hxxps://drvalentino[.]sharepoint[.]com/[:]b[:]/g/EXMFD2wClwBDlPReeWgnQEsBswxdBQVq8EcLz9l-eBUROw?e=pnxY7k

Resubmissions

22-04-2024 17:49

240422-wd2dtsea97 6

22-04-2024 17:39

240422-v8hpjaea45 6

22-04-2024 17:08

240422-vnhtssdh2t 1

Analysis

max time kernel
358s
max time network
338s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
22-04-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drvalentino.sharepoint.com/:b:/g/EXMFD2wClwBDlPReeWgnQEsBswxdBQVq8EcLz9l-eBUROw?e=pnxY7k

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
6	ipapi.co
54	ipapi.co
2	ipapi.co

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-834482027-582050234-2368284635-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: 33	5624	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5624	AUDIODG.EXE
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe
Token: SeDebugPrivilege	860	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
860	firefox.exe
860	firefox.exe
860	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe
860	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 2076 wrote to memory of 860	2076	firefox.exe	80
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 1832	860	firefox.exe	81
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82
PID 860 wrote to memory of 2672	860	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://drvalentino.sharepoint.com/:b:/g/EXMFD2wClwBDlPReeWgnQEsBswxdBQVq8EcLz9l-eBUROw?e=pnxY7k"
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://drvalentino.sharepoint.com/:b:/g/EXMFD2wClwBDlPReeWgnQEsBswxdBQVq8EcLz9l-eBUROw?e=pnxY7k
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.0.515747361\55705029" -parentBuildID 20230214051806 -prefsHandle 1832 -prefMapHandle 1824 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f6773c5-17e5-437f-a062-a5601cee88f1} 860 "\\.\pipe\gecko-crash-server-pipe.860" 1912 1a61760f858 gpu
    3⤵
    PID:1832
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.1.339724466\1276095893" -parentBuildID 20230214051806 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 22925 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88596299-59fa-45d6-9f57-e4295bae8464} 860 "\\.\pipe\gecko-crash-server-pipe.860" 2424 1a603390e58 socket
    3⤵
    - Checks processor information in registry
    PID:2672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.2.177734437\826291862" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 3092 -prefsLen 22963 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a89a3535-d880-4081-9bf7-a4373636e152} 860 "\\.\pipe\gecko-crash-server-pipe.860" 3108 1a617b33c58 tab
    3⤵
    PID:248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.3.1160888366\118249556" -childID 2 -isForBrowser -prefsHandle 3948 -prefMapHandle 3944 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {63e9b298-bb6c-45b4-9961-a5d714d3cea1} 860 "\\.\pipe\gecko-crash-server-pipe.860" 2972 1a61d62d258 tab
    3⤵
    PID:4852
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.4.1510448347\1352547628" -childID 3 -isForBrowser -prefsHandle 5096 -prefMapHandle 5092 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b42258f7-841d-4ee4-8a49-f724a4430485} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5100 1a61e8cd158 tab
    3⤵
    PID:2296
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.5.390769833\650579384" -childID 4 -isForBrowser -prefsHandle 5312 -prefMapHandle 5256 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f20ae840-4857-4a41-a465-01c7cc8c9658} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5304 1a61f6a3158 tab
    3⤵
    PID:2188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.6.164825718\862744258" -childID 5 -isForBrowser -prefsHandle 5408 -prefMapHandle 5412 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2455da7-0afa-4d7c-ae16-2accacd1db53} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5288 1a61f6a4058 tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.7.503557095\585068822" -childID 6 -isForBrowser -prefsHandle 6124 -prefMapHandle 6108 -prefsLen 27695 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9503c80d-589e-4a24-8342-78a2a84395db} 860 "\\.\pipe\gecko-crash-server-pipe.860" 6136 1a61bd2d558 tab
    3⤵
    PID:3060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.8.21619056\1157076234" -childID 7 -isForBrowser -prefsHandle 5824 -prefMapHandle 6544 -prefsLen 27999 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6a372f87-0078-419e-bd08-bdbe3467db76} 860 "\\.\pipe\gecko-crash-server-pipe.860" 4496 1a61d083358 tab
    3⤵
    PID:6376
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="860.9.878394462\444368143" -childID 8 -isForBrowser -prefsHandle 5764 -prefMapHandle 5768 -prefsLen 27999 -prefMapSize 235121 -jsInitHandle 940 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f24969a9-374e-4ca4-b2e7-08c4f495eaf2} 860 "\\.\pipe\gecko-crash-server-pipe.860" 5776 1a61d081b58 tab
    3⤵
    PID:6344

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004B8 0x00000000000004C0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
c94611c078a601f65a2555bfac06802a

SHA1
b9a88d2cacee3d06a40f49c4656a804dfff5ba66

SHA256
e8d6c948654e71d545261501f73c4660667989c5782a97b9497b55fb1e0fd9ad

SHA512
7cd3a455db8ea3b2cf2d78716125ad7a0d82955ffe63fb6e1c4e81f8a6d3264c7a2d56b581dc2ecdc5ab14939ec58826fc77f7e521bbebfb1bbd1173e0dd24ba

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\cache2\doomed\22464

Filesize
13KB

MD5
46b1343810be3d7f6076cfa702bbccaa

SHA1
fe45d0f17d3143e5aba846952514810806a3f188

SHA256
02a6b370e069fcf54106926d1d974d9590617f8331aa03f9df60796aba85bf78

SHA512
63c6bce1a34a9b7cca80840b864d80cf868651d94ef50aa1524ebb59e6a66536ba3bf3a019e75872c99c9be34582463228d3cdc9e557099cc1c30315acedea42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\cache2\doomed\24662

Filesize
35KB

MD5
e8fecec335ca52487beb56d7dae05f6b

SHA1
8c988580f5473d9e782c394dfc9a50243af4c4f1

SHA256
61993d858411759598cb15ffc2494d703dc9b15c6812c88b2a76914f61eed0a0

SHA512
640cb02ac6055b9a22d7303f0337943b4eab6f26ef3e03fc489ad69cebcfc838eab3022f1d2c01efcc573e91d007eadc7da76eba73ab9ccd12a79c454e8a0fb4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\cache2\entries\08227BB70E7F114A6CAE2A9B370458A905CE1A17

Filesize
185KB

MD5
a311fb8fca4d0bb51df09e500c1be68e

SHA1
f7eacc74bb13f028c6d9ee01fd16daec84425c6b

SHA256
0c8a608dae9b8870166d388230cfadc1a0ca28eef5ee9bf96d7a8699b60d95c4

SHA512
8d4d9d424f7089d355601475b9c90897f4d66298ead09d365151dd9ea0f601bcf05e4affeaea1390784a515661aa9b763772c19233f1a2a43881c0a8f8ca9a6b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\cache2\entries\41161184F14A8F73FB4801452FC9A78B124A33A5

Filesize
14KB

MD5
33daa0494ad80342755e58f3d010153d

SHA1
61dd2abec3a27e27e18a4f5be342caa9cf0c9474

SHA256
792bb98d8a4248235b0fe523eb9a030056c85e5a7451a933515214c422f5bd56

SHA512
ce7b823e4cdeb2727fa2ccfab17559c83a86e69cfe86a464c325b2efc32c20f1d0f809b4f75c6de49ae600a92c695fcc01328e9149c3958b0eab9b6d6866862c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\cache2\entries\C098095235762C640B77B4CFE0B5B3B67FE6058D

Filesize
48KB

MD5
45748dfd00bc27455123ba9ab2417896

SHA1
6f186fa258aaa06ea88766f93e5a0ffd9336feb8

SHA256
403d61f7d5d308e7a2cb1d517546dcc998373d26eb55bcd03712f84f52a1b7f6

SHA512
39c60613ca29972f74d25186d06c93fc3c7cb978e5c6b3872050a1b9943c2ba7312222efa519b76a1fdb5cc3564196227b16bbdd647163d4f448dbd933a8215c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\thumbnails\b670977391259ac6b1511c7d8ace9cc7.png

Filesize
1KB

MD5
fb9f273284e0c97cfee1398637dbf30a

SHA1
3b3446f54488d09df075092533325b5d4c0227a7

SHA256
32194ca897560e304d6850f78f246c6731be3e42bea692855100e92b05f97ccc

SHA512
136854b6c096e189447cf63af0a3d227e2ce860aa1c722cf4f627fc28d91a188e1eb97827fe6d7511bd023e4642ef799bd2acad6328aa28be681d1b5b7550e10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs-1.js

Filesize
7KB

MD5
305db1c3fc2a4050f535123dc38c9f22

SHA1
a449007eb4599a2adf133984ccfc43e9291c4a06

SHA256
b87b99827892bf3aae0ecc3313d3f32a21254ca5d2dce9c4ac227e29c6194980

SHA512
acfe062bfde94510bdfdfb26660baf371b9973e927bb81d255693623e5317d42ff67cedb6d99657322acdb7521cdc40f670dccd702f9c0ee78d9beb62990d08e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs-1.js

Filesize
7KB

MD5
651cd529d343951373da9f4265988ff8

SHA1
3ae8279b0cf2bf3e0f17760a76e8200b2e357012

SHA256
6959ebdbcf17d74895b9bd4f120ade47cf61b65213d30e8113f269502af13614

SHA512
531ca42b09b693cf493e66146c0b08f644b882d3b9bd5380471165046ebcc18bbfe391d3f5cba42d24b9f3a0d8514ac786ba7c673a59d0e18551a064a802bda1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs-1.js

Filesize
8KB

MD5
eefdbf26abcdcfa883bc540c05ab2f86

SHA1
4c137c308d64c9afaef0c82e490b1cc804916eea

SHA256
b7fc7c897ff908b355266898f3a98a2f783d8db91e20b9c9f88758e26d01cbad

SHA512
8aaec1d70c16d14b708e5ce3755a058bbfa847f94315d39d505830cdc26f42e4fc420b748fe02af1ac5796ffa85bde3d70574a0bd77e83968d150388932cfe71

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs.js

Filesize
6KB

MD5
635d45fbf9e99d4e26e890f9ae8f4dda

SHA1
4fd40613be3aaabd964b3155ef15c82cf0c1929b

SHA256
bca927818c1d2e6925b05c090fd83cbfcfe18db38decac2d6f8736626c54137d

SHA512
8211c943139f2527d5364b56298f900b56ad1a32da513e40ccf9dc19021eb0c2e33cfe59b1aa7a433b691b79de2bad5f6f0e9f9ef2b911381395fecdd2aeb2bc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\prefs.js

Filesize
6KB

MD5
f9968591537a6647e2994a4e8fe1e57c

SHA1
f4756f07ccc3e19cd707238a2f6ac625322a38ee

SHA256
272732fe9c6a961d030832dabd33a33ea03f876e2bdda225f12a59934233099c

SHA512
c5447f2b75c839808e00a7fac1606a5ca73160a64f62e5d79577f35ac506b458b18d55a20e6b9cf22b3747480f43dcf9306774146dab5aec5c15d3fb0ad273cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\serviceworker-1.txt

Filesize
927B

MD5
10f956b7e43abd5c0f53fcd063b67088

SHA1
71115681fff80ac7dfb4c992b15b072992910fc3

SHA256
2f2c936c6a35e26a1179d8852911b787b528dea2f1521b32b4ce9cf3c923945a

SHA512
c45a021321c89f81f3c4424d6f81121ff26adab1bf617baf1f9b3d7085289ee3858b288fafebdd9555655abf5e7aada92f80aec5d927e97140c1d32e3d81836b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\serviceworker.txt

Filesize
904B

MD5
36aa4f818a1a482cff53827b7dbf7712

SHA1
a1d2c53335e48d4203cbdf376735b905579f510e

SHA256
720376a9d7406f1e19b37e61b30c4b3909d6d02abd67823dcdad2e9ffe5e46c2

SHA512
ab7d0219752f345187406133f9320faf7ffc251484dec79770e9e2017a83e6c8f7a149d59b335149acc030b15f5b0c3fa32f77d69dae36fdafb4dbacc9e1cbcd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
c8dc58eff0c029d381a67f5dca34a913

SHA1
3576807e793473bcbd3cf7d664b83948e3ec8f2d

SHA256
4c22e8a42797f14510228f9f4de8eea45c526228a869837bd43c0540092e5f17

SHA512
b8f7c4150326f617b63d6bc72953160804a3749f6dec0492779f6c72b3b09c8d1bd58f47d499205c9a0e716f55fe5f1503d7676a4c85d31d1c1e456898af77b4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
b9065f60f050425e9b05d665b546c813

SHA1
d44f1885585080636bf9c84991ab517df60a4c26

SHA256
b3bdbf6278b77bc1bb7924f02a85f51e5a7e20c43fd0b2f6c91560ef945ea208

SHA512
306a745dda2039f629a168e883c50a76b3ce5511acb4d2a6f7e8cc9504d8d9137baed0acd01de9fe2907700d949fc092d3b1a15f1429c41f5b50e9c56c28c9f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
972fe4a53e5dc08428c3a21c6f3c43bc

SHA1
f8e8db64fa0c607d8277cb2ef62e5c3d20a6a702

SHA256
ed7d558ba166bb3a99965120118bc7e9a1fe4073cbdf07a35b30fe62619e214b

SHA512
9b7769ee8e41c5c04913c895343531557b8b74b4527f1d0ba92bcf04a7fb1b5cfa230685f5f1bf8055b8a866da9888da1305cfdb42172c7d5f4d38d431cafb06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
b76bce739bde56077089950dba6adea6

SHA1
f7603583a3bea32a4bbce8e061a6c467a7bca1a4

SHA256
33d5375c64bd5669f838d8a93fac609497593a1a5592454d0539ee5cad6209a1

SHA512
2606275bab34f19f2ced4716c2ee28b5924114f678e0d4e703e8cd7bb0a46454f9c28d547adad78877ba65295194d7990074c82f53d42094214a48fd83bc62cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
c6c869ccb1265c46ce5d3ead5166e552

SHA1
42b38d6afa0d05aaccee5b5b13cc401f0f07d1f3

SHA256
4745a89c9438dcfd4c90f0869edc7ef85e7bb1a90878cdd3df47cbeb59f60721

SHA512
f8acfcbe7867b58390d693f687a4e7bc1b28f683ecc3936f4366b4826a81899d31c13178c63d121cdfadd063236280f9031c1fb3d75659b7b4440bb6c0986b43

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
693d9096e74f8e42e557cef1c994e7df

SHA1
757061941ac055fd0a83c92b0c0d0823d9cdb8c5

SHA256
acef627ba0e74c5abfee92355611c75fbdd4a2763b98f5c6fb55b5cc50107127

SHA512
6b1c30f73ccdafdf855072e6201cc5c11362c6bf50011ee1a7f1f8ceedf2c25d2e8d6c19112e4e748ea1963442f327249b4e37d76a52a2ce402206e3bc5982ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
c0b11897ca539814ee630fba55649705

SHA1
e9baade63ca941c747dc27b694698174cf098d0f

SHA256
26846c7ded41e149345354caee37987677eb6ced284ef7cbef51693b49ab700f

SHA512
2ecf8c1d2f5f2dfcfccb8062f09c013d1d588158c46d036762e8e15b9a234e7463e50c8e7db7b73259a8faf134a9f122ea750c1e5b48ded476f8e22233be1144

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
0c9e60c2515b38ec49ced6c847a0568b

SHA1
a904b807061e92a9f3735f58b27df42fc30b1a03

SHA256
271479a382f98205884f007421590c0fa24a1657764753008ec199607fb9a2b7

SHA512
62ada05cc6ec1cd6d01c7ba8a6bc53e38e4089c0f4b23ce46efcaab6a294243ad56d76959cc512319877a82340b4475dbd3bf0b59e76e24002494074f470a56a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
6KB

MD5
99bd659240826baf05370b4d682e7b47

SHA1
be340614b772350ae306dc22bcb6ae6907a72548

SHA256
dbb9aae0dfcce0e3bc4fcc4a9207a63c4c711777bb16c6ea8eadbd3b68fba248

SHA512
b59b16ccc330250645989569b7c463d944a4d8a1faaccb0d26680ad3f9476f3ea7310189376abf44b67ca86de2cb6e3cf3b19927225c02b57ff4664fcaedb24e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\sessionstore.jsonlz4

Filesize
6KB

MD5
7ea11fe299bdc3a39cb6a9af1b4d246c

SHA1
76bc324806ff045661a5c898ad6fe8b4110a5305

SHA256
d30a6d6e96f6b10d80fa11bedc4475700d0b77b04e815504b484bfeda726bdfc

SHA512
f170e47cbd429d13a88337d69a976ef97dd0b5dfab251ed6235907fe1c39df84b656f50855ad55855d62bb11b11c4b9135c0c1f417fce1deb9ade32f218ef230

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\storage\default\https+++drvalentino.sharepoint.com\cache\morgue\117\{0cdf4990-e444-4471-abb8-b3ab24899475}.final

Filesize
512B

MD5
99b073638b79aa94c19ed6d3732478cc

SHA1
7880bea6c4b8bc940c814b36dcc911e67bdf1230

SHA256
4afa63775b07ca2d5257dcdb783052aca45ae08518616f14c594ef440c9c5e8a

SHA512
7b6563b781ac6a5577d258156ff32c72c542eb7c3faa5d7caf2e906a6c4ddd004966aefa0d9840e116d7f50fed87ee6960d9dfee6bea4ad8fb47ad3bf17accff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\storage\default\https+++drvalentino.sharepoint.com\cache\morgue\234\{dbcb463a-56e1-4d14-93de-f0088baf50ea}.tmp

Filesize
67KB

MD5
7ea0b94199c903a00e9c2d2647ea8891

SHA1
c8c887b0049fabd95f24aa90ef5f31c6e8cbe563

SHA256
c2d66b8d7777dac05e33401110f99a07d5a5c7f81694a2679b4beede181c0484

SHA512
e459a5bf556c57965e1116227f9d0d12740c88e77f051e5ff1ac5e2cfb08e47b79ddee314bb82a26f0de9a1d991724d2d85b1e409754806af028ffc7a82447c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\storage\default\https+++drvalentino.sharepoint.com\cache\morgue\93\{026c9435-9da4-4429-8487-970bd85a685d}.final

Filesize
508B

MD5
ad43e7fab2d737b6571949684b3537f2

SHA1
264fa8c1e4aeb01053684863eb424bf1f5e8bf0b

SHA256
0015cc90fd6acbc21790a4167097a205eb9aa45213f5598b3918ddb19427a036

SHA512
7aaa075b5d248daedea7c51dbc2c595e35f16638c7a82f38b9c477074edab4b3c833c0aaf5d8e26d2b9010a5fa0450594b518cb5dd106f5b19a274ead3d9440b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\storage\default\https+++drvalentino.sharepoint.com\idb\2889028008OFDDSPP.sqlite

Filesize
48KB

MD5
eb20fd0039119adf49577a7b09cc5cfa

SHA1
7d1e66e1254cd772758d33fb440981de8bceaa20

SHA256
02b59ea68573df97c1318657d3d753c54446b95670f85c98f91e645fd3689f28

SHA512
148df2b118efacf07975d0ef0689721aae22f5af7dc7f28357b67146c051bbcf4351a950e89501b1e8b56fb741b146e8b409db571bdf88dd735097fbcb0a7e28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dsfbkuj2.default-release\storage\default\https+++drvalentino.sharepoint.com\idb\584806114SgPiFfxn.oC.sqlite

Filesize
2.0MB

MD5
245e3cd6b8c0cbd86127086d4260c243

SHA1
f5801c8b4da4adfce48b03982461376c5a50f079

SHA256
c50a1d7456684ca9a522baaf5b649154e64a473091d550f8a58a65f0631c30e3

SHA512
f7ff33753c0568d9844ac128bb12c638224a9743fb0ae328b5f73f5d426933d34bbf86668711329284d8231668f0e74db050262615270dbef14f009e4b1cf3be

Download Submit