Analysis
-
max time kernel
133s -
max time network
148s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-05-2024 10:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y
Resource
win10v2004-20240419-en
Behavioral task
behavioral2
Sample
https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y
Resource
win11-20240419-en
General
-
Target
https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2878097196-921257239-309638238-1000_Classes\Local Settings firefox.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 3196 firefox.exe Token: SeDebugPrivilege 3196 firefox.exe Token: SeDebugPrivilege 3196 firefox.exe Token: SeDebugPrivilege 3196 firefox.exe Token: SeDebugPrivilege 3196 firefox.exe -
Suspicious use of FindShellTrayWindow 21 IoCs
pid Process 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe 3196 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3196 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 4152 wrote to memory of 3196 4152 firefox.exe 79 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 1788 3196 firefox.exe 80 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 PID 3196 wrote to memory of 5084 3196 firefox.exe 81 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y"1⤵
- Suspicious use of WriteProcessMemory
PID:4152 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://action.azurecomm.net/api/a/c?r=AIAADBE7YYVFSSWTTPABW2XTMLP6W46REBKJRVJZBM6DX6TTBPD5YJ3AJOZRK3RJ6CELNV6LYOUUU67RB6OEWCFS23KKLJSQ5ORPNYGQEBPJCENSZW4BQAKVM4X4RIC7FPQBV4UZIQBQLYOHRQPK3TKBAUH64TY&d=AIAACLPEEK3I6K37IOOVD7SHNHOK6AJIP6MJTJ6I7TXCFTTYLFBBBPGM4QGFKR7BLIYLFARDG3UQSAXXCRLL7HBP7FAMG7EEUBQHILFDGOE2XSZWL3PFPL7PBUTBPICU6FVUMK4ICOUQKY5D6Y3EJ6S5TQBWOMIXXXKHTPGK2NJRS6P2AESGKXFXXBSZFOAP4ODHJCB43XJ3MZRQVMI3EWBJPW3CDKTDJZZYZZYGZRTKUQZIHHBTPI5ZQPAMUNJZT3JZC&i=AIAACTFGLA2N6CSBMONTGV5ERQRJZLQE564WDRDSBL4D4X5HPZYLANBLMLEQQCKZKWM2YKGQ67QYSQRVIDMCUWKMLABRBT5FEF2XT236IZNUJX2ZSBO7FGWRI5GHW2OWYOAFZSFHDIPV3HWBLQ7FJI6DTC7MWGYL5PJTPKQNHWHT5BXKGSJ5RBRMJTCSSCMFYQ7DNW6QUPMCPLFZGWFBWNWAU4ERS66MMDUVKT6QASKPVHN5LGKZT53Z7RGUJL33JUB2I6F3IIIUYQDHQUBQY2NTKHOGC3Y2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3196 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 25459 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2324a82-64d3-4b8f-84f3-73f8c1b48cc8} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" gpu3⤵PID:1788
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 26379 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {09c58a9b-e468-4df2-85cf-8cf695237697} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" socket3⤵PID:5084
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3360 -childID 1 -isForBrowser -prefsHandle 3352 -prefMapHandle 3348 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ed9f2ac-a431-4f19-b692-422a3044f513} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" tab3⤵PID:2060
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3160 -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 3000 -prefsLen 30869 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9959e13e-c30f-4a1d-8314-5c87b41b7552} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" tab3⤵PID:2468
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4296 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 30869 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c9e51f7-0dde-45b8-a4fa-33d4d79ed1a0} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" utility3⤵
- Checks processor information in registry
PID:1112
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5372 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0d65dcb-2d96-4501-b325-99334c156160} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" tab3⤵PID:2764
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5528 -prefMapHandle 5532 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60154b91-9d2b-4589-93d8-090c335d4986} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" tab3⤵PID:464
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 5 -isForBrowser -prefsHandle 5596 -prefMapHandle 5600 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {91297c44-6c4a-403e-a270-86cd12725ab5} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" tab3⤵PID:4856
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6196 -childID 6 -isForBrowser -prefsHandle 6192 -prefMapHandle 6076 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1068 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57d1be1f-b927-4aef-aa9f-34f42c8b6363} 3196 "\\.\pipe\gecko-crash-server-pipe.3196" tab3⤵PID:3924
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\0zdbhklj.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA
Filesize13KB
MD57ecff423209e1f2c1f614783e15f4f63
SHA167fdbe225e48ca45f91ae090cd3b095e1dbc1748
SHA25664e4f7449ccc34d2ee790b2a481539ef653cdd606b343946bcb01e2440b79b57
SHA5126c3f43148b3d64e7771a8c7b93bb4b8d7622ece84dba9ecd0a2869d0e12742ce47c343a0e3382f859243464cd191fd95fae0751c983d035c0f6b7b8a284467b2
-
Filesize
479KB
MD509372174e83dbbf696ee732fd2e875bb
SHA1ba360186ba650a769f9303f48b7200fb5eaccee1
SHA256c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f
SHA512b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1
-
Filesize
13.8MB
MD50a8747a2ac9ac08ae9508f36c6d75692
SHA1b287a96fd6cc12433adb42193dfe06111c38eaf0
SHA25632d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03
SHA51259521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\AlternateServices.bin
Filesize7KB
MD5beb5c3e8c4ac0586ae69c763c491bbdb
SHA175e938203b1cff906d8889366445f4b12f34da5b
SHA25605f397de18619b0860f54c8ca54a6ef045eedcce0f4fcb192ac1b1fa0f3f3d36
SHA5122baabc2537347c00f1480b5d9bdf86426458e36aea879346609c7fe2d7ca2384d9f821aa57aafb65be1fdd7c46a686e70aea5f932f5e5b94f6a60badf2f258ca
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD58e4e434f00264a65e8054b0d89f8f699
SHA1fece97e6c698e39b2e41a303952dbb993e16ad42
SHA2563001f65436e5ab32aa16dc1a256cf03a9f68706e6f59b3760d8cf9c0ff085bb4
SHA512388f4a8e76c8f1e5444b6a502a991f720d1da4a6a02a16c22698bfc8cfced07ac1bc3f1aa49141296bde7f999a2c3b97fa5b183324f283002252ff8609966179
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5b293c597854fe03d80fd195c9df3995f
SHA1237a64c21f2921090ce0e9d4d1ce50a91ce4782c
SHA256448753f9a261ed0c5a16691791d1f41f42d9b2f54971cf8ac578dc112712501d
SHA51231674e99b4ff565908b5bd7a37fe6fa5dfc95154c34fc3b7d017c1fc079560e6c9d4bcb6c6799cdfc80377370502f5d441f47cd2c4bdaa22c2c054c3e36f0996
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\datareporting\glean\db\data.safe.tmp
Filesize15KB
MD5eb004c7f3e332358d0c2d6206ed6eac2
SHA163adb968ab98f262b0118209ac9b4d597dfa7970
SHA256d3b7b72f1fc096b9da4f8e9429d239fc5849a3e70bc28a17bdd3f6b84fec2f71
SHA512a539d935e6bcc83a4d7480e2283c1674087689c70e2ef8130297b263eaed1c43ad546d82a2d9d562c8819c97ea30c5263ed9fbda977eac89034e4279ba22ada2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\datareporting\glean\pending_pings\37d6678a-3ff1-49c7-97ea-d191cfc85ad1
Filesize982B
MD51efd9c5afd0b0e1c619ebbdcae00a0e4
SHA1a611c0f94ccee69431702a28a7be9f74571805f1
SHA2567b178bc7ffb2f2f456b4581d07dd22d9f78d5ccdd6a6a9e70c01027aaf294880
SHA51220f6bef54944591e7a79be0208d1c9c40669d933d62b4637d20e384ab53eed3250fc3992c1793c9f709cf4a0e7bb9b647c1ae0c083e3d587163e062186eb5415
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\datareporting\glean\pending_pings\e100f564-21ba-4d3c-b78d-38819aa456dd
Filesize23KB
MD5adea3729215d97759742fa860bf8cc03
SHA1549cfbabe5aaad1833ebb99210e95d5fb6b05d77
SHA256cd7d4be2536904ad45848614b16623fbee6879095579ac3c5c501bdb09e7a035
SHA512cb36321e8bc367432d060a1b18865a6f39c27e11f779e9d3902fe9c4c38f8667afd72754252654d72d30a08c634f8d187b4c3268c857fb860623330262cc6d1a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\datareporting\glean\pending_pings\f55cdc2e-a29c-420f-b88d-1fc6c8b6b5a0
Filesize671B
MD555b6a1ced5a0b12cb2f3821ea4133099
SHA1fd0adea4b55bf845d2a3fa5e9c8917b65f409895
SHA25652012f9aad7277157898a0cd23ca29da2d3f96c4df497fd8f56f152113383e22
SHA5129374d87a2e93c8dcb51875648811371e5c159aa3ffccf0f728adc0505be8b0c5999ea5eb02c28c5bf6d78e1e2a0010c40061cd3b2eb2e4566241cb9b5aecac93
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
Filesize1.1MB
MD5842039753bf41fa5e11b3a1383061a87
SHA13e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153
SHA256d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c
SHA512d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
Filesize116B
MD52a461e9eb87fd1955cea740a3444ee7a
SHA1b10755914c713f5a4677494dbe8a686ed458c3c5
SHA2564107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc
SHA51234f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
Filesize372B
MD5bf957ad58b55f64219ab3f793e374316
SHA1a11adc9d7f2c28e04d9b35e23b7616d0527118a1
SHA256bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda
SHA51279c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
Filesize17.8MB
MD5daf7ef3acccab478aaa7d6dc1c60f865
SHA1f8246162b97ce4a945feced27b6ea114366ff2ad
SHA256bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e
SHA5125840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75
-
Filesize
13KB
MD514c23f54d2930aa4b7ed949114f2dd07
SHA19e062b8ac690cfb6c3815564167c89e33fd4d536
SHA25696ccb428b9dd512c6f9e337af53728640f91a8dbf99e0f8603a1a133ce1848f6
SHA51239af2d2a91fd0d5994dc79d27f38b694f5a26a2266440e9876d58abc2a40bb7aec5830739efebaf158d136876d885bb30a8450c63d4acdd36c39c3c6541a4e99
-
Filesize
10KB
MD56afd9b5b0bd272cf74354faf75b25dec
SHA1f857a0a6cdcc7cf491ab2f907a6e629a8bbf458c
SHA25655d1021c3075a89b561110f0fb6b92ba97cba68ce9c68c1503edc51d6230e70b
SHA5124dd368214c1419e02c06d6926dceffd34192b6193992d63be6e761d4dab34327e9618a00ef6cd025b6ad938ff7ae2349a00ed4f2c6fb4069ba57806df8215c68
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\sessionstore-backups\recovery.baklz4
Filesize3KB
MD5bcb8c7321feac9cf487d43fae578c69d
SHA17a2b1e8b8d93cbf0ce18368cd9330b5f470d2b95
SHA256f094c35bef47991b8b0268f4f2f52895c86670283be3d4a056b4835a63906a98
SHA5128537b6b3ce0d84341b954190307d764d26b1484ec00e8236f0724dbb5abfccd99096a70fd94a2f5b4ddcac738078ecf0f994e7d814922d0e209822f227bbf678
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\0zdbhklj.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize984KB
MD58b6728d4205c33895c7d3797151cafe6
SHA14dbf9a8f67367e5da787f1a6481e574c3e0e19bf
SHA2568e68dc46a59963808e567d8681e92faf49b93a53fb6ec137c71eddc0312b8cc7
SHA512862e0a65dc3281b4f4f3684aaaf63557d2f96a13b7ba29808090172aabcca9d4102c5b41641dfd410a9f8b04e556ba79f7f564ee4ba5d4ff4b1037e1d984b172