hxxps://postoffice[.]adobe[.]com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9[.]eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6Iml2ZXR0Lmtlc3prZW55b3NAbWV0LmNvbSIsInJlcXVlc3RJZCI6IjA2MWUwN2IyLWI2MjctNDFiZi03NTBiLWY0NDdlMDZkZjRhMCIsImxpbmsiOiJodHRwczovL2Fjcm9iYXQuYWRvYmUuY29tL2lkL3VybjphYWlkOnNjOlZBNkMyOmQ0MmVhODVjLWQ3MzgtNDc3NC04ZTMxLTllMTIzYWNlNTM1YyIsImxhYmVsIjoiMTIiLCJsb2NhbGUiOiJlbl9VUyJ9[.]CHkGNvFlYrLeJv6aJyjkxh35m3YdauSWPksD6mKnjTve4oFootqF3DCstlOs1T96fQKNPyZW49U0KgRq0evs7A

Analysis

max time kernel
47s
max time network
49s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 08:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6Iml2ZXR0Lmtlc3prZW55b3NAbWV0LmNvbSIsInJlcXVlc3RJZCI6IjA2MWUwN2IyLWI2MjctNDFiZi03NTBiLWY0NDdlMDZkZjRhMCIsImxpbmsiOiJodHRwczovL2Fjcm9iYXQuYWRvYmUuY29tL2lkL3VybjphYWlkOnNjOlZBNkMyOmQ0MmVhODVjLWQ3MzgtNDc3NC04ZTMxLTllMTIzYWNlNTM1YyIsImxhYmVsIjoiMTIiLCJsb2NhbGUiOiJlbl9VUyJ9.CHkGNvFlYrLeJv6aJyjkxh35m3YdauSWPksD6mKnjTve4oFootqF3DCstlOs1T96fQKNPyZW49U0KgRq0evs7A

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4276	firefox.exe
Token: SeDebugPrivilege	4276	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4276	firefox.exe
4276	firefox.exe
4276	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4276	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 100 wrote to memory of 4276	100	firefox.exe	86
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3924	4276	firefox.exe	87
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88
PID 4276 wrote to memory of 3704	4276	firefox.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6Iml2ZXR0Lmtlc3prZW55b3NAbWV0LmNvbSIsInJlcXVlc3RJZCI6IjA2MWUwN2IyLWI2MjctNDFiZi03NTBiLWY0NDdlMDZkZjRhMCIsImxpbmsiOiJodHRwczovL2Fjcm9iYXQuYWRvYmUuY29tL2lkL3VybjphYWlkOnNjOlZBNkMyOmQ0MmVhODVjLWQ3MzgtNDc3NC04ZTMxLTllMTIzYWNlNTM1YyIsImxhYmVsIjoiMTIiLCJsb2NhbGUiOiJlbl9VUyJ9.CHkGNvFlYrLeJv6aJyjkxh35m3YdauSWPksD6mKnjTve4oFootqF3DCstlOs1T96fQKNPyZW49U0KgRq0evs7A"
1⤵
- Suspicious use of WriteProcessMemory
PID:100
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6Iml2ZXR0Lmtlc3prZW55b3NAbWV0LmNvbSIsInJlcXVlc3RJZCI6IjA2MWUwN2IyLWI2MjctNDFiZi03NTBiLWY0NDdlMDZkZjRhMCIsImxpbmsiOiJodHRwczovL2Fjcm9iYXQuYWRvYmUuY29tL2lkL3VybjphYWlkOnNjOlZBNkMyOmQ0MmVhODVjLWQ3MzgtNDc3NC04ZTMxLTllMTIzYWNlNTM1YyIsImxhYmVsIjoiMTIiLCJsb2NhbGUiOiJlbl9VUyJ9.CHkGNvFlYrLeJv6aJyjkxh35m3YdauSWPksD6mKnjTve4oFootqF3DCstlOs1T96fQKNPyZW49U0KgRq0evs7A
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.0.507981843\1903645222" -parentBuildID 20230214051806 -prefsHandle 1816 -prefMapHandle 1808 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb451bc8-cd0b-4c3d-9e72-032a40410019} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 1896 269732fc058 gpu
    3⤵
    PID:3924
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.1.1438193753\271778287" -parentBuildID 20230214051806 -prefsHandle 2460 -prefMapHandle 2448 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6ace3302-4706-4127-bf2c-20f8aee5769c} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 2488 26967594258 socket
    3⤵
    PID:3704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.2.2098565043\980786107" -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3020 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9aeaa19e-3574-44df-adf7-57f4decb8c4d} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 3048 26976e3a858 tab
    3⤵
    PID:4144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.3.422285823\1699900806" -childID 2 -isForBrowser -prefsHandle 3344 -prefMapHandle 2908 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {090d312d-c9fe-46e1-b080-96f367f77149} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 3644 26967587058 tab
    3⤵
    PID:3176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.4.196446700\1421854590" -childID 3 -isForBrowser -prefsHandle 5096 -prefMapHandle 5108 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0bee89b-c1b7-4ff7-a1a8-1ba7543fd601} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 5124 2697ab21d58 tab
    3⤵
    PID:4192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.5.2106737950\52757902" -childID 4 -isForBrowser -prefsHandle 5268 -prefMapHandle 5272 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd6b7ccb-eccf-41d4-8158-7faac5abfa33} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 5256 2697ab23858 tab
    3⤵
    PID:4420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.6.1307452111\1765411077" -childID 5 -isForBrowser -prefsHandle 5524 -prefMapHandle 5468 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {656b8904-2830-438b-9817-628627384fbb} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 5448 2697ab22358 tab
    3⤵
    PID:1216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.7.1943903905\937880575" -childID 6 -isForBrowser -prefsHandle 5292 -prefMapHandle 9980 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2fb728f-df8b-498d-8ea6-d4418223fe6f} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 9984 2697beaea58 tab
    3⤵
    PID:3108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.8.593697269\790334441" -childID 7 -isForBrowser -prefsHandle 10124 -prefMapHandle 10116 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {48cc807f-3238-41a9-98ae-d0fd4b82f03b} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 10120 2697bcd9558 tab
    3⤵
    PID:5216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.9.1579131234\518959100" -childID 8 -isForBrowser -prefsHandle 4824 -prefMapHandle 9440 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67edbd4e-c208-4697-9713-6b1036404417} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 4832 26979df8f58 tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.10.954400335\2067173190" -childID 9 -isForBrowser -prefsHandle 9188 -prefMapHandle 9212 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f878f572-36ed-48af-a616-b6951bbf5246} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 9484 2697b142558 tab
    3⤵
    PID:6000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4276.11.2087051456\1883072959" -childID 10 -isForBrowser -prefsHandle 10152 -prefMapHandle 9300 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 972 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {70ffde9c-7c9f-4882-a1ee-cfd7027aae22} 4276 "\\.\pipe\gecko-crash-server-pipe.4276" 9308 2697b142e58 tab
    3⤵
    PID:6008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\activity-stream.discovery_stream.json.tmp

Filesize
25KB

MD5
05583e9d4edd7edf9c5c033bf6de9111

SHA1
b521639c7e8c011969172b3cb1dde42dd2ceab1b

SHA256
563f0457f509e3e5b40c2dfe8d2b2b5cc191d43b0b63fbee2c4dbe65a15fbe83

SHA512
351d2f8bfefb3f5159faeaee6c09f75acde488d46643b1d103acc337c324503b06cdff41272dc75b982b2cb1708491c5cc7693ff328ed794ec25377234b3b38e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
170929ef45c12e403d0e52ae257184f5

SHA1
2edfafcc594c8cd880cdc81f725564d1e9fe28d2

SHA256
9f08ba4861b5a9c6f88aa4b5245b681a9bb06b6ee1c6ecc9e1d92e04d6caafc9

SHA512
8f6a47821e086797cb806e2d48c932f0be65f7ee75da4d92344b9188da9abbf6a81640a05b89cdc8254551090d1c7f7a6b0d56a803f2d9e5dc8fe9fdc607135d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\cache2\doomed\821

Filesize
13KB

MD5
02a7e819e371f5a9cdf0e14ead8c0876

SHA1
c6411477f761f6b29f7b07b61830680815829e3a

SHA256
bfd71ed1943d7d162a536b8bc40f45e550ed3fae9c88d36cc5b827bc7cb867d4

SHA512
3608b2003054283b7347f014e3da45925dc0fdc484883fafbf3788972246a23215fa05d9008501ec3c15700f6dc599e32177dbbd5ae05443255bea006b0eded6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\prefs-1.js

Filesize
7KB

MD5
977feb3263ee283a3212c2d462b95e7b

SHA1
781b408291d19517d0a0d0b4bed9010c8dc570b6

SHA256
ff11c51c5e47ae8fde39703ec68d325e84172aad5ce32843c6c0f8dc6999bd3e

SHA512
56a088fe11954807be19dc20ebead83c4023608fdcde3fa4d8e6fcc48c8269ecb85bcd855fd5dff7152ca3a3b9a3d14cb4b4c0e51d27c718ae41bdde853f1486

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\prefs.js

Filesize
6KB

MD5
53653e1a200c11bda8f004b676e69aa6

SHA1
ec043a3960ab906bda5ca7c222731a503d09e239

SHA256
e4849004e6321688b0e393cdeaac4b53a6a0a30c2bbd86bb4e7050e186ea7172

SHA512
d1e3e2ff0908418c77a49832ef0ab35ea134672cf87cb3ef8397081ac305b479d7f6dca1538bf9a351d9cb23b1a47d509f71aa1be84143268fa18d6da30057b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
365ee942391c2155ee126b74827f6cae

SHA1
d1be375931d05694ee1ca336c1e2fd5502d71eb0

SHA256
46ccd978fc579f7154774edac4976e7e4378f94f94cbc7a64570317f46998f19

SHA512
28d7c2f1612cf1e5517d8d8321b59cd9f36d0a40ddfb75a8b939e23e6d17a6d2b769c1b1b1debe57e5c396ab080d0584129541d87ef3d233f183367787c66805

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
9b2d3a5d8bdedc068a5d437b7c2c44de

SHA1
46e9e45e26b829d56ff24c28307a7429a5091b9f

SHA256
9545ea4727e3369002083011bfec0d6c588d33c8de86bf27fe553c54aa042e5b

SHA512
964b9da1e738e9237ba5de149ddd766092b5747565ddfcce8c8eec18ef4e91898d80504839bfea0d6929d91fa78322e3401f7eaba1f0cd507fb7dbb575cb43d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
e74fb6a92bf5058c808186114498cc66

SHA1
8961e75e56513b4b4140f0a233544a5d91146acc

SHA256
5a018b694bde9994c7710095cff1aa23e7e49e0474d12e093681ca4cb04d09ae

SHA512
6c4cbca5caf193c6194a24744c73e53caa20dbef927ca2d9c5bc3ca9850f848bdec9cf48ffb272dce225d8778973856bc200afe9add23a57876d238dfe5a6b7a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\storage\default\https+++acrobat.adobe.com\cache\morgue\87\{1dd856d5-0f77-4df1-8998-85cbf6b7af57}.final

Filesize
13KB

MD5
ec6c18d67932a1172c25b968902a52ec

SHA1
1f8109ec7765953bd4c46b7e9123118fd06e2e25

SHA256
92d92c3387c09b28e13f59ca17ee92b267df3f284e467210d14bc8f56c4e9180

SHA512
c0ecb04490cd594a8e9800ae4e1f11aee4cc22d90eaba206d6f27df5bd769ff139e0a8eb24b9e91dceffbf337b0f11c8fa35ea0793e6af51ce302ca9f003d568

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ryfa7gh4.default-release\storage\default\https+++commerce.adobe.com\idb\1604802318ApiTjXhEIcjLIzHr.sqlite

Filesize
48KB

MD5
6e87837e876911115d50eaf2b19d71e0

SHA1
10961aba14ae111d279a66f9ee0ae3c6f6941d28

SHA256
10766fd0ae698fc14e5fbd76ca47bf79dacdd42ac6ac8dc18300a32ae8564622

SHA512
2a7aec66368c32eb126551ea093c35fac7b377c995c2c29468a3de67acf377318e5a8f36e20a625f5667809b13b6f1b50162967af4ba66c83708dddb62b5c72a

Download Submit