d63157318b10e8cd0bb51dc08309c48989c3b7419b4f08187 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
| MD5 | 31397d84306a1f763dd8982d1447bc5d |
| SHA1 | 0e5626403e8b2c6356775eb436ef0d328cfddb19 |
| SHA256 | 95f7f6cf1784e17993b112b9f8506ee8c8eb9471385edaf5599488729175d9da |
| SHA512 | 0f90b567e270fdea8733991b445f4d48f8f587c17121e2fa54fbc3b9beed423337ad276e9c9e4eba60a076887d4599e11a05433fdcb6189a6a4bea5c7b3c06e2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 9a8f91541e203e1a24e5763b04e384f8 |
| SHA1 | eb4d804c8a2bfd64b18f033ab9b0381e37e4c04f |
| SHA256 | 68067dac1ae5cadaf0c6fec0002700521bc72a8fe4e1e8b197b221e9c61cc81f |
| SHA512 | a28aa2b18f65f55da5e9d6886e1777b9732dd7ce3f55c81d5d1e97009dd49eb9949107860db2dbdac5d1497500ea41e133d88c2cccab97f39ae90bf9a14e140c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
| MD5 | 46a9f847877ccea9bca5f47e91e8b4af |
| SHA1 | edaa1f8e1a282898086890984bfc484d8f9ebd85 |
| SHA256 | 36168c6e62dccff923198163baa58ffffd6c28f4cc29754a7ef1a0bb237d9ffc |
| SHA512 | de3cf617397d72f8a354d6bdadc2d6448b1bda1a464abd9ff73a6a69875ef47e028010dfb242b511c303f6d0ba4a0f4e303a6cf5251b61105f6b864ef25b1725 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | f49c3301f28a889459cb197a55483c6d |
| SHA1 | 8bce648cdae5d8662c83989c8f7fecb220a06dc2 |
| SHA256 | 7b2aca265a83ffb63df1a51edeb0f4160ce93cd7e82ae0aaae3425be055e64c3 |
| SHA512 | 53b0017e8ebbc7955b0c7c7cedf323065a57d5dc36fca4ccbb35fe274b5c4984afbf1c7cff7843ee70df307aec4e38d4bc8a6abb0e42fd3d645c91c3db993bcd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58
| MD5 | e17acbce35989395356b9b6ace1429f6 |
| SHA1 | 89c5b9495af31ecd7e90bec0cc51c18cf36348be |
| SHA256 | 56b917ab14d382b94b0cc5f8677b444f481de8b800101ecf064a772baf5f4086 |
| SHA512 | 3e160448eaeb8a2497f6fae19b3eb2ebbae54730279d0431f876a3ace6a843ca4299142a6d0c38bda183e30edf3f62e2f49729f75c8d48264114fc2883da9dd5 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-gmpopenh264\1.8.1.1\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
| MD5 | a3f4c3c3ef61859abe8468a8e1d714b8 |
| SHA1 | f10b1355259ac38b0c124d94d24e7e188ec373be |
| SHA256 | c14b3c224e3f946c104f356f56b1a4fe50341976fc4c3da19aef56caaf83edf6 |
| SHA512 | 5e4f93131918e91fece37c85de4639bd8158301613a99b56a1898003280756185b61521213e1670ce5a382dd475ed604b80774333be931a5db14adebe1a6e680 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 438c3af1332297479ee9ed271bb7bf39 |
| SHA1 | b3571e5e31d02b02e7d68806a254a4d290339af3 |
| SHA256 | b45630be7b3c1c80551e0a89e7bd6dbc65804fa0ca99e5f13fb317b2083ac194 |
| SHA512 | 984d3b438146d1180b6c37d54793fadb383f4585e9a13f0ec695f75b27b50db72d7f5f0ef218a6313302829ba83778c348d37c4d9e811c0dba7c04ef4fb04672 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-widevinecdm\4.10.2449.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-widevinecdm\4.10.2449.0\manifest.json
| MD5 | 6981f969f95b2a983547050ab1cb2a20 |
| SHA1 | e81c6606465b5aefcbef6637e205e9af51312ef5 |
| SHA256 | 13b46a6499f31975c9cc339274600481314f22d0af364b63eeddd2686f9ab665 |
| SHA512 | 9415de9ad5c8a25cee82f8fa1df2e0c3a05def89b45c4564dc4462e561f54fdcaff7aa0f286426e63da02553e9b46179a0f85c7db03d15de6d497288386b26ac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll
| MD5 | 54dc5ae0659fabc263d83487ae1c03e4 |
| SHA1 | c572526830da6a5a6478f54bc6edb178a4d641f4 |
| SHA256 | 43cad5d5074932ad10151184bdee4a493bda0953fe8a0cbe6948dff91e3ad67e |
| SHA512 | 8e8f7b9c7c2ee54749dbc389b0e24722cec0eba7207b7a7d5a1efe99ee8261c4cf708cdbdcca4d72f9a4ada0a1c50c1a46fca2acd189a20a9968ccfdb1cf42d9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.sig
| MD5 | dea1586a0ebca332d265dc5eda3c1c19 |
| SHA1 | 29e8a8962a3e934fd6a804f9f386173f1b2f9be4 |
| SHA256 | 98fbbc41d2143f8131e9b18fe7521f90d306b9ba95546a513c3293916b1fce60 |
| SHA512 | 0e1e5e9af0790d38a29e9f1fbda7107c52f162c1503822d8860199c90dc8430b093d09aef74ac45519fb20aedb32c70c077d74a54646730b98e026073cedd0d6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\gmp-widevinecdm\4.10.2449.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\b7jtu2fw.default-release\prefs-1.js
| MD5 | 81d6acf12e982cd473edef4c90e19e45 |
| SHA1 | 17e927983afa6a7e276bea333221a217d3af12bc |
| SHA256 | d7e5fb11b36e0da0643899e912da12701e116e05bddf8b4399737046c1ac6ad9 |
| SHA512 | d89b1ee3218663192895a2885e67a52b6219517071c28103e0d9d98944c42d710c72dd54e4d635c586dd65fb62bbe37dde59ddddccc8a0be523543367633e09e |