hxxps://l[.]facebook[.]com/l[.]php?u=AT0k5sdsc_Etx0BLLGbAPZjCqw_clSF52JI680hv34itPUJz3M1Dr6bE7zwLzGvImPJFFsbUqr8duZd378cJh5eb0bBBP5klqmF1TC2YAUZLXhmYOA5sgY7fiiIGy-5IdvClnbNT6CxOBMafx4mMrleCH5jGC0fwtOLMK_8ZuFGS76GemgPo1woTQdNTjNgtIcfk576pjqfkMhYMg8CgxYzNDMSvy9Hrt1hhM96UxYGGzfLuWTGMzrxOycgJq08Y2O6o4uoVZeq_N3Vb7BRPcnd-xiBefm-0arNAKDBycobgCM1YgMhYiGdA6qohgBSoZ3tEE7q60FU_u5dvJfANx7WTXFFXSj4zEaGXh3YJAf1hEFaF6FpyDdBxQ_w-_OtozC-1-H3NLPjqrKgPbNQriwzm4s2JrY6sO5rTt1pGrRvauxHDQVmyninyyybI8iRrz4_ZMFLxsyXwRNjKNT_gA-Z6VO99WPPfVi8SBbslitaSbUb_51zIJkV59PA1QbP4UqUz&h=AT0kqpWNg9p_VapE-EvkPydQnkiMnBgc5yjpqTJFKmZs8o9-AjqKbGRT3d0s-WYBCfbuzClIU4Dx51Dn9x22D0YfDcbhVNsH53mX-41xc6blgXG_CfSPO6Ym011-CXXoys0luIQ&__cft__0=AZUxoLPwgbyzAE5qPNcQ7rcogytf82R8TDiDwOBu-3y33dX3vQpT4xjA4jdO699_XjWBdbWNTrjQoLUZcDyQBgVodB3QLREM6yLm7sCCCI_w1UU3eHSkRpLF1_8Td8mfUex_5fzIeAgZzI3pgb7uWyS7wZvo-isFJ4-cQ1P_RW6XLN7Pc5EkHvy0aKQ5JmDW38aMTaVmRNM0atDPh0CzQCyQSp4hBDSwLU5p7Sv5jXO7DRJhOsl_Fvcq6xXlCMtNNFZWoS6G93U0nu1hKqPWJrhgurjmTPJjNvSVD3f3sBEDtMEI3ycdNMTMwjNRg3uTYaqWopJmU-o-h3rp9yfnmMAr&__tn__=%2C%3C%2CmH-R

Analysis

max time kernel
148s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://l.facebook.com/l.php?u=AT0k5sdsc_Etx0BLLGbAPZjCqw_clSF52JI680hv34itPUJz3M1Dr6bE7zwLzGvImPJFFsbUqr8duZd378cJh5eb0bBBP5klqmF1TC2YAUZLXhmYOA5sgY7fiiIGy-5IdvClnbNT6CxOBMafx4mMrleCH5jGC0fwtOLMK_8ZuFGS76GemgPo1woTQdNTjNgtIcfk576pjqfkMhYMg8CgxYzNDMSvy9Hrt1hhM96UxYGGzfLuWTGMzrxOycgJq08Y2O6o4uoVZeq_N3Vb7BRPcnd-xiBefm-0arNAKDBycobgCM1YgMhYiGdA6qohgBSoZ3tEE7q60FU_u5dvJfANx7WTXFFXSj4zEaGXh3YJAf1hEFaF6FpyDdBxQ_w-_OtozC-1-H3NLPjqrKgPbNQriwzm4s2JrY6sO5rTt1pGrRvauxHDQVmyninyyybI8iRrz4_ZMFLxsyXwRNjKNT_gA-Z6VO99WPPfVi8SBbslitaSbUb_51zIJkV59PA1QbP4UqUz&h=AT0kqpWNg9p_VapE-EvkPydQnkiMnBgc5yjpqTJFKmZs8o9-AjqKbGRT3d0s-WYBCfbuzClIU4Dx51Dn9x22D0YfDcbhVNsH53mX-41xc6blgXG_CfSPO6Ym011-CXXoys0luIQ&__cft__0=AZUxoLPwgbyzAE5qPNcQ7rcogytf82R8TDiDwOBu-3y33dX3vQpT4xjA4jdO699_XjWBdbWNTrjQoLUZcDyQBgVodB3QLREM6yLm7sCCCI_w1UU3eHSkRpLF1_8Td8mfUex_5fzIeAgZzI3pgb7uWyS7wZvo-isFJ4-cQ1P_RW6XLN7Pc5EkHvy0aKQ5JmDW38aMTaVmRNM0atDPh0CzQCyQSp4hBDSwLU5p7Sv5jXO7DRJhOsl_Fvcq6xXlCMtNNFZWoS6G93U0nu1hKqPWJrhgurjmTPJjNvSVD3f3sBEDtMEI3ycdNMTMwjNRg3uTYaqWopJmU-o-h3rp9yfnmMAr&__tn__=%2C%3C%2CmH-R

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\CurrentPatchLevel	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings firefox.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 1564 firefox.exe
Token: SeDebugPrivilege 1564 firefox.exe
Suspicious use of FindShellTrayWindow 4 IoCs

Processes:

firefox.exe

pid process

1564 firefox.exe
1564 firefox.exe
1564 firefox.exe
1564 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1564 firefox.exe
1564 firefox.exe
1564 firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3601492379-692465709-652514833-1000_Classes\Local Settings	firefox.exe

description	pid	process
Token: SeDebugPrivilege	1564	firefox.exe
Token: SeDebugPrivilege	1564	firefox.exe

pid	process
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe

pid	process
1564	firefox.exe
1564	firefox.exe
1564	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 2512 wrote to memory of 1564	2512	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2792	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2792	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2792	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 2812	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 3044	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 3044	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 3044	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 3044	1564	firefox.exe	firefox.exe
PID 1564 wrote to memory of 3044	1564	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://l.facebook.com/l.php?u=AT0k5sdsc_Etx0BLLGbAPZjCqw_clSF52JI680hv34itPUJz3M1Dr6bE7zwLzGvImPJFFsbUqr8duZd378cJh5eb0bBBP5klqmF1TC2YAUZLXhmYOA5sgY7fiiIGy-5IdvClnbNT6CxOBMafx4mMrleCH5jGC0fwtOLMK_8ZuFGS76GemgPo1woTQdNTjNgtIcfk576pjqfkMhYMg8CgxYzNDMSvy9Hrt1hhM96UxYGGzfLuWTGMzrxOycgJq08Y2O6o4uoVZeq_N3Vb7BRPcnd-xiBefm-0arNAKDBycobgCM1YgMhYiGdA6qohgBSoZ3tEE7q60FU_u5dvJfANx7WTXFFXSj4zEaGXh3YJAf1hEFaF6FpyDdBxQ_w-_OtozC-1-H3NLPjqrKgPbNQriwzm4s2JrY6sO5rTt1pGrRvauxHDQVmyninyyybI8iRrz4_ZMFLxsyXwRNjKNT_gA-Z6VO99WPPfVi8SBbslitaSbUb_51zIJkV59PA1QbP4UqUz&h=AT0kqpWNg9p_VapE-EvkPydQnkiMnBgc5yjpqTJFKmZs8o9-AjqKbGRT3d0s-WYBCfbuzClIU4Dx51Dn9x22D0YfDcbhVNsH53mX-41xc6blgXG_CfSPO6Ym011-CXXoys0luIQ&__cft__0=AZUxoLPwgbyzAE5qPNcQ7rcogytf82R8TDiDwOBu-3y33dX3vQpT4xjA4jdO699_XjWBdbWNTrjQoLUZcDyQBgVodB3QLREM6yLm7sCCCI_w1UU3eHSkRpLF1_8Td8mfUex_5fzIeAgZzI3pgb7uWyS7wZvo-isFJ4-cQ1P_RW6XLN7Pc5EkHvy0aKQ5JmDW38aMTaVmRNM0atDPh0CzQCyQSp4hBDSwLU5p7Sv5jXO7DRJhOsl_Fvcq6xXlCMtNNFZWoS6G93U0nu1hKqPWJrhgurjmTPJjNvSVD3f3sBEDtMEI3ycdNMTMwjNRg3uTYaqWopJmU-o-h3rp9yfnmMAr&__tn__=%2C%3C%2CmH-R"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://l.facebook.com/l.php?u=AT0k5sdsc_Etx0BLLGbAPZjCqw_clSF52JI680hv34itPUJz3M1Dr6bE7zwLzGvImPJFFsbUqr8duZd378cJh5eb0bBBP5klqmF1TC2YAUZLXhmYOA5sgY7fiiIGy-5IdvClnbNT6CxOBMafx4mMrleCH5jGC0fwtOLMK_8ZuFGS76GemgPo1woTQdNTjNgtIcfk576pjqfkMhYMg8CgxYzNDMSvy9Hrt1hhM96UxYGGzfLuWTGMzrxOycgJq08Y2O6o4uoVZeq_N3Vb7BRPcnd-xiBefm-0arNAKDBycobgCM1YgMhYiGdA6qohgBSoZ3tEE7q60FU_u5dvJfANx7WTXFFXSj4zEaGXh3YJAf1hEFaF6FpyDdBxQ_w-_OtozC-1-H3NLPjqrKgPbNQriwzm4s2JrY6sO5rTt1pGrRvauxHDQVmyninyyybI8iRrz4_ZMFLxsyXwRNjKNT_gA-Z6VO99WPPfVi8SBbslitaSbUb_51zIJkV59PA1QbP4UqUz&h=AT0kqpWNg9p_VapE-EvkPydQnkiMnBgc5yjpqTJFKmZs8o9-AjqKbGRT3d0s-WYBCfbuzClIU4Dx51Dn9x22D0YfDcbhVNsH53mX-41xc6blgXG_CfSPO6Ym011-CXXoys0luIQ&__cft__0=AZUxoLPwgbyzAE5qPNcQ7rcogytf82R8TDiDwOBu-3y33dX3vQpT4xjA4jdO699_XjWBdbWNTrjQoLUZcDyQBgVodB3QLREM6yLm7sCCCI_w1UU3eHSkRpLF1_8Td8mfUex_5fzIeAgZzI3pgb7uWyS7wZvo-isFJ4-cQ1P_RW6XLN7Pc5EkHvy0aKQ5JmDW38aMTaVmRNM0atDPh0CzQCyQSp4hBDSwLU5p7Sv5jXO7DRJhOsl_Fvcq6xXlCMtNNFZWoS6G93U0nu1hKqPWJrhgurjmTPJjNvSVD3f3sBEDtMEI3ycdNMTMwjNRg3uTYaqWopJmU-o-h3rp9yfnmMAr&__tn__=%2C%3C%2CmH-R
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.0.1396043303\1841438968" -parentBuildID 20221007134813 -prefsHandle 1220 -prefMapHandle 1212 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edb4f0aa-332f-4b8c-b3dc-a2cfce1e3380} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 1284 107e2458 gpu
3⤵
PID:2792

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.1.137581230\811187595" -parentBuildID 20221007134813 -prefsHandle 1492 -prefMapHandle 1488 -prefsLen 21610 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7d71b6fa-8672-4aa4-b8b3-a669d92706d5} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 1504 e7cb58 socket
3⤵
PID:2812

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.2.1671197874\862961374" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 1084 -prefsLen 21648 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec6f8245-6571-4e45-8882-087a3acbf408} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 2024 10769558 tab
3⤵
PID:3044

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.3.101381763\874986667" -childID 2 -isForBrowser -prefsHandle 2328 -prefMapHandle 2064 -prefsLen 26111 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {15f4afe4-3c94-4364-812d-54979e005ebe} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 1772 1ca83e58 tab
3⤵
PID:1184

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.4.779903461\1322233234" -childID 3 -isForBrowser -prefsHandle 3672 -prefMapHandle 3640 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7ba5f39-18ab-443d-8a5c-3b780c3f1701} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 3684 1f8ac158 tab
3⤵
PID:3036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.5.1137281615\1454730678" -childID 4 -isForBrowser -prefsHandle 3792 -prefMapHandle 3796 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8296face-0bca-4f3a-b209-1ca9de262e04} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 3780 1f8aca58 tab
3⤵
PID:1636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.6.1307410117\902056068" -childID 5 -isForBrowser -prefsHandle 3956 -prefMapHandle 3960 -prefsLen 26345 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc61727c-9c09-44ec-bb41-9456ef36a630} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 3944 1f8ae258 tab
3⤵
PID:2420

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1564.7.1338958951\394308256" -childID 6 -isForBrowser -prefsHandle 2304 -prefMapHandle 2152 -prefsLen 26426 -prefMapSize 233444 -jsInitHandle 828 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04894556-d265-4151-b6d1-ac43b6266f84} 1564 "\\.\pipe\gecko-crash-server-pipe.1564" 2160 1f7f6458 tab
3⤵
PID:1484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\77FB5EE92C576E2505C8C9FF2EC417D7727F401E
Filesize
13KB

MD5
96b84db2139ec1ab3e9627bb658f94b3

SHA1
34ada1b2f402bebc17caf3d5c01a3de72f0a6271

SHA256
7e7fbecedccb6d59a6930712927f909c6b576f45f841535fcb984120e872b142

SHA512
5c6ad7d27685e1940fc42d707ff3ed616eb0ae22d3a6e45089ba5c8627c91a8aea6e9f142adc5d4af47a7808c396e0f98cc295798f449b9a88fcb6193518c4e2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
Filesize
9KB

MD5
225053f1d9a69c13113fd9182c78a921

SHA1
600847e194b854cd4b796a8d276098095f472a25

SHA256
47e839f27241d702f2da4f23aa553187c4d4d8932dc74fb9e1bef44bed724f50

SHA512
a4c32c40e5754ba3c610807a9ee2bff54ea5426c831998d8ebc4a2b3203ccd3872c4cef5a7b71f57784c3d34be5a9df789fc3fb5220c7fd05311e8c45b5ae7ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
657KB

MD5
f39634f52f0d5123ecb2475d8cd76597

SHA1
dcecf34fd701cea4d94570b0f7e0355f28d13c92

SHA256
1f0526c6445eef888f788158f139eb3a77d7dceabd6fa104107243dd6bd47ddb

SHA512
84e370a6047ce28342016ff4b26a633256161f4a43e4c7c60ce494bb76d070f7b609d57fcd67824ad273323e4968db9bfab23e4966aee8e57c3cf5e5486e55e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
16e53c7389f4dca7b78a499129ad9d3c

SHA1
62e63c91c7050168344cd7ceb0a4a3db8babf463

SHA256
d385c5faf1c6fb98191917122ffc47d319617c3d59103f2a6edd53c81698c161

SHA512
0263644a3a3c80ea438944363df681a3843190398449b15e2f33979903a6bdb26a05ec5eb4a92c36b27c61cc93ad41ca87d6cf928d331c7cf2404f5e75c2b7c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\db\data.safe.bin
Filesize
2KB

MD5
2bfa10455fd3075f8e9e7fb260a91426

SHA1
cd986a14ee2538542521815dbd548074ab0aea5a

SHA256
c6e325d315fd8a7afe95d5218d5f6981b1ae5d2058fe27a3c281b00575753ada

SHA512
e7795161e460fe1de70adc020ff7bb09f09be389d9b6899cec9f9c5969cf4217d2b2a6d82dbf4de77a9d48ca092ee3d1f7328aad0d155e5be80a6e10042974a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\0c99e139-8f58-463e-961c-e3a59cbd3421
Filesize
12KB

MD5
2e4e4bdf1a8c6409ee8de588ebc3b0bf

SHA1
241f63489a74021a2c8d7ed53a06105b4f03d241

SHA256
0c2003bf27c27564c48a9c95a52335a5f53455f748bd3fa7ecae312e4a6687e9

SHA512
86e315751a9fee72a8d2a10d4d50bd0198b381124932347834ba054b948aef22935259b09ce1697bf5670e3f084dbdae4caeb09ed2081929f023c6f2c2c8980c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\datareporting\glean\pending_pings\335c4baa-77e9-4449-aacf-f84fab80b940
Filesize
745B

MD5
43ea1a543bef00e4a59eada82187b774

SHA1
2148834b690c78d582ee4e925b2e9db03328bcfd

SHA256
b8e250cd31e7b469b0dfe0ebb030536ef79f3126856d84aceed60d258ead10a7

SHA512
ed0322259c2b488b987a95e5abeb16dd71637ef9bce6f2086a385e007c54cdb0ee8ba6a9ae8b965de041fd493275ca9d551bff940d556a84d8b6e31af8994ded

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
398KB

MD5
39d96dc1227a3e2fca281a5e15b7ebb0

SHA1
9aa8cf9dbce82b7e7cee86f3a8c7f59d82a17037

SHA256
fd73453815b2c738049f31baa2a0fe8b7f766ff1d31600e6292393d6d5dd2400

SHA512
3f271f1731de536e8380e8784655334d829c8abf18a0063973531d1c4e7cb21c48367137c57e01fc8d16af07d47121027e5423f8f553525428891136507c2c66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js
Filesize
8KB

MD5
c94e674e70dab6bf1962d8ade68d97cb

SHA1
017ec63b1bd0509cefec0dd1fa058c81f86e59cc

SHA256
3afa4788f45f15e4fe859be1303f95f0dbdd84431c308f3525d63b2ed4b566c3

SHA512
43535e68b3381cef8f1d94dd916391b2550e88cc5c5dc811b9d0534163d942cc1d09d3752ceda9724ee4fde0e4ce44adfe44bb3a79890b3e99fa7414fd4c60df

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\prefs-1.js
Filesize
6KB

MD5
fd55344218282ee164e0441db1829a56

SHA1
fee5870d2e9634a53bcfaa7befbba548406fe2cf

SHA256
94e23490807df6de276f886466e60b240830331edee171c2b4f402459ff958ad

SHA512
38f51312231c62307a9fc43c338be1a455164ec85bedf151054703081c6422fa9983fe2207ed9ec06c9b1a3da28c3394fc15b00abb275d74c9a50ef1b6428767

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
1f599ec473638186f8433c2cc1633649

SHA1
968e609ba5b93690a77a7c2a5f30eec524737afd

SHA256
d98388f80f623bf506de402c41ae3290c7f2e1cf3537c1fa2af8984027b4ebd2

SHA512
ca8e28b58cbd5ea46c38f7de13a46b671d5c047734bc736509d07adff7bd6dc0b2b012105c770730ce62e267dc3582f5243aadc9e672cf0a70b223daba850e6d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
2KB

MD5
a703bc7ec72f240343963af609bb562a

SHA1
ca92d3570889c4639ca8cedb0a82ffcf21ddcda2

SHA256
bd5ecc45abe13ab2986b0fafbeb003b1dc3b8ef619a3953cd4bc5deacafbfc13

SHA512
de332999f1d1b7d4c371836622b97384f44db264629c509fc72b206ffc6ad5dc4fbdee254ec38bb4a54279a118e3d942a3b45ba1bbe57ff76e635ba55fce242f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
dc6f1bfb3189ece466cd391a9505b86b

SHA1
0bc77cc0f9094e1fa66e4a350679cd9a00b10501

SHA256
e780a9bc0be2c191003df1a8f8a16ad02d59ef29a7325ef92b32ca31f0a7cb29

SHA512
c571cc11b9856816c4614405e1f86764fa17468b0843dfc7c5c7c8d95a7410514dc10a14e22685bbbc5cb5ed732ba28090e3fefb427947e4089deefc32c4d014

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
5KB

MD5
4bbf4860283f49eb0fc3c8c7cd46cbdc

SHA1
4f17e5191e5f4ec2a88e7026f061a6e48f6ec36b

SHA256
c89444be04c0e7b30928f21ae4709d2d5312a550f5174ace909d4d8c406a4578

SHA512
048de84894b9e79ad3eec2a61998753b699b371aeff11df350687c6039df333d680b6e0081af9b591625e46aa0e97423b247bcacf823e3c9238b574938a0ad12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
1.1MB

MD5
27a9d262703b2216eb43621e35551daf

SHA1
ad980d18d06a7677102143292ca9914bddf531de

SHA256
b939c37bb242ab872da9685515cef0b84ea7e3443212473b51bc73440aaf0b84

SHA512
7f78c6725fe3882a6e150abe2c2e53ba7c8fb15b8749e0c5e0d32683bc86c6898ce3e243e115d52f4b78b3b6331f99dcf169b0a9e801ffd3f237e6b07aa027fc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jfsqt8yb.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
184KB

MD5
e51eda7108584002236f977eb9bd8f19

SHA1
178acf6e9a55c32a2330762c22f1d69c9980355d

SHA256
4039b24854badf5b8cd769f2bd7d0a9926e900885fde5e0c4b02755920e8e73b

SHA512
cfa8af9456cf336ef635f2a85b067842cead74c55ec474e76ffd21b81a2cf5ab018ae811e74f47edf55ca3afc3cdca2a114adb39cc9b3ceb9c31e31f21be24ac

Download Submit